honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-29 19:38:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix tests so gradle test passes

Browse Source 
Original commit: elastic/x-pack-elasticsearch@30683bd771
This commit is contained in:
jaymode 2015-12-01 07:23:32 -05:00 committed by uboness
parent 13a8c98cb2
commit e1c1552eb2
10 changed files with 146 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
elasticsearch/x-pack/build.gradle
View File

@ -66,8 +66,11 @@ ext.expansions = [
] ]
processResources { processResources {
inputs.properties(expansions) from(sourceSets.main.resources.srcDirs) {
MavenFilteringHack.filter(it, expansions) exclude '**/public.key'
inputs.properties(expansions)
MavenFilteringHack.filter(it, expansions)
}
String licenseKeyName = System.getProperty('license.key', 'dev') String licenseKeyName = System.getProperty('license.key', 'dev')
String licenseKeyPath = "license-plugin/keys/${licenseKeyName}/public.key" String licenseKeyPath = "license-plugin/keys/${licenseKeyName}/public.key"
if (file(licenseKeyPath).exists() == false) { if (file(licenseKeyPath).exists() == false) {

5
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/MarvelPluginTests.java
View File

@ -13,6 +13,7 @@ import org.elasticsearch.marvel.test.MarvelIntegTestCase;
import org.elasticsearch.plugins.PluginInfo; import org.elasticsearch.plugins.PluginInfo;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.tribe.TribeService; import org.elasticsearch.tribe.TribeService;
import org.elasticsearch.xpack.XPackPlugin;
import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST; import static org.elasticsearch.test.ESIntegTestCase.Scope.TEST;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
@ -53,12 +54,12 @@ public class MarvelPluginTests extends MarvelIntegTestCase {
for (PluginInfo plugin : nodeInfo.getPlugins().getInfos()) { for (PluginInfo plugin : nodeInfo.getPlugins().getInfos()) {
assertNotNull(plugin); assertNotNull(plugin);
if (MarvelPlugin.NAME.equals(plugin.getName())) { if (XPackPlugin.NAME.equals(plugin.getName())) {
found = true; found = true;
break; break;
} }
} }
assertThat("marvel plugin not found", found, equalTo(true)); assertThat("x-pack plugin not found", found, equalTo(true));
} }
} }

9
elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java
View File

@ -91,15 +91,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
.put("shield.user", "test:changeme") .put("shield.user", "test:changeme")
.build(); .build();
} }
return super.transportClientSettings(); return Settings.builder().put(super.transportClientSettings())
.put("shield.enabled", false)
.build();
} }
@Override @Override
protected Collection<Class<? extends Plugin>> nodePlugins() { protected Collection<Class<? extends Plugin>> nodePlugins() {
if (shieldEnabled) { return Collections.singletonList(XPackPlugin.class);
return Arrays.asList(XPackPlugin.class, XPackPlugin.class, XPackPlugin.class);
}
return Arrays.asList(XPackPlugin.class, XPackPlugin.class);
} }
@Override @Override

5
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
View File

@ -24,6 +24,7 @@ import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.elasticsearch.test.rest.json.JsonPath; import org.elasticsearch.test.rest.json.JsonPath;
import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportService; import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.XPackPlugin;
import org.hamcrest.Matcher; import org.hamcrest.Matcher;
import org.junit.After; import org.junit.After;
import org.junit.BeforeClass; import org.junit.BeforeClass;
@ -56,6 +57,10 @@ public class ShieldPluginEnabledDisabledTests extends ShieldIntegTestCase {
logger.info("cleanup: enabling licensing..."); logger.info("cleanup: enabling licensing...");
LicensingTests.enableLicensing(); LicensingTests.enableLicensing();
} }
@Override
protected Class<? extends XPackPlugin> xpackPluginClass() {
return LicensingTests.InternalXPackPlugin.class;
}
@Override @Override
protected Settings nodeSettings(int nodeOrdinal) { protected Settings nodeSettings(int nodeOrdinal) {

212
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java
View File

@ -23,7 +23,6 @@ import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.rest.RestRequest; import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.search.SearchHit; import org.elasticsearch.search.SearchHit;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.shield.User; import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.AuthenticationService; import org.elasticsearch.shield.authc.AuthenticationService;
import org.elasticsearch.shield.authc.AuthenticationToken; import org.elasticsearch.shield.authc.AuthenticationToken;
@ -220,20 +219,20 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "anonymous_access_denied"); assertAuditMessage(hit, "transport", "anonymous_access_denied");
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) { if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), hit.field("origin_address").getValue()); assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
} else { } else {
assertEquals("local[local_host]", hit.field("origin_address").getValue()); assertEquals("local[local_host]", sourceMap.get("origin_address"));
} }
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
List<Object> indices = hit.field("indices").getValues(); List<Object> indices = (List<Object>) sourceMap.get("indices");
assertThat(indices, contains((Object[]) ((IndicesRequest) message).indices())); assertThat(indices, contains((Object[]) ((IndicesRequest) message).indices()));
} }
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAnonymousAccessDeniedTransportMuted() throws Exception { public void testAnonymousAccessDeniedTransportMuted() throws Exception {
@ -257,10 +256,11 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "rest", "anonymous_access_denied"); assertAuditMessage(hit, "rest", "anonymous_access_denied");
assertThat(NetworkAddress.formatAddress(InetAddress.getLoopbackAddress()), equalTo(hit.field("origin_address").getValue())); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat("_uri", equalTo(hit.field("uri").getValue())); assertThat(NetworkAddress.formatAddress(InetAddress.getLoopbackAddress()), equalTo(sourceMap.get("origin_address")));
assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat("_uri", equalTo(sourceMap.get("uri")));
assertThat(hit.field("request_body").getValue(), notNullValue()); assertThat(sourceMap.get("origin_type"), is("rest"));
assertThat(sourceMap.get("request_body"), notNullValue());
} }
public void testAnonymousAccessDeniedRestMuted() throws Exception { public void testAnonymousAccessDeniedRestMuted() throws Exception {
@ -282,19 +282,19 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
awaitAuditDocumentCreation(resolveIndexName()); awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
Map<String, Object> sourceMap = hit.sourceAsMap();
assertAuditMessage(hit, "transport", "authentication_failed"); assertAuditMessage(hit, "transport", "authentication_failed");
if (message instanceof RemoteHostMockMessage) { if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), hit.field("origin_address").getValue()); assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
} else { } else {
assertEquals("local[local_host]", hit.field("origin_address").getValue()); assertEquals("local[local_host]", sourceMap.get("origin_address"));
} }
assertEquals("_principal", hit.field("principal").getValue()); assertEquals("_principal", sourceMap.get("principal"));
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAuthenticationFailedTransportNoToken() throws Exception { public void testAuthenticationFailedTransportNoToken() throws Exception {
@ -306,21 +306,21 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "authentication_failed"); assertAuditMessage(hit, "transport", "authentication_failed");
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) { if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), hit.field("origin_address").getValue()); assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
} else { } else {
assertEquals("local[local_host]", hit.field("origin_address").getValue()); assertEquals("local[local_host]", sourceMap.get("origin_address"));
} }
assertThat(hit.field("principal"), nullValue()); assertThat(sourceMap.get("principal"), nullValue());
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
List<Object> indices = hit.field("indices").getValues(); List<Object> indices = (List<Object>) sourceMap.get("indices");
assertThat(indices, contains((Object[]) ((IndicesRequest) message).indices())); assertThat(indices, contains((Object[]) ((IndicesRequest) message).indices()));
} }
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAuthenticationFailed_Transport_Muted() throws Exception { public void testAuthenticationFailed_Transport_Muted() throws Exception {
@ -356,11 +356,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "rest", "authentication_failed"); assertAuditMessage(hit, "rest", "authentication_failed");
assertThat(hit.field("principal").getValue(), is((Object) "_principal")); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); assertThat(sourceMap.get("principal"), is((Object) "_principal"));
assertThat("_uri", equalTo(hit.field("uri").getValue())); assertThat("127.0.0.1", equalTo(sourceMap.get("origin_address")));
assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat("_uri", equalTo(sourceMap.get("uri")));
assertThat(hit.field("request_body").getValue(), notNullValue()); assertThat(sourceMap.get("origin_type"), is("rest"));
assertThat(sourceMap.get("request_body"), notNullValue());
} }
public void testAuthenticationFailedRestNoToken() throws Exception { public void testAuthenticationFailedRestNoToken() throws Exception {
@ -372,11 +373,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "rest", "authentication_failed"); assertAuditMessage(hit, "rest", "authentication_failed");
assertThat(hit.field("principal"), nullValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); assertThat(sourceMap.get("principal"), nullValue());
assertThat("_uri", equalTo(hit.field("uri").getValue())); assertThat("127.0.0.1", equalTo(sourceMap.get("origin_address")));
assertThat(hit.field("origin_type").getValue(), is("rest")); assertThat("_uri", equalTo(sourceMap.get("uri")));
assertThat(hit.field("request_body").getValue(), notNullValue()); assertThat(sourceMap.get("origin_type"), is("rest"));
assertThat(sourceMap.get("request_body"), notNullValue());
} }
public void testAuthenticationFailedRestMuted() throws Exception { public void testAuthenticationFailedRestMuted() throws Exception {
@ -412,22 +414,23 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "authentication_failed"); assertAuditMessage(hit, "transport", "authentication_failed");
Map<String, Object> sourceMap = hit.sourceAsMap();
if (message instanceof RemoteHostMockMessage) { if (message instanceof RemoteHostMockMessage) {
assertEquals(remoteHostAddress(), hit.field("origin_address").getValue()); assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
} else { } else {
assertEquals("local[local_host]", hit.field("origin_address").getValue()); assertEquals("local[local_host]", sourceMap.get("origin_address"));
} }
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
assertEquals("_principal", hit.field("principal").getValue()); assertEquals("_principal", sourceMap.get("principal"));
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals("_realm", hit.field("realm").getValue()); assertEquals("_realm", sourceMap.get("realm"));
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
List<Object> indices = hit.field("indices").getValues(); List<Object> indices = (List<Object>) sourceMap.get("indices");
assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices())); assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices()));
} }
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAuthenticationFailedTransportRealmMuted() throws Exception { public void testAuthenticationFailedTransportRealmMuted() throws Exception {
@ -451,11 +454,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "rest", "authentication_failed"); assertAuditMessage(hit, "rest", "authentication_failed");
assertThat("127.0.0.1", equalTo(hit.field("origin_address").getValue())); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat("_uri", equalTo(hit.field("uri").getValue())); assertThat("127.0.0.1", equalTo(sourceMap.get("origin_address")));
assertEquals("_realm", hit.field("realm").getValue()); assertThat("_uri", equalTo(sourceMap.get("uri")));
assertThat(hit.field("origin_type").getValue(), is("rest")); assertEquals("_realm", sourceMap.get("realm"));
assertThat(hit.field("request_body").getValue(), notNullValue()); assertThat(sourceMap.get("origin_type"), is("rest"));
assertThat(sourceMap.get("request_body"), notNullValue());
} }
public void testAuthenticationFailedRestRealmMuted() throws Exception { public void testAuthenticationFailedRestRealmMuted() throws Exception {
@ -485,19 +489,20 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "access_granted"); assertAuditMessage(hit, "transport", "access_granted");
assertEquals("transport", hit.field("origin_type").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertEquals("transport", sourceMap.get("origin_type"));
if (runAs) { if (runAs) {
assertThat(hit.field("principal").getValue(), is("running as")); assertThat(sourceMap.get("principal"), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username")); assertThat(sourceMap.get("run_by_principal"), is("_username"));
} else { } else {
assertEquals("_username", hit.field("principal").getValue()); assertEquals("_username", sourceMap.get("principal"));
} }
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
List<Object> indices = hit.field("indices").getValues(); List<Object> indices = (List<Object>) sourceMap.get("indices");
assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices())); assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices()));
} }
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAccessGrantedMuted() throws Exception { public void testAccessGrantedMuted() throws Exception {
@ -519,10 +524,11 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "access_granted"); assertAuditMessage(hit, "transport", "access_granted");
assertEquals("transport", hit.field("origin_type").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertEquals(User.SYSTEM.principal(), hit.field("principal").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
assertEquals("internal:_action", hit.field("action").getValue()); assertEquals(User.SYSTEM.principal(), sourceMap.get("principal"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals("internal:_action", sourceMap.get("action"));
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testSystemAccessGrantedMuted() throws Exception { public void testSystemAccessGrantedMuted() throws Exception {
@ -551,20 +557,21 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
awaitAuditDocumentCreation(resolveIndexName()); awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
Map<String, Object> sourceMap = hit.sourceAsMap();
assertAuditMessage(hit, "transport", "access_denied"); assertAuditMessage(hit, "transport", "access_denied");
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
if (runAs) { if (runAs) {
assertThat(hit.field("principal").getValue(), is("running as")); assertThat(sourceMap.get("principal"), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username")); assertThat(sourceMap.get("run_by_principal"), is("_username"));
} else { } else {
assertEquals("_username", hit.field("principal").getValue()); assertEquals("_username", sourceMap.get("principal"));
} }
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
if (message instanceof IndicesRequest) { if (message instanceof IndicesRequest) {
List<Object> indices = hit.field("indices").getValues(); List<Object> indices = (List<Object>) sourceMap.get("indices");
assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices())); assertThat(indices, contains((Object[]) ((IndicesRequest)message).indices()));
} }
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testAccessDenied_Muted() throws Exception { public void testAccessDenied_Muted() throws Exception {
@ -586,12 +593,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
awaitAuditDocumentCreation(resolveIndexName()); awaitAuditDocumentCreation(resolveIndexName());
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
Map<String, Object> sourceMap = hit.sourceAsMap();
assertAuditMessage(hit, "transport", "tampered_request"); assertAuditMessage(hit, "transport", "tampered_request");
assertEquals("transport", hit.field("origin_type").getValue()); assertEquals("transport", sourceMap.get("origin_type"));
assertThat(hit.field("principal"), is(nullValue())); assertThat(sourceMap.get("principal"), is(nullValue()));
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testTamperedRequestWithUser() throws Exception { public void testTamperedRequestWithUser() throws Exception {
@ -610,15 +617,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "tampered_request"); assertAuditMessage(hit, "transport", "tampered_request");
assertEquals("transport", hit.field("origin_type").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertEquals("transport", sourceMap.get("origin_type"));
if (runAs) { if (runAs) {
assertThat(hit.field("principal").getValue(), is("running as")); assertThat(sourceMap.get("principal"), is("running as"));
assertThat(hit.field("run_by_principal").getValue(), is("_username")); assertThat(sourceMap.get("run_by_principal"), is("_username"));
} else { } else {
assertEquals("_username", hit.field("principal").getValue()); assertEquals("_username", sourceMap.get("principal"));
} }
assertEquals("_action", hit.field("action").getValue()); assertEquals("_action", sourceMap.get("action"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testTamperedRequestMuted() throws Exception { public void testTamperedRequestMuted() throws Exception {
@ -647,8 +655,9 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "ip_filter", "connection_granted"); assertAuditMessage(hit, "ip_filter", "connection_granted");
assertEquals("allow default:accept_all", hit.field("rule").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertEquals("default", hit.field("transport_profile").getValue()); assertEquals("allow default:accept_all", sourceMap.get("rule"));
assertEquals("default", sourceMap.get("transport_profile"));
} }
public void testConnectionGrantedMuted() throws Exception { public void testConnectionGrantedMuted() throws Exception {
@ -674,8 +683,9 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "ip_filter", "connection_denied"); assertAuditMessage(hit, "ip_filter", "connection_denied");
assertEquals("deny _all", hit.field("rule").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertEquals("default", hit.field("transport_profile").getValue()); assertEquals("deny _all", sourceMap.get("rule"));
assertEquals("default", sourceMap.get("transport_profile"));
} }
public void testConnectionDeniedMuted() throws Exception { public void testConnectionDeniedMuted() throws Exception {
@ -700,11 +710,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "run_as_granted"); assertAuditMessage(hit, "transport", "run_as_granted");
assertEquals("transport", hit.field("origin_type").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat(hit.field("principal").getValue(), is("_username")); assertEquals("transport", sourceMap.get("origin_type"));
assertThat(hit.field("run_as_principal").getValue(), is("running as")); assertThat(sourceMap.get("principal"), is("_username"));
assertEquals("_action", hit.field("action").getValue()); assertThat(sourceMap.get("run_as_principal"), is("running as"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals("_action", sourceMap.get("action"));
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testRunAsGrantedMuted() throws Exception { public void testRunAsGrantedMuted() throws Exception {
@ -728,11 +739,12 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchHit hit = getIndexedAuditMessage(); SearchHit hit = getIndexedAuditMessage();
assertAuditMessage(hit, "transport", "run_as_denied"); assertAuditMessage(hit, "transport", "run_as_denied");
assertEquals("transport", hit.field("origin_type").getValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
assertThat(hit.field("principal").getValue(), is("_username")); assertEquals("transport", sourceMap.get("origin_type"));
assertThat(hit.field("run_as_principal").getValue(), is("running as")); assertThat(sourceMap.get("principal"), is("_username"));
assertEquals("_action", hit.field("action").getValue()); assertThat(sourceMap.get("run_as_principal"), is("running as"));
assertEquals(hit.field("request").getValue(), message.getClass().getSimpleName()); assertEquals("_action", sourceMap.get("action"));
assertEquals(sourceMap.get("request"), message.getClass().getSimpleName());
} }
public void testRunAsDeniedMuted() throws Exception { public void testRunAsDeniedMuted() throws Exception {
@ -748,15 +760,16 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
} }
private void assertAuditMessage(SearchHit hit, String layer, String type) { private void assertAuditMessage(SearchHit hit, String layer, String type) {
assertThat(hit.field("@timestamp").getValue(), notNullValue()); Map<String, Object> sourceMap = hit.sourceAsMap();
DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime(hit.field("@timestamp").getValue()); assertThat(sourceMap.get("@timestamp"), notNullValue());
DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime((String) sourceMap.get("@timestamp"));
assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true)); assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true));
assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(hit.field("node_host_name").getValue())); assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(sourceMap.get("node_host_name")));
assertThat(DummyTransportAddress.INSTANCE.getAddress(), equalTo(hit.field("node_host_address").getValue())); assertThat(DummyTransportAddress.INSTANCE.getAddress(), equalTo(sourceMap.get("node_host_address")));
assertEquals(layer, hit.field("layer").getValue()); assertEquals(layer, sourceMap.get("layer"));
assertEquals(type, hit.field("event_type").getValue()); assertEquals(type, sourceMap.get("event_type"));
} }
private static class LocalHostMockMessage extends TransportMessage<LocalHostMockMessage> { private static class LocalHostMockMessage extends TransportMessage<LocalHostMockMessage> {
@ -821,7 +834,6 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase {
SearchResponse response = getClient().prepareSearch(resolveIndexName()) SearchResponse response = getClient().prepareSearch(resolveIndexName())
.setTypes(IndexAuditTrail.DOC_TYPE) .setTypes(IndexAuditTrail.DOC_TYPE)
.fields(fieldList())
.execute().actionGet(); .execute().actionGet();
assertEquals(1, response.getHits().getTotalHits()); assertEquals(1, response.getHits().getTotalHits());

3
elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/transport/KnownActionsTests.java
View File

@ -9,6 +9,7 @@ import org.apache.lucene.util.IOUtils;
import org.elasticsearch.action.Action; import org.elasticsearch.action.Action;
import org.elasticsearch.common.io.PathUtils; import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.io.Streams; import org.elasticsearch.common.io.Streams;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.shield.action.ShieldActionModule; import org.elasticsearch.shield.action.ShieldActionModule;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope; import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
@ -109,7 +110,7 @@ public class KnownActionsTests extends ShieldIntegTestCase {
loadActions(collectSubClasses(Action.class, ShieldActionModule.class), actions); loadActions(collectSubClasses(Action.class, ShieldActionModule.class), actions);
// also loading all actions from the licensing plugin // also loading all actions from the licensing plugin
loadActions(collectSubClasses(Action.class, XPackPlugin.class), actions); loadActions(collectSubClasses(Action.class, LicensePlugin.class), actions);
return unmodifiableSet(actions); return unmodifiableSet(actions);
} }

14
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
View File

@ -12,6 +12,7 @@ import org.elasticsearch.common.inject.Module;
import org.elasticsearch.common.logging.ESLogger; import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerModule;
import org.elasticsearch.index.IndexModule; import org.elasticsearch.index.IndexModule;
import org.elasticsearch.index.IndexService; import org.elasticsearch.index.IndexService;
import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.license.plugin.LicensePlugin;
@ -20,6 +21,7 @@ import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestModule; import org.elasticsearch.rest.RestModule;
import org.elasticsearch.script.ScriptModule; import org.elasticsearch.script.ScriptModule;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authz.AuthorizationModule;
import org.elasticsearch.transport.TransportModule; import org.elasticsearch.transport.TransportModule;
import org.elasticsearch.watcher.WatcherPlugin; import org.elasticsearch.watcher.WatcherPlugin;
@ -110,11 +112,13 @@ public class XPackPlugin extends Plugin {
shieldPlugin.onModule(module); shieldPlugin.onModule(module);
} }
// NOTE: The fact this signature takes a module is a hack, and effectively like the previous public void onModule(HttpServerModule module) {
// processModule in the plugin api. The problem is tight coupling between watcher and shield. shieldPlugin.onModule(module);
// We need to avoid trying to load the AuthorizationModule class unless we know shield integration }
// is enabled. This is a temporary solution until inter-plugin-communication can be worked out.
public void onModule(Module module) { public void onModule(AuthorizationModule module) {
shieldPlugin.onModule(module);
// FIXME clean these up
watcherPlugin.onModule(module); watcherPlugin.onModule(module);
marvelPlugin.onModule(module); marvelPlugin.onModule(module);
} }

3
elasticsearch/x-pack/shield/src/main/plugin-metadata/plugin-security.policy → elasticsearch/x-pack/src/main/plugin-metadata/plugin-security.policy
View File

@ -1,4 +1,7 @@
grant { grant {
// needed because of problems in unbound LDAP library // needed because of problems in unbound LDAP library
permission java.util.PropertyPermission "*", "read,write"; permission java.util.PropertyPermission "*", "read,write";
// needed to set expert SSL options, etc
permission java.lang.RuntimePermission "setFactory";
}; };

4
elasticsearch/x-pack/watcher/src/main/plugin-metadata/plugin-security.policy
View File

@ -1,4 +0,0 @@
grant {
// needed to set expert SSL options, etc
permission java.lang.RuntimePermission "setFactory";
};

4
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/watcher/WatcherPluginDisableTests.java
View File

@ -12,6 +12,7 @@ import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.node.Node; import org.elasticsearch.node.Node;
import org.elasticsearch.plugins.Plugin; import org.elasticsearch.plugins.Plugin;
@ -41,13 +42,14 @@ public class WatcherPluginDisableTests extends ESIntegTestCase {
return Settings.settingsBuilder() return Settings.settingsBuilder()
.put(super.nodeSettings(nodeOrdinal)) .put(super.nodeSettings(nodeOrdinal))
.put(WatcherPlugin.ENABLED_SETTING, false) .put(WatcherPlugin.ENABLED_SETTING, false)
.put(ShieldPlugin.ENABLED_SETTING_NAME, false) // disable shield because of query cache check and authentication/authorization
.put(Node.HTTP_ENABLED, true) .put(Node.HTTP_ENABLED, true)
.build(); .build();
} }
@Override @Override
protected Collection<Class<? extends Plugin>> nodePlugins() { protected Collection<Class<? extends Plugin>> nodePlugins() {
return Arrays.asList(XPackPlugin.class, XPackPlugin.class); return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
} }
@Override @Override