diff --git a/plugin/build.gradle b/plugin/build.gradle index 74958bd9729..9d61257c75c 100644 --- a/plugin/build.gradle +++ b/plugin/build.gradle @@ -58,7 +58,6 @@ configurations { dependencies { // security deps - compile project(path: ':modules:tribe', configuration: 'runtime') compile project(path: ':modules:transport-netty4', configuration: 'runtime') compile 'com.unboundid:unboundid-ldapsdk:3.2.0' compile 'org.bouncycastle:bcprov-jdk15on:1.58' diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java index b809a475920..68969aa311b 100644 --- a/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/plugin/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -70,7 +70,6 @@ import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportInterceptor; import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportRequestHandler; -import org.elasticsearch.tribe.TribeService; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.XPackPlugin; import org.elasticsearch.xpack.XPackSettings; @@ -682,9 +681,10 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus } for (Map.Entry tribeSettings : tribesSettings.entrySet()) { - String tribePrefix = "tribe." + tribeSettings.getKey() + "."; + final String tribeName = tribeSettings.getKey(); + final String tribePrefix = "tribe." + tribeName + "."; - if (TribeService.TRIBE_SETTING_KEYS.stream().anyMatch(s -> s.startsWith(tribePrefix))) { + if ("blocks".equals(tribeName) || "on_conflict".equals(tribeName) || "name".equals(tribeName)) { continue; } @@ -714,7 +714,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus realmsSettings.entrySet().stream() .anyMatch((e) -> NativeRealm.TYPE.equals(e.getValue().get("type")) && e.getValue().getAsBoolean("enabled", true)); if (hasNativeRealm) { - if (TribeService.ON_CONFLICT_SETTING.get(settings).startsWith("prefer_") == false) { + if (settings.get("tribe.on_conflict", "").startsWith("prefer_") == false) { throw new IllegalArgumentException("use of security on tribe nodes requires setting [tribe.on_conflict] to specify the " + "name of the tribe to prefer such as [prefer_t1] as the security index can exist in multiple tribes but only one" + " can be used by the tribe node"); diff --git a/qa/tribe-tests-with-license/build.gradle b/qa/tribe-tests-with-license/build.gradle index 2551560810e..ca1183656bd 100644 --- a/qa/tribe-tests-with-license/build.gradle +++ b/qa/tribe-tests-with-license/build.gradle @@ -2,14 +2,40 @@ import org.elasticsearch.gradle.test.ClusterConfiguration import org.elasticsearch.gradle.test.ClusterFormationTasks import org.elasticsearch.gradle.test.NodeInfo +apply plugin: 'elasticsearch.standalone-test' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' dependencies { + testCompile project(path: ':modules:tribe', configuration: 'runtime') testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime') testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts') } +compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked" +namingConventions.skipIntegTestInDisguise = true + +test { + /* + * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each + * other if we allow them to set the number of available processors as it's set-once in Netty. + */ + systemProperty 'es.set.netty.runtime.available.processors', 'false' + include '**/*Tests.class' +} + +String licensePath = project(':x-pack-elasticsearch:license-tools').projectDir.toPath().resolve('src/test/resources').toString() +sourceSets { + test { + resources { + srcDirs += [licensePath] + } + } +} + +project.forbiddenPatterns { + exclude '**/*.key' +} task setupClusterOne {} ClusterConfiguration cluster1Config = new ClusterConfiguration(project) @@ -82,6 +108,11 @@ integTestCluster { } integTestRunner { + /* + * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each + * other if we allow them to set the number of available processors as it's set-once in Netty. + */ + systemProperty 'es.set.netty.runtime.available.processors', 'false' systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}" systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}" systemProperty 'tests.tribe', "${-> integTest.nodes.get(0).transportUri()}" diff --git a/plugin/src/test/java/org/elasticsearch/license/LicenseTribeTests.java b/qa/tribe-tests-with-license/src/test/java/org/elasticsearch/license/LicenseTribeTests.java similarity index 100% rename from plugin/src/test/java/org/elasticsearch/license/LicenseTribeTests.java rename to qa/tribe-tests-with-license/src/test/java/org/elasticsearch/license/LicenseTribeTests.java diff --git a/plugin/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java b/qa/tribe-tests-with-license/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java similarity index 99% rename from plugin/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java rename to qa/tribe-tests-with-license/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java index 37a66d1f16e..9a038b48c8b 100644 --- a/plugin/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java +++ b/qa/tribe-tests-with-license/src/test/java/org/elasticsearch/license/TribeTransportTestCase.java @@ -72,6 +72,11 @@ public abstract class TribeTransportTestCase extends ESIntegTestCase { return builder.build(); } + @Override + protected boolean ignoreExternalCluster() { + return true; + } + @Override protected boolean addTestZenDiscovery() { return false; diff --git a/plugin/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java b/qa/tribe-tests-with-license/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java similarity index 100% rename from plugin/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java rename to qa/tribe-tests-with-license/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringPluginTests.java diff --git a/plugin/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringTribeTests.java b/qa/tribe-tests-with-license/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringTribeTests.java similarity index 100% rename from plugin/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringTribeTests.java rename to qa/tribe-tests-with-license/src/test/java/org/elasticsearch/xpack/monitoring/MonitoringTribeTests.java diff --git a/qa/tribe-tests-with-security/build.gradle b/qa/tribe-tests-with-security/build.gradle index f1edb61cb37..307b52c21bb 100644 --- a/qa/tribe-tests-with-security/build.gradle +++ b/qa/tribe-tests-with-security/build.gradle @@ -2,15 +2,35 @@ import org.elasticsearch.gradle.test.ClusterConfiguration import org.elasticsearch.gradle.test.ClusterFormationTasks import org.elasticsearch.gradle.test.NodeInfo +apply plugin: 'elasticsearch.standalone-test' apply plugin: 'elasticsearch.standalone-rest-test' apply plugin: 'elasticsearch.rest-test' dependencies { + testCompile project(path: ':modules:tribe', configuration: 'runtime') testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime') testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts') testCompile project(path: ':modules:analysis-common', configuration: 'runtime') } +namingConventions.skipIntegTestInDisguise = true + +String xpackPath = project(':x-pack-elasticsearch:plugin').projectDir.toPath().resolve('src/test/resources').toString() +sourceSets { + test { + resources { + srcDirs += [xpackPath] + } + } +} + +forbiddenPatterns { + exclude '**/*.key' + exclude '**/*.p12' + exclude '**/*.der' + exclude '**/*.zip' +} + task setupClusterOne {} ClusterConfiguration configOne = new ClusterConfiguration(project) configOne.clusterName = 'cluster1' @@ -86,6 +106,15 @@ integTestCluster { } } +test { + /* + * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each + * other if we allow them to set the number of available processors as it's set-once in Netty. + */ + systemProperty 'es.set.netty.runtime.available.processors', 'false' + include '**/*Tests.class' +} + integTestRunner { systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}" systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}" diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityTribeIT.java b/qa/tribe-tests-with-security/src/test/java/org/elasticsearch/xpack/security/SecurityTribeTests.java similarity index 97% rename from plugin/src/test/java/org/elasticsearch/xpack/security/SecurityTribeIT.java rename to qa/tribe-tests-with-security/src/test/java/org/elasticsearch/xpack/security/SecurityTribeTests.java index d59678bbb9f..827a5b033ce 100644 --- a/plugin/src/test/java/org/elasticsearch/xpack/security/SecurityTribeIT.java +++ b/qa/tribe-tests-with-security/src/test/java/org/elasticsearch/xpack/security/SecurityTribeTests.java @@ -32,6 +32,7 @@ import org.elasticsearch.test.NativeRealmIntegTestCase; import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.test.discovery.TestZenDiscovery; import org.elasticsearch.tribe.TribePlugin; +import org.elasticsearch.tribe.TribeService; import org.elasticsearch.xpack.security.action.role.GetRolesResponse; import org.elasticsearch.xpack.security.action.role.PutRoleResponse; import org.elasticsearch.xpack.security.action.user.PutUserResponse; @@ -56,14 +57,16 @@ import java.util.function.Function; import java.util.function.Predicate; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout; +import static org.hamcrest.Matchers.anyOf; import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.startsWith; /** * Tests security with tribe nodes */ -public class SecurityTribeIT extends NativeRealmIntegTestCase { +public class SecurityTribeTests extends NativeRealmIntegTestCase { private static final String SECOND_CLUSTER_NODE_PREFIX = "node_cluster2_"; private static InternalTestCluster cluster2; @@ -523,6 +526,12 @@ public class SecurityTribeIT extends NativeRealmIntegTestCase { assertThat(e.getMessage(), containsString("roles may not be deleted using a tribe node")); } + public void testTribeSettingNames() throws Exception { + TribeService.TRIBE_SETTING_KEYS + .forEach(s -> assertThat("a new setting has been introduced for tribe that security needs to know about in Security.java", + s, anyOf(startsWith("tribe.blocks"), startsWith("tribe.name"), startsWith("tribe.on_conflict")))); + } + private void assertTribeNodeHasAllIndices() throws Exception { assertBusy(() -> { Set indices = new HashSet<>();