Remove the xpack plugin's dependency on the tribe module (elastic/x-pack-elasticsearch#2901)
This change removes the xpack plugin's dependency on the tribe module, which is not a published artifact. For the most part this just involves moving some test classes around, but for the security and tribe integration the usage of constant settings was removed and replaced with the string names. This is a bit unfortunate, but a test was added in a QA project that depends on tribe that will alert us if a new setting is added that we need to be aware of. relates elastic/x-pack-elasticsearch#2656 Original commit: elastic/x-pack-elasticsearch@649a8033e4
This commit is contained in:
parent
872f2558c9
commit
e29649a7bc
|
@ -58,7 +58,6 @@ configurations {
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
// security deps
|
// security deps
|
||||||
compile project(path: ':modules:tribe', configuration: 'runtime')
|
|
||||||
compile project(path: ':modules:transport-netty4', configuration: 'runtime')
|
compile project(path: ':modules:transport-netty4', configuration: 'runtime')
|
||||||
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
|
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
|
||||||
compile 'org.bouncycastle:bcprov-jdk15on:1.58'
|
compile 'org.bouncycastle:bcprov-jdk15on:1.58'
|
||||||
|
|
|
@ -70,7 +70,6 @@ import org.elasticsearch.transport.Transport;
|
||||||
import org.elasticsearch.transport.TransportInterceptor;
|
import org.elasticsearch.transport.TransportInterceptor;
|
||||||
import org.elasticsearch.transport.TransportRequest;
|
import org.elasticsearch.transport.TransportRequest;
|
||||||
import org.elasticsearch.transport.TransportRequestHandler;
|
import org.elasticsearch.transport.TransportRequestHandler;
|
||||||
import org.elasticsearch.tribe.TribeService;
|
|
||||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||||
import org.elasticsearch.xpack.XPackPlugin;
|
import org.elasticsearch.xpack.XPackPlugin;
|
||||||
import org.elasticsearch.xpack.XPackSettings;
|
import org.elasticsearch.xpack.XPackSettings;
|
||||||
|
@ -682,9 +681,10 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
|
||||||
}
|
}
|
||||||
|
|
||||||
for (Map.Entry<String, Settings> tribeSettings : tribesSettings.entrySet()) {
|
for (Map.Entry<String, Settings> tribeSettings : tribesSettings.entrySet()) {
|
||||||
String tribePrefix = "tribe." + tribeSettings.getKey() + ".";
|
final String tribeName = tribeSettings.getKey();
|
||||||
|
final String tribePrefix = "tribe." + tribeName + ".";
|
||||||
|
|
||||||
if (TribeService.TRIBE_SETTING_KEYS.stream().anyMatch(s -> s.startsWith(tribePrefix))) {
|
if ("blocks".equals(tribeName) || "on_conflict".equals(tribeName) || "name".equals(tribeName)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -714,7 +714,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin, Clus
|
||||||
realmsSettings.entrySet().stream()
|
realmsSettings.entrySet().stream()
|
||||||
.anyMatch((e) -> NativeRealm.TYPE.equals(e.getValue().get("type")) && e.getValue().getAsBoolean("enabled", true));
|
.anyMatch((e) -> NativeRealm.TYPE.equals(e.getValue().get("type")) && e.getValue().getAsBoolean("enabled", true));
|
||||||
if (hasNativeRealm) {
|
if (hasNativeRealm) {
|
||||||
if (TribeService.ON_CONFLICT_SETTING.get(settings).startsWith("prefer_") == false) {
|
if (settings.get("tribe.on_conflict", "").startsWith("prefer_") == false) {
|
||||||
throw new IllegalArgumentException("use of security on tribe nodes requires setting [tribe.on_conflict] to specify the " +
|
throw new IllegalArgumentException("use of security on tribe nodes requires setting [tribe.on_conflict] to specify the " +
|
||||||
"name of the tribe to prefer such as [prefer_t1] as the security index can exist in multiple tribes but only one" +
|
"name of the tribe to prefer such as [prefer_t1] as the security index can exist in multiple tribes but only one" +
|
||||||
" can be used by the tribe node");
|
" can be used by the tribe node");
|
||||||
|
|
|
@ -2,14 +2,40 @@ import org.elasticsearch.gradle.test.ClusterConfiguration
|
||||||
import org.elasticsearch.gradle.test.ClusterFormationTasks
|
import org.elasticsearch.gradle.test.ClusterFormationTasks
|
||||||
import org.elasticsearch.gradle.test.NodeInfo
|
import org.elasticsearch.gradle.test.NodeInfo
|
||||||
|
|
||||||
|
apply plugin: 'elasticsearch.standalone-test'
|
||||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||||
apply plugin: 'elasticsearch.rest-test'
|
apply plugin: 'elasticsearch.rest-test'
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
|
testCompile project(path: ':modules:tribe', configuration: 'runtime')
|
||||||
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
||||||
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
|
||||||
|
namingConventions.skipIntegTestInDisguise = true
|
||||||
|
|
||||||
|
test {
|
||||||
|
/*
|
||||||
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
||||||
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
||||||
|
*/
|
||||||
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
||||||
|
include '**/*Tests.class'
|
||||||
|
}
|
||||||
|
|
||||||
|
String licensePath = project(':x-pack-elasticsearch:license-tools').projectDir.toPath().resolve('src/test/resources').toString()
|
||||||
|
sourceSets {
|
||||||
|
test {
|
||||||
|
resources {
|
||||||
|
srcDirs += [licensePath]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
project.forbiddenPatterns {
|
||||||
|
exclude '**/*.key'
|
||||||
|
}
|
||||||
|
|
||||||
task setupClusterOne {}
|
task setupClusterOne {}
|
||||||
ClusterConfiguration cluster1Config = new ClusterConfiguration(project)
|
ClusterConfiguration cluster1Config = new ClusterConfiguration(project)
|
||||||
|
@ -82,6 +108,11 @@ integTestCluster {
|
||||||
}
|
}
|
||||||
|
|
||||||
integTestRunner {
|
integTestRunner {
|
||||||
|
/*
|
||||||
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
||||||
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
||||||
|
*/
|
||||||
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
||||||
systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}"
|
systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}"
|
||||||
systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}"
|
systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}"
|
||||||
systemProperty 'tests.tribe', "${-> integTest.nodes.get(0).transportUri()}"
|
systemProperty 'tests.tribe', "${-> integTest.nodes.get(0).transportUri()}"
|
||||||
|
|
|
@ -72,6 +72,11 @@ public abstract class TribeTransportTestCase extends ESIntegTestCase {
|
||||||
return builder.build();
|
return builder.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected boolean ignoreExternalCluster() {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean addTestZenDiscovery() {
|
protected boolean addTestZenDiscovery() {
|
||||||
return false;
|
return false;
|
|
@ -2,15 +2,35 @@ import org.elasticsearch.gradle.test.ClusterConfiguration
|
||||||
import org.elasticsearch.gradle.test.ClusterFormationTasks
|
import org.elasticsearch.gradle.test.ClusterFormationTasks
|
||||||
import org.elasticsearch.gradle.test.NodeInfo
|
import org.elasticsearch.gradle.test.NodeInfo
|
||||||
|
|
||||||
|
apply plugin: 'elasticsearch.standalone-test'
|
||||||
apply plugin: 'elasticsearch.standalone-rest-test'
|
apply plugin: 'elasticsearch.standalone-rest-test'
|
||||||
apply plugin: 'elasticsearch.rest-test'
|
apply plugin: 'elasticsearch.rest-test'
|
||||||
|
|
||||||
dependencies {
|
dependencies {
|
||||||
|
testCompile project(path: ':modules:tribe', configuration: 'runtime')
|
||||||
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'runtime')
|
||||||
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
testCompile project(path: ':x-pack-elasticsearch:plugin', configuration: 'testArtifacts')
|
||||||
testCompile project(path: ':modules:analysis-common', configuration: 'runtime')
|
testCompile project(path: ':modules:analysis-common', configuration: 'runtime')
|
||||||
}
|
}
|
||||||
|
|
||||||
|
namingConventions.skipIntegTestInDisguise = true
|
||||||
|
|
||||||
|
String xpackPath = project(':x-pack-elasticsearch:plugin').projectDir.toPath().resolve('src/test/resources').toString()
|
||||||
|
sourceSets {
|
||||||
|
test {
|
||||||
|
resources {
|
||||||
|
srcDirs += [xpackPath]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
forbiddenPatterns {
|
||||||
|
exclude '**/*.key'
|
||||||
|
exclude '**/*.p12'
|
||||||
|
exclude '**/*.der'
|
||||||
|
exclude '**/*.zip'
|
||||||
|
}
|
||||||
|
|
||||||
task setupClusterOne {}
|
task setupClusterOne {}
|
||||||
ClusterConfiguration configOne = new ClusterConfiguration(project)
|
ClusterConfiguration configOne = new ClusterConfiguration(project)
|
||||||
configOne.clusterName = 'cluster1'
|
configOne.clusterName = 'cluster1'
|
||||||
|
@ -86,6 +106,15 @@ integTestCluster {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
test {
|
||||||
|
/*
|
||||||
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
||||||
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
||||||
|
*/
|
||||||
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
||||||
|
include '**/*Tests.class'
|
||||||
|
}
|
||||||
|
|
||||||
integTestRunner {
|
integTestRunner {
|
||||||
systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}"
|
systemProperty 'tests.cluster', "${-> cluster1Nodes.get(0).transportUri()}"
|
||||||
systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}"
|
systemProperty 'tests.cluster2', "${-> cluster2Nodes.get(0).transportUri()}"
|
||||||
|
|
|
@ -32,6 +32,7 @@ import org.elasticsearch.test.NativeRealmIntegTestCase;
|
||||||
import org.elasticsearch.test.SecuritySettingsSource;
|
import org.elasticsearch.test.SecuritySettingsSource;
|
||||||
import org.elasticsearch.test.discovery.TestZenDiscovery;
|
import org.elasticsearch.test.discovery.TestZenDiscovery;
|
||||||
import org.elasticsearch.tribe.TribePlugin;
|
import org.elasticsearch.tribe.TribePlugin;
|
||||||
|
import org.elasticsearch.tribe.TribeService;
|
||||||
import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
|
import org.elasticsearch.xpack.security.action.role.GetRolesResponse;
|
||||||
import org.elasticsearch.xpack.security.action.role.PutRoleResponse;
|
import org.elasticsearch.xpack.security.action.role.PutRoleResponse;
|
||||||
import org.elasticsearch.xpack.security.action.user.PutUserResponse;
|
import org.elasticsearch.xpack.security.action.user.PutUserResponse;
|
||||||
|
@ -56,14 +57,16 @@ import java.util.function.Function;
|
||||||
import java.util.function.Predicate;
|
import java.util.function.Predicate;
|
||||||
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoTimeout;
|
||||||
|
import static org.hamcrest.Matchers.anyOf;
|
||||||
import static org.hamcrest.Matchers.arrayContaining;
|
import static org.hamcrest.Matchers.arrayContaining;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.hamcrest.Matchers.equalTo;
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
|
import static org.hamcrest.Matchers.startsWith;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Tests security with tribe nodes
|
* Tests security with tribe nodes
|
||||||
*/
|
*/
|
||||||
public class SecurityTribeIT extends NativeRealmIntegTestCase {
|
public class SecurityTribeTests extends NativeRealmIntegTestCase {
|
||||||
|
|
||||||
private static final String SECOND_CLUSTER_NODE_PREFIX = "node_cluster2_";
|
private static final String SECOND_CLUSTER_NODE_PREFIX = "node_cluster2_";
|
||||||
private static InternalTestCluster cluster2;
|
private static InternalTestCluster cluster2;
|
||||||
|
@ -523,6 +526,12 @@ public class SecurityTribeIT extends NativeRealmIntegTestCase {
|
||||||
assertThat(e.getMessage(), containsString("roles may not be deleted using a tribe node"));
|
assertThat(e.getMessage(), containsString("roles may not be deleted using a tribe node"));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testTribeSettingNames() throws Exception {
|
||||||
|
TribeService.TRIBE_SETTING_KEYS
|
||||||
|
.forEach(s -> assertThat("a new setting has been introduced for tribe that security needs to know about in Security.java",
|
||||||
|
s, anyOf(startsWith("tribe.blocks"), startsWith("tribe.name"), startsWith("tribe.on_conflict"))));
|
||||||
|
}
|
||||||
|
|
||||||
private void assertTribeNodeHasAllIndices() throws Exception {
|
private void assertTribeNodeHasAllIndices() throws Exception {
|
||||||
assertBusy(() -> {
|
assertBusy(() -> {
|
||||||
Set<String> indices = new HashSet<>();
|
Set<String> indices = new HashSet<>();
|
Loading…
Reference in New Issue