honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-03-09 14:34:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

[Cleanup] - FileRolesStore no longer depends on AuthorizationService

Browse Source 
It used to be required, but since elastic/x-pack@607fabbade it's no longer needed.

Original commit: elastic/x-pack-elasticsearch@3c60798c2e
This commit is contained in:
uboness 2014-12-02 19:04:25 +01:00
parent 452851be6a
commit eac85eda10
3 changed files with 14 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java
View File

@ -14,19 +14,15 @@ import org.elasticsearch.common.cli.commons.CommandLine;
import org.elasticsearch.common.collect.*; import org.elasticsearch.common.collect.*;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.User;
import org.elasticsearch.shield.authc.Realms; import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.esusers.ESUsersRealm; import org.elasticsearch.shield.authc.esusers.ESUsersRealm;
import org.elasticsearch.shield.authc.esusers.FileUserPasswdStore; import org.elasticsearch.shield.authc.esusers.FileUserPasswdStore;
import org.elasticsearch.shield.authc.esusers.FileUserRolesStore; import org.elasticsearch.shield.authc.esusers.FileUserRolesStore;
import org.elasticsearch.shield.authc.support.Hasher; import org.elasticsearch.shield.authc.support.Hasher;
import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authz.AuthorizationException;
import org.elasticsearch.shield.authz.AuthorizationService;
import org.elasticsearch.shield.authz.Permission; import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.store.FileRolesStore; import org.elasticsearch.shield.authz.store.FileRolesStore;
import org.elasticsearch.shield.support.Validation; import org.elasticsearch.shield.support.Validation;
import org.elasticsearch.transport.TransportRequest;
import java.nio.file.Files; import java.nio.file.Files;
import java.nio.file.Path; import java.nio.file.Path;
@ -437,7 +433,7 @@ public class ESUsersTool extends CliTool {
private static ImmutableMap<String, Permission.Global.Role> loadRoles(Terminal terminal, Settings settings, Environment env) { private static ImmutableMap<String, Permission.Global.Role> loadRoles(Terminal terminal, Settings settings, Environment env) {
Path rolesFile = FileRolesStore.resolveFile(settings, env); Path rolesFile = FileRolesStore.resolveFile(settings, env);
try { try {
return FileRolesStore.parseFile(rolesFile, null, new DummyAuthzService()); return FileRolesStore.parseFile(rolesFile, null);
} catch (Throwable t) { } catch (Throwable t) {
// if for some reason, parsing fails (malformatted perhaps) we just warn // if for some reason, parsing fails (malformatted perhaps) we just warn
terminal.println("Warning: Could not parse [%s] for roles verification. Please revise and fix it. Nonetheless, the user will still be associated with all specified roles", rolesFile.toAbsolutePath()); terminal.println("Warning: Could not parse [%s] for roles verification. Please revise and fix it. Nonetheless, the user will still be associated with all specified roles", rolesFile.toAbsolutePath());
@ -473,16 +469,4 @@ public class ESUsersTool extends CliTool {
Strings.collectionToCommaDelimitedString(unknownRoles), rolesFile.toAbsolutePath()); Strings.collectionToCommaDelimitedString(unknownRoles), rolesFile.toAbsolutePath());
} }
} }
private static class DummyAuthzService implements AuthorizationService {
@Override
public ImmutableList<String> authorizedIndicesAndAliases(User user, String action) {
return ImmutableList.of();
}
@Override
public void authorize(User user, String action, TransportRequest request) throws AuthorizationException {
}
}
} }

21
src/main/java/org/elasticsearch/shield/authz/store/FileRolesStore.java
View File

@ -20,7 +20,6 @@ import org.elasticsearch.common.xcontent.yaml.YamlXContent;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldException; import org.elasticsearch.shield.ShieldException;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authz.AuthorizationService;
import org.elasticsearch.shield.authz.Permission; import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.Privilege; import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.shield.support.Validation; import org.elasticsearch.shield.support.Validation;
@ -54,16 +53,16 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
private volatile ImmutableMap<String, Permission.Global.Role> permissions; private volatile ImmutableMap<String, Permission.Global.Role> permissions;
@Inject @Inject
public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, AuthorizationService authzService) { public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService) {
this(settings, env, watcherService, authzService, Listener.NOOP); this(settings, env, watcherService, Listener.NOOP);
} }
public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, AuthorizationService authzService, Listener listener) { public FileRolesStore(Settings settings, Environment env, ResourceWatcherService watcherService, Listener listener) {
super(settings); super(settings);
file = resolveFile(settings, env); file = resolveFile(settings, env);
permissions = parseFile(file, logger, authzService); permissions = parseFile(file, logger);
FileWatcher watcher = new FileWatcher(file.getParent().toFile()); FileWatcher watcher = new FileWatcher(file.getParent().toFile());
watcher.addListener(new FileListener(authzService)); watcher.addListener(new FileListener());
watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH); watcherService.add(watcher, ResourceWatcherService.Frequency.HIGH);
this.listener = listener; this.listener = listener;
} }
@ -82,7 +81,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
return Paths.get(location); return Paths.get(location);
} }
public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, ESLogger logger, AuthorizationService authzService) { public static ImmutableMap<String, Permission.Global.Role> parseFile(Path path, ESLogger logger) {
if (logger != null) { if (logger != null) {
logger.trace("Reading roles file located at [{}]", path); logger.trace("Reading roles file located at [{}]", path);
} }
@ -233,12 +232,6 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
private class FileListener extends FileChangesListener { private class FileListener extends FileChangesListener {
private final AuthorizationService authzService;
private FileListener(AuthorizationService authzService) {
this.authzService = authzService;
}
@Override @Override
public void onFileCreated(File file) { public void onFileCreated(File file) {
onFileChanged(file); onFileChanged(file);
@ -252,7 +245,7 @@ public class FileRolesStore extends AbstractComponent implements RolesStore {
@Override @Override
public void onFileChanged(File file) { public void onFileChanged(File file) {
if (file.equals(FileRolesStore.this.file.toFile())) { if (file.equals(FileRolesStore.this.file.toFile())) {
permissions = parseFile(file.toPath(), logger, authzService); permissions = parseFile(file.toPath(), logger);
listener.onRefresh(); listener.onRefresh();
} }
} }

14
src/test/java/org/elasticsearch/shield/authz/store/FileRolesStoreTests.java
View File

@ -11,7 +11,6 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.shield.ShieldException; import org.elasticsearch.shield.ShieldException;
import org.elasticsearch.shield.authz.AuthorizationService;
import org.elasticsearch.shield.authz.Permission; import org.elasticsearch.shield.authz.Permission;
import org.elasticsearch.shield.authz.Privilege; import org.elasticsearch.shield.authz.Privilege;
import org.elasticsearch.test.ElasticsearchTestCase; import org.elasticsearch.test.ElasticsearchTestCase;
@ -30,7 +29,6 @@ import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
import static org.mockito.Mockito.mock;
/** /**
* *
@ -40,7 +38,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
@Test @Test
public void testParseFile() throws Exception { public void testParseFile() throws Exception {
Path path = Paths.get(getClass().getResource("roles.yml").toURI()); Path path = Paths.get(getClass().getResource("roles.yml").toURI());
Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(path, logger, mock(AuthorizationService.class)); Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(path, logger);
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(4)); assertThat(roles.size(), is(4));
@ -106,7 +104,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
@Test @Test
public void testDefaultRolesFile() throws Exception { public void testDefaultRolesFile() throws Exception {
Path path = Paths.get(getClass().getResource("default_roles.yml").toURI()); Path path = Paths.get(getClass().getResource("default_roles.yml").toURI());
Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(path, logger, mock(AuthorizationService.class)); Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(path, logger);
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(8)); assertThat(roles.size(), is(8));
@ -126,7 +124,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
" cluster: all"; " cluster: all";
Path file = newTempFile().toPath(); Path file = newTempFile().toPath();
Files.write(file, roles.getBytes(UTF8)); Files.write(file, roles.getBytes(UTF8));
FileRolesStore.parseFile(file, null, mock(AuthorizationService.class)); FileRolesStore.parseFile(file, null);
} }
@Test @Test
@ -147,7 +145,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
threadPool = new ThreadPool("test"); threadPool = new ThreadPool("test");
watcherService = new ResourceWatcherService(settings, threadPool); watcherService = new ResourceWatcherService(settings, threadPool);
final CountDownLatch latch = new CountDownLatch(1); final CountDownLatch latch = new CountDownLatch(1);
FileRolesStore store = new FileRolesStore(settings, env, watcherService, mock(AuthorizationService.class), new FileRolesStore.Listener() { FileRolesStore store = new FileRolesStore(settings, env, watcherService, new FileRolesStore.Listener() {
@Override @Override
public void onRefresh() { public void onRefresh() {
latch.countDown(); latch.countDown();
@ -193,7 +191,7 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
public void testThatEmptyFileDoesNotResultInLoop() throws Exception { public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
File file = newTempFile(); File file = newTempFile();
com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file); com.google.common.io.Files.write("#".getBytes(Charsets.UTF_8), file);
Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(file.toPath(), logger, mock(AuthorizationService.class)); Map<String, Permission.Global.Role> roles = FileRolesStore.parseFile(file.toPath(), logger);
assertThat(roles.keySet(), is(empty())); assertThat(roles.keySet(), is(empty()));
} }
@ -201,6 +199,6 @@ public class FileRolesStoreTests extends ElasticsearchTestCase {
public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception { public void testThatInvalidYAMLThrowsElasticsearchException() throws Exception {
File file = newTempFile(); File file = newTempFile();
com.google.common.io.Files.write("user: cluster: ALL indices: '*': ALL".getBytes(Charsets.UTF_8), file); com.google.common.io.Files.write("user: cluster: ALL indices: '*': ALL".getBytes(Charsets.UTF_8), file);
FileRolesStore.parseFile(file.toPath(), logger, mock(AuthorizationService.class)); FileRolesStore.parseFile(file.toPath(), logger);
} }
} }