Read the token passphrase earlier in the bootstrap check (elastic/x-pack-elasticsearch#2144)
This commit moves the reading of the token passphrase to the creation of the bootstrap check to avoid issues with the secure settings keystore already being closed and thus causing issues during startup. Original commit: elastic/x-pack-elasticsearch@bba1cc832d
This commit is contained in:
parent
80baa1b83e
commit
ec11799003
|
@ -19,17 +19,19 @@ final class TokenPassphraseBootstrapCheck implements BootstrapCheck {
|
||||||
|
|
||||||
static final int MINIMUM_PASSPHRASE_LENGTH = 8;
|
static final int MINIMUM_PASSPHRASE_LENGTH = 8;
|
||||||
|
|
||||||
private final Settings settings;
|
private final boolean tokenServiceEnabled;
|
||||||
|
private final SecureString tokenPassphrase;
|
||||||
|
|
||||||
TokenPassphraseBootstrapCheck(Settings settings) {
|
TokenPassphraseBootstrapCheck(Settings settings) {
|
||||||
this.settings = settings;
|
this.tokenServiceEnabled = XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings);
|
||||||
|
this.tokenPassphrase = TokenService.TOKEN_PASSPHRASE.get(settings);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean check() {
|
public boolean check() {
|
||||||
if (XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings)) {
|
try (SecureString ignore = tokenPassphrase) {
|
||||||
try (SecureString secureString = TokenService.TOKEN_PASSPHRASE.get(settings)) {
|
if (tokenServiceEnabled) {
|
||||||
return secureString.length() < MINIMUM_PASSPHRASE_LENGTH || secureString.equals(TokenService.DEFAULT_PASSPHRASE);
|
return tokenPassphrase.length() < MINIMUM_PASSPHRASE_LENGTH || tokenPassphrase.equals(TokenService.DEFAULT_PASSPHRASE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
// service is not enabled so no need to check
|
// service is not enabled so no need to check
|
||||||
|
|
|
@ -47,4 +47,15 @@ public class TokenPassphraseBootstrapCheckTests extends ESTestCase {
|
||||||
secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE);
|
secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE);
|
||||||
assertFalse(new TokenPassphraseBootstrapCheck(settings).check());
|
assertFalse(new TokenPassphraseBootstrapCheck(settings).check());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testTokenPassphraseCheckAfterSecureSettingsClosed() throws Exception {
|
||||||
|
Settings settings = Settings.builder().put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build();
|
||||||
|
MockSecureSettings secureSettings = new MockSecureSettings();
|
||||||
|
secureSettings.setString("foo", "bar"); // leniency in setSecureSettings... if its empty it's skipped
|
||||||
|
settings = Settings.builder().put(settings).setSecureSettings(secureSettings).build();
|
||||||
|
secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE);
|
||||||
|
final TokenPassphraseBootstrapCheck check = new TokenPassphraseBootstrapCheck(settings);
|
||||||
|
secureSettings.close();
|
||||||
|
assertTrue(check.check());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue