Read the token passphrase earlier in the bootstrap check (elastic/x-pack-elasticsearch#2144)

This commit moves the reading of the token passphrase to the creation of the bootstrap check to
avoid issues with the secure settings keystore already being closed and thus causing issues during
startup.

Original commit: elastic/x-pack-elasticsearch@bba1cc832d
This commit is contained in:
Jay Modi 2017-08-01 13:04:34 -06:00 committed by GitHub
parent 80baa1b83e
commit ec11799003
2 changed files with 18 additions and 5 deletions

View File

@ -19,17 +19,19 @@ final class TokenPassphraseBootstrapCheck implements BootstrapCheck {
static final int MINIMUM_PASSPHRASE_LENGTH = 8; static final int MINIMUM_PASSPHRASE_LENGTH = 8;
private final Settings settings; private final boolean tokenServiceEnabled;
private final SecureString tokenPassphrase;
TokenPassphraseBootstrapCheck(Settings settings) { TokenPassphraseBootstrapCheck(Settings settings) {
this.settings = settings; this.tokenServiceEnabled = XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings);
this.tokenPassphrase = TokenService.TOKEN_PASSPHRASE.get(settings);
} }
@Override @Override
public boolean check() { public boolean check() {
if (XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.get(settings)) { try (SecureString ignore = tokenPassphrase) {
try (SecureString secureString = TokenService.TOKEN_PASSPHRASE.get(settings)) { if (tokenServiceEnabled) {
return secureString.length() < MINIMUM_PASSPHRASE_LENGTH || secureString.equals(TokenService.DEFAULT_PASSPHRASE); return tokenPassphrase.length() < MINIMUM_PASSPHRASE_LENGTH || tokenPassphrase.equals(TokenService.DEFAULT_PASSPHRASE);
} }
} }
// service is not enabled so no need to check // service is not enabled so no need to check

View File

@ -47,4 +47,15 @@ public class TokenPassphraseBootstrapCheckTests extends ESTestCase {
secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE); secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE);
assertFalse(new TokenPassphraseBootstrapCheck(settings).check()); assertFalse(new TokenPassphraseBootstrapCheck(settings).check());
} }
public void testTokenPassphraseCheckAfterSecureSettingsClosed() throws Exception {
Settings settings = Settings.builder().put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true).build();
MockSecureSettings secureSettings = new MockSecureSettings();
secureSettings.setString("foo", "bar"); // leniency in setSecureSettings... if its empty it's skipped
settings = Settings.builder().put(settings).setSecureSettings(secureSettings).build();
secureSettings.setString(TokenService.TOKEN_PASSPHRASE.getKey(), TokenService.DEFAULT_PASSPHRASE);
final TokenPassphraseBootstrapCheck check = new TokenPassphraseBootstrapCheck(settings);
secureSettings.close();
assertTrue(check.check());
}
} }