mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-17 10:25:15 +00:00
Remove unnecessary initialization of the system key (elastic/x-pack-elasticsearch#1734)
This commit removes unnecessary initialization of the system key in tests that no longer make use of the system key. It also removes the feature usage for the system key in the SecurityFeatureSet. Original commit: elastic/x-pack-elasticsearch@b9fffe0bd3
This commit is contained in:
Jay Modi
GitHub
parent
76857d7bbe
commit
ed382807c3
@ -6,12 +6,12 @@
|
||||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
|
||||
import org.elasticsearch.Version;
|
||||
import org.elasticsearch.action.ActionListener;
|
||||
import org.elasticsearch.common.Nullable;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
@ -20,7 +20,6 @@ import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.CountDown;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.xpack.XPackFeatureSet;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
@ -28,7 +27,6 @@ import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.authc.Realms;
|
||||
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
|
||||
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.elasticsearch.xpack.security.user.AnonymousUser;
|
||||
|
||||
@ -51,13 +49,12 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
private final NativeRoleMappingStore roleMappingStore;
|
||||
@Nullable
|
||||
private final IPFilter ipFilter;
|
||||
private final boolean systemKeyUsed;
|
||||
|
||||
@Inject
|
||||
public SecurityFeatureSet(Settings settings, @Nullable XPackLicenseState licenseState,
|
||||
@Nullable Realms realms, @Nullable CompositeRolesStore rolesStore,
|
||||
@Nullable NativeRoleMappingStore roleMappingStore,
|
||||
@Nullable IPFilter ipFilter, Environment environment) {
|
||||
@Nullable IPFilter ipFilter) {
|
||||
this.enabled = XPackSettings.SECURITY_ENABLED.get(settings);
|
||||
this.licenseState = licenseState;
|
||||
this.realms = realms;
|
||||
@ -65,7 +62,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
this.roleMappingStore = roleMappingStore;
|
||||
this.settings = settings;
|
||||
this.ipFilter = ipFilter;
|
||||
this.systemKeyUsed = enabled && Files.exists(CryptoService.resolveSystemKey(environment));
|
||||
}
|
||||
|
||||
@Override
|
||||
@ -99,7 +95,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
Map<String, Object> sslUsage = sslUsage(settings);
|
||||
Map<String, Object> auditUsage = auditUsage(settings);
|
||||
Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
|
||||
Map<String, Object> systemKeyUsage = systemKeyUsage();
|
||||
Map<String, Object> anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings));
|
||||
|
||||
final AtomicReference<Map<String, Object>> rolesUsageRef = new AtomicReference<>();
|
||||
@ -109,7 +104,7 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
if (countDown.countDown()) {
|
||||
listener.onResponse(new Usage(available(), enabled(), realmsUsage,
|
||||
rolesUsageRef.get(), roleMappingUsageRef.get(),
|
||||
sslUsage, auditUsage, ipFilterUsage, systemKeyUsage, anonymousUsage));
|
||||
sslUsage, auditUsage, ipFilterUsage, anonymousUsage));
|
||||
}
|
||||
};
|
||||
|
||||
@ -163,11 +158,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
return ipFilter.usageStats();
|
||||
}
|
||||
|
||||
Map<String, Object> systemKeyUsage() {
|
||||
// we can piggy back on the encryption enabled method as it is only enabled if there is a system key
|
||||
return singletonMap("enabled", systemKeyUsed);
|
||||
}
|
||||
|
||||
public static class Usage extends XPackFeatureSet.Usage {
|
||||
|
||||
private static final String REALMS_XFIELD = "realms";
|
||||
@ -176,7 +166,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
private static final String SSL_XFIELD = "ssl";
|
||||
private static final String AUDIT_XFIELD = "audit";
|
||||
private static final String IP_FILTER_XFIELD = "ipfilter";
|
||||
private static final String SYSTEM_KEY_XFIELD = "system_key";
|
||||
private static final String ANONYMOUS_XFIELD = "anonymous";
|
||||
|
||||
private Map<String, Object> realmsUsage;
|
||||
@ -184,7 +173,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
private Map<String, Object> sslUsage;
|
||||
private Map<String, Object> auditUsage;
|
||||
private Map<String, Object> ipFilterUsage;
|
||||
private Map<String, Object> systemKeyUsage;
|
||||
private Map<String, Object> anonymousUsage;
|
||||
private Map<String, Object> roleMappingStoreUsage;
|
||||
|
||||
@ -195,7 +183,10 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
sslUsage = in.readMap();
|
||||
auditUsage = in.readMap();
|
||||
ipFilterUsage = in.readMap();
|
||||
systemKeyUsage = in.readMap();
|
||||
if (in.getVersion().before(Version.V_6_0_0_alpha3)) {
|
||||
// system key has been removed but older send its usage, so read the map and ignore
|
||||
in.readMap();
|
||||
}
|
||||
anonymousUsage = in.readMap();
|
||||
roleMappingStoreUsage = in.readMap();
|
||||
}
|
||||
@ -203,8 +194,7 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
public Usage(boolean available, boolean enabled, Map<String, Object> realmsUsage,
|
||||
Map<String, Object> rolesStoreUsage, Map<String, Object> roleMappingStoreUsage,
|
||||
Map<String, Object> sslUsage, Map<String, Object> auditUsage,
|
||||
Map<String, Object> ipFilterUsage, Map<String, Object> systemKeyUsage,
|
||||
Map<String, Object> anonymousUsage) {
|
||||
Map<String, Object> ipFilterUsage, Map<String, Object> anonymousUsage) {
|
||||
super(XPackPlugin.SECURITY, available, enabled);
|
||||
this.realmsUsage = realmsUsage;
|
||||
this.rolesStoreUsage = rolesStoreUsage;
|
||||
@ -212,7 +202,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
this.sslUsage = sslUsage;
|
||||
this.auditUsage = auditUsage;
|
||||
this.ipFilterUsage = ipFilterUsage;
|
||||
this.systemKeyUsage = systemKeyUsage;
|
||||
this.anonymousUsage = anonymousUsage;
|
||||
}
|
||||
|
||||
@ -224,7 +213,10 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
out.writeMap(sslUsage);
|
||||
out.writeMap(auditUsage);
|
||||
out.writeMap(ipFilterUsage);
|
||||
out.writeMap(systemKeyUsage);
|
||||
if (out.getVersion().before(Version.V_6_0_0_alpha3)) {
|
||||
// system key has been removed but older versions still expected it so send a empty map
|
||||
out.writeMap(Collections.emptyMap());
|
||||
}
|
||||
out.writeMap(anonymousUsage);
|
||||
out.writeMap(roleMappingStoreUsage);
|
||||
}
|
||||
@ -239,7 +231,6 @@ public class SecurityFeatureSet implements XPackFeatureSet {
|
||||
builder.field(SSL_XFIELD, sslUsage);
|
||||
builder.field(AUDIT_XFIELD, auditUsage);
|
||||
builder.field(IP_FILTER_XFIELD, ipFilterUsage);
|
||||
builder.field(SYSTEM_KEY_XFIELD, systemKeyUsage);
|
||||
builder.field(ANONYMOUS_XFIELD, anonymousUsage);
|
||||
}
|
||||
}
|
||||
|
||||
@ -235,15 +235,6 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase {
|
||||
.build();
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows for us to get the system key that is being used for the cluster
|
||||
*
|
||||
* @return the system key bytes
|
||||
*/
|
||||
protected byte[] systemKey() {
|
||||
return customSecuritySettingsSource.systemKey();
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows to override the users config file when the {@link org.elasticsearch.test.ESIntegTestCase.ClusterScope} is set to
|
||||
* {@link org.elasticsearch.test.ESIntegTestCase.Scope#SUITE} or {@link org.elasticsearch.test.ESIntegTestCase.Scope#TEST}
|
||||
|
||||
@ -26,7 +26,6 @@ import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
|
||||
import org.elasticsearch.xpack.security.authc.esnative.NativeRealm;
|
||||
import org.elasticsearch.xpack.security.authc.file.FileRealm;
|
||||
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
import org.elasticsearch.xpack.security.test.SecurityTestUtils;
|
||||
|
||||
import java.net.URISyntaxException;
|
||||
@ -77,7 +76,6 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
|
||||
|
||||
private final Path parentFolder;
|
||||
private final String subfolderPrefix;
|
||||
private final byte[] systemKey;
|
||||
private final boolean useGeneratedSSLConfig;
|
||||
private final boolean hostnameVerificationEnabled;
|
||||
|
||||
@ -90,21 +88,7 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
|
||||
* @param scope the scope of the test that is requiring an instance of SecuritySettingsSource
|
||||
*/
|
||||
public SecuritySettingsSource(int numOfNodes, boolean useGeneratedSSLConfig, Path parentFolder, Scope scope) {
|
||||
this(numOfNodes, useGeneratedSSLConfig, generateKey(), parentFolder, scope);
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a new {@link org.elasticsearch.test.NodeConfigurationSource} for the security configuration.
|
||||
*
|
||||
* @param numOfNodes the number of nodes for proper unicast configuration (can be more than actually available)
|
||||
* @param useGeneratedSSLConfig whether ssl key/cert should be auto-generated
|
||||
* @param systemKey the system key that all of the nodes will use to sign messages
|
||||
* @param parentFolder the parent folder that will contain all of the configuration files that need to be created
|
||||
* @param scope the scope of the test that is requiring an instance of SecuritySettingsSource
|
||||
*/
|
||||
public SecuritySettingsSource(int numOfNodes, boolean useGeneratedSSLConfig, byte[] systemKey, Path parentFolder, Scope scope) {
|
||||
super(numOfNodes, DEFAULT_SETTINGS);
|
||||
this.systemKey = systemKey;
|
||||
this.parentFolder = parentFolder;
|
||||
this.subfolderPrefix = scope.name();
|
||||
this.useGeneratedSSLConfig = useGeneratedSSLConfig;
|
||||
@ -115,7 +99,6 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
|
||||
public Settings nodeSettings(int nodeOrdinal) {
|
||||
Path home = SecurityTestUtils.createFolder(parentFolder, subfolderPrefix + "-" + nodeOrdinal);
|
||||
Path xpackConf = SecurityTestUtils.createFolder(home.resolve("config"), XPackPlugin.NAME);
|
||||
writeFile(xpackConf, "system_key", systemKey);
|
||||
writeFile(xpackConf, "users", configUsers());
|
||||
writeFile(xpackConf, "users_roles", configUsersRoles());
|
||||
writeFile(xpackConf, "roles.yml", configRoles());
|
||||
@ -192,22 +175,10 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
|
||||
return new SecureString(DEFAULT_PASSWORD.toCharArray());
|
||||
}
|
||||
|
||||
protected byte[] systemKey() {
|
||||
return systemKey;
|
||||
}
|
||||
|
||||
protected Class<? extends XPackPlugin> xpackPluginClass() {
|
||||
return XPackPlugin.class;
|
||||
}
|
||||
|
||||
private static byte[] generateKey() {
|
||||
try {
|
||||
return CryptoService.generateKey();
|
||||
} catch (Exception e) {
|
||||
throw new ElasticsearchException("exception while generating the system key", e);
|
||||
}
|
||||
}
|
||||
|
||||
public Settings getNodeSSLSettings() {
|
||||
if (randomBoolean()) {
|
||||
return getSSLSettingsForPEMFiles("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.pem", "testnode",
|
||||
|
||||
@ -47,7 +47,6 @@ import org.elasticsearch.xpack.monitoring.resolver.ResolversRegistry;
|
||||
import org.elasticsearch.xpack.security.Security;
|
||||
import org.elasticsearch.xpack.security.authc.file.FileRealm;
|
||||
import org.elasticsearch.xpack.security.authc.support.Hasher;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
import org.elasticsearch.xpack.watcher.WatcherLifeCycleService;
|
||||
import org.hamcrest.Matcher;
|
||||
import org.junit.After;
|
||||
@ -55,7 +54,6 @@ import org.junit.Before;
|
||||
|
||||
import java.io.BufferedWriter;
|
||||
import java.io.IOException;
|
||||
import java.io.OutputStream;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
@ -447,9 +445,6 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
|
||||
private static final String TEST_PASSWORD_HASHED = new String(Hasher.BCRYPT.hash(new SecureString(TEST_PASSWORD.toCharArray())));
|
||||
|
||||
static boolean auditLogsEnabled = SystemPropertyUtil.getBoolean("tests.audit_logs", true);
|
||||
static byte[] systemKey = generateKey(); // must be the same for all nodes
|
||||
|
||||
public static final String IP_FILTER = "allow: all\n";
|
||||
|
||||
public static final String USERS =
|
||||
"transport_client:" + TEST_PASSWORD_HASHED + "\n" +
|
||||
@ -495,7 +490,6 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
|
||||
writeFile(xpackConf, "users", USERS);
|
||||
writeFile(xpackConf, "users_roles", USER_ROLES);
|
||||
writeFile(xpackConf, "roles.yml", ROLES);
|
||||
writeFile(xpackConf, "system_key", systemKey);
|
||||
|
||||
builder.put("xpack.security.enabled", true)
|
||||
.put("xpack.ml.autodetect_process", false)
|
||||
@ -510,15 +504,7 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
|
||||
}
|
||||
}
|
||||
|
||||
static byte[] generateKey() {
|
||||
try {
|
||||
return CryptoService.generateKey();
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
public static String writeFile(Path folder, String name, String content) throws IOException {
|
||||
static String writeFile(Path folder, String name, String content) throws IOException {
|
||||
Path file = folder.resolve(name);
|
||||
try (BufferedWriter stream = Files.newBufferedWriter(file, StandardCharsets.UTF_8)) {
|
||||
Streams.copy(content, stream);
|
||||
@ -527,15 +513,5 @@ public abstract class MonitoringIntegTestCase extends ESIntegTestCase {
|
||||
}
|
||||
return file.toAbsolutePath().toString();
|
||||
}
|
||||
|
||||
public static String writeFile(Path folder, String name, byte[] content) throws IOException {
|
||||
Path file = folder.resolve(name);
|
||||
try (OutputStream stream = Files.newOutputStream(file)) {
|
||||
Streams.copy(content, stream);
|
||||
} catch (IOException e) {
|
||||
throw new ElasticsearchException("error writing file in test", e);
|
||||
}
|
||||
return file.toAbsolutePath().toString();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -13,26 +13,19 @@ import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.xcontent.ToXContent;
|
||||
import org.elasticsearch.common.xcontent.XContentBuilder;
|
||||
import org.elasticsearch.common.xcontent.XContentFactory;
|
||||
import org.elasticsearch.env.Environment;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.test.ESTestCase;
|
||||
import org.elasticsearch.xpack.XPackFeatureSet;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.audit.AuditTrailService;
|
||||
import org.elasticsearch.xpack.security.authc.Realms;
|
||||
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
|
||||
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.elasticsearch.xpack.security.user.AnonymousUser;
|
||||
import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
|
||||
import org.junit.Before;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import java.nio.file.StandardOpenOption;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
@ -40,9 +33,7 @@ import java.util.Map;
|
||||
|
||||
import static org.hamcrest.CoreMatchers.nullValue;
|
||||
import static org.hamcrest.Matchers.contains;
|
||||
import static org.hamcrest.Matchers.containsInAnyOrder;
|
||||
import static org.hamcrest.Matchers.emptyIterable;
|
||||
import static org.hamcrest.Matchers.hasEntry;
|
||||
import static org.hamcrest.Matchers.notNullValue;
|
||||
import static org.hamcrest.core.Is.is;
|
||||
import static org.mockito.Matchers.any;
|
||||
@ -53,19 +44,15 @@ import static org.mockito.Mockito.when;
|
||||
public class SecurityFeatureSetTests extends ESTestCase {
|
||||
|
||||
private Settings settings;
|
||||
private Environment environment;
|
||||
private XPackLicenseState licenseState;
|
||||
private Realms realms;
|
||||
private IPFilter ipFilter;
|
||||
private CompositeRolesStore rolesStore;
|
||||
private NativeRoleMappingStore roleMappingStore;
|
||||
private AuditTrailService auditTrail;
|
||||
private CryptoService cryptoService;
|
||||
|
||||
@Before
|
||||
public void init() throws Exception {
|
||||
settings = Settings.builder().put("path.home", createTempDir()).build();
|
||||
environment = new Environment(settings);
|
||||
licenseState = mock(XPackLicenseState.class);
|
||||
realms = mock(Realms.class);
|
||||
ipFilter = mock(IPFilter.class);
|
||||
@ -75,7 +62,7 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
|
||||
public void testAvailable() throws Exception {
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms,
|
||||
rolesStore, roleMappingStore, ipFilter, environment);
|
||||
rolesStore, roleMappingStore, ipFilter);
|
||||
boolean available = randomBoolean();
|
||||
when(licenseState.isAuthAllowed()).thenReturn(available);
|
||||
assertThat(featureSet.available(), is(available));
|
||||
@ -88,28 +75,16 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
.put("xpack.security.enabled", enabled)
|
||||
.build();
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms,
|
||||
rolesStore, roleMappingStore, ipFilter, environment);
|
||||
rolesStore, roleMappingStore, ipFilter);
|
||||
assertThat(featureSet.enabled(), is(enabled));
|
||||
}
|
||||
|
||||
public void testEnabledDefault() throws Exception {
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms,
|
||||
rolesStore, roleMappingStore, ipFilter, environment);
|
||||
rolesStore, roleMappingStore, ipFilter);
|
||||
assertThat(featureSet.enabled(), is(true));
|
||||
}
|
||||
|
||||
public void testSystemKeyUsageEnabledByCryptoService() throws IOException {
|
||||
final boolean enabled = randomBoolean();
|
||||
if (enabled) {
|
||||
Path path = CryptoService.resolveSystemKey(environment);
|
||||
Files.createDirectories(path.getParent());
|
||||
Files.write(path, new byte[0]);
|
||||
}
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms,
|
||||
rolesStore, roleMappingStore, ipFilter, environment);
|
||||
assertThat(featureSet.systemKeyUsage(), hasEntry("enabled", enabled));
|
||||
}
|
||||
|
||||
public void testUsage() throws Exception {
|
||||
|
||||
boolean authcAuthzAvailable = randomBoolean();
|
||||
@ -164,13 +139,6 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
return Void.TYPE;
|
||||
}).when(roleMappingStore).usageStats(any(ActionListener.class));
|
||||
|
||||
final boolean useSystemKey = randomBoolean();
|
||||
if (useSystemKey) {
|
||||
Path path = CryptoService.resolveSystemKey(environment);
|
||||
Files.createDirectories(path.getParent());
|
||||
Files.write(path, new byte[0], StandardOpenOption.CREATE_NEW);
|
||||
}
|
||||
|
||||
Map<String, Object> realmsUsageStats = new HashMap<>();
|
||||
for (int i = 0; i < 5; i++) {
|
||||
Map<String, Object> realmUsage = new HashMap<>();
|
||||
@ -187,7 +155,7 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
}
|
||||
|
||||
SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState,
|
||||
realms, rolesStore, roleMappingStore, ipFilter, environment);
|
||||
realms, rolesStore, roleMappingStore, ipFilter);
|
||||
PlainActionFuture<XPackFeatureSet.Usage> future = new PlainActionFuture<>();
|
||||
featureSet.usage(future);
|
||||
XPackFeatureSet.Usage securityUsage = future.get();
|
||||
@ -243,9 +211,6 @@ public class SecurityFeatureSetTests extends ESTestCase {
|
||||
assertThat(roleMapping.entrySet(), emptyIterable());
|
||||
}
|
||||
|
||||
// system key
|
||||
assertThat(source.getValue("system_key.enabled"), is(useSystemKey));
|
||||
|
||||
// anonymous
|
||||
assertThat(source.getValue("anonymous.enabled"), is(anonymousEnabled));
|
||||
} else {
|
||||
|
||||
@ -73,7 +73,7 @@ public class SecurityTribeIT extends NativeRealmIntegTestCase {
|
||||
super.setUp();
|
||||
if (cluster2 == null) {
|
||||
SecuritySettingsSource cluster2SettingsSource =
|
||||
new SecuritySettingsSource(defaultMaxNumberOfNodes(), useGeneratedSSL, systemKey(), createTempDir(), Scope.SUITE);
|
||||
new SecuritySettingsSource(defaultMaxNumberOfNodes(), useGeneratedSSL, createTempDir(), Scope.SUITE);
|
||||
cluster2 = new InternalTestCluster(randomLong(), createTempDir(), true, true, 1, 2,
|
||||
UUIDs.randomBase64UUID(random()), cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX, getMockPlugins(),
|
||||
getClientWrapper());
|
||||
@ -135,7 +135,7 @@ public class SecurityTribeIT extends NativeRealmIntegTestCase {
|
||||
|
||||
private void setupTribeNode(Settings settings) throws NodeValidationException, InterruptedException {
|
||||
SecuritySettingsSource cluster2SettingsSource =
|
||||
new SecuritySettingsSource(1, useGeneratedSSL, systemKey(), createTempDir(), Scope.TEST);
|
||||
new SecuritySettingsSource(1, useGeneratedSSL, createTempDir(), Scope.TEST);
|
||||
Map<String,String> asMap = new HashMap<>(cluster2SettingsSource.nodeSettings(0).getAsMap());
|
||||
asMap.remove(NodeEnvironment.MAX_LOCAL_STORAGE_NODES_SETTING.getKey());
|
||||
Settings.Builder tribe1Defaults = Settings.builder();
|
||||
|
||||
@ -42,7 +42,6 @@ import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.ml.MachineLearning;
|
||||
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationToken;
|
||||
import org.elasticsearch.xpack.security.crypto.CryptoService;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
|
||||
import org.elasticsearch.xpack.security.user.SystemUser;
|
||||
@ -88,7 +87,6 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||
private static boolean remoteIndexing;
|
||||
private static InternalTestCluster remoteCluster;
|
||||
private static Settings remoteSettings;
|
||||
private static byte[] systemKey;
|
||||
|
||||
private TransportAddress remoteAddress = buildNewFakeTransportAddress();
|
||||
private TransportAddress localAddress = new TransportAddress(InetAddress.getLoopbackAddress(), 0);
|
||||
@ -103,7 +101,6 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||
@BeforeClass
|
||||
public static void configureBeforeClass() {
|
||||
remoteIndexing = randomBoolean();
|
||||
systemKey = CryptoService.generateKey();
|
||||
if (remoteIndexing == false) {
|
||||
remoteSettings = Settings.EMPTY;
|
||||
}
|
||||
@ -139,7 +136,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||
logger.info("--> remote indexing enabled. security enabled: [{}], SSL enabled: [{}], nodes: [{}]", useSecurity, useGeneratedSSL,
|
||||
numNodes);
|
||||
SecuritySettingsSource cluster2SettingsSource =
|
||||
new SecuritySettingsSource(numNodes, useGeneratedSSL, systemKey(), createTempDir(), Scope.SUITE) {
|
||||
new SecuritySettingsSource(numNodes, useGeneratedSSL, createTempDir(), Scope.SUITE) {
|
||||
@Override
|
||||
public Settings nodeSettings(int nodeOrdinal) {
|
||||
Settings.Builder builder = Settings.builder()
|
||||
@ -220,11 +217,6 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
|
||||
return Collections.singleton(IndexAuditTrail.INDEX_TEMPLATE_NAME);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected byte[] systemKey() {
|
||||
return systemKey;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected int maximumNumberOfShards() {
|
||||
return 3;
|
||||
|
||||
@ -90,7 +90,7 @@ public class RemoteIndexAuditTrailStartingTests extends SecurityIntegTestCase {
|
||||
// Setup a second test cluster with a single node, security enabled, and SSL
|
||||
final int numNodes = 1;
|
||||
SecuritySettingsSource cluster2SettingsSource =
|
||||
new SecuritySettingsSource(numNodes, useGeneratedSSL, systemKey(), createTempDir(), Scope.TEST) {
|
||||
new SecuritySettingsSource(numNodes, useGeneratedSSL, createTempDir(), Scope.TEST) {
|
||||
@Override
|
||||
public Settings nodeSettings(int nodeOrdinal) {
|
||||
Settings.Builder builder = Settings.builder()
|
||||
|
||||
@ -82,7 +82,6 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase
|
||||
Path home = createTempDir();
|
||||
Path xpackConf = home.resolve("config").resolve(XPackPlugin.NAME);
|
||||
Files.createDirectories(xpackConf);
|
||||
writeFile(xpackConf, "system_key", systemKey());
|
||||
|
||||
Transport transport = internalCluster().getDataNodeInstance(Transport.class);
|
||||
TransportAddress transportAddress = transport.boundAddress().publishAddress();
|
||||
@ -115,7 +114,6 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase
|
||||
Path home = createTempDir();
|
||||
Path xpackConf = home.resolve("config").resolve(XPackPlugin.NAME);
|
||||
Files.createDirectories(xpackConf);
|
||||
writeFile(xpackConf, "system_key", systemKey());
|
||||
writeFile(xpackConf, "users", configUsers());
|
||||
writeFile(xpackConf, "users_roles", configUsersRoles());
|
||||
writeFile(xpackConf, "roles.yml", configRoles());
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user