Cut over SecurityServerTransportService to use the new Interceptor infrastructure (elastic/elasticsearch#3491)
TransportService is not pluggable anymore in core. Instead we now have a interceptor infrastructure that allows to intercept send and receive calls on the transport layer. Relates to elastic/elasticsearchelastic/elasticsearch#20505 Original commit: elastic/x-pack-elasticsearch@04194ecb09
This commit is contained in:
Simon Willnauer
GitHub
parent
635b5a6800
commit
efeb9cefce
|
|
@ -112,7 +112,8 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
|
|||
clusterService.setClusterStatePublisher((event, ackListener) -> {});
|
||||
clusterService.start();
|
||||
|
||||
transportService = new TransportService(clusterService.getSettings(), transport, threadPool);
|
||||
transportService = new TransportService(clusterService.getSettings(), transport, threadPool,
|
||||
TransportService.NOOP_TRANSPORT_INTERCEPTOR);
|
||||
transportService.start();
|
||||
transportService.acceptIncomingRequests();
|
||||
exportService = new CapturingExporters();
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@
|
|||
package org.elasticsearch.xpack.security;
|
||||
|
||||
import org.apache.logging.log4j.Logger;
|
||||
import org.apache.lucene.util.SetOnce;
|
||||
import org.elasticsearch.action.ActionRequest;
|
||||
import org.elasticsearch.action.ActionResponse;
|
||||
import org.elasticsearch.action.support.ActionFilter;
|
||||
|
|
@ -30,6 +31,9 @@ import org.elasticsearch.plugins.ActionPlugin;
|
|||
import org.elasticsearch.plugins.IngestPlugin;
|
||||
import org.elasticsearch.rest.RestHandler;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.TransportInterceptor;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
import org.elasticsearch.transport.TransportRequestHandler;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.XPackPlugin;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
|
|
@ -99,7 +103,7 @@ import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction;
|
|||
import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction;
|
||||
import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction;
|
||||
import org.elasticsearch.xpack.security.rest.action.user.RestSetEnabledAction;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor;
|
||||
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
|
||||
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
|
||||
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
|
||||
|
|
@ -152,6 +156,10 @@ public class Security implements ActionPlugin, IngestPlugin {
|
|||
private final XPackLicenseState licenseState;
|
||||
private final CryptoService cryptoService;
|
||||
private final SSLService sslService;
|
||||
/* what a PITA that we need an extra indirection to initialize this. Yet, once we got rid of guice we can thing about how
|
||||
* to fix this or make it simpler. Today we need several service that are created in createComponents but we need to register
|
||||
* an instance of TransportInterceptor way earlier before createComponents is called. */
|
||||
private final SetOnce<TransportInterceptor> securityIntercepter = new SetOnce<>();
|
||||
|
||||
public Security(Settings settings, Environment env, XPackLicenseState licenseState, SSLService sslService) throws IOException {
|
||||
this.settings = settings;
|
||||
|
|
@ -319,7 +327,8 @@ public class Security implements ActionPlugin, IngestPlugin {
|
|||
if (IPFilter.IP_FILTER_ENABLED_SETTING.get(settings)) {
|
||||
components.add(new IPFilter(settings, auditTrailService, clusterService.getClusterSettings(), licenseState));
|
||||
}
|
||||
|
||||
securityIntercepter.set(new SecurityServerTransportInterceptor(settings, threadPool, authcService, authzService, licenseState,
|
||||
sslService));
|
||||
return components;
|
||||
}
|
||||
|
||||
|
|
@ -362,9 +371,6 @@ public class Security implements ActionPlugin, IngestPlugin {
|
|||
SecurityNetty4HttpServerTransport.overrideSettings(settingsBuilder, settings);
|
||||
}
|
||||
|
||||
if (transportClientMode == false) {
|
||||
settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, XPackPlugin.SECURITY);
|
||||
}
|
||||
addUserSettings(settings, settingsBuilder);
|
||||
addTribeSettings(settings, settingsBuilder);
|
||||
return settingsBuilder.build();
|
||||
|
|
@ -514,7 +520,20 @@ public class Security implements ActionPlugin, IngestPlugin {
|
|||
if (enabled) {
|
||||
module.registerTransport(Security.NAME3, SecurityNetty3Transport.class);
|
||||
module.registerTransport(Security.NAME4, SecurityNetty4Transport.class);
|
||||
module.registerTransportService(XPackPlugin.SECURITY, SecurityServerTransportService.class);
|
||||
module.addTransportInterceptor(new TransportInterceptor() {
|
||||
@Override
|
||||
public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String action,
|
||||
TransportRequestHandler<T> actualHandler) {
|
||||
assert securityIntercepter.get() != null;
|
||||
return securityIntercepter.get().interceptHandler(action, actualHandler);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AsyncSender interceptSender(AsyncSender sender) {
|
||||
assert securityIntercepter.get() != null;
|
||||
return securityIntercepter.get().interceptSender(sender);
|
||||
}
|
||||
});
|
||||
module.registerHttpTransport(Security.NAME3, SecurityNetty3HttpServerTransport.class);
|
||||
module.registerHttpTransport(Security.NAME4, SecurityNetty4HttpServerTransport.class);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,6 @@ public class SecurityActionModule extends AbstractSecurityModule.Node {
|
|||
|
||||
@Override
|
||||
protected void configureNode() {
|
||||
bind(SecurityActionMapper.class).asEagerSingleton();
|
||||
// we need to ensure that there's only a single instance of the action filters
|
||||
bind(SecurityActionFilter.class).asEagerSingleton();
|
||||
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
|
|||
private final AuthorizationService authzService;
|
||||
private final CryptoService cryptoService;
|
||||
private final AuditTrail auditTrail;
|
||||
private final SecurityActionMapper actionMapper;
|
||||
private final SecurityActionMapper actionMapper = new SecurityActionMapper();
|
||||
private final Set<RequestInterceptor> requestInterceptors;
|
||||
private final XPackLicenseState licenseState;
|
||||
private final ThreadContext threadContext;
|
||||
|
|
@ -65,14 +65,13 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
|
|||
@Inject
|
||||
public SecurityActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService,
|
||||
CryptoService cryptoService, AuditTrailService auditTrail, XPackLicenseState licenseState,
|
||||
SecurityActionMapper actionMapper, Set<RequestInterceptor> requestInterceptors, ThreadPool threadPool,
|
||||
Set<RequestInterceptor> requestInterceptors, ThreadPool threadPool,
|
||||
SecurityContext securityContext) {
|
||||
super(settings);
|
||||
this.authcService = authcService;
|
||||
this.authzService = authzService;
|
||||
this.cryptoService = cryptoService;
|
||||
this.auditTrail = auditTrail;
|
||||
this.actionMapper = actionMapper;
|
||||
this.licenseState = licenseState;
|
||||
this.requestInterceptors = requestInterceptors;
|
||||
this.threadContext = threadPool.getThreadContext();
|
||||
|
|
|
|||
|
|
@ -6,10 +6,9 @@
|
|||
package org.elasticsearch.xpack.security.transport;
|
||||
|
||||
import org.elasticsearch.cluster.node.DiscoveryNode;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.common.util.concurrent.ThreadContext;
|
||||
import org.elasticsearch.xpack.security.action.SecurityActionMapper;
|
||||
import org.elasticsearch.transport.TransportInterceptor;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationService;
|
||||
import org.elasticsearch.xpack.security.authz.AuthorizationService;
|
||||
import org.elasticsearch.xpack.security.authz.AuthorizationUtils;
|
||||
|
|
@ -19,7 +18,6 @@ import org.elasticsearch.xpack.ssl.SSLService;
|
|||
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
|
||||
import org.elasticsearch.tasks.Task;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportChannel;
|
||||
import org.elasticsearch.transport.TransportException;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
|
@ -29,95 +27,85 @@ import org.elasticsearch.transport.TransportResponse;
|
|||
import org.elasticsearch.transport.TransportResponseHandler;
|
||||
import org.elasticsearch.transport.TransportService;
|
||||
import org.elasticsearch.transport.TransportSettings;
|
||||
import org.elasticsearch.xpack.security.transport.netty4.SecurityNetty4Transport;
|
||||
import org.elasticsearch.xpack.security.user.SystemUser;
|
||||
|
||||
import java.util.Collections;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
import static org.elasticsearch.xpack.XPackSettings.TRANSPORT_SSL_ENABLED;
|
||||
import static org.elasticsearch.xpack.security.Security.setting;
|
||||
|
||||
public class SecurityServerTransportService extends TransportService {
|
||||
public class SecurityServerTransportInterceptor implements TransportInterceptor {
|
||||
|
||||
private static final String SETTING_NAME = "xpack.security.type";
|
||||
|
||||
private final AuthenticationService authcService;
|
||||
private final AuthorizationService authzService;
|
||||
private final SecurityActionMapper actionMapper;
|
||||
private final SSLService sslService;
|
||||
private final Map<String, ServerTransportFilter> profileFilters;
|
||||
final XPackLicenseState licenseState;
|
||||
private final ThreadPool threadPool;
|
||||
private final Settings settings;
|
||||
|
||||
@Inject
|
||||
public SecurityServerTransportService(Settings settings, Transport transport, ThreadPool threadPool,
|
||||
AuthenticationService authcService,
|
||||
AuthorizationService authzService,
|
||||
SecurityActionMapper actionMapper,
|
||||
XPackLicenseState licenseState,
|
||||
SSLService sslService) {
|
||||
super(settings, transport, threadPool);
|
||||
public SecurityServerTransportInterceptor(Settings settings,
|
||||
ThreadPool threadPool,
|
||||
AuthenticationService authcService,
|
||||
AuthorizationService authzService,
|
||||
XPackLicenseState licenseState,
|
||||
SSLService sslService) {
|
||||
this.settings = settings;
|
||||
this.threadPool = threadPool;
|
||||
this.authcService = authcService;
|
||||
this.authzService = authzService;
|
||||
this.actionMapper = actionMapper;
|
||||
this.licenseState = licenseState;
|
||||
this.sslService = sslService;
|
||||
this.profileFilters = initializeProfileFilters();
|
||||
}
|
||||
|
||||
@Override
|
||||
public <T extends TransportResponse> void sendRequest(DiscoveryNode node, String action, TransportRequest request,
|
||||
TransportRequestOptions options, TransportResponseHandler<T> handler) {
|
||||
// Sometimes a system action gets executed like a internal create index request or update mappings request
|
||||
// which means that the user is copied over to system actions so we need to change the user
|
||||
if (AuthorizationUtils.shouldReplaceUserWithSystem(threadPool.getThreadContext(), action)) {
|
||||
try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) {
|
||||
final ThreadContext.StoredContext original = threadPool.getThreadContext().newStoredContext();
|
||||
sendWithUser(node, action, request, options, new ContextRestoreResponseHandler<>(original, handler));
|
||||
public AsyncSender interceptSender(AsyncSender sender) {
|
||||
return new AsyncSender() {
|
||||
@Override
|
||||
public <T extends TransportResponse> void sendRequest(DiscoveryNode node, String action, TransportRequest request,
|
||||
TransportRequestOptions options, TransportResponseHandler<T> handler) {
|
||||
// Sometimes a system action gets executed like a internal create index request or update mappings request
|
||||
// which means that the user is copied over to system actions so we need to change the user
|
||||
if (AuthorizationUtils.shouldReplaceUserWithSystem(threadPool.getThreadContext(), action)) {
|
||||
try (ThreadContext.StoredContext ctx = threadPool.getThreadContext().stashContext()) {
|
||||
final ThreadContext.StoredContext original = threadPool.getThreadContext().newStoredContext();
|
||||
sendWithUser(node, action, request, options, new ContextRestoreResponseHandler<>(original, handler), sender);
|
||||
}
|
||||
} else {
|
||||
sendWithUser(node, action, request, options, handler, sender);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
sendWithUser(node, action, request, options, handler);
|
||||
}
|
||||
};
|
||||
}
|
||||
|
||||
private <T extends TransportResponse> void sendWithUser(DiscoveryNode node, String action, TransportRequest request,
|
||||
TransportRequestOptions options, TransportResponseHandler<T> handler) {
|
||||
TransportRequestOptions options, TransportResponseHandler<T> handler,
|
||||
AsyncSender sender) {
|
||||
try {
|
||||
// this will check if there's a user associated with the request. If there isn't,
|
||||
// the system user will be attached. There cannot be a request outgoing from this
|
||||
// node that is not associated with a user.
|
||||
authcService.attachUserIfMissing(SystemUser.INSTANCE);
|
||||
super.sendRequest(node, action, request, options, handler);
|
||||
sender.sendRequest(node, action, request, options, handler);
|
||||
} catch (Exception e) {
|
||||
handler.handleException(new TransportException("failed sending request", e));
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public <Request extends TransportRequest> void registerRequestHandler(String action, Supplier<Request> requestFactory, String
|
||||
executor, TransportRequestHandler<Request> handler) {
|
||||
TransportRequestHandler<Request> wrappedHandler = new ProfileSecuredRequestHandler<>(action, handler, profileFilters,
|
||||
public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String action,
|
||||
TransportRequestHandler<T> actualHandler) {
|
||||
return new ProfileSecuredRequestHandler<>(action, actualHandler, profileFilters,
|
||||
licenseState, threadPool.getThreadContext());
|
||||
super.registerRequestHandler(action, requestFactory, executor, wrappedHandler);
|
||||
}
|
||||
|
||||
@Override
|
||||
public <Request extends TransportRequest> void registerRequestHandler(String action, Supplier<Request> request, String executor,
|
||||
boolean forceExecution, boolean canTripCircuitBreaker,
|
||||
TransportRequestHandler<Request> handler) {
|
||||
TransportRequestHandler<Request> wrappedHandler = new ProfileSecuredRequestHandler<>(action, handler, profileFilters,
|
||||
licenseState, threadPool.getThreadContext());
|
||||
super.registerRequestHandler(action, request, executor, forceExecution, canTripCircuitBreaker, wrappedHandler);
|
||||
}
|
||||
|
||||
protected Map<String, ServerTransportFilter> initializeProfileFilters() {
|
||||
if ((transport instanceof SecurityNetty3Transport) == false && (transport instanceof SecurityNetty4Transport) == false) {
|
||||
return Collections.<String, ServerTransportFilter>singletonMap(TransportSettings.DEFAULT_PROFILE,
|
||||
new ServerTransportFilter.NodeProfile(authcService, authzService, actionMapper, threadPool.getThreadContext(), false));
|
||||
}
|
||||
|
||||
Map<String, Settings> profileSettingsMap = settings.getGroups("transport.profiles.", true);
|
||||
Map<String, ServerTransportFilter> profileFilters = new HashMap<>(profileSettingsMap.size() + 1);
|
||||
|
||||
|
|
@ -131,11 +119,11 @@ public class SecurityServerTransportService extends TransportService {
|
|||
String type = entry.getValue().get(SETTING_NAME, "node");
|
||||
switch (type) {
|
||||
case "client":
|
||||
profileFilters.put(entry.getKey(), new ServerTransportFilter.ClientProfile(authcService, authzService, actionMapper,
|
||||
profileFilters.put(entry.getKey(), new ServerTransportFilter.ClientProfile(authcService, authzService,
|
||||
threadPool.getThreadContext(), extractClientCert));
|
||||
break;
|
||||
default:
|
||||
profileFilters.put(entry.getKey(), new ServerTransportFilter.NodeProfile(authcService, authzService, actionMapper,
|
||||
profileFilters.put(entry.getKey(), new ServerTransportFilter.NodeProfile(authcService, authzService,
|
||||
threadPool.getThreadContext(), extractClientCert));
|
||||
}
|
||||
}
|
||||
|
|
@ -144,8 +132,8 @@ public class SecurityServerTransportService extends TransportService {
|
|||
final boolean profileSsl = TRANSPORT_SSL_ENABLED.get(settings);
|
||||
final boolean clientAuth = sslService.isSSLClientAuthEnabled(transportSSLSettings);
|
||||
final boolean extractClientCert = profileSsl && clientAuth;
|
||||
profileFilters.put(TransportSettings.DEFAULT_PROFILE, new ServerTransportFilter.NodeProfile(authcService, authzService,
|
||||
actionMapper, threadPool.getThreadContext(), extractClientCert));
|
||||
profileFilters.put(TransportSettings.DEFAULT_PROFILE, new ServerTransportFilter.NodeProfile(authcService, authzService
|
||||
, threadPool.getThreadContext(), extractClientCert));
|
||||
}
|
||||
|
||||
return Collections.unmodifiableMap(profileFilters);
|
||||
|
|
@ -54,15 +54,14 @@ public interface ServerTransportFilter {
|
|||
|
||||
private final AuthenticationService authcService;
|
||||
private final AuthorizationService authzService;
|
||||
private final SecurityActionMapper actionMapper;
|
||||
private final SecurityActionMapper actionMapper = new SecurityActionMapper();
|
||||
private final ThreadContext threadContext;
|
||||
private final boolean extractClientCert;
|
||||
|
||||
public NodeProfile(AuthenticationService authcService, AuthorizationService authzService,
|
||||
SecurityActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
|
||||
ThreadContext threadContext, boolean extractClientCert) {
|
||||
this.authcService = authcService;
|
||||
this.authzService = authzService;
|
||||
this.actionMapper = actionMapper;
|
||||
this.threadContext = threadContext;
|
||||
this.extractClientCert = extractClientCert;
|
||||
}
|
||||
|
|
@ -134,8 +133,8 @@ public interface ServerTransportFilter {
|
|||
class ClientProfile extends NodeProfile {
|
||||
|
||||
public ClientProfile(AuthenticationService authcService, AuthorizationService authzService,
|
||||
SecurityActionMapper actionMapper, ThreadContext threadContext, boolean extractClientCert) {
|
||||
super(authcService, authzService, actionMapper, threadContext, extractClientCert);
|
||||
ThreadContext threadContext, boolean extractClientCert) {
|
||||
super(authcService, authzService, threadContext, extractClientCert);
|
||||
}
|
||||
|
||||
@Override
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ import java.util.Map;
|
|||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.test.SecurityIntegTestCase;
|
||||
import org.elasticsearch.xpack.XPackSettings;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
|
||||
import org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor;
|
||||
|
||||
import static org.hamcrest.Matchers.instanceOf;
|
||||
import static org.hamcrest.Matchers.startsWith;
|
||||
|
|
@ -27,13 +27,12 @@ public class SecurityServerTransportServiceTests extends SecurityIntegTestCase {
|
|||
|
||||
public void testSecurityServerTransportServiceWrapsAllHandlers() {
|
||||
for (TransportService transportService : internalCluster().getInstances(TransportService.class)) {
|
||||
assertThat(transportService, instanceOf(SecurityServerTransportService.class));
|
||||
for (Map.Entry<String, RequestHandlerRegistry> entry : transportService.requestHandlers.entrySet()) {
|
||||
assertThat(
|
||||
"handler not wrapped by " + SecurityServerTransportService.ProfileSecuredRequestHandler.class +
|
||||
"handler not wrapped by " + SecurityServerTransportInterceptor.ProfileSecuredRequestHandler.class +
|
||||
"; do all the handler registration methods have overrides?",
|
||||
entry.getValue().toString(),
|
||||
startsWith(SecurityServerTransportService.ProfileSecuredRequestHandler.class.getName() + "@")
|
||||
startsWith(SecurityServerTransportInterceptor.ProfileSecuredRequestHandler.class.getName() + "@")
|
||||
);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -65,7 +65,7 @@ public class SecurityActionFilterTests extends ESTestCase {
|
|||
ThreadPool threadPool = mock(ThreadPool.class);
|
||||
when(threadPool.getThreadContext()).thenReturn(new ThreadContext(Settings.EMPTY));
|
||||
filter = new SecurityActionFilter(Settings.EMPTY, authcService, authzService, cryptoService, auditTrail, licenseState,
|
||||
new SecurityActionMapper(), new HashSet<>(), threadPool, mock(SecurityContext.class));
|
||||
new HashSet<>(), threadPool, mock(SecurityContext.class));
|
||||
}
|
||||
|
||||
public void testApply() throws Exception {
|
||||
|
|
|
|||
|
|
@ -41,7 +41,8 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom(new ArrayList<>(ReservedRolesStore.names()));
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteRoleRequest request = new DeleteRoleRequest();
|
||||
request.name(roleName);
|
||||
|
|
@ -70,7 +71,8 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteRoleRequest request = new DeleteRoleRequest();
|
||||
request.name(roleName);
|
||||
|
|
@ -112,7 +114,8 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteRoleRequest request = new DeleteRoleRequest();
|
||||
request.name(roleName);
|
||||
|
|
|
|||
|
|
@ -53,7 +53,9 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
|||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
SecurityContext context = mock(SecurityContext.class);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class), new ReservedRolesStore(context));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
new ReservedRolesStore(context));
|
||||
|
||||
final boolean isKibanaUser = randomBoolean();
|
||||
if (isKibanaUser) {
|
||||
|
|
@ -115,7 +117,9 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
|||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
SecurityContext context = mock(SecurityContext.class);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class), new ReservedRolesStore(context));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
new ReservedRolesStore(context));
|
||||
|
||||
final boolean isKibanaUser = randomBoolean();
|
||||
if (isKibanaUser) {
|
||||
|
|
@ -192,7 +196,9 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
|||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
SecurityContext context = mock(SecurityContext.class);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class), new ReservedRolesStore(context));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
new ReservedRolesStore(context));
|
||||
|
||||
final boolean isKibanaUser = randomBoolean();
|
||||
final List<String> expectedNames = new ArrayList<>();
|
||||
|
|
@ -284,7 +290,9 @@ public class TransportGetRolesActionTests extends ESTestCase {
|
|||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
SecurityContext context = mock(SecurityContext.class);
|
||||
TransportGetRolesAction action = new TransportGetRolesAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class), new ReservedRolesStore(context));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
new ReservedRolesStore(context));
|
||||
|
||||
GetRolesRequest request = new GetRolesRequest();
|
||||
request.names(storeRoleDescriptors.stream().map(RoleDescriptor::getName).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY));
|
||||
|
|
|
|||
|
|
@ -42,7 +42,8 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom(new ArrayList<>(ReservedRolesStore.names()));
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
PutRoleRequest request = new PutRoleRequest();
|
||||
request.name(roleName);
|
||||
|
|
@ -71,7 +72,8 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
final boolean created = randomBoolean();
|
||||
PutRoleRequest request = new PutRoleRequest();
|
||||
|
|
@ -113,7 +115,8 @@ public class TransportPutRoleActionTests extends ESTestCase {
|
|||
final String roleName = randomFrom("admin", "dept_a", "restricted");
|
||||
NativeRolesStore rolesStore = mock(NativeRolesStore.class);
|
||||
TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
|
||||
mock(IndexNameExpressionResolver.class), rolesStore, mock(TransportService.class));
|
||||
mock(IndexNameExpressionResolver.class), rolesStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
PutRoleRequest request = new PutRoleRequest();
|
||||
request.name(roleName);
|
||||
|
|
|
|||
|
|
@ -36,7 +36,8 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
|||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
when(securityContext.getUser()).thenReturn(randomFrom(SystemUser.INSTANCE, XPackUser.INSTANCE));
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
securityContext);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
|
|
@ -61,7 +62,8 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
|||
public void testNullUser() {
|
||||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
securityContext);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
|
|
@ -88,7 +90,8 @@ public class TransportAuthenticateActionTests extends ESTestCase {
|
|||
SecurityContext securityContext = mock(SecurityContext.class);
|
||||
when(securityContext.getUser()).thenReturn(user);
|
||||
TransportAuthenticateAction action = new TransportAuthenticateAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
securityContext);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
|
|
|
|||
|
|
@ -48,7 +48,8 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
|||
AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(settings, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
ChangePasswordRequest request = new ChangePasswordRequest();
|
||||
request.username(anonymousUser.principal());
|
||||
|
|
@ -77,7 +78,8 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
|||
public void testInternalUsers() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
ChangePasswordRequest request = new ChangePasswordRequest();
|
||||
request.username(randomFrom(SystemUser.INSTANCE.principal(), XPackUser.INSTANCE.principal()));
|
||||
|
|
@ -119,7 +121,8 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
|||
}
|
||||
}).when(usersStore).changePassword(eq(request), any(ActionListener.class));
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
final AtomicReference<ChangePasswordResponse> responseRef = new AtomicReference<>();
|
||||
|
|
@ -158,7 +161,8 @@ public class TransportChangePasswordActionTests extends ESTestCase {
|
|||
}
|
||||
}).when(usersStore).changePassword(eq(request), any(ActionListener.class));
|
||||
TransportChangePasswordAction action = new TransportChangePasswordAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
final AtomicReference<ChangePasswordResponse> responseRef = new AtomicReference<>();
|
||||
|
|
|
|||
|
|
@ -45,7 +45,8 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
|||
Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "superuser").build();
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(settings, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteUserRequest request = new DeleteUserRequest(new AnonymousUser(settings).principal());
|
||||
|
||||
|
|
@ -72,7 +73,8 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
|||
public void testInternalUser() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteUserRequest request = new DeleteUserRequest(randomFrom(SystemUser.INSTANCE.principal(), XPackUser.INSTANCE.principal()));
|
||||
|
||||
|
|
@ -100,7 +102,8 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
|||
final User reserved = randomFrom(new ElasticUser(true), new KibanaUser(true));
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
DeleteUserRequest request = new DeleteUserRequest(reserved.principal());
|
||||
|
||||
|
|
@ -128,7 +131,8 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
|||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
final boolean found = randomBoolean();
|
||||
final DeleteUserRequest request = new DeleteUserRequest(user.principal());
|
||||
|
|
@ -167,7 +171,8 @@ public class TransportDeleteUserActionTests extends ESTestCase {
|
|||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
final DeleteUserRequest request = new DeleteUserRequest(user.principal());
|
||||
doAnswer(new Answer() {
|
||||
|
|
|
|||
|
|
@ -73,7 +73,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, anonymousUser);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
reservedRealm);
|
||||
|
||||
GetUsersRequest request = new GetUsersRequest();
|
||||
|
|
@ -108,7 +109,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
mock(TransportService.class), mock(ReservedRealm.class));
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR), mock(ReservedRealm.class));
|
||||
|
||||
GetUsersRequest request = new GetUsersRequest();
|
||||
request.usernames(randomFrom(SystemUser.INSTANCE.principal(), XPackUser.INSTANCE.principal()));
|
||||
|
|
@ -142,7 +143,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
final List<User> reservedUsers = randomSubsetOf(size, allReservedUsers);
|
||||
final List<String> names = reservedUsers.stream().map(User::principal).collect(Collectors.toList());
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
reservedRealm);
|
||||
|
||||
logger.error("names {}", names);
|
||||
|
|
@ -175,7 +177,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
when(usersStore.started()).thenReturn(true);
|
||||
ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), settings, usersStore, new AnonymousUser(settings));
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
reservedRealm);
|
||||
|
||||
GetUsersRequest request = new GetUsersRequest();
|
||||
|
|
@ -219,7 +222,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ReservedRealm.class));
|
||||
|
||||
GetUsersRequest request = new GetUsersRequest();
|
||||
|
|
@ -281,7 +285,8 @@ public class TransportGetUsersActionTests extends ESTestCase {
|
|||
final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportGetUsersAction action = new TransportGetUsersAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ReservedRealm.class));
|
||||
|
||||
GetUsersRequest request = new GetUsersRequest();
|
||||
|
|
|
|||
|
|
@ -50,7 +50,8 @@ public class TransportPutUserActionTests extends ESTestCase {
|
|||
final AnonymousUser anonymousUser = new AnonymousUser(settings);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportPutUserAction action = new TransportPutUserAction(settings, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
PutUserRequest request = new PutUserRequest();
|
||||
request.username(anonymousUser.principal());
|
||||
|
|
@ -78,7 +79,8 @@ public class TransportPutUserActionTests extends ESTestCase {
|
|||
public void testSystemUser() {
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
PutUserRequest request = new PutUserRequest();
|
||||
request.username(randomFrom(SystemUser.INSTANCE.principal(), XPackUser.INSTANCE.principal()));
|
||||
|
|
@ -110,7 +112,8 @@ public class TransportPutUserActionTests extends ESTestCase {
|
|||
ReservedRealm reservedRealm = new ReservedRealm(new Environment(settings), settings, usersStore, new AnonymousUser(settings));
|
||||
final User reserved = randomFrom(reservedRealm.users().toArray(new User[0]));
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
PutUserRequest request = new PutUserRequest();
|
||||
request.username(reserved.principal());
|
||||
|
|
@ -139,7 +142,8 @@ public class TransportPutUserActionTests extends ESTestCase {
|
|||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
final boolean isCreate = randomBoolean();
|
||||
final PutUserRequest request = new PutUserRequest();
|
||||
|
|
@ -183,7 +187,8 @@ public class TransportPutUserActionTests extends ESTestCase {
|
|||
final User user = new User("joe");
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore, mock(TransportService.class));
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore,
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR));
|
||||
|
||||
final PutUserRequest request = new PutUserRequest();
|
||||
request.username(user.principal());
|
||||
|
|
|
|||
|
|
@ -59,7 +59,8 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
|||
when(authentication.getRunAsUser()).thenReturn(user);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(settings, threadPool,
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
SetEnabledRequest request = new SetEnabledRequest();
|
||||
request.username(new AnonymousUser(settings).principal());
|
||||
|
|
@ -95,7 +96,8 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
|||
when(authentication.getRunAsUser()).thenReturn(user);
|
||||
NativeUsersStore usersStore = mock(NativeUsersStore.class);
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool,
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
SetEnabledRequest request = new SetEnabledRequest();
|
||||
request.username(randomFrom(SystemUser.INSTANCE.principal(), XPackUser.INSTANCE.principal()));
|
||||
|
|
@ -147,7 +149,8 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
|||
}).when(usersStore)
|
||||
.setEnabled(eq(user.principal()), eq(request.enabled()), eq(request.getRefreshPolicy()), any(ActionListener.class));
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool,
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
final AtomicReference<SetEnabledResponse> responseRef = new AtomicReference<>();
|
||||
|
|
@ -197,7 +200,8 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
|||
}).when(usersStore)
|
||||
.setEnabled(eq(user.principal()), eq(request.enabled()), eq(request.getRefreshPolicy()), any(ActionListener.class));
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool,
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
final AtomicReference<SetEnabledResponse> responseRef = new AtomicReference<>();
|
||||
|
|
@ -235,7 +239,8 @@ public class TransportSetEnabledActionTests extends ESTestCase {
|
|||
request.enabled(randomBoolean());
|
||||
request.setRefreshPolicy(randomFrom(RefreshPolicy.values()));
|
||||
TransportSetEnabledAction action = new TransportSetEnabledAction(Settings.EMPTY, threadPool,
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class), usersStore);
|
||||
|
||||
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
|
||||
final AtomicReference<SetEnabledResponse> responseRef = new AtomicReference<>();
|
||||
|
|
|
|||
|
|
@ -42,7 +42,7 @@ public class ServerTransportFilterTests extends ESTestCase {
|
|||
authzService = mock(AuthorizationService.class);
|
||||
channel = mock(TransportChannel.class);
|
||||
when(channel.getProfileName()).thenReturn(TransportSettings.DEFAULT_PROFILE);
|
||||
filter = new ServerTransportFilter.NodeProfile(authcService, authzService, new SecurityActionMapper(),
|
||||
filter = new ServerTransportFilter.NodeProfile(authcService, authzService,
|
||||
new ThreadContext(Settings.EMPTY), false);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -5,25 +5,29 @@
|
|||
*/
|
||||
package org.elasticsearch.xpack.security.transport;
|
||||
|
||||
import org.elasticsearch.client.Client;
|
||||
import org.elasticsearch.cluster.service.ClusterService;
|
||||
import org.elasticsearch.cluster.node.DiscoveryNode;
|
||||
import org.elasticsearch.common.inject.AbstractModule;
|
||||
import org.elasticsearch.common.inject.Inject;
|
||||
import org.elasticsearch.common.inject.Binder;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
import org.elasticsearch.common.io.stream.StreamInput;
|
||||
import org.elasticsearch.common.io.stream.StreamOutput;
|
||||
import org.elasticsearch.common.network.NetworkModule;
|
||||
import org.elasticsearch.common.settings.Settings;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
import org.elasticsearch.plugins.PluginsService;
|
||||
import org.elasticsearch.script.ScriptService;
|
||||
import org.elasticsearch.search.SearchRequestParsers;
|
||||
import org.elasticsearch.transport.MockTcpTransportPlugin;
|
||||
import org.elasticsearch.xpack.security.action.SecurityActionMapper;
|
||||
import org.elasticsearch.transport.TransportInterceptor;
|
||||
import org.elasticsearch.watcher.ResourceWatcherService;
|
||||
import org.elasticsearch.xpack.security.authc.AuthenticationService;
|
||||
import org.elasticsearch.xpack.security.authz.AuthorizationService;
|
||||
import org.elasticsearch.license.XPackLicenseState;
|
||||
import org.elasticsearch.test.ESIntegTestCase;
|
||||
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
|
||||
import org.elasticsearch.threadpool.ThreadPool;
|
||||
import org.elasticsearch.transport.Transport;
|
||||
import org.elasticsearch.transport.TransportChannel;
|
||||
import org.elasticsearch.transport.TransportException;
|
||||
import org.elasticsearch.transport.TransportRequest;
|
||||
|
|
@ -52,9 +56,6 @@ import static org.mockito.Mockito.inOrder;
|
|||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@ClusterScope(scope = SUITE, numDataNodes = 0)
|
||||
@ESIntegTestCase.SuppressLocalMode
|
||||
public class TransportFilterTests extends ESIntegTestCase {
|
||||
|
|
@ -66,12 +67,12 @@ public class TransportFilterTests extends ESIntegTestCase {
|
|||
|
||||
@Override
|
||||
protected Collection<Class<? extends Plugin>> nodePlugins() {
|
||||
return Arrays.asList(InternalPlugin.class, InternalPluginServerTransportService.TestPlugin.class, MockTcpTransportPlugin.class);
|
||||
return Arrays.asList(InternalPluginServerTransportServiceInterceptor.TestPlugin.class, MockTcpTransportPlugin.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected Collection<Class<? extends Plugin>> transportClientPlugins() {
|
||||
return nodePlugins();
|
||||
return Collections.singleton(MockTcpTransportPlugin.class);
|
||||
}
|
||||
|
||||
public void test() throws Exception {
|
||||
|
|
@ -79,10 +80,16 @@ public class TransportFilterTests extends ESIntegTestCase {
|
|||
DiscoveryNode sourceNode = internalCluster().getInstance(ClusterService.class, source).localNode();
|
||||
TransportService sourceService = internalCluster().getInstance(TransportService.class, source);
|
||||
|
||||
InternalPluginServerTransportServiceInterceptor sourceInterceptor = internalCluster().getInstance(PluginsService.class, source)
|
||||
.filterPlugins(InternalPluginServerTransportServiceInterceptor.TestPlugin.class).stream().findFirst().get().interceptor;
|
||||
|
||||
String target = internalCluster().startNode();
|
||||
DiscoveryNode targetNode = internalCluster().getInstance(ClusterService.class, target).localNode();
|
||||
TransportService targetService = internalCluster().getInstance(TransportService.class, target);
|
||||
|
||||
InternalPluginServerTransportServiceInterceptor targetInterceptor = internalCluster().getInstance(PluginsService.class, target)
|
||||
.filterPlugins(InternalPluginServerTransportServiceInterceptor.TestPlugin.class).stream().findFirst().get().interceptor;
|
||||
|
||||
CountDownLatch latch = new CountDownLatch(2);
|
||||
targetService.registerRequestHandler("_action", Request::new, ThreadPool.Names.SAME,
|
||||
new RequestHandler(new Response("trgt_to_src"), latch));
|
||||
|
|
@ -97,10 +104,8 @@ public class TransportFilterTests extends ESIntegTestCase {
|
|||
new ResponseHandler(new Response("src_to_trgt"), latch));
|
||||
await(latch);
|
||||
|
||||
ServerTransportFilter sourceServerFilter =
|
||||
((InternalPluginServerTransportService) sourceService).transportFilter(TransportSettings.DEFAULT_PROFILE);
|
||||
ServerTransportFilter targetServerFilter =
|
||||
((InternalPluginServerTransportService) targetService).transportFilter(TransportSettings.DEFAULT_PROFILE);
|
||||
ServerTransportFilter sourceServerFilter = sourceInterceptor.transportFilter(TransportSettings.DEFAULT_PROFILE);
|
||||
ServerTransportFilter targetServerFilter = targetInterceptor.transportFilter(TransportSettings.DEFAULT_PROFILE);
|
||||
|
||||
AuthenticationService sourceAuth = internalCluster().getInstance(AuthenticationService.class, source);
|
||||
AuthenticationService targetAuth = internalCluster().getInstance(AuthenticationService.class, target);
|
||||
|
|
@ -273,22 +278,51 @@ public class TransportFilterTests extends ESIntegTestCase {
|
|||
}
|
||||
|
||||
// Sub class the security transport to always inject a mock for testing
|
||||
public static class InternalPluginServerTransportService extends SecurityServerTransportService {
|
||||
public static class InternalPluginServerTransportServiceInterceptor extends SecurityServerTransportInterceptor {
|
||||
public static class TestPlugin extends Plugin {
|
||||
public void onModule(NetworkModule module) {
|
||||
module.registerTransportService("filter-mock", InternalPluginServerTransportService.class);
|
||||
}
|
||||
AuthenticationService authenticationService = mock(AuthenticationService.class);
|
||||
AuthorizationService authorizationService = mock(AuthorizationService.class);
|
||||
InternalPluginServerTransportServiceInterceptor interceptor;
|
||||
@Override
|
||||
public Settings additionalSettings() {
|
||||
return Settings.builder().put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, "filter-mock").build();
|
||||
public Collection<Object> createComponents(Client client, ClusterService clusterService, ThreadPool threadPool,
|
||||
ResourceWatcherService resourceWatcherService, ScriptService scriptService,
|
||||
SearchRequestParsers searchRequestParsers) {
|
||||
interceptor = new InternalPluginServerTransportServiceInterceptor(clusterService.getSettings(), threadPool,
|
||||
authenticationService, authorizationService);
|
||||
return Collections.emptyList();
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<Module> createGuiceModules() {
|
||||
return Collections.singleton(new Module() {
|
||||
@Override
|
||||
public void configure(Binder binder) {
|
||||
binder.bind(AuthenticationService.class).toInstance(authenticationService);
|
||||
binder.bind(AuthorizationService.class).toInstance(authorizationService);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
public void onModule(NetworkModule module) {
|
||||
module.addTransportInterceptor(new TransportInterceptor() {
|
||||
@Override
|
||||
public <T extends TransportRequest> TransportRequestHandler<T> interceptHandler(String action,
|
||||
TransportRequestHandler<T> actualHandler) {
|
||||
return interceptor.interceptHandler(action, actualHandler);
|
||||
}
|
||||
|
||||
@Override
|
||||
public AsyncSender interceptSender(AsyncSender sender) {
|
||||
return interceptor.interceptSender(sender);
|
||||
}
|
||||
});
|
||||
}
|
||||
}
|
||||
|
||||
@Inject
|
||||
public InternalPluginServerTransportService(Settings settings, Transport transport, ThreadPool threadPool,
|
||||
AuthenticationService authcService, AuthorizationService authzService,
|
||||
SecurityActionMapper actionMapper) {
|
||||
super(settings, transport, threadPool, authcService, authzService, actionMapper, mock(XPackLicenseState.class),
|
||||
public InternalPluginServerTransportServiceInterceptor(Settings settings, ThreadPool threadPool,
|
||||
AuthenticationService authenticationService,
|
||||
AuthorizationService authorizationService) {
|
||||
super(settings, threadPool,authenticationService, authorizationService, mock(XPackLicenseState.class),
|
||||
mock(SSLService.class));
|
||||
when(licenseState.isAuthAllowed()).thenReturn(true);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,7 +53,8 @@ public class TransportXPackInfoActionTests extends ESTestCase {
|
|||
}
|
||||
|
||||
TransportXPackInfoAction action = new TransportXPackInfoAction(Settings.EMPTY, mock(ThreadPool.class),
|
||||
mock(TransportService.class), mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR),
|
||||
mock(ActionFilters.class), mock(IndexNameExpressionResolver.class),
|
||||
licenseService, featureSets);
|
||||
|
||||
License license = mock(License.class);
|
||||
|
|
|
|||
Loading…
Reference in New Issue