diff --git a/pom.xml b/pom.xml index eeb34962e25..b704403db94 100644 --- a/pom.xml +++ b/pom.xml @@ -46,9 +46,9 @@ - 4.10.2 - 4.10.2 - 1.4.2 + 4.10.4 + 4.10.4 + 1.5.0-SNAPSHOT 1.0.0 auto @@ -158,12 +158,6 @@ 2.3.2 test - - com.google.jimfs - jimfs - 1.0 - test - diff --git a/src/main/java/org/elasticsearch/action/admin/indices/create/CreateIndexRequestHelper.java b/src/main/java/org/elasticsearch/action/admin/indices/create/CreateIndexRequestHelper.java deleted file mode 100644 index 466eae4db47..00000000000 --- a/src/main/java/org/elasticsearch/action/admin/indices/create/CreateIndexRequestHelper.java +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.action.admin.indices.create; - -import org.elasticsearch.action.admin.indices.alias.Alias; - -import java.util.Set; - -/* - * Helper needed to retrieve aliases from a CreateIndexRequest, as the corresponding getter has package private visibility - * TODO Remove this class as soon as es core 1.5.0 is out - */ -public final class CreateIndexRequestHelper { - - private CreateIndexRequestHelper() { - } - - public static Set aliases(CreateIndexRequest createIndexRequest) { - return createIndexRequest.aliases(); - } -} diff --git a/src/main/java/org/elasticsearch/common/cli/CheckFileCommand.java b/src/main/java/org/elasticsearch/common/cli/CheckFileCommand.java deleted file mode 100644 index a83720e646e..00000000000 --- a/src/main/java/org/elasticsearch/common/cli/CheckFileCommand.java +++ /dev/null @@ -1,101 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.common.cli; - -import org.elasticsearch.common.collect.Maps; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.env.Environment; - -import java.io.IOException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.attribute.PosixFileAttributeView; -import java.nio.file.attribute.PosixFileAttributes; -import java.nio.file.attribute.PosixFilePermission; -import java.nio.file.attribute.PosixFilePermissions; -import java.util.Map; -import java.util.Set; - -import static org.elasticsearch.common.cli.Terminal.Verbosity.SILENT; - -/** - * helper command to check if file permissions or owner got changed by the command being executed - */ -public abstract class CheckFileCommand extends CliTool.Command { - - public CheckFileCommand(Terminal terminal) { - super(terminal); - } - - /** - * abstract method, which should implement the same logic as CliTool.Command.execute(), but is wrapped - */ - public abstract CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception; - - /** - * Returns the array of paths, that should be checked if the permissions, user or groups have changed - * before and after execution of the command - * - */ - protected abstract Path[] pathsForPermissionsCheck(Settings settings, Environment env) throws Exception; - - @Override - public CliTool.ExitStatus execute(Settings settings, Environment env) throws Exception { - Path[] paths = pathsForPermissionsCheck(settings, env); - - Map> permissions = Maps.newHashMapWithExpectedSize(paths.length); - Map owners = Maps.newHashMapWithExpectedSize(paths.length); - Map groups = Maps.newHashMapWithExpectedSize(paths.length); - - if (paths != null && paths.length > 0) { - for (Path path : paths) { - try { - boolean supportsPosixPermissions = Files.getFileStore(path).supportsFileAttributeView(PosixFileAttributeView.class); - if (supportsPosixPermissions) { - permissions.put(path, Files.getPosixFilePermissions(path)); - owners.put(path, Files.getOwner(path).getName()); - groups.put(path, Files.readAttributes(path, PosixFileAttributes.class).group().getName()); - } - } catch (IOException e) { - // silently swallow if not supported, no need to log things - } - } - } - - CliTool.ExitStatus status = doExecute(settings, env); - - // check if permissions differ - for (Map.Entry> entry : permissions.entrySet()) { - Set permissionsBeforeWrite = entry.getValue(); - Set permissionsAfterWrite = Files.getPosixFilePermissions(entry.getKey()); - if (!permissionsBeforeWrite.equals(permissionsAfterWrite)) { - terminal.println(SILENT, "WARN: The file permissions of [%s] have changed from [%s] to [%s]", - entry.getKey(), PosixFilePermissions.toString(permissionsBeforeWrite), PosixFilePermissions.toString(permissionsAfterWrite)); - terminal.println(SILENT, "Please ensure that the user account running Elasticsearch has read access to this file!"); - } - } - - // check if owner differs - for (Map.Entry entry : owners.entrySet()) { - String ownerBeforeWrite = entry.getValue(); - String ownerAfterWrite = Files.getOwner(entry.getKey()).getName(); - if (!ownerAfterWrite.equals(ownerBeforeWrite)) { - terminal.println(SILENT, "WARN: Owner of file [%s] used to be [%s], but now is [%s]", entry.getKey(), ownerBeforeWrite, ownerAfterWrite); - } - } - - // check if group differs - for (Map.Entry entry : groups.entrySet()) { - String groupBeforeWrite = entry.getValue(); - String groupAfterWrite = Files.readAttributes(entry.getKey(), PosixFileAttributes.class).group().getName(); - if (!groupAfterWrite.equals(groupBeforeWrite)) { - terminal.println(SILENT, "WARN: Group of file [%s] used to be [%s], but now is [%s]", entry.getKey(), groupBeforeWrite, groupAfterWrite); - } - } - - return status; - } -} diff --git a/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java b/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java deleted file mode 100644 index f8424ede6fe..00000000000 --- a/src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java +++ /dev/null @@ -1,31 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.http.netty; - -import org.elasticsearch.common.netty.channel.ChannelHandlerContext; -import org.elasticsearch.common.netty.channel.ExceptionEvent; -import org.elasticsearch.common.network.NetworkService; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.util.BigArrays; - -/** - * Makes the exceptionCaught method of {@link org.elasticsearch.http.netty.NettyHttpServerTransport} visible - * to overriding classes. - * - * TODO: Fix core to make methods protected instead of package private and remove this class - */ -public class VisibleNettyHttpServerTransport extends NettyHttpServerTransport { - - public VisibleNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays) { - super(settings, networkService, bigArrays); - } - - @Override - protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception { - super.exceptionCaught(ctx, e); - } - -} diff --git a/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index ed33704e34d..902987f5837 100644 --- a/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -9,7 +9,6 @@ import org.elasticsearch.action.CompositeIndicesRequest; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.admin.indices.alias.Alias; import org.elasticsearch.action.admin.indices.create.CreateIndexRequest; -import org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper; import org.elasticsearch.action.search.ClearScrollAction; import org.elasticsearch.action.search.SearchScrollAction; import org.elasticsearch.cluster.ClusterService; @@ -152,7 +151,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A //if we are creating an index we need to authorize potential aliases created at the same time if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) { assert request instanceof CreateIndexRequest; - Set aliases = CreateIndexRequestHelper.aliases((CreateIndexRequest) request); + Set aliases = ((CreateIndexRequest) request).aliases(); if (!aliases.isEmpty()) { Set aliasesAndIndices = Sets.newHashSet(indexNames); for (Alias alias : aliases) { diff --git a/src/main/java/org/elasticsearch/shield/authz/Privilege.java b/src/main/java/org/elasticsearch/shield/authz/Privilege.java index 3febd9dc4a1..ecf98bc4562 100644 --- a/src/main/java/org/elasticsearch/shield/authz/Privilege.java +++ b/src/main/java/org/elasticsearch/shield/authz/Privilege.java @@ -89,10 +89,8 @@ public abstract class Privilege

> { protected static final Predicate PREDICATE = new AutomatonPredicate(patterns( "internal:*", - "indices:monitor/*", // added for marvel - "cluster:monitor/*", // added for marvel - // TODO: remove again after 1.4.3 - "cluster:admin/snapshot/status[nodes]" + "indices:monitor/*", // added for marvel + "cluster:monitor/*" // added for marvel )); private System() { diff --git a/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java b/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java index 99b20ecf72e..a1fc1b5aac3 100644 --- a/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java +++ b/src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java @@ -5,12 +5,10 @@ */ package org.elasticsearch.shield.authz.indicesresolver; +import org.elasticsearch.action.AliasesRequest; import org.elasticsearch.action.CompositeIndicesRequest; import org.elasticsearch.action.IndicesRequest; -import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest; -import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest; import org.elasticsearch.action.support.IndicesOptions; -import org.elasticsearch.cluster.metadata.AliasAction; import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.common.collect.ImmutableList; @@ -72,8 +70,8 @@ public class DefaultIndicesResolver implements IndicesResolver List indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices); ((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()])); } else { - assert indicesRequest instanceof IndicesAliasesRequest || !containsWildcards(indicesRequest) : - "IndicesAliasesRequest is the only external request known to support wildcards that doesn't support replacing its indices"; + assert !containsWildcards(indicesRequest) : + "There are no external requests known to support wildcards that don't support replacing their indices"; //NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices. //That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their @@ -81,68 +79,23 @@ public class DefaultIndicesResolver implements IndicesResolver } } - /* - * TODO remove special treatment for IndicesAliasesRequest and GetAliasesRequest once we upgrade to 1.5.0 - * get https://github.com/elasticsearch/elasticsearch-shield/pull/669 in - */ - if (indicesRequest instanceof IndicesAliasesRequest) { - //special treatment for IndicesAliasesRequest since we need to extract indices from indices() as well as aliases() - //Also, we need to replace wildcards in both with authorized indices and/or aliases (IndicesAliasesRequest doesn't implement Replaceable) - return resolveIndicesAliasesRequest(user, action, (IndicesAliasesRequest) indicesRequest, metaData); + Set indices = Sets.newHashSet(indicesRequest.indices()); + + if (indicesRequest instanceof AliasesRequest) { + //special treatment for AliasesRequest since we need to replace wildcards among the specified aliases. + //AliasesRequest extends IndicesRequest.Replaceable, hence its indices have already been properly replaced. + AliasesRequest aliasesRequest = (AliasesRequest) indicesRequest; + if (aliasesRequest.expandAliasesWildcards()) { + ImmutableList authorizedIndices = authzService.authorizedIndicesAndAliases(user, action); + List aliases = replaceWildcardsWithAuthorizedAliases(aliasesRequest.aliases(), loadAuthorizedAliases(authorizedIndices, metaData)); + aliasesRequest.aliases(aliases.toArray(new String[aliases.size()])); + } + Collections.addAll(indices, aliasesRequest.aliases()); } - if (indicesRequest instanceof GetAliasesRequest) { - //special treatment for GetAliasesRequest since we need to replace wildcards among the specified aliases. - //GetAliasesRequest implements IndicesRequest.Replaceable, hence its indices have already been properly replaced. - return resolveGetAliasesRequest(user, action, (GetAliasesRequest) indicesRequest, metaData); - } - - return Sets.newHashSet(indicesRequest.indices()); - } - - private Set resolveGetAliasesRequest(User user, String action, GetAliasesRequest request, MetaData metaData) { - ImmutableList authorizedIndices = authzService.authorizedIndicesAndAliases(user, action); - List aliases = replaceWildcardsWithAuthorizedAliases(request.aliases(), loadAuthorizedAliases(authorizedIndices, metaData)); - request.aliases(aliases.toArray(new String[aliases.size()])); - Set indices = Sets.newHashSet(request.indices()); - indices.addAll(aliases); return indices; } - private Set resolveIndicesAliasesRequest(User user, String action, IndicesAliasesRequest request, MetaData metaData) { - ImmutableList authorizedIndices = authzService.authorizedIndicesAndAliases(user, action); - Set finalIndices = Sets.newHashSet(); - - List authorizedAliases = null; - - for (IndicesAliasesRequest.AliasActions aliasActions : request.getAliasActions()) { - //replace indices with authorized ones if needed - if (request.indicesOptions().expandWildcardsOpen() || request.indicesOptions().expandWildcardsClosed()) { - //Note: the indices that the alias operation maps to might end up containing aliases, since authorized indices can also be aliases. - //This is fine as es core resolves them to concrete indices anyway before executing the actual operation. - //Also es core already allows to specify aliases among indices, they will just be resolved (alias to alias is not supported). - //e.g. index: foo* gets resolved in core to anything that matches the expression, aliases included, hence their corresponding indices. - List indices = replaceWildcardsWithAuthorizedIndices(aliasActions.indices(), request.indicesOptions(), metaData, authorizedIndices); - aliasActions.indices(indices.toArray(new String[indices.size()])); - } - Collections.addAll(finalIndices, aliasActions.indices()); - - //replace aliases with authorized ones if needed - if (aliasActions.actionType() == AliasAction.Type.REMOVE) { - //lazily initialize a list of all the authorized aliases (filtering concrete indices out) - if (authorizedAliases == null) { - authorizedAliases = loadAuthorizedAliases(authorizedIndices, metaData); - } - - assert aliasActions.aliases().length > 0 : "aliases must not be empty within each single alias remove action"; - List aliases = replaceWildcardsWithAuthorizedAliases(aliasActions.aliases(), authorizedAliases); - aliasActions.aliases(aliases.toArray(new String[aliases.size()])); - } - Collections.addAll(finalIndices, aliasActions.aliases()); - } - return finalIndices; - } - private List loadAuthorizedAliases(List authorizedIndices, MetaData metaData) { List authorizedAliases = Lists.newArrayList(); ObjectLookupContainer existingAliases = metaData.aliases().keys(); diff --git a/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java b/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java index 532a8d0ffe2..9691eb467b8 100644 --- a/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java +++ b/src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java @@ -10,9 +10,9 @@ import org.elasticsearch.common.collect.Maps; import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.shield.transport.netty.ShieldNettyTransport; -import org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.*; +import org.elasticsearch.transport.netty.NettyTransportChannel; import java.util.Map; @@ -150,8 +150,8 @@ public class ShieldServerTransportService extends TransportService { @SuppressWarnings("unchecked") public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception { try { - ShieldMessageChannelHandler.VisibleNettyTransportChannel nettyTransportChannel = (ShieldMessageChannelHandler.VisibleNettyTransportChannel) channel; - String profile = nettyTransportChannel.getProfile(); + NettyTransportChannel nettyTransportChannel = (NettyTransportChannel) channel; + String profile = nettyTransportChannel.getProfileName(); ServerTransportFilter filter = profileFilters.get(profile); if (filter == null) { filter = profileFilters.get("default"); diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldMessageChannelHandler.java b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldMessageChannelHandler.java deleted file mode 100644 index c8d7e4bbfa4..00000000000 --- a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldMessageChannelHandler.java +++ /dev/null @@ -1,120 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.shield.transport.netty; - -import org.elasticsearch.Version; -import org.elasticsearch.common.component.Lifecycle; -import org.elasticsearch.common.io.stream.StreamInput; -import org.elasticsearch.common.logging.ESLogger; -import org.elasticsearch.common.netty.channel.*; -import org.elasticsearch.common.transport.InetSocketTransportAddress; -import org.elasticsearch.common.util.concurrent.AbstractRunnable; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.ActionNotFoundTransportException; -import org.elasticsearch.transport.TransportRequest; -import org.elasticsearch.transport.TransportRequestHandler; -import org.elasticsearch.transport.netty.MessageChannelHandler; -import org.elasticsearch.transport.netty.NettyTransport; -import org.elasticsearch.transport.netty.NettyTransportChannel; - -import java.io.IOException; -import java.net.InetSocketAddress; - -public class ShieldMessageChannelHandler extends MessageChannelHandler { - - private final String profileName; - - public ShieldMessageChannelHandler(NettyTransport nettyTransport, String profileName, ESLogger logger) { - super(nettyTransport, logger); - this.profileName = profileName; - } - - // TODO ADD PREPROCESSING - - //TODO This is just here to create VisibleNettyTransportChannel() and should be removed after upgrading to es core 1.5 - @Override - protected String handleRequest(Channel channel, StreamInput buffer, long requestId, Version version) throws IOException { - final String action = buffer.readString(); - - final VisibleNettyTransportChannel transportChannel = new VisibleNettyTransportChannel(profileName, transport, action, channel, requestId, version); - try { - final TransportRequestHandler handler = transportServiceAdapter.handler(action, version); - if (handler == null) { - throw new ActionNotFoundTransportException(action); - } - final TransportRequest request = handler.newInstance(); - request.remoteAddress(new InetSocketTransportAddress((InetSocketAddress) channel.getRemoteAddress())); - request.readFrom(buffer); - if (handler.executor() == ThreadPool.Names.SAME) { - //noinspection unchecked - handler.messageReceived(request, transportChannel); - } else { - threadPool.executor(handler.executor()).execute(new RequestHandler(handler, request, transportChannel, action)); - } - } catch (Throwable e) { - try { - transportChannel.sendResponse(e); - } catch (IOException e1) { - logger.warn("failed to send error message [{}] back to client for action [{}]", e1, e.getMessage(), action); - logger.warn("actual excpetion: ", e); - } - } - return action; - } - - //TODO should be removed after upgrading es core dependency to 1.5 - public static class VisibleNettyTransportChannel extends NettyTransportChannel { - - private final String profile; - - public VisibleNettyTransportChannel(String profile, NettyTransport transport, String action, Channel channel, long requestId, Version version) { - super(transport, action, channel, requestId, version); - this.profile = profile; - } - - public String getProfile() { - return profile; - } - } - - // TODO This is just here to make this class visible, remove after upgrading es core dependency to 1.5 - class RequestHandler extends AbstractRunnable { - private final TransportRequestHandler handler; - private final TransportRequest request; - private final NettyTransportChannel transportChannel; - private final String action; - - public RequestHandler(TransportRequestHandler handler, TransportRequest request, NettyTransportChannel transportChannel, String action) { - this.handler = handler; - this.request = request; - this.transportChannel = transportChannel; - this.action = action; - } - - @SuppressWarnings({"unchecked"}) - @Override - public void run() { - try { - handler.messageReceived(request, transportChannel); - } catch (Throwable e) { - if (transport.lifecycleState() == Lifecycle.State.STARTED) { - // we can only send a response transport is started.... - try { - transportChannel.sendResponse(e); - } catch (Throwable e1) { - logger.warn("Failed to send error message back to client for action [" + action + "]", e1); - logger.warn("Actual Exception", e); - } - } - } - } - - @Override - public boolean isForceExecution() { - return handler.isForceExecution(); - } - } -} diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java index fe2452f39cb..3946103a5c4 100644 --- a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java +++ b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java @@ -16,7 +16,6 @@ import org.elasticsearch.common.network.NetworkService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.http.netty.NettyHttpServerTransport; -import org.elasticsearch.http.netty.VisibleNettyHttpServerTransport; import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.transport.filter.IPFilter; @@ -25,7 +24,7 @@ import javax.net.ssl.SSLEngine; /** * */ -public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransport { +public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport { private final IPFilter ipFilter; private final ServerSSLService sslService; @@ -62,7 +61,7 @@ public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransp private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory { public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) { - super(transport); + super(transport, detailedErrorsEnabled); } @Override diff --git a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java index 0deaf48ef44..3f38d974775 100644 --- a/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java +++ b/src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java @@ -87,7 +87,6 @@ public class ShieldNettyTransport extends NettyTransport { pipeline.addFirst("ssl", new SslHandler(serverEngine)); } - pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, name, logger)); if (authenticator != null) { pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name)); } @@ -107,7 +106,6 @@ public class ShieldNettyTransport extends NettyTransport { if (ssl) { pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer()); } - pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, "default", logger)); return pipeline; } diff --git a/src/test/java/org/elasticsearch/common/cli/CheckFileCommandTests.java b/src/test/java/org/elasticsearch/common/cli/CheckFileCommandTests.java deleted file mode 100644 index b0ccc4252a6..00000000000 --- a/src/test/java/org/elasticsearch/common/cli/CheckFileCommandTests.java +++ /dev/null @@ -1,236 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.common.cli; - -import com.google.common.collect.Sets; -import com.google.common.jimfs.Configuration; -import com.google.common.jimfs.Jimfs; -import org.elasticsearch.common.base.Charsets; -import org.elasticsearch.common.settings.ImmutableSettings; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.env.Environment; -import org.elasticsearch.test.ElasticsearchTestCase; -import org.junit.Test; - -import java.io.IOException; -import java.nio.file.FileSystem; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.attribute.*; -import java.util.Set; - -import static org.hamcrest.Matchers.*; - -/** - * - */ -public class CheckFileCommandTests extends ElasticsearchTestCase { - - private CliToolTestCase.CaptureOutputTerminal captureOutputTerminal = new CliToolTestCase.CaptureOutputTerminal(); - - private Configuration jimFsConfiguration = Configuration.unix().toBuilder().setAttributeViews("basic", "owner", "posix", "unix").build(); - private Configuration jimFsConfigurationWithoutPermissions = randomBoolean() ? Configuration.unix().toBuilder().setAttributeViews("basic").build() : Configuration.windows(); - - private enum Mode { - CHANGE, KEEP, DISABLED - } - - @Test - public void testThatCommandLogsErrorMessageOnFail() throws Exception { - executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.CHANGE)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(containsString("Please ensure that the user account running Elasticsearch has read access to this file"))); - } - - @Test - public void testThatCommandLogsNothingWhenPermissionRemains() throws Exception { - executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.KEEP)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingWhenDisabled() throws Exception { - executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingIfFilesystemDoesNotSupportPermissions() throws Exception { - executeCommand(jimFsConfigurationWithoutPermissions, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsOwnerChange() throws Exception { - executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.CHANGE)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Owner of file ["), containsString("] used to be ["), containsString("], but now is [")))); - } - - @Test - public void testThatCommandLogsNothingIfOwnerRemainsSame() throws Exception { - executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.KEEP)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingIfOwnerIsDisabled() throws Exception { - executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingIfFileSystemDoesNotSupportOwners() throws Exception { - executeCommand(jimFsConfigurationWithoutPermissions, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsIfGroupChanges() throws Exception { - executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.CHANGE)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Group of file ["), containsString("] used to be ["), containsString("], but now is [")))); - } - - @Test - public void testThatCommandLogsNothingIfGroupRemainsSame() throws Exception { - executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.KEEP)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingIfGroupIsDisabled() throws Exception { - executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - @Test - public void testThatCommandLogsNothingIfFileSystemDoesNotSupportGroups() throws Exception { - executeCommand(jimFsConfigurationWithoutPermissions, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED)); - assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0)); - } - - private void executeCommand(Configuration configuration, AbstractTestCheckFileCommand command) throws Exception { - try (FileSystem fs = Jimfs.newFileSystem(configuration)) { - command.execute(fs); - } - } - - abstract class AbstractTestCheckFileCommand extends CheckFileCommand { - - protected final Mode mode; - protected FileSystem fs; - protected Path[] paths; - - public AbstractTestCheckFileCommand(Terminal terminal, Mode mode) throws IOException { - super(terminal); - this.mode = mode; - } - - public CliTool.ExitStatus execute(FileSystem fs) throws Exception { - this.fs = fs; - this.paths = new Path[] { writePath(fs, "p1", "anything"), writePath(fs, "p2", "anything"), writePath(fs, "p3", "anything") }; - return super.execute(ImmutableSettings.EMPTY, new Environment(ImmutableSettings.EMPTY)); - } - - private Path writePath(FileSystem fs, String name, String content) throws IOException { - Path path = fs.getPath(name); - Files.write(path, content.getBytes(Charsets.UTF_8)); - return path; - } - - @Override - protected Path[] pathsForPermissionsCheck(Settings settings, Environment env) { - return paths; - } - } - - /** - * command that changes permissions from a file if enabled - */ - class PermissionCheckFileCommand extends AbstractTestCheckFileCommand { - - public PermissionCheckFileCommand(Terminal terminal, Mode mode) throws IOException { - super(terminal, mode); - } - - @Override - public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception { - int randomInt = randomInt(paths.length - 1); - Path randomPath = paths[randomInt]; - switch (mode) { - case CHANGE: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - Files.setPosixFilePermissions(randomPath, Sets.newHashSet(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.GROUP_EXECUTE)); - break; - case KEEP: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - Set posixFilePermissions = Files.getPosixFilePermissions(randomPath); - Files.setPosixFilePermissions(randomPath, posixFilePermissions); - break; - } - return CliTool.ExitStatus.OK; - } - - } - - /** - * command that changes the owner of a file if enabled - */ - class OwnerCheckFileCommand extends AbstractTestCheckFileCommand { - - public OwnerCheckFileCommand(Terminal terminal, Mode mode) throws IOException { - super(terminal, mode); - } - - @Override - public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception { - int randomInt = randomInt(paths.length - 1); - Path randomPath = paths[randomInt]; - switch (mode) { - case CHANGE: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - UserPrincipal randomOwner = fs.getUserPrincipalLookupService().lookupPrincipalByName(randomAsciiOfLength(10)); - Files.setOwner(randomPath, randomOwner); - break; - case KEEP: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - UserPrincipal originalOwner = Files.getOwner(randomPath); - Files.setOwner(randomPath, originalOwner); - break; - } - - return CliTool.ExitStatus.OK; - } - } - - /** - * command that changes the group of a file if enabled - */ - class GroupCheckFileCommand extends AbstractTestCheckFileCommand { - - public GroupCheckFileCommand(Terminal terminal, Mode mode) throws IOException { - super(terminal, mode); - } - - @Override - public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception { - int randomInt = randomInt(paths.length - 1); - Path randomPath = paths[randomInt]; - switch (mode) { - case CHANGE: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - GroupPrincipal randomPrincipal = fs.getUserPrincipalLookupService().lookupPrincipalByGroupName(randomAsciiOfLength(10)); - Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(randomPrincipal); - break; - case KEEP: - Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8)); - GroupPrincipal groupPrincipal = Files.readAttributes(randomPath, PosixFileAttributes.class).group(); - Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(groupPrincipal); - break; - } - - return CliTool.ExitStatus.OK; - } - } -} diff --git a/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTests.java b/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTests.java index a5cada2932a..991d6148b75 100644 --- a/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTests.java +++ b/src/test/java/org/elasticsearch/integration/AbstractPrivilegeTests.java @@ -65,9 +65,8 @@ public abstract class AbstractPrivilegeTests extends ShieldIntegrationTest { protected HttpResponse executeRequest(String user, String method, String uri, String body, Map params) throws IOException { HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); - InetSocketTransportAddress transportAddress = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress(); - HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).host(transportAddress.address().getHostName()).port(transportAddress.address().getPort()); + HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport); requestBuilder.path(uri); requestBuilder.method(method); for (Map.Entry entry : params.entrySet()) { diff --git a/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java b/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java index 66732674e7b..74ad12a29b4 100644 --- a/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java +++ b/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java @@ -15,7 +15,6 @@ import org.elasticsearch.shield.authc.Realms; import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.client.ShieldClient; -import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldSettingsSource; import org.junit.BeforeClass; @@ -26,13 +25,11 @@ import java.util.concurrent.CountDownLatch; import java.util.concurrent.TimeUnit; import java.util.concurrent.atomic.AtomicReference; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; import static org.hamcrest.Matchers.*; /** * */ -@ClusterScope(scope = SUITE) public class ClearRealmsCacheTests extends ShieldIntegrationTest { private static String[] usernames; diff --git a/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java b/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java index 182b7952b70..6eb6b9b6abb 100644 --- a/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java +++ b/src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java @@ -18,7 +18,6 @@ import org.elasticsearch.test.rest.client.http.HttpResponse; import org.junit.Test; import java.io.File; -import java.util.Locale; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; diff --git a/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java b/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java index 348d50c8582..ac717d5d415 100644 --- a/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java +++ b/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java @@ -15,13 +15,9 @@ import org.junit.Before; import org.junit.Test; import java.util.Locale; -import java.util.Map; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; import static org.hamcrest.Matchers.is; -@ClusterScope(scope = SUITE) public class IndexPrivilegeTests extends AbstractPrivilegeTests { private String jsonDoc = "{ \"name\" : \"elasticsearch\"}"; diff --git a/src/test/java/org/elasticsearch/integration/LicensingTests.java b/src/test/java/org/elasticsearch/integration/LicensingTests.java index 993dd166ba3..81bbf228392 100644 --- a/src/test/java/org/elasticsearch/integration/LicensingTests.java +++ b/src/test/java/org/elasticsearch/integration/LicensingTests.java @@ -25,7 +25,6 @@ import org.elasticsearch.license.plugin.core.LicensesService; import org.elasticsearch.plugins.AbstractPlugin; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.shield.license.LicenseService; -import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldSettingsSource; import org.junit.Test; @@ -35,14 +34,12 @@ import java.util.Collection; import java.util.List; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.hamcrest.Matchers.*; /** * */ -@ClusterScope(scope = SUITE) public class LicensingTests extends ShieldIntegrationTest { static final License DUMMY_LICENSE = License.builder() diff --git a/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java b/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java index 32b7d792808..84f3bfad56e 100644 --- a/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java +++ b/src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java @@ -20,13 +20,10 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.index.query.QueryBuilders.indicesQuery; import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.hamcrest.Matchers.is; -@ClusterScope(scope = Scope.SUITE) public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java b/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java index 81f35e94690..f32dd20f06d 100644 --- a/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java +++ b/src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java @@ -19,8 +19,6 @@ import org.junit.Test; import java.util.List; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.hamcrest.Matchers.hasSize; @@ -31,7 +29,6 @@ import static org.hamcrest.Matchers.hasSize; * actions that are normally categorized as index actions as cluster actions - for example, * index template actions. */ -@ClusterScope(scope = Scope.SUITE) public class PermissionPrecedenceTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java b/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java index 0443c0329da..5a679bb39dc 100644 --- a/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java +++ b/src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java @@ -20,13 +20,10 @@ import org.junit.Test; import static org.elasticsearch.client.Requests.searchRequest; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; -@ClusterScope(scope = Scope.SUITE) public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java b/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java index 4ebf444b928..eb51d33d740 100644 --- a/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java +++ b/src/test/java/org/elasticsearch/integration/SettingsFilterTests.java @@ -42,13 +42,6 @@ import static org.hamcrest.Matchers.is; public class SettingsFilterTests extends ShieldIntegrationTest { private CloseableHttpClient httpClient = HttpClients.createDefault(); - private InetSocketTransportAddress address; - private String clientPortSetting; - @Before - public void init() { - HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); - address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress(); - } @After public void cleanup() throws IOException { @@ -169,10 +162,8 @@ public class SettingsFilterTests extends ShieldIntegrationTest { protected HttpResponse executeRequest(String method, String uri, String body, Map params) throws IOException { HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); - address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress(); HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient) - .host(address.address().getHostName()) - .port(address.address().getPort()) + .httpTransport(httpServerTransport) .method(method) .path(uri); diff --git a/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java b/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java index 023dd365ec9..e601e514a52 100644 --- a/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java +++ b/src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java @@ -23,13 +23,10 @@ import java.util.ArrayList; import java.util.List; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; -@ClusterScope(scope = Scope.SUITE) public class ShieldClearScrollTests extends ShieldIntegrationTest { private List scrollIds; diff --git a/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java b/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java index 6d8d83f1a5f..087945460fc 100644 --- a/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java +++ b/src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java @@ -10,16 +10,11 @@ import org.junit.Test; import java.io.IOException; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; - - /** * This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig. * The super class will provide appropriate group mappings via configGroupMappings() */ @Network -@ClusterScope(scope = SUITE) public class GroupMappingTests extends AbstractAdLdapRealmTests { @Test diff --git a/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java b/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java index ef4fae50b4e..3147522aa7b 100644 --- a/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java +++ b/src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java @@ -10,14 +10,10 @@ import org.junit.Test; import java.io.IOException; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; - /** * This tests the mapping of multiple groups to a role */ @Network -@ClusterScope(scope = SUITE) public class MultiGroupMappingTests extends AbstractAdLdapRealmTests { @Override diff --git a/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java b/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java index 83d53426f17..2f64bef7017 100644 --- a/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java +++ b/src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java @@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.transport.ShieldServerTransportService; import org.elasticsearch.shield.transport.netty.ShieldNettyTransport; -import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldSettingsSource; import org.elasticsearch.test.rest.client.http.HttpRequestBuilder; @@ -34,13 +33,11 @@ import java.io.IOException; import static org.elasticsearch.rest.RestStatus.OK; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE; import static org.hamcrest.Matchers.*; /** * */ -@ClusterScope(scope = SUITE) public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest { private static boolean enabled; diff --git a/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java b/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java index a3fc1d04666..a7291f429b8 100644 --- a/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java +++ b/src/test/java/org/elasticsearch/shield/ShieldPluginTests.java @@ -7,6 +7,8 @@ package org.elasticsearch.shield; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClients; +import org.elasticsearch.common.settings.ImmutableSettings; +import org.elasticsearch.common.settings.Settings; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.UsernamePasswordToken; @@ -25,6 +27,14 @@ import static org.hamcrest.Matchers.*; public class ShieldPluginTests extends ShieldIntegrationTest { + @Override + public Settings nodeSettings(int nodeOrdinal) { + return ImmutableSettings.builder() + .put(super.nodeSettings(nodeOrdinal)) + .put("http.enabled", true) //This test requires HTTP + .build(); + } + @Test public void testThatPluginIsLoaded() throws IOException { HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); diff --git a/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java b/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java index e49a5aea9bd..6d5dbfaa9e3 100644 --- a/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java +++ b/src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java @@ -27,53 +27,11 @@ public class VersionCompatibilityTests extends ElasticsearchTestCase { @Test public void testCompatibility() { - /** - * see https://github.com/elasticsearch/elasticsearch/pull/8634 {@link org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration} - */ - assertThat("Remove ClusterDiscoveryConfiguration or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.support.TransportProfileUtil} - */ - assertThat("Remove TransportProfileUtil class or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler} - */ - assertThat("Cleanup ShieldMessageChannelHandler class and remove needless code, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch/pull/9273 {@link org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper} - */ - assertThat("Remove CreateIndexRequestHelper class, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - /** * see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService} * Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok. * */ - assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch/pull/9409/ - * This should be fixed in es 1.4.3 and up, thus can be removed - * You can also remove the SnapshotTests class then, as this functionality is also covered in the ClusterPrivilegeTests - * And remove the code in Privilege.System - */ - assertThat("Remove workaround to allow TransportNodesSnapshotsStatus be executed by the system user", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch-shield/pull/669 - * {@link org.elasticsearch.shield.authz.indicesresolver.DefaultIndicesResolver#resolveIndices(User, String, org.elasticsearch.action.IndicesRequest, org.elasticsearch.cluster.metadata.MetaData)} - * The special treatment for IndicesAliasesRequest and GetAliasesRequest can become one single case, and simplified, - * since es core 1.5.0 introduced the AliasesRequest interface. - */ - assertThat("Remove special treatment for IndicesAliasesRequest and GetAliasesRequest", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); - - /** - * see https://github.com/elasticsearch/elasticsearch/pull/9508 - * CheckFileCommand has been moved into ES-Core, please check the supported versions in the PR, if it can be removed completely - */ - assertThat("Remove built-in CheckFileCommand", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); + assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_5_0), is(true)); } } diff --git a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java similarity index 99% rename from src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java rename to src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java index 6f11ccec966..02613619330 100644 --- a/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java +++ b/src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java @@ -32,7 +32,7 @@ import static org.mockito.Matchers.any; import static org.mockito.Matchers.anyString; import static org.mockito.Mockito.*; -public class LdapRealmTest extends LdapTest { +public class LdapRealmTests extends LdapTest { public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas"; public static final String VALID_USERNAME = "Thomas Masterman Hardy"; diff --git a/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java b/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java index 6d9da710e0e..f50e193b922 100644 --- a/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java +++ b/src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java @@ -11,11 +11,8 @@ import org.junit.Test; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.CoreMatchers.containsString; -@ClusterScope(scope = Scope.SUITE) public class AnalyzeTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java b/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java index cfcb792c09e..217d28f596f 100644 --- a/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java +++ b/src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java @@ -17,14 +17,11 @@ import org.junit.Test; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.is; -@ClusterScope(scope = Scope.SUITE) public class IndexAliasesTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java b/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java index c68eb112fe7..c90713246c5 100644 --- a/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java +++ b/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java @@ -176,7 +176,7 @@ public class PrivilegeTests extends ElasticsearchTestCase { Predicate predicate = Privilege.SYSTEM.predicate(); assertThat(predicate.apply("indices:monitor/whatever"), is(true)); assertThat(predicate.apply("cluster:monitor/whatever"), is(true)); - assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(true)); + assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false)); assertThat(predicate.apply("internal:whatever"), is(true)); assertThat(predicate.apply("indices:whatever"), is(false)); assertThat(predicate.apply("cluster:whatever"), is(false)); diff --git a/src/test/java/org/elasticsearch/shield/authz/SnapshotTests.java b/src/test/java/org/elasticsearch/shield/authz/SnapshotTests.java deleted file mode 100644 index f67bcad4b9b..00000000000 --- a/src/test/java/org/elasticsearch/shield/authz/SnapshotTests.java +++ /dev/null @@ -1,55 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.shield.authz; - -import com.carrotsearch.ant.tasks.junit4.dependencies.com.google.common.collect.ImmutableMap; -import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotStatus; -import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotsStatusResponse; -import org.elasticsearch.cluster.metadata.SnapshotMetaData; -import org.elasticsearch.test.ShieldIntegrationTest; -import org.junit.Test; - -import java.io.File; - -import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; -import static org.hamcrest.Matchers.anyOf; -import static org.hamcrest.Matchers.hasSize; -import static org.hamcrest.Matchers.is; - -/** - * test to check if snapshotting and displaying of current snapshots work - * can be removed after 1.4.3 is released as this is included - * - */ -public class SnapshotTests extends ShieldIntegrationTest { - - // TODO remove after upgrading to 1.4.3 - @Test - public void testThatSnapshottingWorks() throws Exception { - File repositoryLocation = newTempDir(); - assertAcked(client().admin().cluster().preparePutRepository("my-repo").setType("fs").setSettings(ImmutableMap.of("location", repositoryLocation.getAbsolutePath()))); - - client().prepareIndex("foo", "bar", "1").setSource("foo", "bar").get(); - client().prepareIndex("foo", "bar", "2").setSource("foo", "bar").get(); - client().prepareIndex("foo", "bar", "3").setSource("foo", "bar").get(); - client().prepareIndex("foo", "bar", "4").setSource("foo", "bar").get(); - client().prepareIndex("foo", "bar", "5").setSource("foo", "bar").get(); - refresh(); - - // must be started async otherwise the code relevent path in TransportSnapshotsStatusAction about currently running snapshots is not executed - client().admin().cluster().prepareCreateSnapshot("my-repo", "my-snapshot").setIndices("foo").get(); - - SnapshotsStatusResponse snapshotsStatusResponse = client().admin().cluster().prepareSnapshotStatus("my-repo").setSnapshots("my-snapshot").get(); - assertThat(snapshotsStatusResponse.getSnapshots(), hasSize(1)); - SnapshotStatus snapshotStatus = snapshotsStatusResponse.getSnapshots().get(0); - assertThat(snapshotStatus.getState(), anyOf(is(SnapshotMetaData.State.STARTED), is(SnapshotMetaData.State.SUCCESS))); - - assertAcked(client().admin().cluster().prepareDeleteSnapshot("my-repo", "my-snapshot").get()); - - assertAcked(client().admin().cluster().prepareDeleteRepository("my-repo")); - } - -} diff --git a/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java b/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java index fb136a10709..568dee9508d 100644 --- a/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java +++ b/src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java @@ -22,11 +22,8 @@ import org.junit.Test; import java.util.ArrayList; import java.util.List; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.CoreMatchers.*; -@ClusterScope(scope = Scope.SUITE) @TestLogging("cluster.routing.allocation:TRACE") public class IndicesResolverIntegrationTests extends ShieldIntegrationTest { diff --git a/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTest.java b/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java similarity index 96% rename from src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTest.java rename to src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java index 4248e5daa55..bdc83f5bf4d 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTest.java +++ b/src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java @@ -29,13 +29,10 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde import static org.elasticsearch.node.NodeBuilder.nodeBuilder; import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder; import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.CoreMatchers.instanceOf; import static org.hamcrest.CoreMatchers.is; -@ClusterScope(scope = Scope.SUITE) -public class ServerTransportFilterIntegrationTest extends ShieldIntegrationTest { +public class ServerTransportFilterIntegrationTests extends ShieldIntegrationTest { private static int randomClientPort; diff --git a/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java b/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java index e93a3283536..b4aaee86383 100644 --- a/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java @@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.node.internal.InternalNode; import org.elasticsearch.test.ShieldIntegrationTest; +import org.elasticsearch.transport.Transport; import org.junit.BeforeClass; import org.junit.Test; @@ -22,7 +23,6 @@ import java.io.OutputStream; import java.net.InetSocketAddress; import java.net.Socket; -import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.Matchers.instanceOf; @@ -71,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest { @Test public void testThatIpFilteringIsAppliedForProfile() throws Exception { try (Socket socket = new Socket()){ - trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client", internalCluster()))); + trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client"))); assertThat(socket.isClosed(), is(true)); } } @@ -86,4 +86,10 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest { os.flush(); } } + + private static int getProfilePort(String profile) { + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); + assert transportAddress instanceof InetSocketTransportAddress; + return ((InetSocketTransportAddress)transportAddress).address().getPort(); + } } diff --git a/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java b/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java index 522e24ff021..d67282aaa2d 100644 --- a/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java @@ -201,6 +201,13 @@ public class IPFilterNettyUpstreamHandlerTests extends ElasticsearchTestCase { return null; } + public boolean getUserDefinedWritability(int i) { + return false; + } + + public void setUserDefinedWritability(int i, boolean b) { + } + public ChannelFuture unbind() { return null; } diff --git a/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java b/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java index 34f18e5a20d..7f4bd8f35c0 100644 --- a/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java @@ -8,8 +8,6 @@ package org.elasticsearch.shield.transport.netty; import org.elasticsearch.client.Client; import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.test.ElasticsearchIntegrationTest; -import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import org.elasticsearch.test.ShieldIntegrationTest; import org.junit.Test; @@ -20,7 +18,6 @@ import java.nio.file.Paths; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.hamcrest.CoreMatchers.is; -@ClusterScope(scope = ElasticsearchIntegrationTest.Scope.SUITE) public class IPHostnameVerificationTests extends ShieldIntegrationTest { static Path keystore; diff --git a/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java b/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java index 7b4d5b2b085..d76363ffe78 100644 --- a/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java @@ -12,8 +12,6 @@ import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.TransportAddress; -import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.transport.Transport; import org.junit.Test; @@ -27,7 +25,6 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde import static org.hamcrest.CoreMatchers.instanceOf; import static org.hamcrest.CoreMatchers.is; -@ClusterScope(scope = Scope.SUITE) public class SslHostnameVerificationTests extends ShieldIntegrationTest { static Path keystore; diff --git a/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java b/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java index 66527f57153..ffcf8cae9c5 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java @@ -30,11 +30,8 @@ import java.net.URISyntaxException; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.Matchers.containsString; -@ClusterScope(scope = Scope.SUITE) public class SslClientAuthTests extends ShieldIntegrationTest { @Override diff --git a/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java b/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java index 91cedf02f9c..584e1d3340d 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java @@ -34,11 +34,8 @@ import java.security.cert.X509Certificate; import java.util.Locale; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.hamcrest.Matchers.*; -@ClusterScope(scope = Scope.SUITE) public class SslIntegrationTests extends ShieldIntegrationTest { private TrustManager[] trustAllCerts = new TrustManager[] { diff --git a/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java b/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java index ca1b6cab02d..79af85004db 100644 --- a/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java +++ b/src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java @@ -22,14 +22,10 @@ import java.nio.file.Path; import java.nio.file.Paths; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; -import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; -import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME; import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD; import static org.hamcrest.CoreMatchers.is; -@ClusterScope(scope = Scope.SUITE) public class SslMultiPortTests extends ShieldIntegrationTest { private static int randomClientPort; @@ -115,7 +111,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { @Test public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception { try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -130,7 +126,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { @Test(expected = NoNodeAvailableException.class) public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception { try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); transportClient.admin().cluster().prepareHealth().get(); } } @@ -143,7 +139,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { @Test(expected = NoNodeAvailableException.class) public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception { try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -157,7 +153,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -172,7 +168,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -202,7 +198,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception { Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); try (TransportClient transportClient = createTransportClient(settings)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); transportClient.admin().cluster().prepareHealth().get(); } } @@ -217,7 +213,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("cluster.name", internalCluster().getClusterName()) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -233,7 +229,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("cluster.name", internalCluster().getClusterName()) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); assertGreenClusterState(transportClient); } } @@ -249,7 +245,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("cluster.name", internalCluster().getClusterName()) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -265,7 +261,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("cluster.name", internalCluster().getClusterName()) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -285,7 +281,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -306,7 +302,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -327,8 +323,8 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); - assertGreenClusterState(transportClient); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); + assertGreenClusterState(transportClient); } } @@ -347,7 +343,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.ssl.truststore.password", "truststore-testnode-only") .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } @@ -365,7 +361,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.transport.ssl", true) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); + transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress()); assertGreenClusterState(transportClient); } } @@ -383,7 +379,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.transport.ssl", true) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client"))); assertGreenClusterState(transportClient); } } @@ -401,7 +397,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.transport.ssl", true) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth"))); assertGreenClusterState(transportClient); } } @@ -419,8 +415,14 @@ public class SslMultiPortTests extends ShieldIntegrationTest { .put("shield.transport.ssl", true) .build(); try (TransportClient transportClient = new TransportClient(settings, false)) { - transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); + transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl"))); assertGreenClusterState(transportClient); } } + + private static int getProfilePort(String profile) { + TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress(); + assert transportAddress instanceof InetSocketTransportAddress; + return ((InetSocketTransportAddress)transportAddress).address().getPort(); + } } diff --git a/src/test/java/org/elasticsearch/shield/transport/support/TransportProfileUtil.java b/src/test/java/org/elasticsearch/shield/transport/support/TransportProfileUtil.java deleted file mode 100644 index 51f8f55d1c5..00000000000 --- a/src/test/java/org/elasticsearch/shield/transport/support/TransportProfileUtil.java +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.shield.transport.support; - -import org.elasticsearch.common.netty.channel.Channel; -import org.elasticsearch.test.InternalTestCluster; -import org.elasticsearch.transport.Transport; -import org.elasticsearch.transport.netty.NettyTransport; - -import java.lang.reflect.Field; -import java.net.InetSocketAddress; -import java.util.Map; - -/** - * Utility class used to deal with profile support in Transport. This class should be removed once - * core has been fixed and Shield has been updated to depend on a version of core that is fixed. - * - * See https://github.com/elasticsearch/elasticsearch/pull/9134 - */ -//TODO remove the reflection shenanigans (actually this class as a whole) once es core dependency is upgraded for 1.5 -public class TransportProfileUtil { - - private TransportProfileUtil() {} - - /* - * Gets the actual port that the profile is listening on. If a range was provided in the settings, then the first - * port may not be the port that was actually bound. - */ - public static int getProfilePort(String profile, InternalTestCluster internalTestCluster) throws Exception { - NettyTransport transport = (NettyTransport) internalTestCluster.getInstance(Transport.class); - Field channels = NettyTransport.class.getDeclaredField("serverChannels"); - channels.setAccessible(true); - Map serverChannels = (Map) channels.get(transport); - Channel clientProfileChannel = serverChannels.get(profile); - return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort(); - } -} diff --git a/src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java b/src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java index f2bec1d087a..bd1742c19a5 100644 --- a/src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java +++ b/src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.base.Function; import org.elasticsearch.common.collect.Collections2; import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.license.plugin.LicensePlugin; import org.elasticsearch.plugins.Plugin; import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.authc.support.SecuredString; @@ -36,7 +35,7 @@ import static org.hamcrest.Matchers.hasSize; /** * Base class to run tests against a cluster with shield installed. - * The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#GLOBAL}, + * The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#SUITE}, * meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed. * @see org.elasticsearch.test.ShieldSettingsSource */ @@ -51,7 +50,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest //and configure them all in unicast.hosts private static int maxNumberOfNodes() { ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class); - if (clusterScope == null || clusterScope.scope() == Scope.GLOBAL) { + if (clusterScope == null) { return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES; } else { if (clusterScope.numClientNodes() < 0) { @@ -79,7 +78,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest private static Scope getCurrentClusterScope(Class clazz) { ClusterScope annotation = getAnnotation(clazz); - return annotation == null ? Scope.GLOBAL : annotation.scope(); + return annotation == null ? Scope.SUITE : annotation.scope(); } /** @@ -93,7 +92,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest @BeforeClass public static void initDefaultSettings() { if (SHIELD_DEFAULT_SETTINGS == null) { - SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.GLOBAL); + SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.SUITE); } } @@ -104,11 +103,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest protected void before() throws Throwable { Scope currentClusterScope = getCurrentClusterScope(); switch(currentClusterScope) { - case GLOBAL: - if (InternalTestCluster.DEFAULT_SETTINGS_SOURCE == SettingsSource.EMPTY) { - InternalTestCluster.DEFAULT_SETTINGS_SOURCE = SHIELD_DEFAULT_SETTINGS; - } - break; case SUITE: if (customShieldSettingsSource == null) { customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope); diff --git a/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java b/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java index f0d45e8fd4f..db4ca4d4d45 100644 --- a/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java +++ b/src/test/java/org/elasticsearch/test/ShieldSettingsSource.java @@ -95,7 +95,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ * @param scope the scope of the test that is requiring an instance of ShieldSettingsSource */ public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) { - super(numOfNodes, DEFAULT_SETTINGS, scope); + super(numOfNodes, DEFAULT_SETTINGS); this.systemKey = systemKey; this.parentFolder = parentFolder; this.subfolderPrefix = scope.name(); diff --git a/src/test/java/org/elasticsearch/test/discovery/ClusterDiscoveryConfiguration.java b/src/test/java/org/elasticsearch/test/discovery/ClusterDiscoveryConfiguration.java deleted file mode 100644 index 3f64d34aef0..00000000000 --- a/src/test/java/org/elasticsearch/test/discovery/ClusterDiscoveryConfiguration.java +++ /dev/null @@ -1,178 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ -package org.elasticsearch.test.discovery; - -import com.carrotsearch.randomizedtesting.RandomizedTest; -import com.google.common.primitives.Ints; -import org.elasticsearch.ElasticsearchException; -import org.elasticsearch.Version; -import org.elasticsearch.common.settings.ImmutableSettings; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.test.ElasticsearchIntegrationTest; -import org.elasticsearch.test.InternalTestCluster; -import org.elasticsearch.test.SettingsSource; -import org.elasticsearch.transport.local.LocalTransport; - -import java.io.IOException; -import java.net.ServerSocket; -import java.util.HashSet; -import java.util.Set; -import java.util.concurrent.atomic.AtomicInteger; - -//TODO Remove this class once we move to es core 1.5.0 -public class ClusterDiscoveryConfiguration extends SettingsSource { - - static Settings DEFAULT_NODE_SETTINGS = ImmutableSettings.settingsBuilder() - .put("gateway.type", "local") - .put("discovery.type", "zen").build(); - - final int numOfNodes; - final Settings nodeSettings; - final Settings transportClientSettings; - - public ClusterDiscoveryConfiguration(int numOfNodes) { - this(numOfNodes, ImmutableSettings.EMPTY); - } - - public ClusterDiscoveryConfiguration(int numOfNodes, Settings extraSettings) { - this.numOfNodes = numOfNodes; - this.nodeSettings = ImmutableSettings.builder().put(DEFAULT_NODE_SETTINGS).put(extraSettings).build(); - this.transportClientSettings = ImmutableSettings.builder().put(extraSettings).build(); - } - - @Override - public Settings node(int nodeOrdinal) { - return nodeSettings; - } - - @Override - public Settings transportClient() { - return transportClientSettings; - } - - public static class UnicastZen extends ClusterDiscoveryConfiguration { - - private static final AtomicInteger portCounter = new AtomicInteger(); - - private final int[] unicastHostOrdinals; - private final int[] unicastHostPorts; - private final boolean localMode; - - public UnicastZen(int numOfNodes, ElasticsearchIntegrationTest.Scope scope) { - this(numOfNodes, numOfNodes, scope); - } - - public UnicastZen(int numOfNodes, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) { - this(numOfNodes, numOfNodes, extraSettings, scope); - } - - public UnicastZen(int numOfNodes, int numOfUnicastHosts, ElasticsearchIntegrationTest.Scope scope) { - this(numOfNodes, numOfUnicastHosts, ImmutableSettings.EMPTY, scope); - } - - public UnicastZen(int numOfNodes, int numOfUnicastHosts, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) { - super(numOfNodes, extraSettings); - if (numOfUnicastHosts == numOfNodes) { - unicastHostOrdinals = new int[numOfNodes]; - for (int i = 0; i < numOfNodes; i++) { - unicastHostOrdinals[i] = i; - } - } else { - Set ordinals = new HashSet<>(numOfUnicastHosts); - while (ordinals.size() != numOfUnicastHosts) { - ordinals.add(RandomizedTest.randomInt(numOfNodes - 1)); - } - unicastHostOrdinals = Ints.toArray(ordinals); - } - this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local"); - this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes); - assert unicastHostOrdinals.length <= unicastHostPorts.length; - } - - public UnicastZen(int numOfNodes, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) { - this(numOfNodes, ImmutableSettings.EMPTY, unicastHostOrdinals, scope); - } - - public UnicastZen(int numOfNodes, Settings extraSettings, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) { - super(numOfNodes, extraSettings); - this.unicastHostOrdinals = unicastHostOrdinals; - this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local"); - this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes); - assert unicastHostOrdinals.length <= unicastHostPorts.length; - } - - private static int calcBasePort(ElasticsearchIntegrationTest.Scope scope) { - // note that this has properly co-exist with the port logic at InternalTestCluster's constructor - return 30000 + - 1000 * (ElasticsearchIntegrationTest.CHILD_JVM_ID) + // up to 30 jvms - //up to 100 nodes per cluster - 100 * scopeId(scope); - } - - private static int scopeId(ElasticsearchIntegrationTest.Scope scope) { - switch(scope) { - case GLOBAL: - //we reserve a special base port for global clusters, as they stick around - //the assumption is that no counter is needed as there's only one global cluster per jvm - return 0; - default: - //ports can be reused as suite or test clusters are never run concurrently - //we don't reuse the same port immediately though but leave some time to make sure ports are freed - //reserve 0 to global cluster, prevent conflicts between jvms by never going above 9 - return 1 + portCounter.incrementAndGet() % 9; - } - } - - @Override - public Settings node(int nodeOrdinal) { - ImmutableSettings.Builder builder = ImmutableSettings.builder() - .put("discovery.zen.ping.multicast.enabled", false); - - String[] unicastHosts = new String[unicastHostOrdinals.length]; - if (localMode) { - builder.put(LocalTransport.TRANSPORT_LOCAL_ADDRESS, "node_" + nodeOrdinal); - for (int i = 0; i < unicastHosts.length; i++) { - unicastHosts[i] = "node_" + unicastHostOrdinals[i]; - } - } else { - // we need to pin the node port & host so we'd know where to point things - builder.put("transport.tcp.port", unicastHostPorts[nodeOrdinal]); - builder.put("transport.host", "localhost"); - for (int i = 0; i < unicastHostOrdinals.length; i++) { - unicastHosts[i] = "localhost:" + (unicastHostPorts[unicastHostOrdinals[i]]); - } - } - builder.putArray("discovery.zen.ping.unicast.hosts", unicastHosts); - return builder.put(super.node(nodeOrdinal)).build(); - } - - protected static int[] unicastHostPorts(int basePort, int numHosts) { - int[] unicastHostPorts = new int[numHosts]; - - final int maxPort = basePort + 99; - int currentPort = basePort; - - for (int i = 0; i < unicastHostPorts.length; i++) { - boolean foundPortInRange = false; - while (currentPort <= maxPort && !foundPortInRange) { - try (ServerSocket socket = new ServerSocket(currentPort)) { - // bind was a success - foundPortInRange = true; - unicastHostPorts[i] = currentPort; - } catch (IOException e) { - // Do nothing - } - currentPort++; - } - - if (!foundPortInRange) { - throw new ElasticsearchException("could not find enough open ports in range [" + basePort + "-" + maxPort + "]"); - } - } - return unicastHostPorts; - } - } -}