Upgrade elasticsearch dependency to 1.5.0-SNAPSHOT
This upgrades the elasticsearch dependency to 1.5.0-SNAPSHOT and removes classes/functionality that were incorporated back into elasticsearch. Closes elastic/elasticsearch#669 Original commit: elastic/x-pack-elasticsearch@65b76c41fb
This commit is contained in:
parent
43a5fe07f4
commit
f2b493fa96
12
pom.xml
12
pom.xml
|
@ -46,9 +46,9 @@
|
||||||
</repositories>
|
</repositories>
|
||||||
|
|
||||||
<properties>
|
<properties>
|
||||||
<lucene.version>4.10.2</lucene.version>
|
<lucene.version>4.10.4</lucene.version>
|
||||||
<lucene.maven.version>4.10.2</lucene.maven.version>
|
<lucene.maven.version>4.10.4</lucene.maven.version>
|
||||||
<elasticsearch.version>1.4.2</elasticsearch.version>
|
<elasticsearch.version>1.5.0-SNAPSHOT</elasticsearch.version>
|
||||||
<license.plugin.version>1.0.0</license.plugin.version>
|
<license.plugin.version>1.0.0</license.plugin.version>
|
||||||
|
|
||||||
<tests.jvms>auto</tests.jvms>
|
<tests.jvms>auto</tests.jvms>
|
||||||
|
@ -158,12 +158,6 @@
|
||||||
<version>2.3.2</version>
|
<version>2.3.2</version>
|
||||||
<scope>test</scope>
|
<scope>test</scope>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
|
||||||
<groupId>com.google.jimfs</groupId>
|
|
||||||
<artifactId>jimfs</artifactId>
|
|
||||||
<version>1.0</version>
|
|
||||||
<scope>test</scope>
|
|
||||||
</dependency>
|
|
||||||
|
|
||||||
<!-- real dependencies -->
|
<!-- real dependencies -->
|
||||||
<dependency>
|
<dependency>
|
||||||
|
|
|
@ -1,24 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.action.admin.indices.create;
|
|
||||||
|
|
||||||
import org.elasticsearch.action.admin.indices.alias.Alias;
|
|
||||||
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Helper needed to retrieve aliases from a CreateIndexRequest, as the corresponding getter has package private visibility
|
|
||||||
* TODO Remove this class as soon as es core 1.5.0 is out
|
|
||||||
*/
|
|
||||||
public final class CreateIndexRequestHelper {
|
|
||||||
|
|
||||||
private CreateIndexRequestHelper() {
|
|
||||||
}
|
|
||||||
|
|
||||||
public static Set<Alias> aliases(CreateIndexRequest createIndexRequest) {
|
|
||||||
return createIndexRequest.aliases();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,101 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.common.cli;
|
|
||||||
|
|
||||||
import org.elasticsearch.common.collect.Maps;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
|
||||||
import org.elasticsearch.env.Environment;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.file.Files;
|
|
||||||
import java.nio.file.Path;
|
|
||||||
import java.nio.file.attribute.PosixFileAttributeView;
|
|
||||||
import java.nio.file.attribute.PosixFileAttributes;
|
|
||||||
import java.nio.file.attribute.PosixFilePermission;
|
|
||||||
import java.nio.file.attribute.PosixFilePermissions;
|
|
||||||
import java.util.Map;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import static org.elasticsearch.common.cli.Terminal.Verbosity.SILENT;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* helper command to check if file permissions or owner got changed by the command being executed
|
|
||||||
*/
|
|
||||||
public abstract class CheckFileCommand extends CliTool.Command {
|
|
||||||
|
|
||||||
public CheckFileCommand(Terminal terminal) {
|
|
||||||
super(terminal);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* abstract method, which should implement the same logic as CliTool.Command.execute(), but is wrapped
|
|
||||||
*/
|
|
||||||
public abstract CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Returns the array of paths, that should be checked if the permissions, user or groups have changed
|
|
||||||
* before and after execution of the command
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
protected abstract Path[] pathsForPermissionsCheck(Settings settings, Environment env) throws Exception;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public CliTool.ExitStatus execute(Settings settings, Environment env) throws Exception {
|
|
||||||
Path[] paths = pathsForPermissionsCheck(settings, env);
|
|
||||||
|
|
||||||
Map<Path, Set<PosixFilePermission>> permissions = Maps.newHashMapWithExpectedSize(paths.length);
|
|
||||||
Map<Path, String> owners = Maps.newHashMapWithExpectedSize(paths.length);
|
|
||||||
Map<Path, String> groups = Maps.newHashMapWithExpectedSize(paths.length);
|
|
||||||
|
|
||||||
if (paths != null && paths.length > 0) {
|
|
||||||
for (Path path : paths) {
|
|
||||||
try {
|
|
||||||
boolean supportsPosixPermissions = Files.getFileStore(path).supportsFileAttributeView(PosixFileAttributeView.class);
|
|
||||||
if (supportsPosixPermissions) {
|
|
||||||
permissions.put(path, Files.getPosixFilePermissions(path));
|
|
||||||
owners.put(path, Files.getOwner(path).getName());
|
|
||||||
groups.put(path, Files.readAttributes(path, PosixFileAttributes.class).group().getName());
|
|
||||||
}
|
|
||||||
} catch (IOException e) {
|
|
||||||
// silently swallow if not supported, no need to log things
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
CliTool.ExitStatus status = doExecute(settings, env);
|
|
||||||
|
|
||||||
// check if permissions differ
|
|
||||||
for (Map.Entry<Path, Set<PosixFilePermission>> entry : permissions.entrySet()) {
|
|
||||||
Set<PosixFilePermission> permissionsBeforeWrite = entry.getValue();
|
|
||||||
Set<PosixFilePermission> permissionsAfterWrite = Files.getPosixFilePermissions(entry.getKey());
|
|
||||||
if (!permissionsBeforeWrite.equals(permissionsAfterWrite)) {
|
|
||||||
terminal.println(SILENT, "WARN: The file permissions of [%s] have changed from [%s] to [%s]",
|
|
||||||
entry.getKey(), PosixFilePermissions.toString(permissionsBeforeWrite), PosixFilePermissions.toString(permissionsAfterWrite));
|
|
||||||
terminal.println(SILENT, "Please ensure that the user account running Elasticsearch has read access to this file!");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if owner differs
|
|
||||||
for (Map.Entry<Path, String> entry : owners.entrySet()) {
|
|
||||||
String ownerBeforeWrite = entry.getValue();
|
|
||||||
String ownerAfterWrite = Files.getOwner(entry.getKey()).getName();
|
|
||||||
if (!ownerAfterWrite.equals(ownerBeforeWrite)) {
|
|
||||||
terminal.println(SILENT, "WARN: Owner of file [%s] used to be [%s], but now is [%s]", entry.getKey(), ownerBeforeWrite, ownerAfterWrite);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// check if group differs
|
|
||||||
for (Map.Entry<Path, String> entry : groups.entrySet()) {
|
|
||||||
String groupBeforeWrite = entry.getValue();
|
|
||||||
String groupAfterWrite = Files.readAttributes(entry.getKey(), PosixFileAttributes.class).group().getName();
|
|
||||||
if (!groupAfterWrite.equals(groupBeforeWrite)) {
|
|
||||||
terminal.println(SILENT, "WARN: Group of file [%s] used to be [%s], but now is [%s]", entry.getKey(), groupBeforeWrite, groupAfterWrite);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return status;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,31 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.http.netty;
|
|
||||||
|
|
||||||
import org.elasticsearch.common.netty.channel.ChannelHandlerContext;
|
|
||||||
import org.elasticsearch.common.netty.channel.ExceptionEvent;
|
|
||||||
import org.elasticsearch.common.network.NetworkService;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
|
||||||
import org.elasticsearch.common.util.BigArrays;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Makes the exceptionCaught method of {@link org.elasticsearch.http.netty.NettyHttpServerTransport} visible
|
|
||||||
* to overriding classes.
|
|
||||||
*
|
|
||||||
* TODO: Fix core to make methods protected instead of package private and remove this class
|
|
||||||
*/
|
|
||||||
public class VisibleNettyHttpServerTransport extends NettyHttpServerTransport {
|
|
||||||
|
|
||||||
public VisibleNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays) {
|
|
||||||
super(settings, networkService, bigArrays);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception {
|
|
||||||
super.exceptionCaught(ctx, e);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -9,7 +9,6 @@ import org.elasticsearch.action.CompositeIndicesRequest;
|
||||||
import org.elasticsearch.action.IndicesRequest;
|
import org.elasticsearch.action.IndicesRequest;
|
||||||
import org.elasticsearch.action.admin.indices.alias.Alias;
|
import org.elasticsearch.action.admin.indices.alias.Alias;
|
||||||
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
|
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
|
||||||
import org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper;
|
|
||||||
import org.elasticsearch.action.search.ClearScrollAction;
|
import org.elasticsearch.action.search.ClearScrollAction;
|
||||||
import org.elasticsearch.action.search.SearchScrollAction;
|
import org.elasticsearch.action.search.SearchScrollAction;
|
||||||
import org.elasticsearch.cluster.ClusterService;
|
import org.elasticsearch.cluster.ClusterService;
|
||||||
|
@ -152,7 +151,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
|
||||||
//if we are creating an index we need to authorize potential aliases created at the same time
|
//if we are creating an index we need to authorize potential aliases created at the same time
|
||||||
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
|
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
|
||||||
assert request instanceof CreateIndexRequest;
|
assert request instanceof CreateIndexRequest;
|
||||||
Set<Alias> aliases = CreateIndexRequestHelper.aliases((CreateIndexRequest) request);
|
Set<Alias> aliases = ((CreateIndexRequest) request).aliases();
|
||||||
if (!aliases.isEmpty()) {
|
if (!aliases.isEmpty()) {
|
||||||
Set<String> aliasesAndIndices = Sets.newHashSet(indexNames);
|
Set<String> aliasesAndIndices = Sets.newHashSet(indexNames);
|
||||||
for (Alias alias : aliases) {
|
for (Alias alias : aliases) {
|
||||||
|
|
|
@ -90,9 +90,7 @@ public abstract class Privilege<P extends Privilege<P>> {
|
||||||
protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns(
|
protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns(
|
||||||
"internal:*",
|
"internal:*",
|
||||||
"indices:monitor/*", // added for marvel
|
"indices:monitor/*", // added for marvel
|
||||||
"cluster:monitor/*", // added for marvel
|
"cluster:monitor/*" // added for marvel
|
||||||
// TODO: remove again after 1.4.3
|
|
||||||
"cluster:admin/snapshot/status[nodes]"
|
|
||||||
));
|
));
|
||||||
|
|
||||||
private System() {
|
private System() {
|
||||||
|
|
|
@ -5,12 +5,10 @@
|
||||||
*/
|
*/
|
||||||
package org.elasticsearch.shield.authz.indicesresolver;
|
package org.elasticsearch.shield.authz.indicesresolver;
|
||||||
|
|
||||||
|
import org.elasticsearch.action.AliasesRequest;
|
||||||
import org.elasticsearch.action.CompositeIndicesRequest;
|
import org.elasticsearch.action.CompositeIndicesRequest;
|
||||||
import org.elasticsearch.action.IndicesRequest;
|
import org.elasticsearch.action.IndicesRequest;
|
||||||
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
|
|
||||||
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest;
|
|
||||||
import org.elasticsearch.action.support.IndicesOptions;
|
import org.elasticsearch.action.support.IndicesOptions;
|
||||||
import org.elasticsearch.cluster.metadata.AliasAction;
|
|
||||||
import org.elasticsearch.cluster.metadata.IndexMetaData;
|
import org.elasticsearch.cluster.metadata.IndexMetaData;
|
||||||
import org.elasticsearch.cluster.metadata.MetaData;
|
import org.elasticsearch.cluster.metadata.MetaData;
|
||||||
import org.elasticsearch.common.collect.ImmutableList;
|
import org.elasticsearch.common.collect.ImmutableList;
|
||||||
|
@ -72,8 +70,8 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
|
||||||
List<String> indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices);
|
List<String> indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices);
|
||||||
((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()]));
|
((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()]));
|
||||||
} else {
|
} else {
|
||||||
assert indicesRequest instanceof IndicesAliasesRequest || !containsWildcards(indicesRequest) :
|
assert !containsWildcards(indicesRequest) :
|
||||||
"IndicesAliasesRequest is the only external request known to support wildcards that doesn't support replacing its indices";
|
"There are no external requests known to support wildcards that don't support replacing their indices";
|
||||||
|
|
||||||
//NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices.
|
//NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices.
|
||||||
//That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their
|
//That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their
|
||||||
|
@ -81,68 +79,23 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
Set<String> indices = Sets.newHashSet(indicesRequest.indices());
|
||||||
* TODO remove special treatment for IndicesAliasesRequest and GetAliasesRequest once we upgrade to 1.5.0
|
|
||||||
* get https://github.com/elasticsearch/elasticsearch-shield/pull/669 in
|
|
||||||
*/
|
|
||||||
if (indicesRequest instanceof IndicesAliasesRequest) {
|
|
||||||
//special treatment for IndicesAliasesRequest since we need to extract indices from indices() as well as aliases()
|
|
||||||
//Also, we need to replace wildcards in both with authorized indices and/or aliases (IndicesAliasesRequest doesn't implement Replaceable)
|
|
||||||
return resolveIndicesAliasesRequest(user, action, (IndicesAliasesRequest) indicesRequest, metaData);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (indicesRequest instanceof GetAliasesRequest) {
|
if (indicesRequest instanceof AliasesRequest) {
|
||||||
//special treatment for GetAliasesRequest since we need to replace wildcards among the specified aliases.
|
//special treatment for AliasesRequest since we need to replace wildcards among the specified aliases.
|
||||||
//GetAliasesRequest implements IndicesRequest.Replaceable, hence its indices have already been properly replaced.
|
//AliasesRequest extends IndicesRequest.Replaceable, hence its indices have already been properly replaced.
|
||||||
return resolveGetAliasesRequest(user, action, (GetAliasesRequest) indicesRequest, metaData);
|
AliasesRequest aliasesRequest = (AliasesRequest) indicesRequest;
|
||||||
}
|
if (aliasesRequest.expandAliasesWildcards()) {
|
||||||
|
|
||||||
return Sets.newHashSet(indicesRequest.indices());
|
|
||||||
}
|
|
||||||
|
|
||||||
private Set<String> resolveGetAliasesRequest(User user, String action, GetAliasesRequest request, MetaData metaData) {
|
|
||||||
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
|
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
|
||||||
List<String> aliases = replaceWildcardsWithAuthorizedAliases(request.aliases(), loadAuthorizedAliases(authorizedIndices, metaData));
|
List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasesRequest.aliases(), loadAuthorizedAliases(authorizedIndices, metaData));
|
||||||
request.aliases(aliases.toArray(new String[aliases.size()]));
|
aliasesRequest.aliases(aliases.toArray(new String[aliases.size()]));
|
||||||
Set<String> indices = Sets.newHashSet(request.indices());
|
}
|
||||||
indices.addAll(aliases);
|
Collections.addAll(indices, aliasesRequest.aliases());
|
||||||
|
}
|
||||||
|
|
||||||
return indices;
|
return indices;
|
||||||
}
|
}
|
||||||
|
|
||||||
private Set<String> resolveIndicesAliasesRequest(User user, String action, IndicesAliasesRequest request, MetaData metaData) {
|
|
||||||
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
|
|
||||||
Set<String> finalIndices = Sets.newHashSet();
|
|
||||||
|
|
||||||
List<String> authorizedAliases = null;
|
|
||||||
|
|
||||||
for (IndicesAliasesRequest.AliasActions aliasActions : request.getAliasActions()) {
|
|
||||||
//replace indices with authorized ones if needed
|
|
||||||
if (request.indicesOptions().expandWildcardsOpen() || request.indicesOptions().expandWildcardsClosed()) {
|
|
||||||
//Note: the indices that the alias operation maps to might end up containing aliases, since authorized indices can also be aliases.
|
|
||||||
//This is fine as es core resolves them to concrete indices anyway before executing the actual operation.
|
|
||||||
//Also es core already allows to specify aliases among indices, they will just be resolved (alias to alias is not supported).
|
|
||||||
//e.g. index: foo* gets resolved in core to anything that matches the expression, aliases included, hence their corresponding indices.
|
|
||||||
List<String> indices = replaceWildcardsWithAuthorizedIndices(aliasActions.indices(), request.indicesOptions(), metaData, authorizedIndices);
|
|
||||||
aliasActions.indices(indices.toArray(new String[indices.size()]));
|
|
||||||
}
|
|
||||||
Collections.addAll(finalIndices, aliasActions.indices());
|
|
||||||
|
|
||||||
//replace aliases with authorized ones if needed
|
|
||||||
if (aliasActions.actionType() == AliasAction.Type.REMOVE) {
|
|
||||||
//lazily initialize a list of all the authorized aliases (filtering concrete indices out)
|
|
||||||
if (authorizedAliases == null) {
|
|
||||||
authorizedAliases = loadAuthorizedAliases(authorizedIndices, metaData);
|
|
||||||
}
|
|
||||||
|
|
||||||
assert aliasActions.aliases().length > 0 : "aliases must not be empty within each single alias remove action";
|
|
||||||
List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasActions.aliases(), authorizedAliases);
|
|
||||||
aliasActions.aliases(aliases.toArray(new String[aliases.size()]));
|
|
||||||
}
|
|
||||||
Collections.addAll(finalIndices, aliasActions.aliases());
|
|
||||||
}
|
|
||||||
return finalIndices;
|
|
||||||
}
|
|
||||||
|
|
||||||
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
|
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
|
||||||
List<String> authorizedAliases = Lists.newArrayList();
|
List<String> authorizedAliases = Lists.newArrayList();
|
||||||
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();
|
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();
|
||||||
|
|
|
@ -10,9 +10,9 @@ import org.elasticsearch.common.collect.Maps;
|
||||||
import org.elasticsearch.common.inject.Inject;
|
import org.elasticsearch.common.inject.Inject;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
|
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
|
||||||
import org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler;
|
|
||||||
import org.elasticsearch.threadpool.ThreadPool;
|
import org.elasticsearch.threadpool.ThreadPool;
|
||||||
import org.elasticsearch.transport.*;
|
import org.elasticsearch.transport.*;
|
||||||
|
import org.elasticsearch.transport.netty.NettyTransportChannel;
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
|
@ -150,8 +150,8 @@ public class ShieldServerTransportService extends TransportService {
|
||||||
@SuppressWarnings("unchecked")
|
@SuppressWarnings("unchecked")
|
||||||
public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception {
|
public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception {
|
||||||
try {
|
try {
|
||||||
ShieldMessageChannelHandler.VisibleNettyTransportChannel nettyTransportChannel = (ShieldMessageChannelHandler.VisibleNettyTransportChannel) channel;
|
NettyTransportChannel nettyTransportChannel = (NettyTransportChannel) channel;
|
||||||
String profile = nettyTransportChannel.getProfile();
|
String profile = nettyTransportChannel.getProfileName();
|
||||||
ServerTransportFilter filter = profileFilters.get(profile);
|
ServerTransportFilter filter = profileFilters.get(profile);
|
||||||
if (filter == null) {
|
if (filter == null) {
|
||||||
filter = profileFilters.get("default");
|
filter = profileFilters.get("default");
|
||||||
|
|
|
@ -1,120 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.shield.transport.netty;
|
|
||||||
|
|
||||||
import org.elasticsearch.Version;
|
|
||||||
import org.elasticsearch.common.component.Lifecycle;
|
|
||||||
import org.elasticsearch.common.io.stream.StreamInput;
|
|
||||||
import org.elasticsearch.common.logging.ESLogger;
|
|
||||||
import org.elasticsearch.common.netty.channel.*;
|
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
|
||||||
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
|
|
||||||
import org.elasticsearch.threadpool.ThreadPool;
|
|
||||||
import org.elasticsearch.transport.ActionNotFoundTransportException;
|
|
||||||
import org.elasticsearch.transport.TransportRequest;
|
|
||||||
import org.elasticsearch.transport.TransportRequestHandler;
|
|
||||||
import org.elasticsearch.transport.netty.MessageChannelHandler;
|
|
||||||
import org.elasticsearch.transport.netty.NettyTransport;
|
|
||||||
import org.elasticsearch.transport.netty.NettyTransportChannel;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
|
|
||||||
public class ShieldMessageChannelHandler extends MessageChannelHandler {
|
|
||||||
|
|
||||||
private final String profileName;
|
|
||||||
|
|
||||||
public ShieldMessageChannelHandler(NettyTransport nettyTransport, String profileName, ESLogger logger) {
|
|
||||||
super(nettyTransport, logger);
|
|
||||||
this.profileName = profileName;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO ADD PREPROCESSING
|
|
||||||
|
|
||||||
//TODO This is just here to create VisibleNettyTransportChannel() and should be removed after upgrading to es core 1.5
|
|
||||||
@Override
|
|
||||||
protected String handleRequest(Channel channel, StreamInput buffer, long requestId, Version version) throws IOException {
|
|
||||||
final String action = buffer.readString();
|
|
||||||
|
|
||||||
final VisibleNettyTransportChannel transportChannel = new VisibleNettyTransportChannel(profileName, transport, action, channel, requestId, version);
|
|
||||||
try {
|
|
||||||
final TransportRequestHandler handler = transportServiceAdapter.handler(action, version);
|
|
||||||
if (handler == null) {
|
|
||||||
throw new ActionNotFoundTransportException(action);
|
|
||||||
}
|
|
||||||
final TransportRequest request = handler.newInstance();
|
|
||||||
request.remoteAddress(new InetSocketTransportAddress((InetSocketAddress) channel.getRemoteAddress()));
|
|
||||||
request.readFrom(buffer);
|
|
||||||
if (handler.executor() == ThreadPool.Names.SAME) {
|
|
||||||
//noinspection unchecked
|
|
||||||
handler.messageReceived(request, transportChannel);
|
|
||||||
} else {
|
|
||||||
threadPool.executor(handler.executor()).execute(new RequestHandler(handler, request, transportChannel, action));
|
|
||||||
}
|
|
||||||
} catch (Throwable e) {
|
|
||||||
try {
|
|
||||||
transportChannel.sendResponse(e);
|
|
||||||
} catch (IOException e1) {
|
|
||||||
logger.warn("failed to send error message [{}] back to client for action [{}]", e1, e.getMessage(), action);
|
|
||||||
logger.warn("actual excpetion: ", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return action;
|
|
||||||
}
|
|
||||||
|
|
||||||
//TODO should be removed after upgrading es core dependency to 1.5
|
|
||||||
public static class VisibleNettyTransportChannel extends NettyTransportChannel {
|
|
||||||
|
|
||||||
private final String profile;
|
|
||||||
|
|
||||||
public VisibleNettyTransportChannel(String profile, NettyTransport transport, String action, Channel channel, long requestId, Version version) {
|
|
||||||
super(transport, action, channel, requestId, version);
|
|
||||||
this.profile = profile;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String getProfile() {
|
|
||||||
return profile;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO This is just here to make this class visible, remove after upgrading es core dependency to 1.5
|
|
||||||
class RequestHandler extends AbstractRunnable {
|
|
||||||
private final TransportRequestHandler handler;
|
|
||||||
private final TransportRequest request;
|
|
||||||
private final NettyTransportChannel transportChannel;
|
|
||||||
private final String action;
|
|
||||||
|
|
||||||
public RequestHandler(TransportRequestHandler handler, TransportRequest request, NettyTransportChannel transportChannel, String action) {
|
|
||||||
this.handler = handler;
|
|
||||||
this.request = request;
|
|
||||||
this.transportChannel = transportChannel;
|
|
||||||
this.action = action;
|
|
||||||
}
|
|
||||||
|
|
||||||
@SuppressWarnings({"unchecked"})
|
|
||||||
@Override
|
|
||||||
public void run() {
|
|
||||||
try {
|
|
||||||
handler.messageReceived(request, transportChannel);
|
|
||||||
} catch (Throwable e) {
|
|
||||||
if (transport.lifecycleState() == Lifecycle.State.STARTED) {
|
|
||||||
// we can only send a response transport is started....
|
|
||||||
try {
|
|
||||||
transportChannel.sendResponse(e);
|
|
||||||
} catch (Throwable e1) {
|
|
||||||
logger.warn("Failed to send error message back to client for action [" + action + "]", e1);
|
|
||||||
logger.warn("Actual Exception", e);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean isForceExecution() {
|
|
||||||
return handler.isForceExecution();
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -16,7 +16,6 @@ import org.elasticsearch.common.network.NetworkService;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.util.BigArrays;
|
import org.elasticsearch.common.util.BigArrays;
|
||||||
import org.elasticsearch.http.netty.NettyHttpServerTransport;
|
import org.elasticsearch.http.netty.NettyHttpServerTransport;
|
||||||
import org.elasticsearch.http.netty.VisibleNettyHttpServerTransport;
|
|
||||||
import org.elasticsearch.shield.ssl.ServerSSLService;
|
import org.elasticsearch.shield.ssl.ServerSSLService;
|
||||||
import org.elasticsearch.shield.transport.filter.IPFilter;
|
import org.elasticsearch.shield.transport.filter.IPFilter;
|
||||||
|
|
||||||
|
@ -25,7 +24,7 @@ import javax.net.ssl.SSLEngine;
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransport {
|
public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
|
||||||
|
|
||||||
private final IPFilter ipFilter;
|
private final IPFilter ipFilter;
|
||||||
private final ServerSSLService sslService;
|
private final ServerSSLService sslService;
|
||||||
|
@ -62,7 +61,7 @@ public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransp
|
||||||
private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory {
|
private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory {
|
||||||
|
|
||||||
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
|
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
|
||||||
super(transport);
|
super(transport, detailedErrorsEnabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -87,7 +87,6 @@ public class ShieldNettyTransport extends NettyTransport {
|
||||||
|
|
||||||
pipeline.addFirst("ssl", new SslHandler(serverEngine));
|
pipeline.addFirst("ssl", new SslHandler(serverEngine));
|
||||||
}
|
}
|
||||||
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, name, logger));
|
|
||||||
if (authenticator != null) {
|
if (authenticator != null) {
|
||||||
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name));
|
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name));
|
||||||
}
|
}
|
||||||
|
@ -107,7 +106,6 @@ public class ShieldNettyTransport extends NettyTransport {
|
||||||
if (ssl) {
|
if (ssl) {
|
||||||
pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer());
|
pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer());
|
||||||
}
|
}
|
||||||
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, "default", logger));
|
|
||||||
return pipeline;
|
return pipeline;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,236 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.common.cli;
|
|
||||||
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
import com.google.common.jimfs.Configuration;
|
|
||||||
import com.google.common.jimfs.Jimfs;
|
|
||||||
import org.elasticsearch.common.base.Charsets;
|
|
||||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
|
||||||
import org.elasticsearch.env.Environment;
|
|
||||||
import org.elasticsearch.test.ElasticsearchTestCase;
|
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.nio.file.FileSystem;
|
|
||||||
import java.nio.file.Files;
|
|
||||||
import java.nio.file.Path;
|
|
||||||
import java.nio.file.attribute.*;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import static org.hamcrest.Matchers.*;
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class CheckFileCommandTests extends ElasticsearchTestCase {
|
|
||||||
|
|
||||||
private CliToolTestCase.CaptureOutputTerminal captureOutputTerminal = new CliToolTestCase.CaptureOutputTerminal();
|
|
||||||
|
|
||||||
private Configuration jimFsConfiguration = Configuration.unix().toBuilder().setAttributeViews("basic", "owner", "posix", "unix").build();
|
|
||||||
private Configuration jimFsConfigurationWithoutPermissions = randomBoolean() ? Configuration.unix().toBuilder().setAttributeViews("basic").build() : Configuration.windows();
|
|
||||||
|
|
||||||
private enum Mode {
|
|
||||||
CHANGE, KEEP, DISABLED
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsErrorMessageOnFail() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(containsString("Please ensure that the user account running Elasticsearch has read access to this file")));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingWhenPermissionRemains() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.KEEP));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingWhenDisabled() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfFilesystemDoesNotSupportPermissions() throws Exception {
|
|
||||||
executeCommand(jimFsConfigurationWithoutPermissions, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsOwnerChange() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Owner of file ["), containsString("] used to be ["), containsString("], but now is ["))));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfOwnerRemainsSame() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.KEEP));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfOwnerIsDisabled() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportOwners() throws Exception {
|
|
||||||
executeCommand(jimFsConfigurationWithoutPermissions, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsIfGroupChanges() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Group of file ["), containsString("] used to be ["), containsString("], but now is ["))));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfGroupRemainsSame() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.KEEP));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfGroupIsDisabled() throws Exception {
|
|
||||||
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportGroups() throws Exception {
|
|
||||||
executeCommand(jimFsConfigurationWithoutPermissions, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
|
|
||||||
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
|
|
||||||
}
|
|
||||||
|
|
||||||
private void executeCommand(Configuration configuration, AbstractTestCheckFileCommand command) throws Exception {
|
|
||||||
try (FileSystem fs = Jimfs.newFileSystem(configuration)) {
|
|
||||||
command.execute(fs);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
abstract class AbstractTestCheckFileCommand extends CheckFileCommand {
|
|
||||||
|
|
||||||
protected final Mode mode;
|
|
||||||
protected FileSystem fs;
|
|
||||||
protected Path[] paths;
|
|
||||||
|
|
||||||
public AbstractTestCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
|
|
||||||
super(terminal);
|
|
||||||
this.mode = mode;
|
|
||||||
}
|
|
||||||
|
|
||||||
public CliTool.ExitStatus execute(FileSystem fs) throws Exception {
|
|
||||||
this.fs = fs;
|
|
||||||
this.paths = new Path[] { writePath(fs, "p1", "anything"), writePath(fs, "p2", "anything"), writePath(fs, "p3", "anything") };
|
|
||||||
return super.execute(ImmutableSettings.EMPTY, new Environment(ImmutableSettings.EMPTY));
|
|
||||||
}
|
|
||||||
|
|
||||||
private Path writePath(FileSystem fs, String name, String content) throws IOException {
|
|
||||||
Path path = fs.getPath(name);
|
|
||||||
Files.write(path, content.getBytes(Charsets.UTF_8));
|
|
||||||
return path;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected Path[] pathsForPermissionsCheck(Settings settings, Environment env) {
|
|
||||||
return paths;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* command that changes permissions from a file if enabled
|
|
||||||
*/
|
|
||||||
class PermissionCheckFileCommand extends AbstractTestCheckFileCommand {
|
|
||||||
|
|
||||||
public PermissionCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
|
|
||||||
super(terminal, mode);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
|
|
||||||
int randomInt = randomInt(paths.length - 1);
|
|
||||||
Path randomPath = paths[randomInt];
|
|
||||||
switch (mode) {
|
|
||||||
case CHANGE:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
Files.setPosixFilePermissions(randomPath, Sets.newHashSet(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.GROUP_EXECUTE));
|
|
||||||
break;
|
|
||||||
case KEEP:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(randomPath);
|
|
||||||
Files.setPosixFilePermissions(randomPath, posixFilePermissions);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
return CliTool.ExitStatus.OK;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* command that changes the owner of a file if enabled
|
|
||||||
*/
|
|
||||||
class OwnerCheckFileCommand extends AbstractTestCheckFileCommand {
|
|
||||||
|
|
||||||
public OwnerCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
|
|
||||||
super(terminal, mode);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
|
|
||||||
int randomInt = randomInt(paths.length - 1);
|
|
||||||
Path randomPath = paths[randomInt];
|
|
||||||
switch (mode) {
|
|
||||||
case CHANGE:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
UserPrincipal randomOwner = fs.getUserPrincipalLookupService().lookupPrincipalByName(randomAsciiOfLength(10));
|
|
||||||
Files.setOwner(randomPath, randomOwner);
|
|
||||||
break;
|
|
||||||
case KEEP:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
UserPrincipal originalOwner = Files.getOwner(randomPath);
|
|
||||||
Files.setOwner(randomPath, originalOwner);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return CliTool.ExitStatus.OK;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* command that changes the group of a file if enabled
|
|
||||||
*/
|
|
||||||
class GroupCheckFileCommand extends AbstractTestCheckFileCommand {
|
|
||||||
|
|
||||||
public GroupCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
|
|
||||||
super(terminal, mode);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
|
|
||||||
int randomInt = randomInt(paths.length - 1);
|
|
||||||
Path randomPath = paths[randomInt];
|
|
||||||
switch (mode) {
|
|
||||||
case CHANGE:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
GroupPrincipal randomPrincipal = fs.getUserPrincipalLookupService().lookupPrincipalByGroupName(randomAsciiOfLength(10));
|
|
||||||
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(randomPrincipal);
|
|
||||||
break;
|
|
||||||
case KEEP:
|
|
||||||
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
|
|
||||||
GroupPrincipal groupPrincipal = Files.readAttributes(randomPath, PosixFileAttributes.class).group();
|
|
||||||
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(groupPrincipal);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
return CliTool.ExitStatus.OK;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -65,9 +65,8 @@ public abstract class AbstractPrivilegeTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException {
|
protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
||||||
InetSocketTransportAddress transportAddress = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
|
|
||||||
|
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).host(transportAddress.address().getHostName()).port(transportAddress.address().getPort());
|
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
|
||||||
requestBuilder.path(uri);
|
requestBuilder.path(uri);
|
||||||
requestBuilder.method(method);
|
requestBuilder.method(method);
|
||||||
for (Map.Entry<String, String> entry : params.entrySet()) {
|
for (Map.Entry<String, String> entry : params.entrySet()) {
|
||||||
|
|
|
@ -15,7 +15,6 @@ import org.elasticsearch.shield.authc.Realms;
|
||||||
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
import org.elasticsearch.shield.authc.support.SecuredStringTests;
|
||||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.shield.client.ShieldClient;
|
import org.elasticsearch.shield.client.ShieldClient;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.elasticsearch.test.ShieldSettingsSource;
|
import org.elasticsearch.test.ShieldSettingsSource;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
|
@ -26,13 +25,11 @@ import java.util.concurrent.CountDownLatch;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
import java.util.concurrent.atomic.AtomicReference;
|
import java.util.concurrent.atomic.AtomicReference;
|
||||||
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
import static org.hamcrest.Matchers.*;
|
import static org.hamcrest.Matchers.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class ClearRealmsCacheTests extends ShieldIntegrationTest {
|
public class ClearRealmsCacheTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private static String[] usernames;
|
private static String[] usernames;
|
||||||
|
|
|
@ -18,7 +18,6 @@ import org.elasticsearch.test.rest.client.http.HttpResponse;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import java.io.File;
|
import java.io.File;
|
||||||
import java.util.Locale;
|
|
||||||
|
|
||||||
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||||
|
|
|
@ -15,13 +15,9 @@ import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class IndexPrivilegeTests extends AbstractPrivilegeTests {
|
public class IndexPrivilegeTests extends AbstractPrivilegeTests {
|
||||||
|
|
||||||
private String jsonDoc = "{ \"name\" : \"elasticsearch\"}";
|
private String jsonDoc = "{ \"name\" : \"elasticsearch\"}";
|
||||||
|
|
|
@ -25,7 +25,6 @@ import org.elasticsearch.license.plugin.core.LicensesService;
|
||||||
import org.elasticsearch.plugins.AbstractPlugin;
|
import org.elasticsearch.plugins.AbstractPlugin;
|
||||||
import org.elasticsearch.plugins.Plugin;
|
import org.elasticsearch.plugins.Plugin;
|
||||||
import org.elasticsearch.shield.license.LicenseService;
|
import org.elasticsearch.shield.license.LicenseService;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.elasticsearch.test.ShieldSettingsSource;
|
import org.elasticsearch.test.ShieldSettingsSource;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -35,14 +34,12 @@ import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
||||||
import static org.hamcrest.Matchers.*;
|
import static org.hamcrest.Matchers.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class LicensingTests extends ShieldIntegrationTest {
|
public class LicensingTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
static final License DUMMY_LICENSE = License.builder()
|
static final License DUMMY_LICENSE = License.builder()
|
||||||
|
|
|
@ -20,13 +20,10 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
||||||
import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
|
import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
|
||||||
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
|
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest {
|
public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -19,8 +19,6 @@ import org.junit.Test;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||||
import static org.hamcrest.Matchers.hasSize;
|
import static org.hamcrest.Matchers.hasSize;
|
||||||
|
|
||||||
|
@ -31,7 +29,6 @@ import static org.hamcrest.Matchers.hasSize;
|
||||||
* actions that are normally categorized as index actions as cluster actions - for example,
|
* actions that are normally categorized as index actions as cluster actions - for example,
|
||||||
* index template actions.
|
* index template actions.
|
||||||
*/
|
*/
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class PermissionPrecedenceTests extends ShieldIntegrationTest {
|
public class PermissionPrecedenceTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -20,13 +20,10 @@ import org.junit.Test;
|
||||||
|
|
||||||
import static org.elasticsearch.client.Requests.searchRequest;
|
import static org.elasticsearch.client.Requests.searchRequest;
|
||||||
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
|
||||||
import static org.hamcrest.Matchers.equalTo;
|
import static org.hamcrest.Matchers.equalTo;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest {
|
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -42,13 +42,6 @@ import static org.hamcrest.Matchers.is;
|
||||||
public class SettingsFilterTests extends ShieldIntegrationTest {
|
public class SettingsFilterTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
private CloseableHttpClient httpClient = HttpClients.createDefault();
|
||||||
private InetSocketTransportAddress address;
|
|
||||||
private String clientPortSetting;
|
|
||||||
@Before
|
|
||||||
public void init() {
|
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
|
||||||
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
|
|
||||||
}
|
|
||||||
|
|
||||||
@After
|
@After
|
||||||
public void cleanup() throws IOException {
|
public void cleanup() throws IOException {
|
||||||
|
@ -169,10 +162,8 @@ public class SettingsFilterTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException {
|
protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
||||||
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
|
|
||||||
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
|
||||||
.host(address.address().getHostName())
|
.httpTransport(httpServerTransport)
|
||||||
.port(address.address().getPort())
|
|
||||||
.method(method)
|
.method(method)
|
||||||
.path(uri);
|
.path(uri);
|
||||||
|
|
||||||
|
|
|
@ -23,13 +23,10 @@ import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
import static org.hamcrest.Matchers.is;
|
import static org.hamcrest.Matchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class ShieldClearScrollTests extends ShieldIntegrationTest {
|
public class ShieldClearScrollTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private List<String> scrollIds;
|
private List<String> scrollIds;
|
||||||
|
|
|
@ -10,16 +10,11 @@ import org.junit.Test;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig.
|
* This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig.
|
||||||
* The super class will provide appropriate group mappings via configGroupMappings()
|
* The super class will provide appropriate group mappings via configGroupMappings()
|
||||||
*/
|
*/
|
||||||
@Network
|
@Network
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class GroupMappingTests extends AbstractAdLdapRealmTests {
|
public class GroupMappingTests extends AbstractAdLdapRealmTests {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
|
|
|
@ -10,14 +10,10 @@ import org.junit.Test;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This tests the mapping of multiple groups to a role
|
* This tests the mapping of multiple groups to a role
|
||||||
*/
|
*/
|
||||||
@Network
|
@Network
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class MultiGroupMappingTests extends AbstractAdLdapRealmTests {
|
public class MultiGroupMappingTests extends AbstractAdLdapRealmTests {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||||
import org.elasticsearch.shield.transport.ShieldServerTransportService;
|
import org.elasticsearch.shield.transport.ShieldServerTransportService;
|
||||||
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
|
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.elasticsearch.test.ShieldSettingsSource;
|
import org.elasticsearch.test.ShieldSettingsSource;
|
||||||
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
|
||||||
|
@ -34,13 +33,11 @@ import java.io.IOException;
|
||||||
|
|
||||||
import static org.elasticsearch.rest.RestStatus.OK;
|
import static org.elasticsearch.rest.RestStatus.OK;
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
|
|
||||||
import static org.hamcrest.Matchers.*;
|
import static org.hamcrest.Matchers.*;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@ClusterScope(scope = SUITE)
|
|
||||||
public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest {
|
public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private static boolean enabled;
|
private static boolean enabled;
|
||||||
|
|
|
@ -7,6 +7,8 @@ package org.elasticsearch.shield;
|
||||||
|
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
import org.apache.http.impl.client.HttpClients;
|
import org.apache.http.impl.client.HttpClients;
|
||||||
|
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||||
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.http.HttpServerTransport;
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
|
||||||
|
@ -25,6 +27,14 @@ import static org.hamcrest.Matchers.*;
|
||||||
|
|
||||||
public class ShieldPluginTests extends ShieldIntegrationTest {
|
public class ShieldPluginTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Settings nodeSettings(int nodeOrdinal) {
|
||||||
|
return ImmutableSettings.builder()
|
||||||
|
.put(super.nodeSettings(nodeOrdinal))
|
||||||
|
.put("http.enabled", true) //This test requires HTTP
|
||||||
|
.build();
|
||||||
|
}
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testThatPluginIsLoaded() throws IOException {
|
public void testThatPluginIsLoaded() throws IOException {
|
||||||
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
|
||||||
|
|
|
@ -27,53 +27,11 @@ public class VersionCompatibilityTests extends ElasticsearchTestCase {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testCompatibility() {
|
public void testCompatibility() {
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/8634 {@link org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration}
|
|
||||||
*/
|
|
||||||
assertThat("Remove ClusterDiscoveryConfiguration or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.support.TransportProfileUtil}
|
|
||||||
*/
|
|
||||||
assertThat("Remove TransportProfileUtil class or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler}
|
|
||||||
*/
|
|
||||||
assertThat("Cleanup ShieldMessageChannelHandler class and remove needless code, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/9273 {@link org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper}
|
|
||||||
*/
|
|
||||||
assertThat("Remove CreateIndexRequestHelper class, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService}
|
* see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService}
|
||||||
* Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok.
|
* Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok.
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_5_0), is(true));
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/9409/
|
|
||||||
* This should be fixed in es 1.4.3 and up, thus can be removed
|
|
||||||
* You can also remove the SnapshotTests class then, as this functionality is also covered in the ClusterPrivilegeTests
|
|
||||||
* And remove the code in Privilege.System
|
|
||||||
*/
|
|
||||||
assertThat("Remove workaround to allow TransportNodesSnapshotsStatus be executed by the system user", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch-shield/pull/669
|
|
||||||
* {@link org.elasticsearch.shield.authz.indicesresolver.DefaultIndicesResolver#resolveIndices(User, String, org.elasticsearch.action.IndicesRequest, org.elasticsearch.cluster.metadata.MetaData)}
|
|
||||||
* The special treatment for IndicesAliasesRequest and GetAliasesRequest can become one single case, and simplified,
|
|
||||||
* since es core 1.5.0 introduced the AliasesRequest interface.
|
|
||||||
*/
|
|
||||||
assertThat("Remove special treatment for IndicesAliasesRequest and GetAliasesRequest", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
|
|
||||||
/**
|
|
||||||
* see https://github.com/elasticsearch/elasticsearch/pull/9508
|
|
||||||
* CheckFileCommand has been moved into ES-Core, please check the supported versions in the PR, if it can be removed completely
|
|
||||||
*/
|
|
||||||
assertThat("Remove built-in CheckFileCommand", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -32,7 +32,7 @@ import static org.mockito.Matchers.any;
|
||||||
import static org.mockito.Matchers.anyString;
|
import static org.mockito.Matchers.anyString;
|
||||||
import static org.mockito.Mockito.*;
|
import static org.mockito.Mockito.*;
|
||||||
|
|
||||||
public class LdapRealmTest extends LdapTest {
|
public class LdapRealmTests extends LdapTest {
|
||||||
|
|
||||||
public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas";
|
public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas";
|
||||||
public static final String VALID_USERNAME = "Thomas Masterman Hardy";
|
public static final String VALID_USERNAME = "Thomas Masterman Hardy";
|
|
@ -11,11 +11,8 @@ import org.junit.Test;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.hamcrest.CoreMatchers.containsString;
|
import static org.hamcrest.CoreMatchers.containsString;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class AnalyzeTests extends ShieldIntegrationTest {
|
public class AnalyzeTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -17,14 +17,11 @@ import org.junit.Test;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
||||||
import static org.hamcrest.CoreMatchers.containsString;
|
import static org.hamcrest.CoreMatchers.containsString;
|
||||||
import static org.hamcrest.CoreMatchers.equalTo;
|
import static org.hamcrest.CoreMatchers.equalTo;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class IndexAliasesTests extends ShieldIntegrationTest {
|
public class IndexAliasesTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -176,7 +176,7 @@ public class PrivilegeTests extends ElasticsearchTestCase {
|
||||||
Predicate<String> predicate = Privilege.SYSTEM.predicate();
|
Predicate<String> predicate = Privilege.SYSTEM.predicate();
|
||||||
assertThat(predicate.apply("indices:monitor/whatever"), is(true));
|
assertThat(predicate.apply("indices:monitor/whatever"), is(true));
|
||||||
assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
|
assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
|
||||||
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(true));
|
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false));
|
||||||
assertThat(predicate.apply("internal:whatever"), is(true));
|
assertThat(predicate.apply("internal:whatever"), is(true));
|
||||||
assertThat(predicate.apply("indices:whatever"), is(false));
|
assertThat(predicate.apply("indices:whatever"), is(false));
|
||||||
assertThat(predicate.apply("cluster:whatever"), is(false));
|
assertThat(predicate.apply("cluster:whatever"), is(false));
|
||||||
|
|
|
@ -1,55 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.shield.authz;
|
|
||||||
|
|
||||||
import com.carrotsearch.ant.tasks.junit4.dependencies.com.google.common.collect.ImmutableMap;
|
|
||||||
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotStatus;
|
|
||||||
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotsStatusResponse;
|
|
||||||
import org.elasticsearch.cluster.metadata.SnapshotMetaData;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
|
||||||
import org.junit.Test;
|
|
||||||
|
|
||||||
import java.io.File;
|
|
||||||
|
|
||||||
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
|
|
||||||
import static org.hamcrest.Matchers.anyOf;
|
|
||||||
import static org.hamcrest.Matchers.hasSize;
|
|
||||||
import static org.hamcrest.Matchers.is;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* test to check if snapshotting and displaying of current snapshots work
|
|
||||||
* can be removed after 1.4.3 is released as this is included
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
public class SnapshotTests extends ShieldIntegrationTest {
|
|
||||||
|
|
||||||
// TODO remove after upgrading to 1.4.3
|
|
||||||
@Test
|
|
||||||
public void testThatSnapshottingWorks() throws Exception {
|
|
||||||
File repositoryLocation = newTempDir();
|
|
||||||
assertAcked(client().admin().cluster().preparePutRepository("my-repo").setType("fs").setSettings(ImmutableMap.of("location", repositoryLocation.getAbsolutePath())));
|
|
||||||
|
|
||||||
client().prepareIndex("foo", "bar", "1").setSource("foo", "bar").get();
|
|
||||||
client().prepareIndex("foo", "bar", "2").setSource("foo", "bar").get();
|
|
||||||
client().prepareIndex("foo", "bar", "3").setSource("foo", "bar").get();
|
|
||||||
client().prepareIndex("foo", "bar", "4").setSource("foo", "bar").get();
|
|
||||||
client().prepareIndex("foo", "bar", "5").setSource("foo", "bar").get();
|
|
||||||
refresh();
|
|
||||||
|
|
||||||
// must be started async otherwise the code relevent path in TransportSnapshotsStatusAction about currently running snapshots is not executed
|
|
||||||
client().admin().cluster().prepareCreateSnapshot("my-repo", "my-snapshot").setIndices("foo").get();
|
|
||||||
|
|
||||||
SnapshotsStatusResponse snapshotsStatusResponse = client().admin().cluster().prepareSnapshotStatus("my-repo").setSnapshots("my-snapshot").get();
|
|
||||||
assertThat(snapshotsStatusResponse.getSnapshots(), hasSize(1));
|
|
||||||
SnapshotStatus snapshotStatus = snapshotsStatusResponse.getSnapshots().get(0);
|
|
||||||
assertThat(snapshotStatus.getState(), anyOf(is(SnapshotMetaData.State.STARTED), is(SnapshotMetaData.State.SUCCESS)));
|
|
||||||
|
|
||||||
assertAcked(client().admin().cluster().prepareDeleteSnapshot("my-repo", "my-snapshot").get());
|
|
||||||
|
|
||||||
assertAcked(client().admin().cluster().prepareDeleteRepository("my-repo"));
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -22,11 +22,8 @@ import org.junit.Test;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.hamcrest.CoreMatchers.*;
|
import static org.hamcrest.CoreMatchers.*;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
@TestLogging("cluster.routing.allocation:TRACE")
|
@TestLogging("cluster.routing.allocation:TRACE")
|
||||||
public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {
|
public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
|
|
|
@ -29,13 +29,10 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
|
||||||
import static org.elasticsearch.node.NodeBuilder.nodeBuilder;
|
import static org.elasticsearch.node.NodeBuilder.nodeBuilder;
|
||||||
import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder;
|
import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder;
|
||||||
import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
|
import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.hamcrest.CoreMatchers.instanceOf;
|
import static org.hamcrest.CoreMatchers.instanceOf;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
public class ServerTransportFilterIntegrationTests extends ShieldIntegrationTest {
|
||||||
public class ServerTransportFilterIntegrationTest extends ShieldIntegrationTest {
|
|
||||||
|
|
||||||
private static int randomClientPort;
|
private static int randomClientPort;
|
||||||
|
|
|
@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.http.HttpServerTransport;
|
import org.elasticsearch.http.HttpServerTransport;
|
||||||
import org.elasticsearch.node.internal.InternalNode;
|
import org.elasticsearch.node.internal.InternalNode;
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.junit.BeforeClass;
|
import org.junit.BeforeClass;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
@ -22,7 +23,6 @@ import java.io.OutputStream;
|
||||||
import java.net.InetSocketAddress;
|
import java.net.InetSocketAddress;
|
||||||
import java.net.Socket;
|
import java.net.Socket;
|
||||||
|
|
||||||
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
||||||
import static org.hamcrest.Matchers.instanceOf;
|
import static org.hamcrest.Matchers.instanceOf;
|
||||||
|
@ -71,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
|
||||||
@Test
|
@Test
|
||||||
public void testThatIpFilteringIsAppliedForProfile() throws Exception {
|
public void testThatIpFilteringIsAppliedForProfile() throws Exception {
|
||||||
try (Socket socket = new Socket()){
|
try (Socket socket = new Socket()){
|
||||||
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client", internalCluster())));
|
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client")));
|
||||||
assertThat(socket.isClosed(), is(true));
|
assertThat(socket.isClosed(), is(true));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -86,4 +86,10 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
|
||||||
os.flush();
|
os.flush();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static int getProfilePort(String profile) {
|
||||||
|
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
|
||||||
|
assert transportAddress instanceof InetSocketTransportAddress;
|
||||||
|
return ((InetSocketTransportAddress)transportAddress).address().getPort();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -201,6 +201,13 @@ public class IPFilterNettyUpstreamHandlerTests extends ElasticsearchTestCase {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean getUserDefinedWritability(int i) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setUserDefinedWritability(int i, boolean b) {
|
||||||
|
}
|
||||||
|
|
||||||
public ChannelFuture unbind() {
|
public ChannelFuture unbind() {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
@ -8,8 +8,6 @@ package org.elasticsearch.shield.transport.netty;
|
||||||
import org.elasticsearch.client.Client;
|
import org.elasticsearch.client.Client;
|
||||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
|
||||||
|
@ -20,7 +18,6 @@ import java.nio.file.Paths;
|
||||||
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = ElasticsearchIntegrationTest.Scope.SUITE)
|
|
||||||
public class IPHostnameVerificationTests extends ShieldIntegrationTest {
|
public class IPHostnameVerificationTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
static Path keystore;
|
static Path keystore;
|
||||||
|
|
|
@ -12,8 +12,6 @@ import org.elasticsearch.common.settings.ImmutableSettings;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
import org.elasticsearch.common.transport.InetSocketTransportAddress;
|
||||||
import org.elasticsearch.common.transport.TransportAddress;
|
import org.elasticsearch.common.transport.TransportAddress;
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import org.elasticsearch.test.ShieldIntegrationTest;
|
import org.elasticsearch.test.ShieldIntegrationTest;
|
||||||
import org.elasticsearch.transport.Transport;
|
import org.elasticsearch.transport.Transport;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
@ -27,7 +25,6 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
|
||||||
import static org.hamcrest.CoreMatchers.instanceOf;
|
import static org.hamcrest.CoreMatchers.instanceOf;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class SslHostnameVerificationTests extends ShieldIntegrationTest {
|
public class SslHostnameVerificationTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
static Path keystore;
|
static Path keystore;
|
||||||
|
|
|
@ -30,11 +30,8 @@ import java.net.URISyntaxException;
|
||||||
|
|
||||||
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
||||||
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.hamcrest.Matchers.containsString;
|
import static org.hamcrest.Matchers.containsString;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class SslClientAuthTests extends ShieldIntegrationTest {
|
public class SslClientAuthTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -34,11 +34,8 @@ import java.security.cert.X509Certificate;
|
||||||
import java.util.Locale;
|
import java.util.Locale;
|
||||||
|
|
||||||
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.hamcrest.Matchers.*;
|
import static org.hamcrest.Matchers.*;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class SslIntegrationTests extends ShieldIntegrationTest {
|
public class SslIntegrationTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private TrustManager[] trustAllCerts = new TrustManager[] {
|
private TrustManager[] trustAllCerts = new TrustManager[] {
|
||||||
|
|
|
@ -22,14 +22,10 @@ import java.nio.file.Path;
|
||||||
import java.nio.file.Paths;
|
import java.nio.file.Paths;
|
||||||
|
|
||||||
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
|
||||||
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
|
|
||||||
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
|
|
||||||
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
|
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
|
||||||
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
|
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
import static org.hamcrest.CoreMatchers.is;
|
||||||
|
|
||||||
@ClusterScope(scope = Scope.SUITE)
|
|
||||||
public class SslMultiPortTests extends ShieldIntegrationTest {
|
public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
|
|
||||||
private static int randomClientPort;
|
private static int randomClientPort;
|
||||||
|
@ -115,7 +111,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
@Test
|
@Test
|
||||||
public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception {
|
public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception {
|
||||||
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -130,7 +126,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
@Test(expected = NoNodeAvailableException.class)
|
@Test(expected = NoNodeAvailableException.class)
|
||||||
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
|
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
|
||||||
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
|
||||||
transportClient.admin().cluster().prepareHealth().get();
|
transportClient.admin().cluster().prepareHealth().get();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -143,7 +139,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
@Test(expected = NoNodeAvailableException.class)
|
@Test(expected = NoNodeAvailableException.class)
|
||||||
public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception {
|
public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception {
|
||||||
try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -157,7 +153,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
|
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
|
||||||
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
||||||
try (TransportClient transportClient = createTransportClient(settings)) {
|
try (TransportClient transportClient = createTransportClient(settings)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -172,7 +168,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception {
|
public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception {
|
||||||
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
||||||
try (TransportClient transportClient = createTransportClient(settings)) {
|
try (TransportClient transportClient = createTransportClient(settings)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -202,7 +198,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception {
|
public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception {
|
||||||
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
|
||||||
try (TransportClient transportClient = createTransportClient(settings)) {
|
try (TransportClient transportClient = createTransportClient(settings)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
|
||||||
transportClient.admin().cluster().prepareHealth().get();
|
transportClient.admin().cluster().prepareHealth().get();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -217,7 +213,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("cluster.name", internalCluster().getClusterName())
|
.put("cluster.name", internalCluster().getClusterName())
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -233,7 +229,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("cluster.name", internalCluster().getClusterName())
|
.put("cluster.name", internalCluster().getClusterName())
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
|
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -249,7 +245,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("cluster.name", internalCluster().getClusterName())
|
.put("cluster.name", internalCluster().getClusterName())
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -265,7 +261,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("cluster.name", internalCluster().getClusterName())
|
.put("cluster.name", internalCluster().getClusterName())
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -285,7 +281,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -306,7 +302,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -327,7 +323,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
|
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -347,7 +343,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
.put("shield.ssl.truststore.password", "truststore-testnode-only")
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -365,7 +361,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.transport.ssl", true)
|
.put("shield.transport.ssl", true)
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
|
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -383,7 +379,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.transport.ssl", true)
|
.put("shield.transport.ssl", true)
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -401,7 +397,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.transport.ssl", true)
|
.put("shield.transport.ssl", true)
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -419,8 +415,14 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
|
||||||
.put("shield.transport.ssl", true)
|
.put("shield.transport.ssl", true)
|
||||||
.build();
|
.build();
|
||||||
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
try (TransportClient transportClient = new TransportClient(settings, false)) {
|
||||||
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
|
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
|
||||||
assertGreenClusterState(transportClient);
|
assertGreenClusterState(transportClient);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private static int getProfilePort(String profile) {
|
||||||
|
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
|
||||||
|
assert transportAddress instanceof InetSocketTransportAddress;
|
||||||
|
return ((InetSocketTransportAddress)transportAddress).address().getPort();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.shield.transport.support;
|
|
||||||
|
|
||||||
import org.elasticsearch.common.netty.channel.Channel;
|
|
||||||
import org.elasticsearch.test.InternalTestCluster;
|
|
||||||
import org.elasticsearch.transport.Transport;
|
|
||||||
import org.elasticsearch.transport.netty.NettyTransport;
|
|
||||||
|
|
||||||
import java.lang.reflect.Field;
|
|
||||||
import java.net.InetSocketAddress;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Utility class used to deal with profile support in Transport. This class should be removed once
|
|
||||||
* core has been fixed and Shield has been updated to depend on a version of core that is fixed.
|
|
||||||
*
|
|
||||||
* See <a href="https://github.com/elasticsearch/elasticsearch/pull/9134">https://github.com/elasticsearch/elasticsearch/pull/9134</a>
|
|
||||||
*/
|
|
||||||
//TODO remove the reflection shenanigans (actually this class as a whole) once es core dependency is upgraded for 1.5
|
|
||||||
public class TransportProfileUtil {
|
|
||||||
|
|
||||||
private TransportProfileUtil() {}
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Gets the actual port that the profile is listening on. If a range was provided in the settings, then the first
|
|
||||||
* port may not be the port that was actually bound.
|
|
||||||
*/
|
|
||||||
public static int getProfilePort(String profile, InternalTestCluster internalTestCluster) throws Exception {
|
|
||||||
NettyTransport transport = (NettyTransport) internalTestCluster.getInstance(Transport.class);
|
|
||||||
Field channels = NettyTransport.class.getDeclaredField("serverChannels");
|
|
||||||
channels.setAccessible(true);
|
|
||||||
Map<String, Channel> serverChannels = (Map<String, Channel>) channels.get(transport);
|
|
||||||
Channel clientProfileChannel = serverChannels.get(profile);
|
|
||||||
return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort();
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -17,7 +17,6 @@ import org.elasticsearch.common.base.Function;
|
||||||
import org.elasticsearch.common.collect.Collections2;
|
import org.elasticsearch.common.collect.Collections2;
|
||||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
import org.elasticsearch.common.settings.ImmutableSettings;
|
||||||
import org.elasticsearch.common.settings.Settings;
|
import org.elasticsearch.common.settings.Settings;
|
||||||
import org.elasticsearch.license.plugin.LicensePlugin;
|
|
||||||
import org.elasticsearch.plugins.Plugin;
|
import org.elasticsearch.plugins.Plugin;
|
||||||
import org.elasticsearch.shield.ShieldPlugin;
|
import org.elasticsearch.shield.ShieldPlugin;
|
||||||
import org.elasticsearch.shield.authc.support.SecuredString;
|
import org.elasticsearch.shield.authc.support.SecuredString;
|
||||||
|
@ -36,7 +35,7 @@ import static org.hamcrest.Matchers.hasSize;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Base class to run tests against a cluster with shield installed.
|
* Base class to run tests against a cluster with shield installed.
|
||||||
* The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#GLOBAL},
|
* The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#SUITE},
|
||||||
* meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed.
|
* meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed.
|
||||||
* @see org.elasticsearch.test.ShieldSettingsSource
|
* @see org.elasticsearch.test.ShieldSettingsSource
|
||||||
*/
|
*/
|
||||||
|
@ -51,7 +50,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
||||||
//and configure them all in unicast.hosts
|
//and configure them all in unicast.hosts
|
||||||
private static int maxNumberOfNodes() {
|
private static int maxNumberOfNodes() {
|
||||||
ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class);
|
ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class);
|
||||||
if (clusterScope == null || clusterScope.scope() == Scope.GLOBAL) {
|
if (clusterScope == null) {
|
||||||
return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES;
|
return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES;
|
||||||
} else {
|
} else {
|
||||||
if (clusterScope.numClientNodes() < 0) {
|
if (clusterScope.numClientNodes() < 0) {
|
||||||
|
@ -79,7 +78,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
||||||
|
|
||||||
private static Scope getCurrentClusterScope(Class<?> clazz) {
|
private static Scope getCurrentClusterScope(Class<?> clazz) {
|
||||||
ClusterScope annotation = getAnnotation(clazz);
|
ClusterScope annotation = getAnnotation(clazz);
|
||||||
return annotation == null ? Scope.GLOBAL : annotation.scope();
|
return annotation == null ? Scope.SUITE : annotation.scope();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -93,7 +92,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
||||||
@BeforeClass
|
@BeforeClass
|
||||||
public static void initDefaultSettings() {
|
public static void initDefaultSettings() {
|
||||||
if (SHIELD_DEFAULT_SETTINGS == null) {
|
if (SHIELD_DEFAULT_SETTINGS == null) {
|
||||||
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.GLOBAL);
|
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.SUITE);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -104,11 +103,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
|
||||||
protected void before() throws Throwable {
|
protected void before() throws Throwable {
|
||||||
Scope currentClusterScope = getCurrentClusterScope();
|
Scope currentClusterScope = getCurrentClusterScope();
|
||||||
switch(currentClusterScope) {
|
switch(currentClusterScope) {
|
||||||
case GLOBAL:
|
|
||||||
if (InternalTestCluster.DEFAULT_SETTINGS_SOURCE == SettingsSource.EMPTY) {
|
|
||||||
InternalTestCluster.DEFAULT_SETTINGS_SOURCE = SHIELD_DEFAULT_SETTINGS;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case SUITE:
|
case SUITE:
|
||||||
if (customShieldSettingsSource == null) {
|
if (customShieldSettingsSource == null) {
|
||||||
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope);
|
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope);
|
||||||
|
|
|
@ -95,7 +95,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
|
||||||
* @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
|
* @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
|
||||||
*/
|
*/
|
||||||
public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
|
public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
|
||||||
super(numOfNodes, DEFAULT_SETTINGS, scope);
|
super(numOfNodes, DEFAULT_SETTINGS);
|
||||||
this.systemKey = systemKey;
|
this.systemKey = systemKey;
|
||||||
this.parentFolder = parentFolder;
|
this.parentFolder = parentFolder;
|
||||||
this.subfolderPrefix = scope.name();
|
this.subfolderPrefix = scope.name();
|
||||||
|
|
|
@ -1,178 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
|
|
||||||
* or more contributor license agreements. Licensed under the Elastic License;
|
|
||||||
* you may not use this file except in compliance with the Elastic License.
|
|
||||||
*/
|
|
||||||
package org.elasticsearch.test.discovery;
|
|
||||||
|
|
||||||
import com.carrotsearch.randomizedtesting.RandomizedTest;
|
|
||||||
import com.google.common.primitives.Ints;
|
|
||||||
import org.elasticsearch.ElasticsearchException;
|
|
||||||
import org.elasticsearch.Version;
|
|
||||||
import org.elasticsearch.common.settings.ImmutableSettings;
|
|
||||||
import org.elasticsearch.common.settings.Settings;
|
|
||||||
import org.elasticsearch.test.ElasticsearchIntegrationTest;
|
|
||||||
import org.elasticsearch.test.InternalTestCluster;
|
|
||||||
import org.elasticsearch.test.SettingsSource;
|
|
||||||
import org.elasticsearch.transport.local.LocalTransport;
|
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import java.net.ServerSocket;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.concurrent.atomic.AtomicInteger;
|
|
||||||
|
|
||||||
//TODO Remove this class once we move to es core 1.5.0
|
|
||||||
public class ClusterDiscoveryConfiguration extends SettingsSource {
|
|
||||||
|
|
||||||
static Settings DEFAULT_NODE_SETTINGS = ImmutableSettings.settingsBuilder()
|
|
||||||
.put("gateway.type", "local")
|
|
||||||
.put("discovery.type", "zen").build();
|
|
||||||
|
|
||||||
final int numOfNodes;
|
|
||||||
final Settings nodeSettings;
|
|
||||||
final Settings transportClientSettings;
|
|
||||||
|
|
||||||
public ClusterDiscoveryConfiguration(int numOfNodes) {
|
|
||||||
this(numOfNodes, ImmutableSettings.EMPTY);
|
|
||||||
}
|
|
||||||
|
|
||||||
public ClusterDiscoveryConfiguration(int numOfNodes, Settings extraSettings) {
|
|
||||||
this.numOfNodes = numOfNodes;
|
|
||||||
this.nodeSettings = ImmutableSettings.builder().put(DEFAULT_NODE_SETTINGS).put(extraSettings).build();
|
|
||||||
this.transportClientSettings = ImmutableSettings.builder().put(extraSettings).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Settings node(int nodeOrdinal) {
|
|
||||||
return nodeSettings;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Settings transportClient() {
|
|
||||||
return transportClientSettings;
|
|
||||||
}
|
|
||||||
|
|
||||||
public static class UnicastZen extends ClusterDiscoveryConfiguration {
|
|
||||||
|
|
||||||
private static final AtomicInteger portCounter = new AtomicInteger();
|
|
||||||
|
|
||||||
private final int[] unicastHostOrdinals;
|
|
||||||
private final int[] unicastHostPorts;
|
|
||||||
private final boolean localMode;
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
this(numOfNodes, numOfNodes, scope);
|
|
||||||
}
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
this(numOfNodes, numOfNodes, extraSettings, scope);
|
|
||||||
}
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, int numOfUnicastHosts, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
this(numOfNodes, numOfUnicastHosts, ImmutableSettings.EMPTY, scope);
|
|
||||||
}
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, int numOfUnicastHosts, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
super(numOfNodes, extraSettings);
|
|
||||||
if (numOfUnicastHosts == numOfNodes) {
|
|
||||||
unicastHostOrdinals = new int[numOfNodes];
|
|
||||||
for (int i = 0; i < numOfNodes; i++) {
|
|
||||||
unicastHostOrdinals[i] = i;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
Set<Integer> ordinals = new HashSet<>(numOfUnicastHosts);
|
|
||||||
while (ordinals.size() != numOfUnicastHosts) {
|
|
||||||
ordinals.add(RandomizedTest.randomInt(numOfNodes - 1));
|
|
||||||
}
|
|
||||||
unicastHostOrdinals = Ints.toArray(ordinals);
|
|
||||||
}
|
|
||||||
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
|
|
||||||
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
|
|
||||||
assert unicastHostOrdinals.length <= unicastHostPorts.length;
|
|
||||||
}
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
this(numOfNodes, ImmutableSettings.EMPTY, unicastHostOrdinals, scope);
|
|
||||||
}
|
|
||||||
|
|
||||||
public UnicastZen(int numOfNodes, Settings extraSettings, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
super(numOfNodes, extraSettings);
|
|
||||||
this.unicastHostOrdinals = unicastHostOrdinals;
|
|
||||||
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
|
|
||||||
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
|
|
||||||
assert unicastHostOrdinals.length <= unicastHostPorts.length;
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int calcBasePort(ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
// note that this has properly co-exist with the port logic at InternalTestCluster's constructor
|
|
||||||
return 30000 +
|
|
||||||
1000 * (ElasticsearchIntegrationTest.CHILD_JVM_ID) + // up to 30 jvms
|
|
||||||
//up to 100 nodes per cluster
|
|
||||||
100 * scopeId(scope);
|
|
||||||
}
|
|
||||||
|
|
||||||
private static int scopeId(ElasticsearchIntegrationTest.Scope scope) {
|
|
||||||
switch(scope) {
|
|
||||||
case GLOBAL:
|
|
||||||
//we reserve a special base port for global clusters, as they stick around
|
|
||||||
//the assumption is that no counter is needed as there's only one global cluster per jvm
|
|
||||||
return 0;
|
|
||||||
default:
|
|
||||||
//ports can be reused as suite or test clusters are never run concurrently
|
|
||||||
//we don't reuse the same port immediately though but leave some time to make sure ports are freed
|
|
||||||
//reserve 0 to global cluster, prevent conflicts between jvms by never going above 9
|
|
||||||
return 1 + portCounter.incrementAndGet() % 9;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public Settings node(int nodeOrdinal) {
|
|
||||||
ImmutableSettings.Builder builder = ImmutableSettings.builder()
|
|
||||||
.put("discovery.zen.ping.multicast.enabled", false);
|
|
||||||
|
|
||||||
String[] unicastHosts = new String[unicastHostOrdinals.length];
|
|
||||||
if (localMode) {
|
|
||||||
builder.put(LocalTransport.TRANSPORT_LOCAL_ADDRESS, "node_" + nodeOrdinal);
|
|
||||||
for (int i = 0; i < unicastHosts.length; i++) {
|
|
||||||
unicastHosts[i] = "node_" + unicastHostOrdinals[i];
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
// we need to pin the node port & host so we'd know where to point things
|
|
||||||
builder.put("transport.tcp.port", unicastHostPorts[nodeOrdinal]);
|
|
||||||
builder.put("transport.host", "localhost");
|
|
||||||
for (int i = 0; i < unicastHostOrdinals.length; i++) {
|
|
||||||
unicastHosts[i] = "localhost:" + (unicastHostPorts[unicastHostOrdinals[i]]);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
builder.putArray("discovery.zen.ping.unicast.hosts", unicastHosts);
|
|
||||||
return builder.put(super.node(nodeOrdinal)).build();
|
|
||||||
}
|
|
||||||
|
|
||||||
protected static int[] unicastHostPorts(int basePort, int numHosts) {
|
|
||||||
int[] unicastHostPorts = new int[numHosts];
|
|
||||||
|
|
||||||
final int maxPort = basePort + 99;
|
|
||||||
int currentPort = basePort;
|
|
||||||
|
|
||||||
for (int i = 0; i < unicastHostPorts.length; i++) {
|
|
||||||
boolean foundPortInRange = false;
|
|
||||||
while (currentPort <= maxPort && !foundPortInRange) {
|
|
||||||
try (ServerSocket socket = new ServerSocket(currentPort)) {
|
|
||||||
// bind was a success
|
|
||||||
foundPortInRange = true;
|
|
||||||
unicastHostPorts[i] = currentPort;
|
|
||||||
} catch (IOException e) {
|
|
||||||
// Do nothing
|
|
||||||
}
|
|
||||||
currentPort++;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!foundPortInRange) {
|
|
||||||
throw new ElasticsearchException("could not find enough open ports in range [" + basePort + "-" + maxPort + "]");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return unicastHostPorts;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue