Upgrade elasticsearch dependency to 1.5.0-SNAPSHOT

This upgrades the elasticsearch dependency to 1.5.0-SNAPSHOT and removes
classes/functionality that were incorporated back into elasticsearch.

Closes elastic/elasticsearch#669

Original commit: elastic/x-pack-elasticsearch@65b76c41fb
This commit is contained in:
jaymode 2015-03-02 10:46:28 -05:00
parent 43a5fe07f4
commit f2b493fa96
45 changed files with 87 additions and 1023 deletions

12
pom.xml
View File

@ -46,9 +46,9 @@
</repositories> </repositories>
<properties> <properties>
<lucene.version>4.10.2</lucene.version> <lucene.version>4.10.4</lucene.version>
<lucene.maven.version>4.10.2</lucene.maven.version> <lucene.maven.version>4.10.4</lucene.maven.version>
<elasticsearch.version>1.4.2</elasticsearch.version> <elasticsearch.version>1.5.0-SNAPSHOT</elasticsearch.version>
<license.plugin.version>1.0.0</license.plugin.version> <license.plugin.version>1.0.0</license.plugin.version>
<tests.jvms>auto</tests.jvms> <tests.jvms>auto</tests.jvms>
@ -158,12 +158,6 @@
<version>2.3.2</version> <version>2.3.2</version>
<scope>test</scope> <scope>test</scope>
</dependency> </dependency>
<dependency>
<groupId>com.google.jimfs</groupId>
<artifactId>jimfs</artifactId>
<version>1.0</version>
<scope>test</scope>
</dependency>
<!-- real dependencies --> <!-- real dependencies -->
<dependency> <dependency>

View File

@ -1,24 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.action.admin.indices.create;
import org.elasticsearch.action.admin.indices.alias.Alias;
import java.util.Set;
/*
* Helper needed to retrieve aliases from a CreateIndexRequest, as the corresponding getter has package private visibility
* TODO Remove this class as soon as es core 1.5.0 is out
*/
public final class CreateIndexRequestHelper {
private CreateIndexRequestHelper() {
}
public static Set<Alias> aliases(CreateIndexRequest createIndexRequest) {
return createIndexRequest.aliases();
}
}

View File

@ -1,101 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.common.cli;
import org.elasticsearch.common.collect.Maps;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFileAttributes;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Map;
import java.util.Set;
import static org.elasticsearch.common.cli.Terminal.Verbosity.SILENT;
/**
* helper command to check if file permissions or owner got changed by the command being executed
*/
public abstract class CheckFileCommand extends CliTool.Command {
public CheckFileCommand(Terminal terminal) {
super(terminal);
}
/**
* abstract method, which should implement the same logic as CliTool.Command.execute(), but is wrapped
*/
public abstract CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception;
/**
* Returns the array of paths, that should be checked if the permissions, user or groups have changed
* before and after execution of the command
*
*/
protected abstract Path[] pathsForPermissionsCheck(Settings settings, Environment env) throws Exception;
@Override
public CliTool.ExitStatus execute(Settings settings, Environment env) throws Exception {
Path[] paths = pathsForPermissionsCheck(settings, env);
Map<Path, Set<PosixFilePermission>> permissions = Maps.newHashMapWithExpectedSize(paths.length);
Map<Path, String> owners = Maps.newHashMapWithExpectedSize(paths.length);
Map<Path, String> groups = Maps.newHashMapWithExpectedSize(paths.length);
if (paths != null && paths.length > 0) {
for (Path path : paths) {
try {
boolean supportsPosixPermissions = Files.getFileStore(path).supportsFileAttributeView(PosixFileAttributeView.class);
if (supportsPosixPermissions) {
permissions.put(path, Files.getPosixFilePermissions(path));
owners.put(path, Files.getOwner(path).getName());
groups.put(path, Files.readAttributes(path, PosixFileAttributes.class).group().getName());
}
} catch (IOException e) {
// silently swallow if not supported, no need to log things
}
}
}
CliTool.ExitStatus status = doExecute(settings, env);
// check if permissions differ
for (Map.Entry<Path, Set<PosixFilePermission>> entry : permissions.entrySet()) {
Set<PosixFilePermission> permissionsBeforeWrite = entry.getValue();
Set<PosixFilePermission> permissionsAfterWrite = Files.getPosixFilePermissions(entry.getKey());
if (!permissionsBeforeWrite.equals(permissionsAfterWrite)) {
terminal.println(SILENT, "WARN: The file permissions of [%s] have changed from [%s] to [%s]",
entry.getKey(), PosixFilePermissions.toString(permissionsBeforeWrite), PosixFilePermissions.toString(permissionsAfterWrite));
terminal.println(SILENT, "Please ensure that the user account running Elasticsearch has read access to this file!");
}
}
// check if owner differs
for (Map.Entry<Path, String> entry : owners.entrySet()) {
String ownerBeforeWrite = entry.getValue();
String ownerAfterWrite = Files.getOwner(entry.getKey()).getName();
if (!ownerAfterWrite.equals(ownerBeforeWrite)) {
terminal.println(SILENT, "WARN: Owner of file [%s] used to be [%s], but now is [%s]", entry.getKey(), ownerBeforeWrite, ownerAfterWrite);
}
}
// check if group differs
for (Map.Entry<Path, String> entry : groups.entrySet()) {
String groupBeforeWrite = entry.getValue();
String groupAfterWrite = Files.readAttributes(entry.getKey(), PosixFileAttributes.class).group().getName();
if (!groupAfterWrite.equals(groupBeforeWrite)) {
terminal.println(SILENT, "WARN: Group of file [%s] used to be [%s], but now is [%s]", entry.getKey(), groupBeforeWrite, groupAfterWrite);
}
}
return status;
}
}

View File

@ -1,31 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.http.netty;
import org.elasticsearch.common.netty.channel.ChannelHandlerContext;
import org.elasticsearch.common.netty.channel.ExceptionEvent;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
/**
* Makes the exceptionCaught method of {@link org.elasticsearch.http.netty.NettyHttpServerTransport} visible
* to overriding classes.
*
* TODO: Fix core to make methods protected instead of package private and remove this class
*/
public class VisibleNettyHttpServerTransport extends NettyHttpServerTransport {
public VisibleNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays) {
super(settings, networkService, bigArrays);
}
@Override
protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception {
super.exceptionCaught(ctx, e);
}
}

View File

@ -9,7 +9,6 @@ import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.indices.alias.Alias; import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest; import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper;
import org.elasticsearch.action.search.ClearScrollAction; import org.elasticsearch.action.search.ClearScrollAction;
import org.elasticsearch.action.search.SearchScrollAction; import org.elasticsearch.action.search.SearchScrollAction;
import org.elasticsearch.cluster.ClusterService; import org.elasticsearch.cluster.ClusterService;
@ -152,7 +151,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
//if we are creating an index we need to authorize potential aliases created at the same time //if we are creating an index we need to authorize potential aliases created at the same time
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) { if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
assert request instanceof CreateIndexRequest; assert request instanceof CreateIndexRequest;
Set<Alias> aliases = CreateIndexRequestHelper.aliases((CreateIndexRequest) request); Set<Alias> aliases = ((CreateIndexRequest) request).aliases();
if (!aliases.isEmpty()) { if (!aliases.isEmpty()) {
Set<String> aliasesAndIndices = Sets.newHashSet(indexNames); Set<String> aliasesAndIndices = Sets.newHashSet(indexNames);
for (Alias alias : aliases) { for (Alias alias : aliases) {

View File

@ -90,9 +90,7 @@ public abstract class Privilege<P extends Privilege<P>> {
protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns( protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns(
"internal:*", "internal:*",
"indices:monitor/*", // added for marvel "indices:monitor/*", // added for marvel
"cluster:monitor/*", // added for marvel "cluster:monitor/*" // added for marvel
// TODO: remove again after 1.4.3
"cluster:admin/snapshot/status[nodes]"
)); ));
private System() { private System() {

View File

@ -5,12 +5,10 @@
*/ */
package org.elasticsearch.shield.authz.indicesresolver; package org.elasticsearch.shield.authz.indicesresolver;
import org.elasticsearch.action.AliasesRequest;
import org.elasticsearch.action.CompositeIndicesRequest; import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest;
import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.metadata.AliasAction;
import org.elasticsearch.cluster.metadata.IndexMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.collect.ImmutableList; import org.elasticsearch.common.collect.ImmutableList;
@ -72,8 +70,8 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
List<String> indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices); List<String> indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices);
((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()])); ((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()]));
} else { } else {
assert indicesRequest instanceof IndicesAliasesRequest || !containsWildcards(indicesRequest) : assert !containsWildcards(indicesRequest) :
"IndicesAliasesRequest is the only external request known to support wildcards that doesn't support replacing its indices"; "There are no external requests known to support wildcards that don't support replacing their indices";
//NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices. //NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices.
//That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their //That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their
@ -81,68 +79,23 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
} }
} }
/* Set<String> indices = Sets.newHashSet(indicesRequest.indices());
* TODO remove special treatment for IndicesAliasesRequest and GetAliasesRequest once we upgrade to 1.5.0
* get https://github.com/elasticsearch/elasticsearch-shield/pull/669 in
*/
if (indicesRequest instanceof IndicesAliasesRequest) {
//special treatment for IndicesAliasesRequest since we need to extract indices from indices() as well as aliases()
//Also, we need to replace wildcards in both with authorized indices and/or aliases (IndicesAliasesRequest doesn't implement Replaceable)
return resolveIndicesAliasesRequest(user, action, (IndicesAliasesRequest) indicesRequest, metaData);
}
if (indicesRequest instanceof GetAliasesRequest) { if (indicesRequest instanceof AliasesRequest) {
//special treatment for GetAliasesRequest since we need to replace wildcards among the specified aliases. //special treatment for AliasesRequest since we need to replace wildcards among the specified aliases.
//GetAliasesRequest implements IndicesRequest.Replaceable, hence its indices have already been properly replaced. //AliasesRequest extends IndicesRequest.Replaceable, hence its indices have already been properly replaced.
return resolveGetAliasesRequest(user, action, (GetAliasesRequest) indicesRequest, metaData); AliasesRequest aliasesRequest = (AliasesRequest) indicesRequest;
} if (aliasesRequest.expandAliasesWildcards()) {
return Sets.newHashSet(indicesRequest.indices());
}
private Set<String> resolveGetAliasesRequest(User user, String action, GetAliasesRequest request, MetaData metaData) {
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action); ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
List<String> aliases = replaceWildcardsWithAuthorizedAliases(request.aliases(), loadAuthorizedAliases(authorizedIndices, metaData)); List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasesRequest.aliases(), loadAuthorizedAliases(authorizedIndices, metaData));
request.aliases(aliases.toArray(new String[aliases.size()])); aliasesRequest.aliases(aliases.toArray(new String[aliases.size()]));
Set<String> indices = Sets.newHashSet(request.indices()); }
indices.addAll(aliases); Collections.addAll(indices, aliasesRequest.aliases());
}
return indices; return indices;
} }
private Set<String> resolveIndicesAliasesRequest(User user, String action, IndicesAliasesRequest request, MetaData metaData) {
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
Set<String> finalIndices = Sets.newHashSet();
List<String> authorizedAliases = null;
for (IndicesAliasesRequest.AliasActions aliasActions : request.getAliasActions()) {
//replace indices with authorized ones if needed
if (request.indicesOptions().expandWildcardsOpen() || request.indicesOptions().expandWildcardsClosed()) {
//Note: the indices that the alias operation maps to might end up containing aliases, since authorized indices can also be aliases.
//This is fine as es core resolves them to concrete indices anyway before executing the actual operation.
//Also es core already allows to specify aliases among indices, they will just be resolved (alias to alias is not supported).
//e.g. index: foo* gets resolved in core to anything that matches the expression, aliases included, hence their corresponding indices.
List<String> indices = replaceWildcardsWithAuthorizedIndices(aliasActions.indices(), request.indicesOptions(), metaData, authorizedIndices);
aliasActions.indices(indices.toArray(new String[indices.size()]));
}
Collections.addAll(finalIndices, aliasActions.indices());
//replace aliases with authorized ones if needed
if (aliasActions.actionType() == AliasAction.Type.REMOVE) {
//lazily initialize a list of all the authorized aliases (filtering concrete indices out)
if (authorizedAliases == null) {
authorizedAliases = loadAuthorizedAliases(authorizedIndices, metaData);
}
assert aliasActions.aliases().length > 0 : "aliases must not be empty within each single alias remove action";
List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasActions.aliases(), authorizedAliases);
aliasActions.aliases(aliases.toArray(new String[aliases.size()]));
}
Collections.addAll(finalIndices, aliasActions.aliases());
}
return finalIndices;
}
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) { private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
List<String> authorizedAliases = Lists.newArrayList(); List<String> authorizedAliases = Lists.newArrayList();
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys(); ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();

View File

@ -10,9 +10,9 @@ import org.elasticsearch.common.collect.Maps;
import org.elasticsearch.common.inject.Inject; import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport; import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
import org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler;
import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.*; import org.elasticsearch.transport.*;
import org.elasticsearch.transport.netty.NettyTransportChannel;
import java.util.Map; import java.util.Map;
@ -150,8 +150,8 @@ public class ShieldServerTransportService extends TransportService {
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception { public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception {
try { try {
ShieldMessageChannelHandler.VisibleNettyTransportChannel nettyTransportChannel = (ShieldMessageChannelHandler.VisibleNettyTransportChannel) channel; NettyTransportChannel nettyTransportChannel = (NettyTransportChannel) channel;
String profile = nettyTransportChannel.getProfile(); String profile = nettyTransportChannel.getProfileName();
ServerTransportFilter filter = profileFilters.get(profile); ServerTransportFilter filter = profileFilters.get(profile);
if (filter == null) { if (filter == null) {
filter = profileFilters.get("default"); filter = profileFilters.get("default");

View File

@ -1,120 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.Version;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.netty.channel.*;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.ActionNotFoundTransportException;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportRequestHandler;
import org.elasticsearch.transport.netty.MessageChannelHandler;
import org.elasticsearch.transport.netty.NettyTransport;
import org.elasticsearch.transport.netty.NettyTransportChannel;
import java.io.IOException;
import java.net.InetSocketAddress;
public class ShieldMessageChannelHandler extends MessageChannelHandler {
private final String profileName;
public ShieldMessageChannelHandler(NettyTransport nettyTransport, String profileName, ESLogger logger) {
super(nettyTransport, logger);
this.profileName = profileName;
}
// TODO ADD PREPROCESSING
//TODO This is just here to create VisibleNettyTransportChannel() and should be removed after upgrading to es core 1.5
@Override
protected String handleRequest(Channel channel, StreamInput buffer, long requestId, Version version) throws IOException {
final String action = buffer.readString();
final VisibleNettyTransportChannel transportChannel = new VisibleNettyTransportChannel(profileName, transport, action, channel, requestId, version);
try {
final TransportRequestHandler handler = transportServiceAdapter.handler(action, version);
if (handler == null) {
throw new ActionNotFoundTransportException(action);
}
final TransportRequest request = handler.newInstance();
request.remoteAddress(new InetSocketTransportAddress((InetSocketAddress) channel.getRemoteAddress()));
request.readFrom(buffer);
if (handler.executor() == ThreadPool.Names.SAME) {
//noinspection unchecked
handler.messageReceived(request, transportChannel);
} else {
threadPool.executor(handler.executor()).execute(new RequestHandler(handler, request, transportChannel, action));
}
} catch (Throwable e) {
try {
transportChannel.sendResponse(e);
} catch (IOException e1) {
logger.warn("failed to send error message [{}] back to client for action [{}]", e1, e.getMessage(), action);
logger.warn("actual excpetion: ", e);
}
}
return action;
}
//TODO should be removed after upgrading es core dependency to 1.5
public static class VisibleNettyTransportChannel extends NettyTransportChannel {
private final String profile;
public VisibleNettyTransportChannel(String profile, NettyTransport transport, String action, Channel channel, long requestId, Version version) {
super(transport, action, channel, requestId, version);
this.profile = profile;
}
public String getProfile() {
return profile;
}
}
// TODO This is just here to make this class visible, remove after upgrading es core dependency to 1.5
class RequestHandler extends AbstractRunnable {
private final TransportRequestHandler handler;
private final TransportRequest request;
private final NettyTransportChannel transportChannel;
private final String action;
public RequestHandler(TransportRequestHandler handler, TransportRequest request, NettyTransportChannel transportChannel, String action) {
this.handler = handler;
this.request = request;
this.transportChannel = transportChannel;
this.action = action;
}
@SuppressWarnings({"unchecked"})
@Override
public void run() {
try {
handler.messageReceived(request, transportChannel);
} catch (Throwable e) {
if (transport.lifecycleState() == Lifecycle.State.STARTED) {
// we can only send a response transport is started....
try {
transportChannel.sendResponse(e);
} catch (Throwable e1) {
logger.warn("Failed to send error message back to client for action [" + action + "]", e1);
logger.warn("Actual Exception", e);
}
}
}
}
@Override
public boolean isForceExecution() {
return handler.isForceExecution();
}
}
}

View File

@ -16,7 +16,6 @@ import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays; import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.http.netty.NettyHttpServerTransport; import org.elasticsearch.http.netty.NettyHttpServerTransport;
import org.elasticsearch.http.netty.VisibleNettyHttpServerTransport;
import org.elasticsearch.shield.ssl.ServerSSLService; import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.shield.transport.filter.IPFilter; import org.elasticsearch.shield.transport.filter.IPFilter;
@ -25,7 +24,7 @@ import javax.net.ssl.SSLEngine;
/** /**
* *
*/ */
public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransport { public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
private final IPFilter ipFilter; private final IPFilter ipFilter;
private final ServerSSLService sslService; private final ServerSSLService sslService;
@ -62,7 +61,7 @@ public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransp
private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory { private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory {
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) { public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
super(transport); super(transport, detailedErrorsEnabled);
} }
@Override @Override

View File

@ -87,7 +87,6 @@ public class ShieldNettyTransport extends NettyTransport {
pipeline.addFirst("ssl", new SslHandler(serverEngine)); pipeline.addFirst("ssl", new SslHandler(serverEngine));
} }
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, name, logger));
if (authenticator != null) { if (authenticator != null) {
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name)); pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name));
} }
@ -107,7 +106,6 @@ public class ShieldNettyTransport extends NettyTransport {
if (ssl) { if (ssl) {
pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer()); pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer());
} }
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, "default", logger));
return pipeline; return pipeline;
} }

View File

@ -1,236 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.common.cli;
import com.google.common.collect.Sets;
import com.google.common.jimfs.Configuration;
import com.google.common.jimfs.Jimfs;
import org.elasticsearch.common.base.Charsets;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ElasticsearchTestCase;
import org.junit.Test;
import java.io.IOException;
import java.nio.file.FileSystem;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.*;
import java.util.Set;
import static org.hamcrest.Matchers.*;
/**
*
*/
public class CheckFileCommandTests extends ElasticsearchTestCase {
private CliToolTestCase.CaptureOutputTerminal captureOutputTerminal = new CliToolTestCase.CaptureOutputTerminal();
private Configuration jimFsConfiguration = Configuration.unix().toBuilder().setAttributeViews("basic", "owner", "posix", "unix").build();
private Configuration jimFsConfigurationWithoutPermissions = randomBoolean() ? Configuration.unix().toBuilder().setAttributeViews("basic").build() : Configuration.windows();
private enum Mode {
CHANGE, KEEP, DISABLED
}
@Test
public void testThatCommandLogsErrorMessageOnFail() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(containsString("Please ensure that the user account running Elasticsearch has read access to this file")));
}
@Test
public void testThatCommandLogsNothingWhenPermissionRemains() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingWhenDisabled() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFilesystemDoesNotSupportPermissions() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsOwnerChange() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Owner of file ["), containsString("] used to be ["), containsString("], but now is ["))));
}
@Test
public void testThatCommandLogsNothingIfOwnerRemainsSame() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfOwnerIsDisabled() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportOwners() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsIfGroupChanges() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Group of file ["), containsString("] used to be ["), containsString("], but now is ["))));
}
@Test
public void testThatCommandLogsNothingIfGroupRemainsSame() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfGroupIsDisabled() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportGroups() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
private void executeCommand(Configuration configuration, AbstractTestCheckFileCommand command) throws Exception {
try (FileSystem fs = Jimfs.newFileSystem(configuration)) {
command.execute(fs);
}
}
abstract class AbstractTestCheckFileCommand extends CheckFileCommand {
protected final Mode mode;
protected FileSystem fs;
protected Path[] paths;
public AbstractTestCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal);
this.mode = mode;
}
public CliTool.ExitStatus execute(FileSystem fs) throws Exception {
this.fs = fs;
this.paths = new Path[] { writePath(fs, "p1", "anything"), writePath(fs, "p2", "anything"), writePath(fs, "p3", "anything") };
return super.execute(ImmutableSettings.EMPTY, new Environment(ImmutableSettings.EMPTY));
}
private Path writePath(FileSystem fs, String name, String content) throws IOException {
Path path = fs.getPath(name);
Files.write(path, content.getBytes(Charsets.UTF_8));
return path;
}
@Override
protected Path[] pathsForPermissionsCheck(Settings settings, Environment env) {
return paths;
}
}
/**
* command that changes permissions from a file if enabled
*/
class PermissionCheckFileCommand extends AbstractTestCheckFileCommand {
public PermissionCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
Files.setPosixFilePermissions(randomPath, Sets.newHashSet(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.GROUP_EXECUTE));
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(randomPath);
Files.setPosixFilePermissions(randomPath, posixFilePermissions);
break;
}
return CliTool.ExitStatus.OK;
}
}
/**
* command that changes the owner of a file if enabled
*/
class OwnerCheckFileCommand extends AbstractTestCheckFileCommand {
public OwnerCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
UserPrincipal randomOwner = fs.getUserPrincipalLookupService().lookupPrincipalByName(randomAsciiOfLength(10));
Files.setOwner(randomPath, randomOwner);
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
UserPrincipal originalOwner = Files.getOwner(randomPath);
Files.setOwner(randomPath, originalOwner);
break;
}
return CliTool.ExitStatus.OK;
}
}
/**
* command that changes the group of a file if enabled
*/
class GroupCheckFileCommand extends AbstractTestCheckFileCommand {
public GroupCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
GroupPrincipal randomPrincipal = fs.getUserPrincipalLookupService().lookupPrincipalByGroupName(randomAsciiOfLength(10));
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(randomPrincipal);
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
GroupPrincipal groupPrincipal = Files.readAttributes(randomPath, PosixFileAttributes.class).group();
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(groupPrincipal);
break;
}
return CliTool.ExitStatus.OK;
}
}
}

View File

@ -65,9 +65,8 @@ public abstract class AbstractPrivilegeTests extends ShieldIntegrationTest {
protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException { protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
InetSocketTransportAddress transportAddress = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).host(transportAddress.address().getHostName()).port(transportAddress.address().getPort()); HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
requestBuilder.path(uri); requestBuilder.path(uri);
requestBuilder.method(method); requestBuilder.method(method);
for (Map.Entry<String, String> entry : params.entrySet()) { for (Map.Entry<String, String> entry : params.entrySet()) {

View File

@ -15,7 +15,6 @@ import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.support.SecuredStringTests; import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.client.ShieldClient; import org.elasticsearch.shield.client.ShieldClient;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource; import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.BeforeClass; import org.junit.BeforeClass;
@ -26,13 +25,11 @@ import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference; import java.util.concurrent.atomic.AtomicReference;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
/** /**
* *
*/ */
@ClusterScope(scope = SUITE)
public class ClearRealmsCacheTests extends ShieldIntegrationTest { public class ClearRealmsCacheTests extends ShieldIntegrationTest {
private static String[] usernames; private static String[] usernames;

View File

@ -18,7 +18,6 @@ import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test; import org.junit.Test;
import java.io.File; import java.io.File;
import java.util.Locale;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;

View File

@ -15,13 +15,9 @@ import org.junit.Before;
import org.junit.Test; import org.junit.Test;
import java.util.Locale; import java.util.Locale;
import java.util.Map;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
@ClusterScope(scope = SUITE)
public class IndexPrivilegeTests extends AbstractPrivilegeTests { public class IndexPrivilegeTests extends AbstractPrivilegeTests {
private String jsonDoc = "{ \"name\" : \"elasticsearch\"}"; private String jsonDoc = "{ \"name\" : \"elasticsearch\"}";

View File

@ -25,7 +25,6 @@ import org.elasticsearch.license.plugin.core.LicensesService;
import org.elasticsearch.plugins.AbstractPlugin; import org.elasticsearch.plugins.AbstractPlugin;
import org.elasticsearch.plugins.Plugin; import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.license.LicenseService; import org.elasticsearch.shield.license.LicenseService;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource; import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.Test; import org.junit.Test;
@ -35,14 +34,12 @@ import java.util.Collection;
import java.util.List; import java.util.List;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
/** /**
* *
*/ */
@ClusterScope(scope = SUITE)
public class LicensingTests extends ShieldIntegrationTest { public class LicensingTests extends ShieldIntegrationTest {
static final License DUMMY_LICENSE = License.builder() static final License DUMMY_LICENSE = License.builder()

View File

@ -20,13 +20,10 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.index.query.QueryBuilders.indicesQuery; import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery; import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest { public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -19,8 +19,6 @@ import org.junit.Test;
import java.util.List; import java.util.List;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.hasSize; import static org.hamcrest.Matchers.hasSize;
@ -31,7 +29,6 @@ import static org.hamcrest.Matchers.hasSize;
* actions that are normally categorized as index actions as cluster actions - for example, * actions that are normally categorized as index actions as cluster actions - for example,
* index template actions. * index template actions.
*/ */
@ClusterScope(scope = Scope.SUITE)
public class PermissionPrecedenceTests extends ShieldIntegrationTest { public class PermissionPrecedenceTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -20,13 +20,10 @@ import org.junit.Test;
import static org.elasticsearch.client.Requests.searchRequest; import static org.elasticsearch.client.Requests.searchRequest;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder; import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest { public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -42,13 +42,6 @@ import static org.hamcrest.Matchers.is;
public class SettingsFilterTests extends ShieldIntegrationTest { public class SettingsFilterTests extends ShieldIntegrationTest {
private CloseableHttpClient httpClient = HttpClients.createDefault(); private CloseableHttpClient httpClient = HttpClients.createDefault();
private InetSocketTransportAddress address;
private String clientPortSetting;
@Before
public void init() {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
}
@After @After
public void cleanup() throws IOException { public void cleanup() throws IOException {
@ -169,10 +162,8 @@ public class SettingsFilterTests extends ShieldIntegrationTest {
protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException { protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient) HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.host(address.address().getHostName()) .httpTransport(httpServerTransport)
.port(address.address().getPort())
.method(method) .method(method)
.path(uri); .path(uri);

View File

@ -23,13 +23,10 @@ import java.util.ArrayList;
import java.util.List; import java.util.List;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class ShieldClearScrollTests extends ShieldIntegrationTest { public class ShieldClearScrollTests extends ShieldIntegrationTest {
private List<String> scrollIds; private List<String> scrollIds;

View File

@ -10,16 +10,11 @@ import org.junit.Test;
import java.io.IOException; import java.io.IOException;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
/** /**
* This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig. * This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig.
* The super class will provide appropriate group mappings via configGroupMappings() * The super class will provide appropriate group mappings via configGroupMappings()
*/ */
@Network @Network
@ClusterScope(scope = SUITE)
public class GroupMappingTests extends AbstractAdLdapRealmTests { public class GroupMappingTests extends AbstractAdLdapRealmTests {
@Test @Test

View File

@ -10,14 +10,10 @@ import org.junit.Test;
import java.io.IOException; import java.io.IOException;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
/** /**
* This tests the mapping of multiple groups to a role * This tests the mapping of multiple groups to a role
*/ */
@Network @Network
@ClusterScope(scope = SUITE)
public class MultiGroupMappingTests extends AbstractAdLdapRealmTests { public class MultiGroupMappingTests extends AbstractAdLdapRealmTests {
@Override @Override

View File

@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.transport.ShieldServerTransportService; import org.elasticsearch.shield.transport.ShieldServerTransportService;
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport; import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource; import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder; import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
@ -34,13 +33,11 @@ import java.io.IOException;
import static org.elasticsearch.rest.RestStatus.OK; import static org.elasticsearch.rest.RestStatus.OK;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
/** /**
* *
*/ */
@ClusterScope(scope = SUITE)
public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest { public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest {
private static boolean enabled; private static boolean enabled;

View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield;
import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken; import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
@ -25,6 +27,14 @@ import static org.hamcrest.Matchers.*;
public class ShieldPluginTests extends ShieldIntegrationTest { public class ShieldPluginTests extends ShieldIntegrationTest {
@Override
public Settings nodeSettings(int nodeOrdinal) {
return ImmutableSettings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put("http.enabled", true) //This test requires HTTP
.build();
}
@Test @Test
public void testThatPluginIsLoaded() throws IOException { public void testThatPluginIsLoaded() throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class); HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);

View File

@ -27,53 +27,11 @@ public class VersionCompatibilityTests extends ElasticsearchTestCase {
@Test @Test
public void testCompatibility() { public void testCompatibility() {
/**
* see https://github.com/elasticsearch/elasticsearch/pull/8634 {@link org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration}
*/
assertThat("Remove ClusterDiscoveryConfiguration or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.support.TransportProfileUtil}
*/
assertThat("Remove TransportProfileUtil class or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler}
*/
assertThat("Cleanup ShieldMessageChannelHandler class and remove needless code, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9273 {@link org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper}
*/
assertThat("Remove CreateIndexRequestHelper class, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/** /**
* see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService} * see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService}
* Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok. * Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok.
* *
*/ */
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true)); assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_5_0), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9409/
* This should be fixed in es 1.4.3 and up, thus can be removed
* You can also remove the SnapshotTests class then, as this functionality is also covered in the ClusterPrivilegeTests
* And remove the code in Privilege.System
*/
assertThat("Remove workaround to allow TransportNodesSnapshotsStatus be executed by the system user", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch-shield/pull/669
* {@link org.elasticsearch.shield.authz.indicesresolver.DefaultIndicesResolver#resolveIndices(User, String, org.elasticsearch.action.IndicesRequest, org.elasticsearch.cluster.metadata.MetaData)}
* The special treatment for IndicesAliasesRequest and GetAliasesRequest can become one single case, and simplified,
* since es core 1.5.0 introduced the AliasesRequest interface.
*/
assertThat("Remove special treatment for IndicesAliasesRequest and GetAliasesRequest", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9508
* CheckFileCommand has been moved into ES-Core, please check the supported versions in the PR, if it can be removed completely
*/
assertThat("Remove built-in CheckFileCommand", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
} }
} }

View File

@ -32,7 +32,7 @@ import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString; import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.*; import static org.mockito.Mockito.*;
public class LdapRealmTest extends LdapTest { public class LdapRealmTests extends LdapTest {
public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas"; public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas";
public static final String VALID_USERNAME = "Thomas Masterman Hardy"; public static final String VALID_USERNAME = "Thomas Masterman Hardy";

View File

@ -11,11 +11,8 @@ import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.containsString;
@ClusterScope(scope = Scope.SUITE)
public class AnalyzeTests extends ShieldIntegrationTest { public class AnalyzeTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -17,14 +17,11 @@ import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked; import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.CoreMatchers.containsString; import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo; import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class IndexAliasesTests extends ShieldIntegrationTest { public class IndexAliasesTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -176,7 +176,7 @@ public class PrivilegeTests extends ElasticsearchTestCase {
Predicate<String> predicate = Privilege.SYSTEM.predicate(); Predicate<String> predicate = Privilege.SYSTEM.predicate();
assertThat(predicate.apply("indices:monitor/whatever"), is(true)); assertThat(predicate.apply("indices:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:monitor/whatever"), is(true)); assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(true)); assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false));
assertThat(predicate.apply("internal:whatever"), is(true)); assertThat(predicate.apply("internal:whatever"), is(true));
assertThat(predicate.apply("indices:whatever"), is(false)); assertThat(predicate.apply("indices:whatever"), is(false));
assertThat(predicate.apply("cluster:whatever"), is(false)); assertThat(predicate.apply("cluster:whatever"), is(false));

View File

@ -1,55 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.authz;
import com.carrotsearch.ant.tasks.junit4.dependencies.com.google.common.collect.ImmutableMap;
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotStatus;
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotsStatusResponse;
import org.elasticsearch.cluster.metadata.SnapshotMetaData;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.junit.Test;
import java.io.File;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
/**
* test to check if snapshotting and displaying of current snapshots work
* can be removed after 1.4.3 is released as this is included
*
*/
public class SnapshotTests extends ShieldIntegrationTest {
// TODO remove after upgrading to 1.4.3
@Test
public void testThatSnapshottingWorks() throws Exception {
File repositoryLocation = newTempDir();
assertAcked(client().admin().cluster().preparePutRepository("my-repo").setType("fs").setSettings(ImmutableMap.of("location", repositoryLocation.getAbsolutePath())));
client().prepareIndex("foo", "bar", "1").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "2").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "3").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "4").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "5").setSource("foo", "bar").get();
refresh();
// must be started async otherwise the code relevent path in TransportSnapshotsStatusAction about currently running snapshots is not executed
client().admin().cluster().prepareCreateSnapshot("my-repo", "my-snapshot").setIndices("foo").get();
SnapshotsStatusResponse snapshotsStatusResponse = client().admin().cluster().prepareSnapshotStatus("my-repo").setSnapshots("my-snapshot").get();
assertThat(snapshotsStatusResponse.getSnapshots(), hasSize(1));
SnapshotStatus snapshotStatus = snapshotsStatusResponse.getSnapshots().get(0);
assertThat(snapshotStatus.getState(), anyOf(is(SnapshotMetaData.State.STARTED), is(SnapshotMetaData.State.SUCCESS)));
assertAcked(client().admin().cluster().prepareDeleteSnapshot("my-repo", "my-snapshot").get());
assertAcked(client().admin().cluster().prepareDeleteRepository("my-repo"));
}
}

View File

@ -22,11 +22,8 @@ import org.junit.Test;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.*; import static org.hamcrest.CoreMatchers.*;
@ClusterScope(scope = Scope.SUITE)
@TestLogging("cluster.routing.allocation:TRACE") @TestLogging("cluster.routing.allocation:TRACE")
public class IndicesResolverIntegrationTests extends ShieldIntegrationTest { public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {

View File

@ -29,13 +29,10 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
import static org.elasticsearch.node.NodeBuilder.nodeBuilder; import static org.elasticsearch.node.NodeBuilder.nodeBuilder;
import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder; import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder;
import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile; import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.instanceOf; import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE) public class ServerTransportFilterIntegrationTests extends ShieldIntegrationTest {
public class ServerTransportFilterIntegrationTest extends ShieldIntegrationTest {
private static int randomClientPort; private static int randomClientPort;

View File

@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.node.internal.InternalNode; import org.elasticsearch.node.internal.InternalNode;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.transport.Transport;
import org.junit.BeforeClass; import org.junit.BeforeClass;
import org.junit.Test; import org.junit.Test;
@ -22,7 +23,6 @@ import java.io.OutputStream;
import java.net.InetSocketAddress; import java.net.InetSocketAddress;
import java.net.Socket; import java.net.Socket;
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope; import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.instanceOf; import static org.hamcrest.Matchers.instanceOf;
@ -71,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
@Test @Test
public void testThatIpFilteringIsAppliedForProfile() throws Exception { public void testThatIpFilteringIsAppliedForProfile() throws Exception {
try (Socket socket = new Socket()){ try (Socket socket = new Socket()){
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client", internalCluster()))); trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client")));
assertThat(socket.isClosed(), is(true)); assertThat(socket.isClosed(), is(true));
} }
} }
@ -86,4 +86,10 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
os.flush(); os.flush();
} }
} }
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}
} }

View File

@ -201,6 +201,13 @@ public class IPFilterNettyUpstreamHandlerTests extends ElasticsearchTestCase {
return null; return null;
} }
public boolean getUserDefinedWritability(int i) {
return false;
}
public void setUserDefinedWritability(int i, boolean b) {
}
public ChannelFuture unbind() { public ChannelFuture unbind() {
return null; return null;
} }

View File

@ -8,8 +8,6 @@ package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.client.Client; import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.junit.Test; import org.junit.Test;
@ -20,7 +18,6 @@ import java.nio.file.Paths;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = ElasticsearchIntegrationTest.Scope.SUITE)
public class IPHostnameVerificationTests extends ShieldIntegrationTest { public class IPHostnameVerificationTests extends ShieldIntegrationTest {
static Path keystore; static Path keystore;

View File

@ -12,8 +12,6 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress; import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import org.elasticsearch.test.ShieldIntegrationTest; import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.Transport;
import org.junit.Test; import org.junit.Test;
@ -27,7 +25,6 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
import static org.hamcrest.CoreMatchers.instanceOf; import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SslHostnameVerificationTests extends ShieldIntegrationTest { public class SslHostnameVerificationTests extends ShieldIntegrationTest {
static Path keystore; static Path keystore;

View File

@ -30,11 +30,8 @@ import java.net.URISyntaxException;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue; import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.containsString;
@ClusterScope(scope = Scope.SUITE)
public class SslClientAuthTests extends ShieldIntegrationTest { public class SslClientAuthTests extends ShieldIntegrationTest {
@Override @Override

View File

@ -34,11 +34,8 @@ import java.security.cert.X509Certificate;
import java.util.Locale; import java.util.Locale;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.*; import static org.hamcrest.Matchers.*;
@ClusterScope(scope = Scope.SUITE)
public class SslIntegrationTests extends ShieldIntegrationTest { public class SslIntegrationTests extends ShieldIntegrationTest {
private TrustManager[] trustAllCerts = new TrustManager[] { private TrustManager[] trustAllCerts = new TrustManager[] {

View File

@ -22,14 +22,10 @@ import java.nio.file.Path;
import java.nio.file.Paths; import java.nio.file.Paths;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder; import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME; import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD; import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
import static org.hamcrest.CoreMatchers.is; import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SslMultiPortTests extends ShieldIntegrationTest { public class SslMultiPortTests extends ShieldIntegrationTest {
private static int randomClientPort; private static int randomClientPort;
@ -115,7 +111,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test @Test
public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception { public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception {
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -130,7 +126,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test(expected = NoNodeAvailableException.class) @Test(expected = NoNodeAvailableException.class)
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception { public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
transportClient.admin().cluster().prepareHealth().get(); transportClient.admin().cluster().prepareHealth().get();
} }
} }
@ -143,7 +139,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test(expected = NoNodeAvailableException.class) @Test(expected = NoNodeAvailableException.class)
public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception { public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception {
try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) { try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -157,7 +153,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception { public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) { try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -172,7 +168,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception { public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) { try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -202,7 +198,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception { public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile"); Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) { try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
transportClient.admin().cluster().prepareHealth().get(); transportClient.admin().cluster().prepareHealth().get();
} }
} }
@ -217,7 +213,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName()) .put("cluster.name", internalCluster().getClusterName())
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -233,7 +229,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName()) .put("cluster.name", internalCluster().getClusterName())
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -249,7 +245,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName()) .put("cluster.name", internalCluster().getClusterName())
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -265,7 +261,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName()) .put("cluster.name", internalCluster().getClusterName())
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -285,7 +281,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only") .put("shield.ssl.truststore.password", "truststore-testnode-only")
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -306,7 +302,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only") .put("shield.ssl.truststore.password", "truststore-testnode-only")
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -327,7 +323,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only") .put("shield.ssl.truststore.password", "truststore-testnode-only")
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -347,7 +343,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only") .put("shield.ssl.truststore.password", "truststore-testnode-only")
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -365,7 +361,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true) .put("shield.transport.ssl", true)
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster()))); transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -383,7 +379,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true) .put("shield.transport.ssl", true)
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -401,7 +397,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true) .put("shield.transport.ssl", true)
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
@ -419,8 +415,14 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true) .put("shield.transport.ssl", true)
.build(); .build();
try (TransportClient transportClient = new TransportClient(settings, false)) { try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster()))); transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient); assertGreenClusterState(transportClient);
} }
} }
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}
} }

View File

@ -1,40 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.transport.support;
import org.elasticsearch.common.netty.channel.Channel;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.netty.NettyTransport;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.util.Map;
/**
* Utility class used to deal with profile support in Transport. This class should be removed once
* core has been fixed and Shield has been updated to depend on a version of core that is fixed.
*
* See <a href="https://github.com/elasticsearch/elasticsearch/pull/9134">https://github.com/elasticsearch/elasticsearch/pull/9134</a>
*/
//TODO remove the reflection shenanigans (actually this class as a whole) once es core dependency is upgraded for 1.5
public class TransportProfileUtil {
private TransportProfileUtil() {}
/*
* Gets the actual port that the profile is listening on. If a range was provided in the settings, then the first
* port may not be the port that was actually bound.
*/
public static int getProfilePort(String profile, InternalTestCluster internalTestCluster) throws Exception {
NettyTransport transport = (NettyTransport) internalTestCluster.getInstance(Transport.class);
Field channels = NettyTransport.class.getDeclaredField("serverChannels");
channels.setAccessible(true);
Map<String, Channel> serverChannels = (Map<String, Channel>) channels.get(transport);
Channel clientProfileChannel = serverChannels.get(profile);
return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort();
}
}

View File

@ -17,7 +17,6 @@ import org.elasticsearch.common.base.Function;
import org.elasticsearch.common.collect.Collections2; import org.elasticsearch.common.collect.Collections2;
import org.elasticsearch.common.settings.ImmutableSettings; import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.plugins.Plugin; import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.ShieldPlugin; import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.SecuredString; import org.elasticsearch.shield.authc.support.SecuredString;
@ -36,7 +35,7 @@ import static org.hamcrest.Matchers.hasSize;
/** /**
* Base class to run tests against a cluster with shield installed. * Base class to run tests against a cluster with shield installed.
* The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#GLOBAL}, * The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#SUITE},
* meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed. * meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed.
* @see org.elasticsearch.test.ShieldSettingsSource * @see org.elasticsearch.test.ShieldSettingsSource
*/ */
@ -51,7 +50,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
//and configure them all in unicast.hosts //and configure them all in unicast.hosts
private static int maxNumberOfNodes() { private static int maxNumberOfNodes() {
ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class); ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class);
if (clusterScope == null || clusterScope.scope() == Scope.GLOBAL) { if (clusterScope == null) {
return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES; return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES;
} else { } else {
if (clusterScope.numClientNodes() < 0) { if (clusterScope.numClientNodes() < 0) {
@ -79,7 +78,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
private static Scope getCurrentClusterScope(Class<?> clazz) { private static Scope getCurrentClusterScope(Class<?> clazz) {
ClusterScope annotation = getAnnotation(clazz); ClusterScope annotation = getAnnotation(clazz);
return annotation == null ? Scope.GLOBAL : annotation.scope(); return annotation == null ? Scope.SUITE : annotation.scope();
} }
/** /**
@ -93,7 +92,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
@BeforeClass @BeforeClass
public static void initDefaultSettings() { public static void initDefaultSettings() {
if (SHIELD_DEFAULT_SETTINGS == null) { if (SHIELD_DEFAULT_SETTINGS == null) {
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.GLOBAL); SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.SUITE);
} }
} }
@ -104,11 +103,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
protected void before() throws Throwable { protected void before() throws Throwable {
Scope currentClusterScope = getCurrentClusterScope(); Scope currentClusterScope = getCurrentClusterScope();
switch(currentClusterScope) { switch(currentClusterScope) {
case GLOBAL:
if (InternalTestCluster.DEFAULT_SETTINGS_SOURCE == SettingsSource.EMPTY) {
InternalTestCluster.DEFAULT_SETTINGS_SOURCE = SHIELD_DEFAULT_SETTINGS;
}
break;
case SUITE: case SUITE:
if (customShieldSettingsSource == null) { if (customShieldSettingsSource == null) {
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope); customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope);

View File

@ -95,7 +95,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
* @param scope the scope of the test that is requiring an instance of ShieldSettingsSource * @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
*/ */
public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) { public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, DEFAULT_SETTINGS, scope); super(numOfNodes, DEFAULT_SETTINGS);
this.systemKey = systemKey; this.systemKey = systemKey;
this.parentFolder = parentFolder; this.parentFolder = parentFolder;
this.subfolderPrefix = scope.name(); this.subfolderPrefix = scope.name();

View File

@ -1,178 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.test.discovery;
import com.carrotsearch.randomizedtesting.RandomizedTest;
import com.google.common.primitives.Ints;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.Version;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.SettingsSource;
import org.elasticsearch.transport.local.LocalTransport;
import java.io.IOException;
import java.net.ServerSocket;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
//TODO Remove this class once we move to es core 1.5.0
public class ClusterDiscoveryConfiguration extends SettingsSource {
static Settings DEFAULT_NODE_SETTINGS = ImmutableSettings.settingsBuilder()
.put("gateway.type", "local")
.put("discovery.type", "zen").build();
final int numOfNodes;
final Settings nodeSettings;
final Settings transportClientSettings;
public ClusterDiscoveryConfiguration(int numOfNodes) {
this(numOfNodes, ImmutableSettings.EMPTY);
}
public ClusterDiscoveryConfiguration(int numOfNodes, Settings extraSettings) {
this.numOfNodes = numOfNodes;
this.nodeSettings = ImmutableSettings.builder().put(DEFAULT_NODE_SETTINGS).put(extraSettings).build();
this.transportClientSettings = ImmutableSettings.builder().put(extraSettings).build();
}
@Override
public Settings node(int nodeOrdinal) {
return nodeSettings;
}
@Override
public Settings transportClient() {
return transportClientSettings;
}
public static class UnicastZen extends ClusterDiscoveryConfiguration {
private static final AtomicInteger portCounter = new AtomicInteger();
private final int[] unicastHostOrdinals;
private final int[] unicastHostPorts;
private final boolean localMode;
public UnicastZen(int numOfNodes, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfNodes, scope);
}
public UnicastZen(int numOfNodes, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfNodes, extraSettings, scope);
}
public UnicastZen(int numOfNodes, int numOfUnicastHosts, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfUnicastHosts, ImmutableSettings.EMPTY, scope);
}
public UnicastZen(int numOfNodes, int numOfUnicastHosts, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, extraSettings);
if (numOfUnicastHosts == numOfNodes) {
unicastHostOrdinals = new int[numOfNodes];
for (int i = 0; i < numOfNodes; i++) {
unicastHostOrdinals[i] = i;
}
} else {
Set<Integer> ordinals = new HashSet<>(numOfUnicastHosts);
while (ordinals.size() != numOfUnicastHosts) {
ordinals.add(RandomizedTest.randomInt(numOfNodes - 1));
}
unicastHostOrdinals = Ints.toArray(ordinals);
}
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
assert unicastHostOrdinals.length <= unicastHostPorts.length;
}
public UnicastZen(int numOfNodes, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, ImmutableSettings.EMPTY, unicastHostOrdinals, scope);
}
public UnicastZen(int numOfNodes, Settings extraSettings, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, extraSettings);
this.unicastHostOrdinals = unicastHostOrdinals;
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
assert unicastHostOrdinals.length <= unicastHostPorts.length;
}
private static int calcBasePort(ElasticsearchIntegrationTest.Scope scope) {
// note that this has properly co-exist with the port logic at InternalTestCluster's constructor
return 30000 +
1000 * (ElasticsearchIntegrationTest.CHILD_JVM_ID) + // up to 30 jvms
//up to 100 nodes per cluster
100 * scopeId(scope);
}
private static int scopeId(ElasticsearchIntegrationTest.Scope scope) {
switch(scope) {
case GLOBAL:
//we reserve a special base port for global clusters, as they stick around
//the assumption is that no counter is needed as there's only one global cluster per jvm
return 0;
default:
//ports can be reused as suite or test clusters are never run concurrently
//we don't reuse the same port immediately though but leave some time to make sure ports are freed
//reserve 0 to global cluster, prevent conflicts between jvms by never going above 9
return 1 + portCounter.incrementAndGet() % 9;
}
}
@Override
public Settings node(int nodeOrdinal) {
ImmutableSettings.Builder builder = ImmutableSettings.builder()
.put("discovery.zen.ping.multicast.enabled", false);
String[] unicastHosts = new String[unicastHostOrdinals.length];
if (localMode) {
builder.put(LocalTransport.TRANSPORT_LOCAL_ADDRESS, "node_" + nodeOrdinal);
for (int i = 0; i < unicastHosts.length; i++) {
unicastHosts[i] = "node_" + unicastHostOrdinals[i];
}
} else {
// we need to pin the node port & host so we'd know where to point things
builder.put("transport.tcp.port", unicastHostPorts[nodeOrdinal]);
builder.put("transport.host", "localhost");
for (int i = 0; i < unicastHostOrdinals.length; i++) {
unicastHosts[i] = "localhost:" + (unicastHostPorts[unicastHostOrdinals[i]]);
}
}
builder.putArray("discovery.zen.ping.unicast.hosts", unicastHosts);
return builder.put(super.node(nodeOrdinal)).build();
}
protected static int[] unicastHostPorts(int basePort, int numHosts) {
int[] unicastHostPorts = new int[numHosts];
final int maxPort = basePort + 99;
int currentPort = basePort;
for (int i = 0; i < unicastHostPorts.length; i++) {
boolean foundPortInRange = false;
while (currentPort <= maxPort && !foundPortInRange) {
try (ServerSocket socket = new ServerSocket(currentPort)) {
// bind was a success
foundPortInRange = true;
unicastHostPorts[i] = currentPort;
} catch (IOException e) {
// Do nothing
}
currentPort++;
}
if (!foundPortInRange) {
throw new ElasticsearchException("could not find enough open ports in range [" + basePort + "-" + maxPort + "]");
}
}
return unicastHostPorts;
}
}
}