honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Upgrade elasticsearch dependency to 1.5.0-SNAPSHOT 

This upgrades the elasticsearch dependency to 1.5.0-SNAPSHOT and removes
classes/functionality that were incorporated back into elasticsearch.

Closes elastic/elasticsearch#669

Original commit: elastic/x-pack-elasticsearch@65b76c41fb
This commit is contained in:
jaymode 2015-03-02 10:46:28 -05:00
parent 43a5fe07f4
commit f2b493fa96
45 changed files with 87 additions and 1023 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
pom.xml
View File

@ -46,9 +46,9 @@
</repositories>
<properties>
<lucene.version>4.10.2</lucene.version>
<lucene.maven.version>4.10.2</lucene.maven.version>
<elasticsearch.version>1.4.2</elasticsearch.version>
<lucene.version>4.10.4</lucene.version>
<lucene.maven.version>4.10.4</lucene.maven.version>
<elasticsearch.version>1.5.0-SNAPSHOT</elasticsearch.version>
<license.plugin.version>1.0.0</license.plugin.version>
<tests.jvms>auto</tests.jvms>
@ -158,12 +158,6 @@
<version>2.3.2</version>
<scope>test</scope>
</dependency>
<dependency>
<groupId>com.google.jimfs</groupId>
<artifactId>jimfs</artifactId>
<version>1.0</version>
<scope>test</scope>
</dependency>
<!-- real dependencies -->
<dependency>

24
src/main/java/org/elasticsearch/action/admin/indices/create/CreateIndexRequestHelper.java
View File

@ -1,24 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.action.admin.indices.create;
import org.elasticsearch.action.admin.indices.alias.Alias;
import java.util.Set;
/*
* Helper needed to retrieve aliases from a CreateIndexRequest, as the corresponding getter has package private visibility
* TODO Remove this class as soon as es core 1.5.0 is out
*/
public final class CreateIndexRequestHelper {
private CreateIndexRequestHelper() {
}
public static Set<Alias> aliases(CreateIndexRequest createIndexRequest) {
return createIndexRequest.aliases();
}
}

101
src/main/java/org/elasticsearch/common/cli/CheckFileCommand.java
View File

@ -1,101 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.common.cli;
import org.elasticsearch.common.collect.Maps;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import java.io.IOException;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.PosixFileAttributeView;
import java.nio.file.attribute.PosixFileAttributes;
import java.nio.file.attribute.PosixFilePermission;
import java.nio.file.attribute.PosixFilePermissions;
import java.util.Map;
import java.util.Set;
import static org.elasticsearch.common.cli.Terminal.Verbosity.SILENT;
/**
* helper command to check if file permissions or owner got changed by the command being executed
*/
public abstract class CheckFileCommand extends CliTool.Command {
public CheckFileCommand(Terminal terminal) {
super(terminal);
}
/**
* abstract method, which should implement the same logic as CliTool.Command.execute(), but is wrapped
*/
public abstract CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception;
/**
* Returns the array of paths, that should be checked if the permissions, user or groups have changed
* before and after execution of the command
*
*/
protected abstract Path[] pathsForPermissionsCheck(Settings settings, Environment env) throws Exception;
@Override
public CliTool.ExitStatus execute(Settings settings, Environment env) throws Exception {
Path[] paths = pathsForPermissionsCheck(settings, env);
Map<Path, Set<PosixFilePermission>> permissions = Maps.newHashMapWithExpectedSize(paths.length);
Map<Path, String> owners = Maps.newHashMapWithExpectedSize(paths.length);
Map<Path, String> groups = Maps.newHashMapWithExpectedSize(paths.length);
if (paths != null && paths.length > 0) {
for (Path path : paths) {
try {
boolean supportsPosixPermissions = Files.getFileStore(path).supportsFileAttributeView(PosixFileAttributeView.class);
if (supportsPosixPermissions) {
permissions.put(path, Files.getPosixFilePermissions(path));
owners.put(path, Files.getOwner(path).getName());
groups.put(path, Files.readAttributes(path, PosixFileAttributes.class).group().getName());
}
} catch (IOException e) {
// silently swallow if not supported, no need to log things
}
}
}
CliTool.ExitStatus status = doExecute(settings, env);
// check if permissions differ
for (Map.Entry<Path, Set<PosixFilePermission>> entry : permissions.entrySet()) {
Set<PosixFilePermission> permissionsBeforeWrite = entry.getValue();
Set<PosixFilePermission> permissionsAfterWrite = Files.getPosixFilePermissions(entry.getKey());
if (!permissionsBeforeWrite.equals(permissionsAfterWrite)) {
terminal.println(SILENT, "WARN: The file permissions of [%s] have changed from [%s] to [%s]",
entry.getKey(), PosixFilePermissions.toString(permissionsBeforeWrite), PosixFilePermissions.toString(permissionsAfterWrite));
terminal.println(SILENT, "Please ensure that the user account running Elasticsearch has read access to this file!");
}
}
// check if owner differs
for (Map.Entry<Path, String> entry : owners.entrySet()) {
String ownerBeforeWrite = entry.getValue();
String ownerAfterWrite = Files.getOwner(entry.getKey()).getName();
if (!ownerAfterWrite.equals(ownerBeforeWrite)) {
terminal.println(SILENT, "WARN: Owner of file [%s] used to be [%s], but now is [%s]", entry.getKey(), ownerBeforeWrite, ownerAfterWrite);
}
}
// check if group differs
for (Map.Entry<Path, String> entry : groups.entrySet()) {
String groupBeforeWrite = entry.getValue();
String groupAfterWrite = Files.readAttributes(entry.getKey(), PosixFileAttributes.class).group().getName();
if (!groupAfterWrite.equals(groupBeforeWrite)) {
terminal.println(SILENT, "WARN: Group of file [%s] used to be [%s], but now is [%s]", entry.getKey(), groupBeforeWrite, groupAfterWrite);
}
}
return status;
}
}

31
src/main/java/org/elasticsearch/http/netty/VisibleNettyHttpServerTransport.java
View File

@ -1,31 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.http.netty;
import org.elasticsearch.common.netty.channel.ChannelHandlerContext;
import org.elasticsearch.common.netty.channel.ExceptionEvent;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
/**
* Makes the exceptionCaught method of {@link org.elasticsearch.http.netty.NettyHttpServerTransport} visible
* to overriding classes.
*
* TODO: Fix core to make methods protected instead of package private and remove this class
*/
public class VisibleNettyHttpServerTransport extends NettyHttpServerTransport {
public VisibleNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays) {
super(settings, networkService, bigArrays);
}
@Override
protected void exceptionCaught(ChannelHandlerContext ctx, ExceptionEvent e) throws Exception {
super.exceptionCaught(ctx, e);
}
}

3
src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java
View File

@ -9,7 +9,6 @@ import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.indices.alias.Alias;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequest;
import org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper;
import org.elasticsearch.action.search.ClearScrollAction;
import org.elasticsearch.action.search.SearchScrollAction;
import org.elasticsearch.cluster.ClusterService;
@ -152,7 +151,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
//if we are creating an index we need to authorize potential aliases created at the same time
if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) {
assert request instanceof CreateIndexRequest;
Set<Alias> aliases = CreateIndexRequestHelper.aliases((CreateIndexRequest) request);
Set<Alias> aliases = ((CreateIndexRequest) request).aliases();
if (!aliases.isEmpty()) {
Set<String> aliasesAndIndices = Sets.newHashSet(indexNames);
for (Alias alias : aliases) {

4
src/main/java/org/elasticsearch/shield/authz/Privilege.java
View File

@ -90,9 +90,7 @@ public abstract class Privilege<P extends Privilege<P>> {
protected static final Predicate<String> PREDICATE = new AutomatonPredicate(patterns(
"internal:*",
"indices:monitor/*", // added for marvel
"cluster:monitor/*", // added for marvel
// TODO: remove again after 1.4.3
"cluster:admin/snapshot/status[nodes]"
"cluster:monitor/*" // added for marvel
));
private System() {

77
src/main/java/org/elasticsearch/shield/authz/indicesresolver/DefaultIndicesResolver.java
View File

@ -5,12 +5,10 @@
*/
package org.elasticsearch.shield.authz.indicesresolver;
import org.elasticsearch.action.AliasesRequest;
import org.elasticsearch.action.CompositeIndicesRequest;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
import org.elasticsearch.action.admin.indices.alias.get.GetAliasesRequest;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.metadata.AliasAction;
import org.elasticsearch.cluster.metadata.IndexMetaData;
import org.elasticsearch.cluster.metadata.MetaData;
import org.elasticsearch.common.collect.ImmutableList;
@ -72,8 +70,8 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
List<String> indices = replaceWildcardsWithAuthorizedIndices(indicesRequest.indices(), indicesRequest.indicesOptions(), metaData, authorizedIndices);
((IndicesRequest.Replaceable) indicesRequest).indices(indices.toArray(new String[indices.size()]));
} else {
assert indicesRequest instanceof IndicesAliasesRequest || !containsWildcards(indicesRequest) :
"IndicesAliasesRequest is the only external request known to support wildcards that doesn't support replacing its indices";
assert !containsWildcards(indicesRequest) :
"There are no external requests known to support wildcards that don't support replacing their indices";
//NOTE: shard level requests do support wildcards (as they hold the original indices options) but don't support replacing their indices.
//That is fine though because they never contain wildcards, as they get replaced as part of the authorization of their
@ -81,68 +79,23 @@ public class DefaultIndicesResolver implements IndicesResolver<TransportRequest>
}
}
/*
* TODO remove special treatment for IndicesAliasesRequest and GetAliasesRequest once we upgrade to 1.5.0
* get https://github.com/elasticsearch/elasticsearch-shield/pull/669 in
*/
if (indicesRequest instanceof IndicesAliasesRequest) {
//special treatment for IndicesAliasesRequest since we need to extract indices from indices() as well as aliases()
//Also, we need to replace wildcards in both with authorized indices and/or aliases (IndicesAliasesRequest doesn't implement Replaceable)
return resolveIndicesAliasesRequest(user, action, (IndicesAliasesRequest) indicesRequest, metaData);
}
Set<String> indices = Sets.newHashSet(indicesRequest.indices());
if (indicesRequest instanceof GetAliasesRequest) {
//special treatment for GetAliasesRequest since we need to replace wildcards among the specified aliases.
//GetAliasesRequest implements IndicesRequest.Replaceable, hence its indices have already been properly replaced.
return resolveGetAliasesRequest(user, action, (GetAliasesRequest) indicesRequest, metaData);
}
return Sets.newHashSet(indicesRequest.indices());
}
private Set<String> resolveGetAliasesRequest(User user, String action, GetAliasesRequest request, MetaData metaData) {
if (indicesRequest instanceof AliasesRequest) {
//special treatment for AliasesRequest since we need to replace wildcards among the specified aliases.
//AliasesRequest extends IndicesRequest.Replaceable, hence its indices have already been properly replaced.
AliasesRequest aliasesRequest = (AliasesRequest) indicesRequest;
if (aliasesRequest.expandAliasesWildcards()) {
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
List<String> aliases = replaceWildcardsWithAuthorizedAliases(request.aliases(), loadAuthorizedAliases(authorizedIndices, metaData));
request.aliases(aliases.toArray(new String[aliases.size()]));
Set<String> indices = Sets.newHashSet(request.indices());
indices.addAll(aliases);
List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasesRequest.aliases(), loadAuthorizedAliases(authorizedIndices, metaData));
aliasesRequest.aliases(aliases.toArray(new String[aliases.size()]));
}
Collections.addAll(indices, aliasesRequest.aliases());
}
return indices;
}
private Set<String> resolveIndicesAliasesRequest(User user, String action, IndicesAliasesRequest request, MetaData metaData) {
ImmutableList<String> authorizedIndices = authzService.authorizedIndicesAndAliases(user, action);
Set<String> finalIndices = Sets.newHashSet();
List<String> authorizedAliases = null;
for (IndicesAliasesRequest.AliasActions aliasActions : request.getAliasActions()) {
//replace indices with authorized ones if needed
if (request.indicesOptions().expandWildcardsOpen() || request.indicesOptions().expandWildcardsClosed()) {
//Note: the indices that the alias operation maps to might end up containing aliases, since authorized indices can also be aliases.
//This is fine as es core resolves them to concrete indices anyway before executing the actual operation.
//Also es core already allows to specify aliases among indices, they will just be resolved (alias to alias is not supported).
//e.g. index: foo* gets resolved in core to anything that matches the expression, aliases included, hence their corresponding indices.
List<String> indices = replaceWildcardsWithAuthorizedIndices(aliasActions.indices(), request.indicesOptions(), metaData, authorizedIndices);
aliasActions.indices(indices.toArray(new String[indices.size()]));
}
Collections.addAll(finalIndices, aliasActions.indices());
//replace aliases with authorized ones if needed
if (aliasActions.actionType() == AliasAction.Type.REMOVE) {
//lazily initialize a list of all the authorized aliases (filtering concrete indices out)
if (authorizedAliases == null) {
authorizedAliases = loadAuthorizedAliases(authorizedIndices, metaData);
}
assert aliasActions.aliases().length > 0 : "aliases must not be empty within each single alias remove action";
List<String> aliases = replaceWildcardsWithAuthorizedAliases(aliasActions.aliases(), authorizedAliases);
aliasActions.aliases(aliases.toArray(new String[aliases.size()]));
}
Collections.addAll(finalIndices, aliasActions.aliases());
}
return finalIndices;
}
private List<String> loadAuthorizedAliases(List<String> authorizedIndices, MetaData metaData) {
List<String> authorizedAliases = Lists.newArrayList();
ObjectLookupContainer<String> existingAliases = metaData.aliases().keys();

6
src/main/java/org/elasticsearch/shield/transport/ShieldServerTransportService.java
View File

@ -10,9 +10,9 @@ import org.elasticsearch.common.collect.Maps;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
import org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.*;
import org.elasticsearch.transport.netty.NettyTransportChannel;
import java.util.Map;
@ -150,8 +150,8 @@ public class ShieldServerTransportService extends TransportService {
@SuppressWarnings("unchecked")
public void messageReceived(TransportRequest request, TransportChannel channel) throws Exception {
try {
ShieldMessageChannelHandler.VisibleNettyTransportChannel nettyTransportChannel = (ShieldMessageChannelHandler.VisibleNettyTransportChannel) channel;
String profile = nettyTransportChannel.getProfile();
NettyTransportChannel nettyTransportChannel = (NettyTransportChannel) channel;
String profile = nettyTransportChannel.getProfileName();
ServerTransportFilter filter = profileFilters.get(profile);
if (filter == null) {
filter = profileFilters.get("default");

120
src/main/java/org/elasticsearch/shield/transport/netty/ShieldMessageChannelHandler.java
View File

@ -1,120 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.Version;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.io.stream.StreamInput;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.netty.channel.*;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.util.concurrent.AbstractRunnable;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.ActionNotFoundTransportException;
import org.elasticsearch.transport.TransportRequest;
import org.elasticsearch.transport.TransportRequestHandler;
import org.elasticsearch.transport.netty.MessageChannelHandler;
import org.elasticsearch.transport.netty.NettyTransport;
import org.elasticsearch.transport.netty.NettyTransportChannel;
import java.io.IOException;
import java.net.InetSocketAddress;
public class ShieldMessageChannelHandler extends MessageChannelHandler {
private final String profileName;
public ShieldMessageChannelHandler(NettyTransport nettyTransport, String profileName, ESLogger logger) {
super(nettyTransport, logger);
this.profileName = profileName;
}
// TODO ADD PREPROCESSING
//TODO This is just here to create VisibleNettyTransportChannel() and should be removed after upgrading to es core 1.5
@Override
protected String handleRequest(Channel channel, StreamInput buffer, long requestId, Version version) throws IOException {
final String action = buffer.readString();
final VisibleNettyTransportChannel transportChannel = new VisibleNettyTransportChannel(profileName, transport, action, channel, requestId, version);
try {
final TransportRequestHandler handler = transportServiceAdapter.handler(action, version);
if (handler == null) {
throw new ActionNotFoundTransportException(action);
}
final TransportRequest request = handler.newInstance();
request.remoteAddress(new InetSocketTransportAddress((InetSocketAddress) channel.getRemoteAddress()));
request.readFrom(buffer);
if (handler.executor() == ThreadPool.Names.SAME) {
//noinspection unchecked
handler.messageReceived(request, transportChannel);
} else {
threadPool.executor(handler.executor()).execute(new RequestHandler(handler, request, transportChannel, action));
}
} catch (Throwable e) {
try {
transportChannel.sendResponse(e);
} catch (IOException e1) {
logger.warn("failed to send error message [{}] back to client for action [{}]", e1, e.getMessage(), action);
logger.warn("actual excpetion: ", e);
}
}
return action;
}
//TODO should be removed after upgrading es core dependency to 1.5
public static class VisibleNettyTransportChannel extends NettyTransportChannel {
private final String profile;
public VisibleNettyTransportChannel(String profile, NettyTransport transport, String action, Channel channel, long requestId, Version version) {
super(transport, action, channel, requestId, version);
this.profile = profile;
}
public String getProfile() {
return profile;
}
}
// TODO This is just here to make this class visible, remove after upgrading es core dependency to 1.5
class RequestHandler extends AbstractRunnable {
private final TransportRequestHandler handler;
private final TransportRequest request;
private final NettyTransportChannel transportChannel;
private final String action;
public RequestHandler(TransportRequestHandler handler, TransportRequest request, NettyTransportChannel transportChannel, String action) {
this.handler = handler;
this.request = request;
this.transportChannel = transportChannel;
this.action = action;
}
@SuppressWarnings({"unchecked"})
@Override
public void run() {
try {
handler.messageReceived(request, transportChannel);
} catch (Throwable e) {
if (transport.lifecycleState() == Lifecycle.State.STARTED) {
// we can only send a response transport is started....
try {
transportChannel.sendResponse(e);
} catch (Throwable e1) {
logger.warn("Failed to send error message back to client for action [" + action + "]", e1);
logger.warn("Actual Exception", e);
}
}
}
}
@Override
public boolean isForceExecution() {
return handler.isForceExecution();
}
}
}

5
src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyHttpServerTransport.java
View File

@ -16,7 +16,6 @@ import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.http.netty.NettyHttpServerTransport;
import org.elasticsearch.http.netty.VisibleNettyHttpServerTransport;
import org.elasticsearch.shield.ssl.ServerSSLService;
import org.elasticsearch.shield.transport.filter.IPFilter;
@ -25,7 +24,7 @@ import javax.net.ssl.SSLEngine;
/**
*
*/
public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransport {
public class ShieldNettyHttpServerTransport extends NettyHttpServerTransport {
private final IPFilter ipFilter;
private final ServerSSLService sslService;
@ -62,7 +61,7 @@ public class ShieldNettyHttpServerTransport extends VisibleNettyHttpServerTransp
private class HttpSslChannelPipelineFactory extends HttpChannelPipelineFactory {
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
super(transport);
super(transport, detailedErrorsEnabled);
}
@Override

2
src/main/java/org/elasticsearch/shield/transport/netty/ShieldNettyTransport.java
View File

@ -87,7 +87,6 @@ public class ShieldNettyTransport extends NettyTransport {
pipeline.addFirst("ssl", new SslHandler(serverEngine));
}
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, name, logger));
if (authenticator != null) {
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name));
}
@ -107,7 +106,6 @@ public class ShieldNettyTransport extends NettyTransport {
if (ssl) {
pipeline.addFirst("sslInitializer", new ClientSslHandlerInitializer());
}
pipeline.replace("dispatcher", "dispatcher", new ShieldMessageChannelHandler(nettyTransport, "default", logger));
return pipeline;
}

236
src/test/java/org/elasticsearch/common/cli/CheckFileCommandTests.java
View File

@ -1,236 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.common.cli;
import com.google.common.collect.Sets;
import com.google.common.jimfs.Configuration;
import com.google.common.jimfs.Jimfs;
import org.elasticsearch.common.base.Charsets;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
import org.elasticsearch.test.ElasticsearchTestCase;
import org.junit.Test;
import java.io.IOException;
import java.nio.file.FileSystem;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.attribute.*;
import java.util.Set;
import static org.hamcrest.Matchers.*;
/**
*
*/
public class CheckFileCommandTests extends ElasticsearchTestCase {
private CliToolTestCase.CaptureOutputTerminal captureOutputTerminal = new CliToolTestCase.CaptureOutputTerminal();
private Configuration jimFsConfiguration = Configuration.unix().toBuilder().setAttributeViews("basic", "owner", "posix", "unix").build();
private Configuration jimFsConfigurationWithoutPermissions = randomBoolean() ? Configuration.unix().toBuilder().setAttributeViews("basic").build() : Configuration.windows();
private enum Mode {
CHANGE, KEEP, DISABLED
}
@Test
public void testThatCommandLogsErrorMessageOnFail() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(containsString("Please ensure that the user account running Elasticsearch has read access to this file")));
}
@Test
public void testThatCommandLogsNothingWhenPermissionRemains() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingWhenDisabled() throws Exception {
executeCommand(jimFsConfiguration, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFilesystemDoesNotSupportPermissions() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new PermissionCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsOwnerChange() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Owner of file ["), containsString("] used to be ["), containsString("], but now is ["))));
}
@Test
public void testThatCommandLogsNothingIfOwnerRemainsSame() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfOwnerIsDisabled() throws Exception {
executeCommand(jimFsConfiguration, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportOwners() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new OwnerCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsIfGroupChanges() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.CHANGE));
assertThat(captureOutputTerminal.getTerminalOutput(), hasItem(allOf(containsString("Group of file ["), containsString("] used to be ["), containsString("], but now is ["))));
}
@Test
public void testThatCommandLogsNothingIfGroupRemainsSame() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.KEEP));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfGroupIsDisabled() throws Exception {
executeCommand(jimFsConfiguration, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
@Test
public void testThatCommandLogsNothingIfFileSystemDoesNotSupportGroups() throws Exception {
executeCommand(jimFsConfigurationWithoutPermissions, new GroupCheckFileCommand(captureOutputTerminal, Mode.DISABLED));
assertThat(captureOutputTerminal.getTerminalOutput(), hasSize(0));
}
private void executeCommand(Configuration configuration, AbstractTestCheckFileCommand command) throws Exception {
try (FileSystem fs = Jimfs.newFileSystem(configuration)) {
command.execute(fs);
}
}
abstract class AbstractTestCheckFileCommand extends CheckFileCommand {
protected final Mode mode;
protected FileSystem fs;
protected Path[] paths;
public AbstractTestCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal);
this.mode = mode;
}
public CliTool.ExitStatus execute(FileSystem fs) throws Exception {
this.fs = fs;
this.paths = new Path[] { writePath(fs, "p1", "anything"), writePath(fs, "p2", "anything"), writePath(fs, "p3", "anything") };
return super.execute(ImmutableSettings.EMPTY, new Environment(ImmutableSettings.EMPTY));
}
private Path writePath(FileSystem fs, String name, String content) throws IOException {
Path path = fs.getPath(name);
Files.write(path, content.getBytes(Charsets.UTF_8));
return path;
}
@Override
protected Path[] pathsForPermissionsCheck(Settings settings, Environment env) {
return paths;
}
}
/**
* command that changes permissions from a file if enabled
*/
class PermissionCheckFileCommand extends AbstractTestCheckFileCommand {
public PermissionCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
Files.setPosixFilePermissions(randomPath, Sets.newHashSet(PosixFilePermission.OWNER_EXECUTE, PosixFilePermission.OTHERS_EXECUTE, PosixFilePermission.GROUP_EXECUTE));
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
Set<PosixFilePermission> posixFilePermissions = Files.getPosixFilePermissions(randomPath);
Files.setPosixFilePermissions(randomPath, posixFilePermissions);
break;
}
return CliTool.ExitStatus.OK;
}
}
/**
* command that changes the owner of a file if enabled
*/
class OwnerCheckFileCommand extends AbstractTestCheckFileCommand {
public OwnerCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
UserPrincipal randomOwner = fs.getUserPrincipalLookupService().lookupPrincipalByName(randomAsciiOfLength(10));
Files.setOwner(randomPath, randomOwner);
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
UserPrincipal originalOwner = Files.getOwner(randomPath);
Files.setOwner(randomPath, originalOwner);
break;
}
return CliTool.ExitStatus.OK;
}
}
/**
* command that changes the group of a file if enabled
*/
class GroupCheckFileCommand extends AbstractTestCheckFileCommand {
public GroupCheckFileCommand(Terminal terminal, Mode mode) throws IOException {
super(terminal, mode);
}
@Override
public CliTool.ExitStatus doExecute(Settings settings, Environment env) throws Exception {
int randomInt = randomInt(paths.length - 1);
Path randomPath = paths[randomInt];
switch (mode) {
case CHANGE:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
GroupPrincipal randomPrincipal = fs.getUserPrincipalLookupService().lookupPrincipalByGroupName(randomAsciiOfLength(10));
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(randomPrincipal);
break;
case KEEP:
Files.write(randomPath, randomAsciiOfLength(10).getBytes(Charsets.UTF_8));
GroupPrincipal groupPrincipal = Files.readAttributes(randomPath, PosixFileAttributes.class).group();
Files.getFileAttributeView(randomPath, PosixFileAttributeView.class).setGroup(groupPrincipal);
break;
}
return CliTool.ExitStatus.OK;
}
}
}

3
src/test/java/org/elasticsearch/integration/AbstractPrivilegeTests.java
View File

@ -65,9 +65,8 @@ public abstract class AbstractPrivilegeTests extends ShieldIntegrationTest {
protected HttpResponse executeRequest(String user, String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
InetSocketTransportAddress transportAddress = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).host(transportAddress.address().getHostName()).port(transportAddress.address().getPort());
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient).httpTransport(httpServerTransport);
requestBuilder.path(uri);
requestBuilder.method(method);
for (Map.Entry<String, String> entry : params.entrySet()) {

3
src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java
View File

@ -15,7 +15,6 @@ import org.elasticsearch.shield.authc.Realms;
import org.elasticsearch.shield.authc.support.SecuredStringTests;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.client.ShieldClient;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.BeforeClass;
@ -26,13 +25,11 @@ import java.util.concurrent.CountDownLatch;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.*;
/**
*
*/
@ClusterScope(scope = SUITE)
public class ClearRealmsCacheTests extends ShieldIntegrationTest {
private static String[] usernames;

1
src/test/java/org/elasticsearch/integration/ClusterPrivilegeTests.java
View File

@ -18,7 +18,6 @@ import org.elasticsearch.test.rest.client.http.HttpResponse;
import org.junit.Test;
import java.io.File;
import java.util.Locale;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;

4
src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
View File

@ -15,13 +15,9 @@ import org.junit.Before;
import org.junit.Test;
import java.util.Locale;
import java.util.Map;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.is;
@ClusterScope(scope = SUITE)
public class IndexPrivilegeTests extends AbstractPrivilegeTests {
private String jsonDoc = "{ \"name\" : \"elasticsearch\"}";

3
src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -25,7 +25,6 @@ import org.elasticsearch.license.plugin.core.LicensesService;
import org.elasticsearch.plugins.AbstractPlugin;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.license.LicenseService;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource;
import org.junit.Test;
@ -35,14 +34,12 @@ import java.util.Collection;
import java.util.List;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.*;
/**
*
*/
@ClusterScope(scope = SUITE)
public class LicensingTests extends ShieldIntegrationTest {
static final License DUMMY_LICENSE = License.builder()

3
src/test/java/org/elasticsearch/integration/MultipleIndicesPermissionsTests.java
View File

@ -20,13 +20,10 @@ import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.index.query.QueryBuilders.indicesQuery;
import static org.elasticsearch.index.query.QueryBuilders.matchAllQuery;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertHitCount;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class MultipleIndicesPermissionsTests extends ShieldIntegrationTest {
@Override

3
src/test/java/org/elasticsearch/integration/PermissionPrecedenceTests.java
View File

@ -19,8 +19,6 @@ import org.junit.Test;
import java.util.List;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.hasSize;
@ -31,7 +29,6 @@ import static org.hamcrest.Matchers.hasSize;
* actions that are normally categorized as index actions as cluster actions - for example,
* index template actions.
*/
@ClusterScope(scope = Scope.SUITE)
public class PermissionPrecedenceTests extends ShieldIntegrationTest {
@Override

3
src/test/java/org/elasticsearch/integration/SearchGetAndSuggestPermissionsTests.java
View File

@ -20,13 +20,10 @@ import org.junit.Test;
import static org.elasticsearch.client.Requests.searchRequest;
import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
import static org.hamcrest.Matchers.equalTo;
import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SearchGetAndSuggestPermissionsTests extends ShieldIntegrationTest {
@Override

11
src/test/java/org/elasticsearch/integration/SettingsFilterTests.java
View File

@ -42,13 +42,6 @@ import static org.hamcrest.Matchers.is;
public class SettingsFilterTests extends ShieldIntegrationTest {
private CloseableHttpClient httpClient = HttpClients.createDefault();
private InetSocketTransportAddress address;
private String clientPortSetting;
@Before
public void init() {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
}
@After
public void cleanup() throws IOException {
@ -169,10 +162,8 @@ public class SettingsFilterTests extends ShieldIntegrationTest {
protected HttpResponse executeRequest(String method, String uri, String body, Map<String, String> params) throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);
address = (InetSocketTransportAddress) httpServerTransport.boundAddress().boundAddress();
HttpRequestBuilder requestBuilder = new HttpRequestBuilder(httpClient)
.host(address.address().getHostName())
.port(address.address().getPort())
.httpTransport(httpServerTransport)
.method(method)
.path(uri);

3
src/test/java/org/elasticsearch/integration/ShieldClearScrollTests.java
View File

@ -23,13 +23,10 @@ import java.util.ArrayList;
import java.util.List;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertThrows;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.is;
@ClusterScope(scope = Scope.SUITE)
public class ShieldClearScrollTests extends ShieldIntegrationTest {
private List<String> scrollIds;

5
src/test/java/org/elasticsearch/integration/ldap/GroupMappingTests.java
View File

@ -10,16 +10,11 @@ import org.junit.Test;
import java.io.IOException;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
/**
* This tests the group to role mappings from LDAP sources provided by the super class - available from super.realmConfig.
* The super class will provide appropriate group mappings via configGroupMappings()
*/
@Network
@ClusterScope(scope = SUITE)
public class GroupMappingTests extends AbstractAdLdapRealmTests {
@Test

4
src/test/java/org/elasticsearch/integration/ldap/MultiGroupMappingTests.java
View File

@ -10,14 +10,10 @@ import org.junit.Test;
import java.io.IOException;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
/**
* This tests the mapping of multiple groups to a role
*/
@Network
@ClusterScope(scope = SUITE)
public class MultiGroupMappingTests extends AbstractAdLdapRealmTests {
@Override

3
src/test/java/org/elasticsearch/shield/ShieldPluginEnabledDisabledTests.java
View File

@ -17,7 +17,6 @@ import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
import org.elasticsearch.shield.transport.ShieldServerTransportService;
import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.test.ShieldSettingsSource;
import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
@ -34,13 +33,11 @@ import java.io.IOException;
import static org.elasticsearch.rest.RestStatus.OK;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope.SUITE;
import static org.hamcrest.Matchers.*;
/**
*
*/
@ClusterScope(scope = SUITE)
public class ShieldPluginEnabledDisabledTests extends ShieldIntegrationTest {
private static boolean enabled;

10
src/test/java/org/elasticsearch/shield/ShieldPluginTests.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.shield;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.shield.authc.support.SecuredString;
import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
@ -25,6 +27,14 @@ import static org.hamcrest.Matchers.*;
public class ShieldPluginTests extends ShieldIntegrationTest {
@Override
public Settings nodeSettings(int nodeOrdinal) {
return ImmutableSettings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put("http.enabled", true) //This test requires HTTP
.build();
}
@Test
public void testThatPluginIsLoaded() throws IOException {
HttpServerTransport httpServerTransport = internalCluster().getDataNodeInstance(HttpServerTransport.class);

44
src/test/java/org/elasticsearch/shield/VersionCompatibilityTests.java
View File

@ -27,53 +27,11 @@ public class VersionCompatibilityTests extends ElasticsearchTestCase {
@Test
public void testCompatibility() {
/**
* see https://github.com/elasticsearch/elasticsearch/pull/8634 {@link org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration}
*/
assertThat("Remove ClusterDiscoveryConfiguration or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.support.TransportProfileUtil}
*/
assertThat("Remove TransportProfileUtil class or bump the version, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9134 {@link org.elasticsearch.shield.transport.netty.ShieldMessageChannelHandler}
*/
assertThat("Cleanup ShieldMessageChannelHandler class and remove needless code, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9273 {@link org.elasticsearch.action.admin.indices.create.CreateIndexRequestHelper}
*/
assertThat("Remove CreateIndexRequestHelper class, fixed in es core 1.5", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/issues/9372 {@link org.elasticsearch.shield.license.LicenseService}
* Once es core supports merging cluster level custom metadata (licenses in our case), the tribe node will see some license coming from the tribe and everything will be ok.
*
*/
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9409/
* This should be fixed in es 1.4.3 and up, thus can be removed
* You can also remove the SnapshotTests class then, as this functionality is also covered in the ClusterPrivilegeTests
* And remove the code in Privilege.System
*/
assertThat("Remove workaround to allow TransportNodesSnapshotsStatus be executed by the system user", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch-shield/pull/669
* {@link org.elasticsearch.shield.authz.indicesresolver.DefaultIndicesResolver#resolveIndices(User, String, org.elasticsearch.action.IndicesRequest, org.elasticsearch.cluster.metadata.MetaData)}
* The special treatment for IndicesAliasesRequest and GetAliasesRequest can become one single case, and simplified,
* since es core 1.5.0 introduced the AliasesRequest interface.
*/
assertThat("Remove special treatment for IndicesAliasesRequest and GetAliasesRequest", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
/**
* see https://github.com/elasticsearch/elasticsearch/pull/9508
* CheckFileCommand has been moved into ES-Core, please check the supported versions in the PR, if it can be removed completely
*/
assertThat("Remove built-in CheckFileCommand", Version.CURRENT.onOrBefore(Version.V_1_4_2), is(true));
assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata", Version.CURRENT.onOrBefore(Version.V_1_5_0), is(true));
}
}

2
src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTest.java → src/test/java/org/elasticsearch/shield/authc/ldap/LdapRealmTests.java
View File

@ -32,7 +32,7 @@ import static org.mockito.Matchers.any;
import static org.mockito.Matchers.anyString;
import static org.mockito.Mockito.*;
public class LdapRealmTest extends LdapTest {
public class LdapRealmTests extends LdapTest {
public static final String VALID_USER_TEMPLATE = "cn={0},ou=people,o=sevenSeas";
public static final String VALID_USERNAME = "Thomas Masterman Hardy";

3
src/test/java/org/elasticsearch/shield/authz/AnalyzeTests.java
View File

@ -11,11 +11,8 @@ import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.containsString;
@ClusterScope(scope = Scope.SUITE)
public class AnalyzeTests extends ShieldIntegrationTest {
@Override

3
src/test/java/org/elasticsearch/shield/authz/IndexAliasesTests.java
View File

@ -17,14 +17,11 @@ import org.junit.Test;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.CoreMatchers.containsString;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class IndexAliasesTests extends ShieldIntegrationTest {
@Override

2
src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java
View File

@ -176,7 +176,7 @@ public class PrivilegeTests extends ElasticsearchTestCase {
Predicate<String> predicate = Privilege.SYSTEM.predicate();
assertThat(predicate.apply("indices:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:monitor/whatever"), is(true));
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(true));
assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false));
assertThat(predicate.apply("internal:whatever"), is(true));
assertThat(predicate.apply("indices:whatever"), is(false));
assertThat(predicate.apply("cluster:whatever"), is(false));

55
src/test/java/org/elasticsearch/shield/authz/SnapshotTests.java
View File

@ -1,55 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.authz;
import com.carrotsearch.ant.tasks.junit4.dependencies.com.google.common.collect.ImmutableMap;
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotStatus;
import org.elasticsearch.action.admin.cluster.snapshots.status.SnapshotsStatusResponse;
import org.elasticsearch.cluster.metadata.SnapshotMetaData;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.junit.Test;
import java.io.File;
import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
import static org.hamcrest.Matchers.anyOf;
import static org.hamcrest.Matchers.hasSize;
import static org.hamcrest.Matchers.is;
/**
* test to check if snapshotting and displaying of current snapshots work
* can be removed after 1.4.3 is released as this is included
*
*/
public class SnapshotTests extends ShieldIntegrationTest {
// TODO remove after upgrading to 1.4.3
@Test
public void testThatSnapshottingWorks() throws Exception {
File repositoryLocation = newTempDir();
assertAcked(client().admin().cluster().preparePutRepository("my-repo").setType("fs").setSettings(ImmutableMap.of("location", repositoryLocation.getAbsolutePath())));
client().prepareIndex("foo", "bar", "1").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "2").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "3").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "4").setSource("foo", "bar").get();
client().prepareIndex("foo", "bar", "5").setSource("foo", "bar").get();
refresh();
// must be started async otherwise the code relevent path in TransportSnapshotsStatusAction about currently running snapshots is not executed
client().admin().cluster().prepareCreateSnapshot("my-repo", "my-snapshot").setIndices("foo").get();
SnapshotsStatusResponse snapshotsStatusResponse = client().admin().cluster().prepareSnapshotStatus("my-repo").setSnapshots("my-snapshot").get();
assertThat(snapshotsStatusResponse.getSnapshots(), hasSize(1));
SnapshotStatus snapshotStatus = snapshotsStatusResponse.getSnapshots().get(0);
assertThat(snapshotStatus.getState(), anyOf(is(SnapshotMetaData.State.STARTED), is(SnapshotMetaData.State.SUCCESS)));
assertAcked(client().admin().cluster().prepareDeleteSnapshot("my-repo", "my-snapshot").get());
assertAcked(client().admin().cluster().prepareDeleteRepository("my-repo"));
}
}

3
src/test/java/org/elasticsearch/shield/authz/indicesresolver/IndicesResolverIntegrationTests.java
View File

@ -22,11 +22,8 @@ import org.junit.Test;
import java.util.ArrayList;
import java.util.List;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.*;
@ClusterScope(scope = Scope.SUITE)
@TestLogging("cluster.routing.allocation:TRACE")
public class IndicesResolverIntegrationTests extends ShieldIntegrationTest {

5
src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTest.java → src/test/java/org/elasticsearch/shield/transport/ServerTransportFilterIntegrationTests.java
View File

@ -29,13 +29,10 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
import static org.elasticsearch.node.NodeBuilder.nodeBuilder;
import static org.elasticsearch.shield.test.ShieldTestUtils.createFolder;
import static org.elasticsearch.shield.test.ShieldTestUtils.writeFile;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class ServerTransportFilterIntegrationTest extends ShieldIntegrationTest {
public class ServerTransportFilterIntegrationTests extends ShieldIntegrationTest {
private static int randomClientPort;

10
src/test/java/org/elasticsearch/shield/transport/filter/IpFilteringIntegrationTests.java
View File

@ -14,6 +14,7 @@ import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.node.internal.InternalNode;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.transport.Transport;
import org.junit.BeforeClass;
import org.junit.Test;
@ -22,7 +23,6 @@ import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.Socket;
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.instanceOf;
@ -71,7 +71,7 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
@Test
public void testThatIpFilteringIsAppliedForProfile() throws Exception {
try (Socket socket = new Socket()){
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client", internalCluster())));
trySocketConnection(socket, new InetSocketAddress("localhost", getProfilePort("client")));
assertThat(socket.isClosed(), is(true));
}
}
@ -86,4 +86,10 @@ public class IpFilteringIntegrationTests extends ShieldIntegrationTest {
os.flush();
}
}
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}
}

7
src/test/java/org/elasticsearch/shield/transport/netty/IPFilterNettyUpstreamHandlerTests.java
View File

@ -201,6 +201,13 @@ public class IPFilterNettyUpstreamHandlerTests extends ElasticsearchTestCase {
return null;
}
public boolean getUserDefinedWritability(int i) {
return false;
}
public void setUserDefinedWritability(int i, boolean b) {
}
public ChannelFuture unbind() {
return null;
}

3
src/test/java/org/elasticsearch/shield/transport/netty/IPHostnameVerificationTests.java
View File

@ -8,8 +8,6 @@ package org.elasticsearch.shield.transport.netty;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.junit.Test;
@ -20,7 +18,6 @@ import java.nio.file.Paths;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = ElasticsearchIntegrationTest.Scope.SUITE)
public class IPHostnameVerificationTests extends ShieldIntegrationTest {
static Path keystore;

3
src/test/java/org/elasticsearch/shield/transport/netty/SslHostnameVerificationTests.java
View File

@ -12,8 +12,6 @@ import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import org.elasticsearch.test.ShieldIntegrationTest;
import org.elasticsearch.transport.Transport;
import org.junit.Test;
@ -27,7 +25,6 @@ import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilde
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SslHostnameVerificationTests extends ShieldIntegrationTest {
static Path keystore;

3
src/test/java/org/elasticsearch/shield/transport/ssl/SslClientAuthTests.java
View File

@ -30,11 +30,8 @@ import java.net.URISyntaxException;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.containsString;
@ClusterScope(scope = Scope.SUITE)
public class SslClientAuthTests extends ShieldIntegrationTest {
@Override

3
src/test/java/org/elasticsearch/shield/transport/ssl/SslIntegrationTests.java
View File

@ -34,11 +34,8 @@ import java.security.cert.X509Certificate;
import java.util.Locale;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.hamcrest.Matchers.*;
@ClusterScope(scope = Scope.SUITE)
public class SslIntegrationTests extends ShieldIntegrationTest {
private TrustManager[] trustAllCerts = new TrustManager[] {

46
src/test/java/org/elasticsearch/shield/transport/ssl/SslMultiPortTests.java
View File

@ -22,14 +22,10 @@ import java.nio.file.Path;
import java.nio.file.Paths;
import static org.elasticsearch.common.settings.ImmutableSettings.settingsBuilder;
import static org.elasticsearch.shield.transport.support.TransportProfileUtil.getProfilePort;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.ClusterScope;
import static org.elasticsearch.test.ElasticsearchIntegrationTest.Scope;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_USER_NAME;
import static org.elasticsearch.test.ShieldSettingsSource.DEFAULT_PASSWORD;
import static org.hamcrest.CoreMatchers.is;
@ClusterScope(scope = Scope.SUITE)
public class SslMultiPortTests extends ShieldIntegrationTest {
private static int randomClientPort;
@ -115,7 +111,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test
public void testThatStandardTransportClientCanConnectToNoClientAuthProfile() throws Exception {
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient);
}
}
@ -130,7 +126,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test(expected = NoNodeAvailableException.class)
public void testThatStandardTransportClientCannotConnectToClientProfile() throws Exception {
try(TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
transportClient.admin().cluster().prepareHealth().get();
}
}
@ -143,7 +139,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
@Test(expected = NoNodeAvailableException.class)
public void testThatStandardTransportClientCannotConnectToNoSslProfile() throws Exception {
try (TransportClient transportClient = createTransportClient(ImmutableSettings.EMPTY)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient);
}
}
@ -157,7 +153,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCanConnectToClientProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient);
}
}
@ -172,7 +168,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCanConnectToNoClientAuthProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient);
}
}
@ -202,7 +198,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
public void testThatProfileTransportClientCannotConnectToNoSslProfile() throws Exception {
Settings settings = ShieldSettingsSource.getSSLSettingsForStore("/org/elasticsearch/shield/transport/ssl/certs/simple/testclient-client-profile.jks", "testclient-client-profile");
try (TransportClient transportClient = createTransportClient(settings)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
transportClient.admin().cluster().prepareHealth().get();
}
}
@ -217,7 +213,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName())
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient);
}
}
@ -233,7 +229,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName())
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -249,7 +245,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName())
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient);
}
}
@ -265,7 +261,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("cluster.name", internalCluster().getClusterName())
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient);
}
}
@ -285,7 +281,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only")
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient);
}
}
@ -306,7 +302,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only")
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient);
}
}
@ -327,7 +323,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only")
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -347,7 +343,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.ssl.truststore.password", "truststore-testnode-only")
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient);
}
}
@ -365,7 +361,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true)
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("default", internalCluster())));
transportClient.addTransportAddress(internalCluster().getInstance(Transport.class).boundAddress().boundAddress());
assertGreenClusterState(transportClient);
}
}
@ -383,7 +379,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true)
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("client")));
assertGreenClusterState(transportClient);
}
}
@ -401,7 +397,7 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true)
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_client_auth")));
assertGreenClusterState(transportClient);
}
}
@ -419,8 +415,14 @@ public class SslMultiPortTests extends ShieldIntegrationTest {
.put("shield.transport.ssl", true)
.build();
try (TransportClient transportClient = new TransportClient(settings, false)) {
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl", internalCluster())));
transportClient.addTransportAddress(new InetSocketTransportAddress("localhost", getProfilePort("no_ssl")));
assertGreenClusterState(transportClient);
}
}
private static int getProfilePort(String profile) {
TransportAddress transportAddress = internalCluster().getInstance(Transport.class).profileBoundAddresses().get(profile).boundAddress();
assert transportAddress instanceof InetSocketTransportAddress;
return ((InetSocketTransportAddress)transportAddress).address().getPort();
}
}

40
src/test/java/org/elasticsearch/shield/transport/support/TransportProfileUtil.java
View File

@ -1,40 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.shield.transport.support;
import org.elasticsearch.common.netty.channel.Channel;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.netty.NettyTransport;
import java.lang.reflect.Field;
import java.net.InetSocketAddress;
import java.util.Map;
/**
* Utility class used to deal with profile support in Transport. This class should be removed once
* core has been fixed and Shield has been updated to depend on a version of core that is fixed.
*
* See <a href="https://github.com/elasticsearch/elasticsearch/pull/9134">https://github.com/elasticsearch/elasticsearch/pull/9134</a>
*/
//TODO remove the reflection shenanigans (actually this class as a whole) once es core dependency is upgraded for 1.5
public class TransportProfileUtil {
private TransportProfileUtil() {}
/*
* Gets the actual port that the profile is listening on. If a range was provided in the settings, then the first
* port may not be the port that was actually bound.
*/
public static int getProfilePort(String profile, InternalTestCluster internalTestCluster) throws Exception {
NettyTransport transport = (NettyTransport) internalTestCluster.getInstance(Transport.class);
Field channels = NettyTransport.class.getDeclaredField("serverChannels");
channels.setAccessible(true);
Map<String, Channel> serverChannels = (Map<String, Channel>) channels.get(transport);
Channel clientProfileChannel = serverChannels.get(profile);
return ((InetSocketAddress) clientProfileChannel.getLocalAddress()).getPort();
}
}

14
src/test/java/org/elasticsearch/test/ShieldIntegrationTest.java
View File

@ -17,7 +17,6 @@ import org.elasticsearch.common.base.Function;
import org.elasticsearch.common.collect.Collections2;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.LicensePlugin;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.shield.ShieldPlugin;
import org.elasticsearch.shield.authc.support.SecuredString;
@ -36,7 +35,7 @@ import static org.hamcrest.Matchers.hasSize;
/**
* Base class to run tests against a cluster with shield installed.
* The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#GLOBAL},
* The default {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope} is {@link org.elasticsearch.test.ElasticsearchIntegrationTest.Scope#SUITE},
* meaning that all subclasses that don't specify a different scope will share the same cluster with shield installed.
* @see org.elasticsearch.test.ShieldSettingsSource
*/
@ -51,7 +50,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
//and configure them all in unicast.hosts
private static int maxNumberOfNodes() {
ClusterScope clusterScope = ShieldIntegrationTest.class.getAnnotation(ClusterScope.class);
if (clusterScope == null || clusterScope.scope() == Scope.GLOBAL) {
if (clusterScope == null) {
return InternalTestCluster.DEFAULT_MAX_NUM_DATA_NODES + InternalTestCluster.DEFAULT_MAX_NUM_CLIENT_NODES;
} else {
if (clusterScope.numClientNodes() < 0) {
@ -79,7 +78,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
private static Scope getCurrentClusterScope(Class<?> clazz) {
ClusterScope annotation = getAnnotation(clazz);
return annotation == null ? Scope.GLOBAL : annotation.scope();
return annotation == null ? Scope.SUITE : annotation.scope();
}
/**
@ -93,7 +92,7 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
@BeforeClass
public static void initDefaultSettings() {
if (SHIELD_DEFAULT_SETTINGS == null) {
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.GLOBAL);
SHIELD_DEFAULT_SETTINGS = new ShieldSettingsSource(maxNumberOfNodes(), randomBoolean(), globalTempDir(), Scope.SUITE);
}
}
@ -104,11 +103,6 @@ public abstract class ShieldIntegrationTest extends ElasticsearchIntegrationTest
protected void before() throws Throwable {
Scope currentClusterScope = getCurrentClusterScope();
switch(currentClusterScope) {
case GLOBAL:
if (InternalTestCluster.DEFAULT_SETTINGS_SOURCE == SettingsSource.EMPTY) {
InternalTestCluster.DEFAULT_SETTINGS_SOURCE = SHIELD_DEFAULT_SETTINGS;
}
break;
case SUITE:
if (customShieldSettingsSource == null) {
customShieldSettingsSource = new CustomShieldSettingsSource(sslTransportEnabled(), newTempDir(LifecycleScope.SUITE), currentClusterScope);

2
src/test/java/org/elasticsearch/test/ShieldSettingsSource.java
View File

@ -95,7 +95,7 @@ public class ShieldSettingsSource extends ClusterDiscoveryConfiguration.UnicastZ
* @param scope the scope of the test that is requiring an instance of ShieldSettingsSource
*/
public ShieldSettingsSource(int numOfNodes, boolean sslTransportEnabled, byte[] systemKey, File parentFolder, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, DEFAULT_SETTINGS, scope);
super(numOfNodes, DEFAULT_SETTINGS);
this.systemKey = systemKey;
this.parentFolder = parentFolder;
this.subfolderPrefix = scope.name();

178
src/test/java/org/elasticsearch/test/discovery/ClusterDiscoveryConfiguration.java
View File

@ -1,178 +0,0 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.test.discovery;
import com.carrotsearch.randomizedtesting.RandomizedTest;
import com.google.common.primitives.Ints;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.Version;
import org.elasticsearch.common.settings.ImmutableSettings;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ElasticsearchIntegrationTest;
import org.elasticsearch.test.InternalTestCluster;
import org.elasticsearch.test.SettingsSource;
import org.elasticsearch.transport.local.LocalTransport;
import java.io.IOException;
import java.net.ServerSocket;
import java.util.HashSet;
import java.util.Set;
import java.util.concurrent.atomic.AtomicInteger;
//TODO Remove this class once we move to es core 1.5.0
public class ClusterDiscoveryConfiguration extends SettingsSource {
static Settings DEFAULT_NODE_SETTINGS = ImmutableSettings.settingsBuilder()
.put("gateway.type", "local")
.put("discovery.type", "zen").build();
final int numOfNodes;
final Settings nodeSettings;
final Settings transportClientSettings;
public ClusterDiscoveryConfiguration(int numOfNodes) {
this(numOfNodes, ImmutableSettings.EMPTY);
}
public ClusterDiscoveryConfiguration(int numOfNodes, Settings extraSettings) {
this.numOfNodes = numOfNodes;
this.nodeSettings = ImmutableSettings.builder().put(DEFAULT_NODE_SETTINGS).put(extraSettings).build();
this.transportClientSettings = ImmutableSettings.builder().put(extraSettings).build();
}
@Override
public Settings node(int nodeOrdinal) {
return nodeSettings;
}
@Override
public Settings transportClient() {
return transportClientSettings;
}
public static class UnicastZen extends ClusterDiscoveryConfiguration {
private static final AtomicInteger portCounter = new AtomicInteger();
private final int[] unicastHostOrdinals;
private final int[] unicastHostPorts;
private final boolean localMode;
public UnicastZen(int numOfNodes, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfNodes, scope);
}
public UnicastZen(int numOfNodes, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfNodes, extraSettings, scope);
}
public UnicastZen(int numOfNodes, int numOfUnicastHosts, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, numOfUnicastHosts, ImmutableSettings.EMPTY, scope);
}
public UnicastZen(int numOfNodes, int numOfUnicastHosts, Settings extraSettings, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, extraSettings);
if (numOfUnicastHosts == numOfNodes) {
unicastHostOrdinals = new int[numOfNodes];
for (int i = 0; i < numOfNodes; i++) {
unicastHostOrdinals[i] = i;
}
} else {
Set<Integer> ordinals = new HashSet<>(numOfUnicastHosts);
while (ordinals.size() != numOfUnicastHosts) {
ordinals.add(RandomizedTest.randomInt(numOfNodes - 1));
}
unicastHostOrdinals = Ints.toArray(ordinals);
}
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
assert unicastHostOrdinals.length <= unicastHostPorts.length;
}
public UnicastZen(int numOfNodes, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
this(numOfNodes, ImmutableSettings.EMPTY, unicastHostOrdinals, scope);
}
public UnicastZen(int numOfNodes, Settings extraSettings, int[] unicastHostOrdinals, ElasticsearchIntegrationTest.Scope scope) {
super(numOfNodes, extraSettings);
this.unicastHostOrdinals = unicastHostOrdinals;
this.localMode = nodeSettings.get("node.mode", InternalTestCluster.NODE_MODE).equals("local");
this.unicastHostPorts = localMode ? new int[0] : unicastHostPorts(calcBasePort(scope), numOfNodes);
assert unicastHostOrdinals.length <= unicastHostPorts.length;
}
private static int calcBasePort(ElasticsearchIntegrationTest.Scope scope) {
// note that this has properly co-exist with the port logic at InternalTestCluster's constructor
return 30000 +
1000 * (ElasticsearchIntegrationTest.CHILD_JVM_ID) + // up to 30 jvms
//up to 100 nodes per cluster
100 * scopeId(scope);
}
private static int scopeId(ElasticsearchIntegrationTest.Scope scope) {
switch(scope) {
case GLOBAL:
//we reserve a special base port for global clusters, as they stick around
//the assumption is that no counter is needed as there's only one global cluster per jvm
return 0;
default:
//ports can be reused as suite or test clusters are never run concurrently
//we don't reuse the same port immediately though but leave some time to make sure ports are freed
//reserve 0 to global cluster, prevent conflicts between jvms by never going above 9
return 1 + portCounter.incrementAndGet() % 9;
}
}
@Override
public Settings node(int nodeOrdinal) {
ImmutableSettings.Builder builder = ImmutableSettings.builder()
.put("discovery.zen.ping.multicast.enabled", false);
String[] unicastHosts = new String[unicastHostOrdinals.length];
if (localMode) {
builder.put(LocalTransport.TRANSPORT_LOCAL_ADDRESS, "node_" + nodeOrdinal);
for (int i = 0; i < unicastHosts.length; i++) {
unicastHosts[i] = "node_" + unicastHostOrdinals[i];
}
} else {
// we need to pin the node port & host so we'd know where to point things
builder.put("transport.tcp.port", unicastHostPorts[nodeOrdinal]);
builder.put("transport.host", "localhost");
for (int i = 0; i < unicastHostOrdinals.length; i++) {
unicastHosts[i] = "localhost:" + (unicastHostPorts[unicastHostOrdinals[i]]);
}
}
builder.putArray("discovery.zen.ping.unicast.hosts", unicastHosts);
return builder.put(super.node(nodeOrdinal)).build();
}
protected static int[] unicastHostPorts(int basePort, int numHosts) {
int[] unicastHostPorts = new int[numHosts];
final int maxPort = basePort + 99;
int currentPort = basePort;
for (int i = 0; i < unicastHostPorts.length; i++) {
boolean foundPortInRange = false;
while (currentPort <= maxPort && !foundPortInRange) {
try (ServerSocket socket = new ServerSocket(currentPort)) {
// bind was a success
foundPortInRange = true;
unicastHostPorts[i] = currentPort;
} catch (IOException e) {
// Do nothing
}
currentPort++;
}
if (!foundPortInRange) {
throw new ElasticsearchException("could not find enough open ports in range [" + basePort + "-" + maxPort + "]");
}
}
return unicastHostPorts;
}
}
}