honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into deguice2 

Original commit: elastic/x-pack-elasticsearch@2d7264c2cf
This commit is contained in:
Ryan Ernst 2016-07-14 19:51:58 -07:00
parent 7f6788af1a 496e112c5e
commit f388ef01ed
86 changed files with 931 additions and 814 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolIT.java
View File

@ -118,6 +118,13 @@ public class MigrateToolIT extends MigrateToolTestCase {
String token = basicAuthHeaderValue("bob", new SecuredString("changeme".toCharArray()));
// Create "index1" index and try to search from it as "bob"
client.filterWithHeader(Collections.singletonMap("Authorization", token)).admin().indices().prepareCreate("index1").get();
// Wait for the index to be ready so it doesn't fail if no shards are initialized
client.admin().cluster().health(Requests.clusterHealthRequest("index1")
.timeout(TimeValue.timeValueSeconds(30))
.waitForYellowStatus()
.waitForEvents(Priority.LANGUID)
.waitForRelocatingShards(0))
.actionGet();
SearchResponse searchResp = client.filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("index1").get();
}
}

3
elasticsearch/qa/security-migrate-tests/src/test/java/org/elasticsearch/xpack/security/MigrateToolTestCase.java
View File

@ -15,6 +15,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.node.internal.InternalSettingsPreparer;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.XPackPlugin;
import org.junit.After;
@ -45,6 +46,7 @@ import static org.hamcrest.Matchers.notNullValue;
* your test.
*/
@LuceneTestCase.SuppressSysoutChecks(bugUrl = "we log a lot on purpose")
@ESIntegTestCase.SuppressLocalMode
public abstract class MigrateToolTestCase extends LuceneTestCase {
/**
@ -77,7 +79,6 @@ public abstract class MigrateToolTestCase extends LuceneTestCase {
.put("client.transport.ignore_cluster_name", true)
.put("path.home", tempDir)
.put(Security.USER_SETTING.getKey(), "transport_user:changeme")
.put("node.mode", "network") // we require network here!
.build();
TransportClient.Builder transportClientBuilder = TransportClient.builder()

5
elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
View File

@ -13,9 +13,8 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.junit.annotations.Network;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.xpack.XPackPlugin;
import org.junit.After;
@ -62,7 +61,7 @@ public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase {
protected Settings externalClusterClientSettings() {
return Settings.builder()
.put(Security.USER_SETTING.getKey(), USER + ":" + PASS)
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.keystore.path", clientKeyStore)
.put("xpack.security.ssl.keystore.password", KEYSTORE_PASS)
.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME)

2
elasticsearch/x-pack/build.gradle
View File

@ -27,7 +27,7 @@ dependencies {
testCompile project(':x-plugins:elasticsearch:license:licensor')
// security deps
compile project(path: ':modules:transport-netty', configuration: 'runtime')
compile project(path: ':modules:transport-netty3', configuration: 'runtime')
compile 'dk.brics.automaton:automaton:1.11-8'
compile 'com.unboundid:unboundid-ldapsdk:2.3.8'
compile 'org.bouncycastle:bcprov-jdk15on:1.54'

22
elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestDeleteLicenseAction.java
View File

@ -5,29 +5,39 @@
*/
package org.elasticsearch.license.plugin.rest;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.plugin.action.delete.DeleteLicenseAction;
import org.elasticsearch.license.plugin.action.delete.DeleteLicenseRequest;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.action.support.AcknowledgedRestListener;
import org.elasticsearch.xpack.XPackClient;
import org.elasticsearch.xpack.rest.XPackRestHandler;
import static org.elasticsearch.rest.RestRequest.Method.DELETE;
public class RestDeleteLicenseAction extends BaseRestHandler {
public class RestDeleteLicenseAction extends XPackRestHandler {
@Inject
public RestDeleteLicenseAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(DELETE, "/_xpack/license", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(DELETE, URI_BASE + "/license", this,
DELETE, "/_license", deprecationLogger);
// Remove _licenses support entirely in 6.0
controller.registerAsDeprecatedHandler(DELETE, "/_licenses", this,
"[DELETE /_licenses] is deprecated! Use " +
"[DELETE /_xpack/license] instead.",
deprecationLogger);
}
@Override
public void handleRequest(final RestRequest request, final RestChannel channel, final NodeClient client) {
client.admin().cluster().execute(DeleteLicenseAction.INSTANCE, new DeleteLicenseRequest(), new AcknowledgedRestListener<>(channel));
public void handleRequest(final RestRequest request, final RestChannel channel, final XPackClient client) {
client.es().admin().cluster().execute(DeleteLicenseAction.INSTANCE,
new DeleteLicenseRequest(),
new AcknowledgedRestListener<>(channel));
}
}

20
elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestGetLicenseAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.license.plugin.rest;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
@ -14,13 +13,14 @@ import org.elasticsearch.license.core.License;
import org.elasticsearch.license.plugin.action.get.GetLicenseAction;
import org.elasticsearch.license.plugin.action.get.GetLicenseRequest;
import org.elasticsearch.license.plugin.action.get.GetLicenseResponse;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.action.support.RestBuilderListener;
import org.elasticsearch.xpack.XPackClient;
import org.elasticsearch.xpack.rest.XPackRestHandler;
import java.util.HashMap;
import java.util.Map;
@ -29,12 +29,20 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
import static org.elasticsearch.rest.RestStatus.NOT_FOUND;
import static org.elasticsearch.rest.RestStatus.OK;
public class RestGetLicenseAction extends BaseRestHandler {
public class RestGetLicenseAction extends XPackRestHandler {
@Inject
public RestGetLicenseAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(GET, "/_xpack/license", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(GET, URI_BASE + "/license", this,
GET, "/_license", deprecationLogger);
// Remove _licenses support entirely in 6.0
controller.registerAsDeprecatedHandler(GET, "/_licenses", this,
"[GET /_licenses] is deprecated! Use " +
"[GET /_xpack/license] instead.",
deprecationLogger);
}
/**
@ -44,14 +52,14 @@ public class RestGetLicenseAction extends BaseRestHandler {
* The licenses are sorted by latest issue_date
*/
@Override
public void handleRequest(final RestRequest request, final RestChannel channel, final NodeClient client) {
public void handleRequest(final RestRequest request, final RestChannel channel, final XPackClient client) {
final Map<String, String> overrideParams = new HashMap<>(2);
overrideParams.put(License.REST_VIEW_MODE, "true");
overrideParams.put(License.LICENSE_VERSION_MODE, String.valueOf(License.VERSION_CURRENT));
final ToXContent.Params params = new ToXContent.DelegatingMapParams(overrideParams, request);
GetLicenseRequest getLicenseRequest = new GetLicenseRequest();
getLicenseRequest.local(request.paramAsBoolean("local", getLicenseRequest.local()));
client.admin().cluster().execute(GetLicenseAction.INSTANCE, getLicenseRequest,
client.es().admin().cluster().execute(GetLicenseAction.INSTANCE, getLicenseRequest,
new RestBuilderListener<GetLicenseResponse>(channel) {
@Override
public RestResponse buildResponse(GetLicenseResponse response, XContentBuilder builder) throws Exception {

27
elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/rest/RestPutLicenseAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.license.plugin.rest;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.ToXContent;
@ -13,7 +12,6 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.license.plugin.action.put.PutLicenseAction;
import org.elasticsearch.license.plugin.action.put.PutLicenseRequest;
import org.elasticsearch.license.plugin.action.put.PutLicenseResponse;
import org.elasticsearch.rest.BaseRestHandler;
import org.elasticsearch.rest.BytesRestResponse;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
@ -21,25 +19,40 @@ import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.rest.RestResponse;
import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.rest.action.support.RestBuilderListener;
import org.elasticsearch.xpack.XPackClient;
import org.elasticsearch.xpack.rest.XPackRestHandler;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
public class RestPutLicenseAction extends BaseRestHandler {
public class RestPutLicenseAction extends XPackRestHandler {
@Inject
public RestPutLicenseAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(PUT, "/_xpack/license", this);
controller.registerHandler(POST, "/_xpack/license", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/license", this,
POST, "/_license", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/license", this,
PUT, "/_license", deprecationLogger);
// Remove _licenses support entirely in 6.0
controller.registerAsDeprecatedHandler(POST, "/_licenses", this,
"[POST /_licenses] is deprecated! Use " +
"[POST /_xpack/license] instead.",
deprecationLogger);
controller.registerAsDeprecatedHandler(PUT, "/_licenses", this,
"[PUT /_licenses] is deprecated! Use " +
"[PUT /_xpack/license] instead.",
deprecationLogger);
}
@Override
public void handleRequest(final RestRequest request, final RestChannel channel, final NodeClient client) {
public void handleRequest(final RestRequest request, final RestChannel channel, final XPackClient client) {
PutLicenseRequest putLicenseRequest = new PutLicenseRequest();
putLicenseRequest.license(request.content().utf8ToString());
putLicenseRequest.acknowledge(request.paramAsBoolean("acknowledge", false));
client.admin().cluster().execute(PutLicenseAction.INSTANCE, putLicenseRequest,
client.es().admin().cluster().execute(PutLicenseAction.INSTANCE, putLicenseRequest,
new RestBuilderListener<PutLicenseResponse>(channel) {
@Override
public RestResponse buildResponse(PutLicenseResponse response, XContentBuilder builder) throws Exception {

4
elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesServiceClusterTests.java
View File

@ -25,7 +25,7 @@ import org.elasticsearch.license.plugin.core.LicensesService;
import org.elasticsearch.license.plugin.core.LicensesStatus;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.XPackPlugin;
import java.util.Arrays;
@ -60,7 +60,7 @@ public class LicensesServiceClusterTests extends AbstractLicensesIntegrationTest
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
return Arrays.asList(XPackPlugin.class, MockNettyPlugin.class);
return Arrays.asList(XPackPlugin.class, MockNetty3Plugin.class);
}
@Override

12
elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java
View File

@ -19,6 +19,7 @@ import org.elasticsearch.common.UUIDs;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.discovery.DiscoveryModule;
import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
import org.elasticsearch.xpack.monitoring.Monitoring;
import org.elasticsearch.node.Node;
@ -59,7 +60,8 @@ public abstract class TribeTransportTestCase extends ESIntegTestCase {
protected final Settings nodeSettings(int nodeOrdinal) {
final Settings.Builder builder = Settings.builder()
.put(NetworkModule.HTTP_ENABLED.getKey(), false)
.put(Node.NODE_LOCAL_SETTING.getKey(), true);
.put("transport.type", "local")
.put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), "local");
List<String> enabledFeatures = enabledFeatures();
for (String feature : ALL_FEATURES) {
builder.put(XPackPlugin.featureEnabledSetting(feature), enabledFeatures.contains(feature));
@ -99,7 +101,7 @@ public abstract class TribeTransportTestCase extends ESIntegTestCase {
return TribeTransportTestCase.this.transportClientPlugins();
}
};
final InternalTestCluster cluster2 = new InternalTestCluster(InternalTestCluster.configuredNodeMode(),
final InternalTestCluster cluster2 = new InternalTestCluster(
randomLong(), createTempDir(), true, 2, 2,
UUIDs.randomBase64UUID(random()), nodeConfigurationSource, 1, false, "tribe_node2",
getMockPlugins(), getClientWrapper());
@ -131,13 +133,17 @@ public abstract class TribeTransportTestCase extends ESIntegTestCase {
Settings merged = Settings.builder()
.put("tribe.t1.cluster.name", internalCluster().getClusterName())
.put("tribe.t2.cluster.name", cluster2.getClusterName())
.put("tribe.t1.transport.type", "local")
.put("tribe.t2.transport.type", "local")
.put("tribe.t1.discovery.type", "local")
.put("tribe.t2.discovery.type", "local")
.put("tribe.blocks.write", false)
.put(tribe1Defaults.build())
.put(tribe2Defaults.build())
.put(NetworkModule.HTTP_ENABLED.getKey(), false)
.put(internalCluster().getDefaultSettings())
.put("node.name", "tribe_node") // make sure we can identify threads from this node
.put(Node.NODE_LOCAL_SETTING.getKey(), true)
.put("transport.type", "local")
.build();
final Node tribeNode = new Node(merged).start();

2
elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/collector/indices/IndexStatsCollector.java
View File

@ -68,6 +68,8 @@ public class IndexStatsCollector extends AbstractCollector {
.setSegments(true)
.setStore(true)
.setRefresh(true)
.setQueryCache(true)
.setRequestCache(true)
.get(monitoringSettings.indexStatsTimeout());
long timestamp = System.currentTimeMillis();

20
elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolver.java
View File

@ -26,12 +26,22 @@ public class IndexStatsResolver extends MonitoringIndexNameResolver.Timestamped<
"index_stats.index",
"index_stats.primaries.docs.count",
"index_stats.primaries.fielddata.memory_size_in_bytes",
"index_stats.primaries.fielddata.evictions",
"index_stats.primaries.indexing.index_total",
"index_stats.primaries.indexing.index_time_in_millis",
"index_stats.primaries.indexing.throttle_time_in_millis",
"index_stats.primaries.merges.total_size_in_bytes",
"index_stats.primaries.query_cache.memory_size_in_bytes",
"index_stats.primaries.query_cache.evictions",
"index_stats.primaries.query_cache.hit_count",
"index_stats.primaries.query_cache.miss_count",
"index_stats.primaries.request_cache.memory_size_in_bytes",
"index_stats.primaries.request_cache.evictions",
"index_stats.primaries.request_cache.hit_count",
"index_stats.primaries.request_cache.miss_count",
"index_stats.primaries.search.query_total",
"index_stats.primaries.search.query_time_in_millis",
"index_stats.primaries.segments.count",
"index_stats.primaries.segments.memory_in_bytes",
"index_stats.primaries.segments.terms_memory_in_bytes",
"index_stats.primaries.segments.stored_fields_memory_in_bytes",
@ -47,12 +57,22 @@ public class IndexStatsResolver extends MonitoringIndexNameResolver.Timestamped<
"index_stats.primaries.refresh.total_time_in_millis",
"index_stats.total.docs.count",
"index_stats.total.fielddata.memory_size_in_bytes",
"index_stats.total.fielddata.evictions",
"index_stats.total.indexing.index_total",
"index_stats.total.indexing.index_time_in_millis",
"index_stats.total.indexing.throttle_time_in_millis",
"index_stats.total.merges.total_size_in_bytes",
"index_stats.total.query_cache.memory_size_in_bytes",
"index_stats.total.query_cache.evictions",
"index_stats.total.query_cache.hit_count",
"index_stats.total.query_cache.miss_count",
"index_stats.total.request_cache.memory_size_in_bytes",
"index_stats.total.request_cache.evictions",
"index_stats.total.request_cache.hit_count",
"index_stats.total.request_cache.miss_count",
"index_stats.total.search.query_total",
"index_stats.total.search.query_time_in_millis",
"index_stats.total.segments.count",
"index_stats.total.segments.memory_in_bytes",
"index_stats.total.segments.terms_memory_in_bytes",
"index_stats.total.segments.stored_fields_memory_in_bytes",

10
elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolver.java
View File

@ -32,11 +32,21 @@ public class NodeStatsResolver extends MonitoringIndexNameResolver.Timestamped<N
"node_stats.disk_threshold_watermark_high",
// Node Stats
"node_stats.indices.docs.count",
"node_stats.indices.fielddata.memory_size_in_bytes",
"node_stats.indices.fielddata.evictions",
"node_stats.indices.store.size_in_bytes",
"node_stats.indices.store.throttle_time_in_millis",
"node_stats.indices.indexing.throttle_time_in_millis",
"node_stats.indices.indexing.index_total",
"node_stats.indices.indexing.index_time_in_millis",
"node_stats.indices.query_cache.memory_size_in_bytes",
"node_stats.indices.query_cache.evictions",
"node_stats.indices.query_cache.hit_count",
"node_stats.indices.query_cache.miss_count",
"node_stats.indices.request_cache.memory_size_in_bytes",
"node_stats.indices.request_cache.evictions",
"node_stats.indices.request_cache.hit_count",
"node_stats.indices.request_cache.miss_count",
"node_stats.indices.search.query_total",
"node_stats.indices.search.query_time_in_millis",
"node_stats.indices.segments.count",

120
elasticsearch/x-pack/monitoring/src/main/resources/monitoring-es.json
View File

@ -109,6 +109,9 @@
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
}
}
},
@ -142,6 +145,38 @@
}
}
},
"query_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"request_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"search": {
"properties": {
"query_total": {
@ -154,6 +189,9 @@
},
"segments": {
"properties": {
"count": {
"type": "integer"
},
"memory_in_bytes": {
"type": "long"
},
@ -205,6 +243,9 @@
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
}
}
},
@ -238,6 +279,38 @@
}
}
},
"query_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"request_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"search": {
"properties": {
"query_total": {
@ -250,6 +323,9 @@
},
"segments": {
"properties": {
"count": {
"type": "integer"
},
"memory_in_bytes": {
"type": "long"
},
@ -374,6 +450,16 @@
}
}
},
"fielddata" : {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
}
}
},
"indexing": {
"properties": {
"index_time_in_millis": {
@ -387,6 +473,38 @@
}
}
},
"query_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"request_cache": {
"properties": {
"memory_size_in_bytes": {
"type": "long"
},
"evictions": {
"type": "long"
},
"hit_count": {
"type": "long"
},
"miss_count": {
"type": "long"
}
}
},
"search": {
"properties": {
"query_time_in_millis": {
@ -400,7 +518,7 @@
"segments": {
"properties": {
"count": {
"type": "long"
"type": "integer"
},
"memory_in_bytes": {
"type": "long"

2
elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/MonitoringIndexNameResolverTestCase.java
View File

@ -123,6 +123,8 @@ public abstract class MonitoringIndexNameResolverTestCase<M extends MonitoringDo
}
@SuppressWarnings("unchecked")
// norelease
@AwaitsFix(bugUrl = "https://github.com/elastic/x-plugins/issues/2825;https://github.com/elastic/x-plugins/issues/2826")
public void testSource() throws IOException {
MonitoringIndexNameResolver resolver = newResolver();
BytesReference source = resolver.source(newMonitoringDoc(), randomFrom(XContentType.values()));

4
elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/settings/MonitoringSettingsTests.java
View File

@ -12,7 +12,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.monitoring.MonitoringSettings;
import org.elasticsearch.xpack.monitoring.agent.AgentService;
import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase;
@ -51,7 +51,7 @@ public class MonitoringSettingsTests extends MonitoringIntegTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

4
elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/security/MonitoringSettingsFilterTests.java
View File

@ -12,7 +12,7 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.monitoring.MonitoringSettings;
import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
@ -49,7 +49,7 @@ public class MonitoringSettingsFilterTests extends MonitoringIntegTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

1
elasticsearch/x-pack/monitoring/src/test/resources/rest-api-spec/test/monitoring/bulk/10_basic.yaml
View File

@ -10,6 +10,7 @@ setup:
cluster.health:
index: ".monitoring-data-*"
wait_for_active_shards: 1
timeout: 60s
---
"Bulk indexing of monitoring data":

73
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/InternalClient.java
View File

@ -5,6 +5,8 @@
*/
package org.elasticsearch.xpack.security;
import java.io.IOException;
import org.elasticsearch.ElasticsearchException;
import org.elasticsearch.action.Action;
import org.elasticsearch.action.ActionListener;
@ -13,60 +15,57 @@ import org.elasticsearch.action.ActionRequestBuilder;
import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.FilterClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.user.XPackUser;
import org.elasticsearch.node.Node;
import org.elasticsearch.threadpool.ThreadPool;
import java.io.IOException;
import org.elasticsearch.xpack.security.authc.Authentication;
import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.user.XPackUser;
/**
* A special filter client for internal node communication which adds the internal xpack user to the headers.
* An optionally secured client for internal node communication.
*
* When secured, the XPack user is added to the execution context before each action is executed.
*/
public interface InternalClient extends Client {
public class InternalClient extends FilterClient {
private final CryptoService cryptoService;
private final boolean signUserHeader;
private final String nodeName;
/**
* An insecured internal client, baseically simply delegates to the normal ES client
* without doing anything extra.
* Constructs an InternalClient.
* If {@code cryptoService} is non-null, the client is secure. Otherwise this client is a passthrough.
*/
class Insecure extends FilterClient implements InternalClient {
@Inject
public Insecure(Settings settings, ThreadPool threadPool, Client in) {
super(settings, threadPool, in);
}
public InternalClient(Settings settings, ThreadPool threadPool, Client in, CryptoService cryptoService) {
super(settings, threadPool, in);
this.cryptoService = cryptoService;
this.signUserHeader = InternalAuthenticationService.SIGN_USER_HEADER.get(settings);
this.nodeName = Node.NODE_NAME_SETTING.get(settings);
}
/**
* A secured internal client that binds the internal XPack user to the current
* execution context, before the action is executed.
*/
class Secure extends FilterClient implements InternalClient {
@Override
protected <Request extends ActionRequest<Request>, Response extends ActionResponse, RequestBuilder extends
ActionRequestBuilder<Request, Response, RequestBuilder>> void doExecute(
Action<Request, Response, RequestBuilder> action, Request request, ActionListener<Response> listener) {
private final AuthenticationService authcService;
@Inject
public Secure(Settings settings, ThreadPool threadPool, Client in, AuthenticationService authcService) {
super(settings, threadPool, in);
this.authcService = authcService;
if (cryptoService == null) {
super.doExecute(action, request, listener);
return;
}
@Override
protected <Request extends ActionRequest<Request>, Response extends ActionResponse, RequestBuilder extends
ActionRequestBuilder<Request, Response, RequestBuilder>> void doExecute(
Action<Request, Response, RequestBuilder> action, Request request, ActionListener<Response> listener) {
try (ThreadContext.StoredContext ctx = threadPool().getThreadContext().stashContext()) {
try {
authcService.attachUserIfMissing(XPackUser.INSTANCE);
} catch (IOException ioe) {
throw new ElasticsearchException("failed to attach internal user to request", ioe);
}
super.doExecute(action, request, listener);
try (ThreadContext.StoredContext ctx = threadPool().getThreadContext().stashContext()) {
try {
Authentication authentication = new Authentication(XPackUser.INSTANCE,
new Authentication.RealmRef("__attach", "__attach", nodeName), null);
authentication.writeToContextIfMissing(threadPool().getThreadContext(), cryptoService, signUserHeader);
} catch (IOException ioe) {
throw new ElasticsearchException("failed to attach internal user to request", ioe);
}
super.doExecute(action, request, listener);
}
}
}

26
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -62,7 +62,6 @@ import org.elasticsearch.xpack.security.action.user.TransportPutUserAction;
import org.elasticsearch.xpack.security.audit.AuditTrailModule;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.index.IndexNameResolver;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.AuthenticationModule;
import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
import org.elasticsearch.xpack.security.authc.Realms;
@ -95,8 +94,8 @@ import org.elasticsearch.xpack.security.transport.SecurityClientTransportService
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
import org.elasticsearch.xpack.security.transport.SecurityTransportModule;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.xpack.security.user.AnonymousUser;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
@ -142,6 +141,10 @@ public class Security implements ActionPlugin {
return securityLicenseState;
}
public boolean isEnabled() {
return enabled;
}
public Collection<Module> nodeModules() {
List<Module> modules = new ArrayList<>();
@ -184,11 +187,6 @@ public class Security implements ActionPlugin {
return Collections.emptyList();
}
List<Class<? extends LifecycleComponent>> list = new ArrayList<>();
//TODO why only focus on file audit logs? shouldn't we just check if audit trail is enabled in general?
if (AuditTrailModule.fileAuditLoggingEnabled(settings) == true) {
list.add(LoggingAuditTrail.class);
}
list.add(FileRolesStore.class);
list.add(Realms.class);
return list;
@ -208,7 +206,7 @@ public class Security implements ActionPlugin {
settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME);
settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, Security.NAME);
settingsBuilder.put(NetworkModule.HTTP_TYPE_SETTING.getKey(), Security.NAME);
SecurityNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
SecurityNetty3HttpServerTransport.overrideSettings(settingsBuilder, settings);
addUserSettings(settings, settingsBuilder);
addTribeSettings(settings, settingsBuilder);
return settingsBuilder.build();
@ -224,7 +222,7 @@ public class Security implements ActionPlugin {
SSLConfiguration.Global.addSettings(settingsList);
// transport settings
SecurityNettyTransport.addSettings(settingsList);
SecurityNetty3Transport.addSettings(settingsList);
if (transportClientMode) {
return settingsList;
@ -249,7 +247,7 @@ public class Security implements ActionPlugin {
InternalAuthorizationService.addSettings(settingsList);
// HTTP settings
SecurityNettyHttpServerTransport.addSettings(settingsList);
SecurityNetty3HttpServerTransport.addSettings(settingsList);
// encryption settings
CryptoService.addSettings(settingsList);
@ -351,16 +349,16 @@ public class Security implements ActionPlugin {
if (transportClientMode) {
if (enabled) {
module.registerTransport(Security.NAME, SecurityNettyTransport.class);
module.registerTransport(Security.NAME, SecurityNetty3Transport.class);
module.registerTransportService(Security.NAME, SecurityClientTransportService.class);
}
return;
}
if (enabled) {
module.registerTransport(Security.NAME, SecurityNettyTransport.class);
module.registerTransport(Security.NAME, SecurityNetty3Transport.class);
module.registerTransportService(Security.NAME, SecurityServerTransportService.class);
module.registerHttpTransport(Security.NAME, SecurityNettyHttpServerTransport.class);
module.registerHttpTransport(Security.NAME, SecurityNetty3HttpServerTransport.class);
}
}

8
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java
View File

@ -21,8 +21,8 @@ import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.security.authz.store.RolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import java.io.IOException;
import java.util.ArrayList;
@ -122,8 +122,8 @@ public class SecurityFeatureSet implements XPackFeatureSet {
static Map<String, Object> sslUsage(Settings settings) {
Map<String, Object> map = new HashMap<>(2);
map.put("http", Collections.singletonMap("enabled", SecurityNettyHttpServerTransport.SSL_SETTING.get(settings)));
map.put("transport", Collections.singletonMap("enabled", SecurityNettyTransport.SSL_SETTING.get(settings)));
map.put("http", Collections.singletonMap("enabled", SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings)));
map.put("transport", Collections.singletonMap("enabled", SecurityNetty3Transport.SSL_SETTING.get(settings)));
return map;
}

4
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java
View File

@ -42,7 +42,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
@Inject
public SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
NativeRolesStore nativeRolesStore, Provider<InternalClient> clientProvider) {
NativeRolesStore nativeRolesStore, InternalClient client) {
super(settings);
this.settings = settings;
this.threadPool = threadPool;
@ -54,7 +54,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
clusterService.add(this);
clusterService.add(nativeUserStore);
clusterService.add(nativeRolesStore);
clusterService.add(new SecurityTemplateService(settings, clusterService, clientProvider, threadPool));
clusterService.add(new SecurityTemplateService(settings, clusterService, client, threadPool));
clusterService.addLifecycleListener(new LifecycleListener() {
@Override

4
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityModule.java
View File

@ -30,12 +30,8 @@ public class SecurityModule extends AbstractSecurityModule {
bind(SecurityContext.Secure.class).asEagerSingleton();
bind(SecurityContext.class).to(SecurityContext.Secure.class);
bind(SecurityLifecycleService.class).asEagerSingleton();
bind(InternalClient.Secure.class).asEagerSingleton();
bind(InternalClient.class).to(InternalClient.Secure.class);
} else {
bind(SecurityContext.class).toInstance(SecurityContext.Insecure.INSTANCE);
bind(InternalClient.Insecure.class).asEagerSingleton();
bind(InternalClient.class).to(InternalClient.Insecure.class);
}
}

7
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java
View File

@ -37,19 +37,18 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste
public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
private final ThreadPool threadPool;
private final Provider<InternalClient> clientProvider;
private final InternalClient client;
private final AtomicBoolean templateCreationPending = new AtomicBoolean(false);
public SecurityTemplateService(Settings settings, ClusterService clusterService,
Provider<InternalClient> clientProvider, ThreadPool threadPool) {
InternalClient client, ThreadPool threadPool) {
super(settings);
this.threadPool = threadPool;
this.clientProvider = clientProvider;
this.client = client;
clusterService.add(this);
}
private void createSecurityTemplate() {
final Client client = clientProvider.get();
try (InputStream is = getClass().getResourceAsStream("/" + SECURITY_TEMPLATE_NAME + ".json")) {
ByteArrayOutputStream out = new ByteArrayOutputStream();
Streams.copy(is, out);

5
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java
View File

@ -55,8 +55,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
bind(AuditTrailService.class).asEagerSingleton();
bind(AuditTrail.class).to(AuditTrailService.class);
Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
Set<String> uniqueOutputs = Sets.newHashSet(outputs);
for (String output : uniqueOutputs) {
for (String output : outputs) {
switch (output) {
case LoggingAuditTrail.NAME:
binder.addBinding().to(LoggingAuditTrail.class);
@ -67,7 +66,7 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
bind(IndexAuditTrail.class).asEagerSingleton();
break;
default:
throw new ElasticsearchException("unknown audit trail output [" + output + "]");
throw new IllegalArgumentException("unknown audit trail output [" + output + "]");
}
}
}

140
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java
View File

@ -19,6 +19,7 @@ import org.elasticsearch.action.index.IndexRequest;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.ClusterChangedEvent;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.ClusterStateListener;
@ -29,6 +30,7 @@ import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.inject.Provider;
import org.elasticsearch.common.io.Streams;
import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
@ -150,17 +152,15 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
private final AtomicReference<State> state = new AtomicReference<>(State.INITIALIZED);
private final String nodeName;
private final Provider<InternalClient> clientProvider;
private final Client client;
private final BlockingQueue<Message> eventQueue;
private final QueueConsumer queueConsumer;
private final Transport transport;
private final ThreadPool threadPool;
private final Lock putMappingLock = new ReentrantLock();
private final ClusterService clusterService;
private final boolean indexToRemoteCluster;
private BulkProcessor bulkProcessor;
private Client client;
private IndexNameResolver.Rollover rollover;
private String nodeHostName;
private String nodeHostAddress;
@ -172,11 +172,9 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
}
@Inject
public IndexAuditTrail(Settings settings, Transport transport,
Provider<InternalClient> clientProvider, ThreadPool threadPool, ClusterService clusterService) {
public IndexAuditTrail(Settings settings, InternalClient client, ThreadPool threadPool,
ClusterService clusterService) {
super(settings);
this.clientProvider = clientProvider;
this.transport = transport;
this.threadPool = threadPool;
this.clusterService = clusterService;
this.nodeName = settings.get("name");
@ -199,6 +197,13 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
}
this.indexToRemoteCluster = REMOTE_CLIENT_SETTINGS.get(settings).names().size() > 0;
if (indexToRemoteCluster == false) {
// in the absence of client settings for remote indexing, fall back to the client that was passed in.
this.client = client;
} else {
this.client = initializeRemoteClient(settings, logger);
}
}
public State state() {
@ -223,16 +228,6 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
*/
public synchronized boolean canStart(ClusterChangedEvent event, boolean master) {
if (indexToRemoteCluster) {
try {
if (client == null) {
initializeClient();
}
} catch (Exception e) {
logger.error("failed to initialize client for remote indexing. index based output is disabled", e);
state.set(State.FAILED);
return false;
}
ClusterStateResponse response = client.admin().cluster().prepareState().execute().actionGet();
return canStart(response.getState(), master);
}
@ -277,12 +272,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
*/
public void start(boolean master) {
if (state.compareAndSet(State.INITIALIZED, State.STARTING)) {
this.nodeHostName = transport.boundAddress().publishAddress().getHost();
this.nodeHostAddress = transport.boundAddress().publishAddress().getAddress();
if (client == null) {
initializeClient();
}
this.nodeHostName = clusterService.localNode().getHostName();
this.nodeHostAddress = clusterService.localNode().getHostAddress();
if (master) {
putTemplate(customAuditIndexSettings(settings));
@ -545,7 +536,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
Message msg = new Message().start();
common("transport", type, msg.builder);
originAttributes(message, msg.builder, transport, threadPool.getThreadContext());
originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext());
if (action != null) {
msg.builder.field(Field.ACTION, action);
@ -577,7 +568,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
Message msg = new Message().start();
common("transport", type, msg.builder);
originAttributes(message, msg.builder, transport, threadPool.getThreadContext());
originAttributes(message, msg.builder, clusterService.localNode(), threadPool.getThreadContext());
if (action != null) {
msg.builder.field(Field.ACTION, action);
@ -672,8 +663,8 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
return builder;
}
private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder, Transport transport, ThreadContext
threadContext) throws IOException {
private static XContentBuilder originAttributes(TransportMessage message, XContentBuilder builder,
DiscoveryNode localNode, ThreadContext threadContext) throws IOException {
// first checking if the message originated in a rest call
InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext);
@ -698,7 +689,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
// the call was originated locally on this node
builder.field(Field.ORIGIN_TYPE, "local_node");
builder.field(Field.ORIGIN_ADDRESS, transport.boundAddress().publishAddress().getAddress());
builder.field(Field.ORIGIN_ADDRESS, localNode.getHostAddress());
return builder;
}
@ -718,56 +709,51 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
return eventQueue.peek();
}
private void initializeClient() {
if (indexToRemoteCluster == false) {
// in the absence of client settings for remote indexing, fall back to the client that was passed in.
this.client = clientProvider.get();
} else {
Settings clientSettings = REMOTE_CLIENT_SETTINGS.get(settings);
String[] hosts = clientSettings.getAsArray("hosts");
if (hosts.length == 0) {
throw new ElasticsearchException("missing required setting " +
"[" + REMOTE_CLIENT_SETTINGS.getKey() + ".hosts] for remote audit log indexing");
}
if (clientSettings.get("cluster.name", "").isEmpty()) {
throw new ElasticsearchException("missing required setting " +
"[" + REMOTE_CLIENT_SETTINGS.getKey() + ".cluster.name] for remote audit log indexing");
}
List<Tuple<String, Integer>> hostPortPairs = new ArrayList<>();
for (String host : hosts) {
List<String> hostPort = Arrays.asList(host.trim().split(":"));
if (hostPort.size() != 1 && hostPort.size() != 2) {
logger.warn("invalid host:port specified: [{}] for setting [{}.hosts]", REMOTE_CLIENT_SETTINGS.getKey(), host);
}
hostPortPairs.add(new Tuple<>(hostPort.get(0), hostPort.size() == 2 ? Integer.valueOf(hostPort.get(1)) : 9300));
}
if (hostPortPairs.size() == 0) {
throw new ElasticsearchException("no valid host:port pairs specified for setting ["
+ REMOTE_CLIENT_SETTINGS.getKey() + ".hosts]");
}
final Settings theClientSetting = clientSettings.filter((s) -> s.startsWith("hosts") == false); // hosts is not a valid setting
final TransportClient transportClient = TransportClient.builder()
.settings(Settings.builder()
.put("node.name", DEFAULT_CLIENT_NAME + "-" + Node.NODE_NAME_SETTING.get(settings))
.put(theClientSetting))
.addPlugin(XPackPlugin.class)
.build();
for (Tuple<String, Integer> pair : hostPortPairs) {
try {
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(pair.v1()), pair.v2()));
} catch (UnknownHostException e) {
throw new ElasticsearchException("could not find host {}", e, pair.v1());
}
}
this.client = transportClient;
logger.info("forwarding audit events to remote cluster [{}] using hosts [{}]",
clientSettings.get("cluster.name", ""), hostPortPairs.toString());
private static Client initializeRemoteClient(Settings settings, ESLogger logger) {
Settings clientSettings = REMOTE_CLIENT_SETTINGS.get(settings);
String[] hosts = clientSettings.getAsArray("hosts");
if (hosts.length == 0) {
throw new ElasticsearchException("missing required setting " +
"[" + REMOTE_CLIENT_SETTINGS.getKey() + ".hosts] for remote audit log indexing");
}
if (clientSettings.get("cluster.name", "").isEmpty()) {
throw new ElasticsearchException("missing required setting " +
"[" + REMOTE_CLIENT_SETTINGS.getKey() + ".cluster.name] for remote audit log indexing");
}
List<Tuple<String, Integer>> hostPortPairs = new ArrayList<>();
for (String host : hosts) {
List<String> hostPort = Arrays.asList(host.trim().split(":"));
if (hostPort.size() != 1 && hostPort.size() != 2) {
logger.warn("invalid host:port specified: [{}] for setting [{}.hosts]", REMOTE_CLIENT_SETTINGS.getKey(), host);
}
hostPortPairs.add(new Tuple<>(hostPort.get(0), hostPort.size() == 2 ? Integer.valueOf(hostPort.get(1)) : 9300));
}
if (hostPortPairs.size() == 0) {
throw new ElasticsearchException("no valid host:port pairs specified for setting ["
+ REMOTE_CLIENT_SETTINGS.getKey() + ".hosts]");
}
final Settings theClientSetting = clientSettings.filter((s) -> s.startsWith("hosts") == false); // hosts is not a valid setting
final TransportClient transportClient = TransportClient.builder()
.settings(Settings.builder()
.put("node.name", DEFAULT_CLIENT_NAME + "-" + Node.NODE_NAME_SETTING.get(settings))
.put(theClientSetting))
.addPlugin(XPackPlugin.class)
.build();
for (Tuple<String, Integer> pair : hostPortPairs) {
try {
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getByName(pair.v1()), pair.v2()));
} catch (UnknownHostException e) {
throw new ElasticsearchException("could not find host {}", e, pair.v1());
}
}
logger.info("forwarding audit events to remote cluster [{}] using hosts [{}]",
clientSettings.get("cluster.name", ""), hostPortPairs.toString());
return transportClient;
}
Settings customAuditIndexSettings(Settings nodeSettings) {

252
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrail.java
View File

@ -5,6 +5,9 @@
*/
package org.elasticsearch.xpack.security.audit.logfile;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.component.AbstractComponent;
import org.elasticsearch.common.component.AbstractLifecycleComponent;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.component.LifecycleListener;
@ -44,7 +47,7 @@ import static org.elasticsearch.xpack.security.Security.setting;
/**
*
*/
public class LoggingAuditTrail extends AbstractLifecycleComponent implements AuditTrail {
public class LoggingAuditTrail extends AbstractComponent implements AuditTrail {
public static final String NAME = "logfile";
public static final Setting<Boolean> HOST_ADDRESS_SETTING =
@ -55,7 +58,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
Setting.boolSetting(setting("audit.logfile.prefix.emit_node_name"), true, Property.NodeScope);
private final ESLogger logger;
private final Transport transport;
private final ClusterService clusterService;
private final ThreadContext threadContext;
private String prefix;
@ -66,43 +69,22 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
}
@Inject
public LoggingAuditTrail(Settings settings, Transport transport, ThreadPool threadPool) {
this(settings, transport, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext());
public LoggingAuditTrail(Settings settings, ClusterService clusterService, ThreadPool threadPool) {
this(settings, clusterService, Loggers.getLogger(LoggingAuditTrail.class), threadPool.getThreadContext());
}
LoggingAuditTrail(Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) {
this("", settings, transport, logger, threadContext);
}
LoggingAuditTrail(String prefix, Settings settings, Transport transport, ESLogger logger, ThreadContext threadContext) {
LoggingAuditTrail(Settings settings, ClusterService clusterService, ESLogger logger, ThreadContext threadContext) {
super(settings);
this.logger = logger;
this.prefix = prefix;
this.transport = transport;
this.clusterService = clusterService;
this.threadContext = threadContext;
}
@Override
protected void doStart() {
if (transport.lifecycleState() == Lifecycle.State.STARTED) {
prefix = resolvePrefix(settings, transport);
} else {
transport.addLifecycleListener(new LifecycleListener() {
@Override
public void afterStart() {
prefix = resolvePrefix(settings, transport);
}
});
private String getPrefix() {
if (prefix == null) {
prefix = resolvePrefix(settings, clusterService.localNode());
}
}
@Override
protected void doStop() {
}
@Override
protected void doClose() {
return prefix;
}
@Override
@ -110,19 +92,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message,
transport, threadContext), action, indices);
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message,
transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [anonymous_access_denied]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName());
} else {
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", prefix, originAttributes(message, transport,
threadContext), action);
logger.warn("{}[transport] [anonymous_access_denied]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -130,10 +113,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void anonymousAccessDenied(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request
.uri(), restRequestContent(request));
logger.debug("{}[rest] [anonymous_access_denied]\t{}, uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), request.uri(), restRequestContent(request));
} else {
logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.warn("{}[rest] [anonymous_access_denied]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -143,19 +126,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]",
prefix, originAttributes(message, transport, threadContext), token.principal(), action, indices, message.getClass
().getSimpleName());
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), token.principal(),
action, indices, message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), token.principal(), action, indices);
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), token.principal(), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", prefix, originAttributes(message,
transport, threadContext), token.principal(), action);
logger.error("{}[transport] [authentication_failed]\t{}, principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), token.principal(), action);
}
}
}
@ -163,10 +147,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request
.uri(), restRequestContent(request));
logger.debug("{}[rest] [authentication_failed]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request),
request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.error("{}[rest] [authentication_failed]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -175,19 +159,20 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", prefix, originAttributes(message,
transport, threadContext), action, indices);
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", prefix, originAttributes(message,
transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [authentication_failed]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", prefix, originAttributes(message, transport,
threadContext), action);
logger.error("{}[transport] [authentication_failed]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -195,11 +180,11 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(AuthenticationToken token, RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix, hostAttributes
(request), token.principal(), request.uri(), restRequestContent(request));
logger.debug("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", prefix, hostAttributes(request), token
.principal(), request.uri());
logger.error("{}[rest] [authentication_failed]\t{}, principal=[{}], uri=[{}]", getPrefix(), hostAttributes(request),
token.principal(), request.uri());
}
}
@ -209,12 +194,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], indices=[{}], " +
"request=[{}]", prefix, realm, originAttributes(message, transport, threadContext), token.principal(), action,
indices, message.getClass().getSimpleName());
"request=[{}]", getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext),
token.principal(), action, indices, message.getClass().getSimpleName());
} else {
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]", prefix,
realm, originAttributes(message, transport, threadContext), token.principal(), action, message.getClass()
.getSimpleName());
logger.trace("{}[transport] [authentication_failed]\trealm=[{}], {}, principal=[{}], action=[{}], request=[{}]",
getPrefix(), realm, originAttributes(message, clusterService.localNode(), threadContext), token.principal(),
action, message.getClass().getSimpleName());
}
}
}
@ -222,8 +207,8 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) {
if (logger.isTraceEnabled()) {
logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", prefix, realm,
hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
logger.trace("{}[rest] [authentication_failed]\trealm=[{}], {}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
realm, hostAttributes(request), token.principal(), request.uri(), restRequestContent(request));
}
}
@ -235,12 +220,12 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if ((SystemUser.is(user) && SystemPrivilege.INSTANCE.predicate().test(action)) || XPackUser.is(user)) {
if (logger.isTraceEnabled()) {
if (indices != null) {
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action,
logger.trace("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
}
}
@ -249,20 +234,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices);
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [access_granted]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action);
logger.info("{}[transport] [access_granted]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -272,20 +258,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, indices);
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [access_denied]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), principal(user), action);
logger.error("{}[transport] [access_denied]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -293,10 +280,10 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void tamperedRequest(RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", prefix, hostAttributes(request), request.uri(),
restRequestContent(request));
logger.debug("{}[rest] [tampered_request]\t{}, uri=[{}], request_body=[{}]", getPrefix(), hostAttributes(request),
request.uri(), restRequestContent(request));
} else {
logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", prefix, hostAttributes(request), request.uri());
logger.error("{}[rest] [tampered_request]\t{}, uri=[{}]", getPrefix(), hostAttributes(request), request.uri());
}
}
@ -305,19 +292,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(message);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices, message.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", prefix,
originAttributes(message, transport, threadContext), action, indices);
logger.error("{}[transport] [tampered_request]\t{}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), action, message.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, action=[{}], request=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action,
message.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", prefix,
originAttributes(message, transport, threadContext), action);
logger.error("{}[transport] [tampered_request]\t{}, action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), action);
}
}
}
@ -327,20 +316,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
String indices = indicesString(request);
if (indices != null) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, indices,
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}], request=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices,
request.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, indices);
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}], indices=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action, indices);
}
} else {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action, request.getClass().getSimpleName());
logger.debug("{}[transport] [tampered_request]\t{}, {}, action=[{}], request=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action,
request.getClass().getSimpleName());
} else {
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", prefix,
originAttributes(request, transport, threadContext), principal(user), action);
logger.error("{}[transport] [tampered_request]\t{}, {}, action=[{}]", getPrefix(),
originAttributes(request, clusterService.localNode(), threadContext), principal(user), action);
}
}
}
@ -348,48 +338,50 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
@Override
public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
if (logger.isTraceEnabled()) {
logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
logger.trace("{}[ip_filter] [connection_granted]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(),
NetworkAddress.format(inetAddress), profile, rule);
}
}
@Override
public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", prefix,
logger.error("{}[ip_filter] [connection_denied]\torigin_address=[{}], transport_profile=[{}], rule=[{}]", getPrefix(),
NetworkAddress.format(inetAddress), profile, rule);
}
@Override
public void runAsGranted(User user, String action, TransportMessage message) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action,
message.getClass().getSimpleName());
logger.debug("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]",
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action, message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action);
logger.info("{}[transport] [run_as_granted]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action);
}
}
@Override
public void runAsDenied(User user, String action, TransportMessage message) {
if (logger.isDebugEnabled()) {
logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action,
message.getClass().getSimpleName());
logger.debug("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}], request=[{}]",
getPrefix(), originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action, message.getClass().getSimpleName());
} else {
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", prefix,
originAttributes(message, transport, threadContext), user.principal(), user.runAs().principal(), action);
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], run_as_principal=[{}], action=[{}]", getPrefix(),
originAttributes(message, clusterService.localNode(), threadContext), user.principal(),
user.runAs().principal(), action);
}
}
@Override
public void runAsDenied(User user, RestRequest request) {
if (logger.isDebugEnabled()) {
logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", prefix,
logger.debug("{}[rest] [run_as_denied]\t{}, principal=[{}], uri=[{}], request_body=[{}]", getPrefix(),
hostAttributes(request), user.principal(), request.uri(), restRequestContent(request));
} else {
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", prefix,
logger.info("{}[transport] [run_as_denied]\t{}, principal=[{}], uri=[{}]", getPrefix(),
hostAttributes(request), user.principal(), request.uri());
}
}
@ -405,7 +397,7 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
return "origin_address=[" + formattedAddress + "]";
}
static String originAttributes(TransportMessage message, Transport transport, ThreadContext threadContext) {
static String originAttributes(TransportMessage message, DiscoveryNode localNode, ThreadContext threadContext) {
StringBuilder builder = new StringBuilder();
// first checking if the message originated in a rest call
@ -433,21 +425,21 @@ public class LoggingAuditTrail extends AbstractLifecycleComponent implements Aud
// the call was originated locally on this node
return builder.append("origin_type=[local_node], origin_address=[")
.append(transport.boundAddress().publishAddress().getAddress())
.append(localNode.getHostAddress())
.append("]")
.toString();
}
static String resolvePrefix(Settings settings, Transport transport) {
static String resolvePrefix(Settings settings, DiscoveryNode localNode) {
StringBuilder builder = new StringBuilder();
if (HOST_ADDRESS_SETTING.get(settings)) {
String address = transport.boundAddress().publishAddress().getAddress();
String address = localNode.getHostAddress();
if (address != null) {
builder.append("[").append(address).append("] ");
}
}
if (HOST_NAME_SETTING.get(settings)) {
String hostName = transport.boundAddress().publishAddress().getHost();
String hostName = localNode.getHostName();
if (hostName != null) {
builder.append("[").append(hostName).append("] ");
}

2
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/Authentication.java
View File

@ -93,7 +93,7 @@ public class Authentication {
return authentication;
}
void writeToContextIfMissing(ThreadContext context, CryptoService cryptoService, boolean sign)
public void writeToContextIfMissing(ThreadContext context, CryptoService cryptoService, boolean sign)
throws IOException, IllegalArgumentException {
if (context.getTransient(AUTHENTICATION_KEY) != null) {
if (context.getHeader(AUTHENTICATION_KEY) == null) {

9
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java
View File

@ -114,20 +114,19 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
private final Hasher hasher = Hasher.BCRYPT;
private final List<ChangeListener> listeners = new CopyOnWriteArrayList<>();
private final AtomicReference<State> state = new AtomicReference<>(State.INITIALIZED);
private final Provider<InternalClient> clientProvider;
private final InternalClient client;
private final ThreadPool threadPool;
private SelfReschedulingRunnable userPoller;
private Client client;
private int scrollSize;
private TimeValue scrollKeepAlive;
private volatile boolean securityIndexExists = false;
@Inject
public NativeUsersStore(Settings settings, Provider<InternalClient> clientProvider, ThreadPool threadPool) {
public NativeUsersStore(Settings settings, InternalClient client, ThreadPool threadPool) {
super(settings);
this.clientProvider = clientProvider;
this.client = client;
this.threadPool = threadPool;
}
@ -526,7 +525,6 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
public void start() {
try {
if (state.compareAndSet(State.INITIALIZED, State.STARTING)) {
this.client = clientProvider.get();
this.scrollSize = SCROLL_SIZE_SETTING.get(settings);
this.scrollKeepAlive = SCROLL_KEEP_ALIVE_SETTING.get(settings);
@ -703,7 +701,6 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
throw new IllegalStateException("can only reset if stopped!!!");
}
this.listeners.clear();
this.client = null;
this.securityIndexExists = false;
this.state.set(State.INITIALIZED);
}

16
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/pki/PkiRealm.java
View File

@ -18,8 +18,8 @@ import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.RealmConfig;
import org.elasticsearch.xpack.security.authc.support.DnRoleMapper;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.watcher.ResourceWatcherService;
import javax.net.ssl.TrustManager;
@ -195,16 +195,16 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
static void checkSSLEnabled(RealmConfig config, ESLogger logger) {
Settings settings = config.globalSettings();
final boolean httpSsl = SecurityNettyHttpServerTransport.SSL_SETTING.get(settings);
final boolean httpClientAuth = SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
final boolean httpSsl = SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings);
final boolean httpClientAuth = SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
// HTTP
if (httpSsl && httpClientAuth) {
return;
}
// Default Transport
final boolean ssl = SecurityNettyTransport.SSL_SETTING.get(settings);
final SSLClientAuth clientAuth = SecurityNettyTransport.CLIENT_AUTH_SETTING.get(settings);
final boolean ssl = SecurityNetty3Transport.SSL_SETTING.get(settings);
final SSLClientAuth clientAuth = SecurityNetty3Transport.CLIENT_AUTH_SETTING.get(settings);
if (ssl && clientAuth.enabled()) {
return;
}
@ -213,8 +213,8 @@ public class PkiRealm extends Realm<X509AuthenticationToken> {
Map<String, Settings> groupedSettings = settings.getGroups("transport.profiles.");
for (Map.Entry<String, Settings> entry : groupedSettings.entrySet()) {
Settings profileSettings = entry.getValue().getByPrefix(Security.settingPrefix());
if (SecurityNettyTransport.profileSsl(profileSettings, settings)
&& SecurityNettyTransport.CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled()) {
if (SecurityNetty3Transport.profileSsl(profileSettings, settings)
&& SecurityNetty3Transport.CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled()) {
return;
}
}

9
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
View File

@ -105,12 +105,11 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
public static final String ROLE_DOC_TYPE = "role";
private final Provider<InternalClient> clientProvider;
private final InternalClient client;
private final ThreadPool threadPool;
private final AtomicReference<State> state = new AtomicReference<>(State.INITIALIZED);
private final ConcurrentHashMap<String, RoleAndVersion> roleCache = new ConcurrentHashMap<>();
private Client client;
private SecurityClient securityClient;
private int scrollSize;
private TimeValue scrollKeepAlive;
@ -119,9 +118,9 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
private volatile boolean securityIndexExists = false;
@Inject
public NativeRolesStore(Settings settings, Provider<InternalClient> clientProvider, ThreadPool threadPool) {
public NativeRolesStore(Settings settings, InternalClient client, ThreadPool threadPool) {
super(settings);
this.clientProvider = clientProvider;
this.client = client;
this.threadPool = threadPool;
}
@ -150,7 +149,6 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
public void start() {
try {
if (state.compareAndSet(State.INITIALIZED, State.STARTING)) {
this.client = clientProvider.get();
this.securityClient = new SecurityClient(client);
this.scrollSize = SCROLL_SIZE_SETTING.get(settings);
this.scrollKeepAlive = SCROLL_KEEP_ALIVE_SETTING.get(settings);
@ -501,7 +499,6 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
throw new IllegalStateException("can only reset if stopped!!!");
}
this.roleCache.clear();
this.client = null;
this.securityIndexExists = false;
this.state.set(State.INITIALIZED);
}

12
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/rest/SecurityRestFilter.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.logging.ESLogger;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.http.netty.NettyHttpRequest;
import org.elasticsearch.http.netty3.Netty3HttpRequest;
import org.elasticsearch.rest.RestChannel;
import org.elasticsearch.rest.RestController;
import org.elasticsearch.rest.RestFilter;
@ -20,7 +20,7 @@ import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.xpack.security.authc.AuthenticationService;
import org.elasticsearch.xpack.security.authc.pki.PkiRealm;
import org.elasticsearch.xpack.security.SecurityLicenseState;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.threadpool.ThreadPool;
import org.jboss.netty.handler.ssl.SslHandler;
@ -46,8 +46,8 @@ public class SecurityRestFilter extends RestFilter {
this.licenseState = licenseState;
this.threadContext = threadPool.getThreadContext();
controller.registerFilter(this);
boolean ssl = SecurityNettyHttpServerTransport.SSL_SETTING.get(settings);
extractClientCertificate = ssl && SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
boolean ssl = SecurityNetty3HttpServerTransport.SSL_SETTING.get(settings);
extractClientCertificate = ssl && SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.get(settings).enabled();
logger = Loggers.getLogger(getClass(), settings);
}
@ -75,8 +75,8 @@ public class SecurityRestFilter extends RestFilter {
}
static void putClientCertificateInContext(RestRequest request, ThreadContext threadContext, ESLogger logger) throws Exception {
assert request instanceof NettyHttpRequest;
NettyHttpRequest nettyHttpRequest = (NettyHttpRequest) request;
assert request instanceof Netty3HttpRequest;
Netty3HttpRequest nettyHttpRequest = (Netty3HttpRequest) request;
SslHandler handler = nettyHttpRequest.getChannel().getPipeline().get(SslHandler.class);
assert handler != null;

12
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java
View File

@ -15,7 +15,7 @@ import org.elasticsearch.xpack.security.authz.AuthorizationService;
import org.elasticsearch.xpack.security.authz.AuthorizationUtils;
import org.elasticsearch.xpack.security.authz.accesscontrol.RequestContext;
import org.elasticsearch.xpack.security.SecurityLicenseState;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
@ -34,9 +34,9 @@ import java.util.HashMap;
import java.util.Map;
import java.util.function.Supplier;
import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.CLIENT_AUTH_SETTING;
import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING;
import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.SSL_SETTING;
import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.CLIENT_AUTH_SETTING;
import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING;
import static org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport.SSL_SETTING;
public class SecurityServerTransportService extends TransportService {
@ -110,7 +110,7 @@ public class SecurityServerTransportService extends TransportService {
}
protected Map<String, ServerTransportFilter> initializeProfileFilters() {
if (!(transport instanceof SecurityNettyTransport)) {
if (!(transport instanceof SecurityNetty3Transport)) {
return Collections.<String, ServerTransportFilter>singletonMap(TransportSettings.DEFAULT_PROFILE,
new ServerTransportFilter.NodeProfile(authcService, authzService, actionMapper, threadPool.getThreadContext(), false));
}
@ -120,7 +120,7 @@ public class SecurityServerTransportService extends TransportService {
for (Map.Entry<String, Settings> entry : profileSettingsMap.entrySet()) {
Settings profileSettings = entry.getValue();
final boolean profileSsl = SecurityNettyTransport.profileSsl(profileSettings, settings);
final boolean profileSsl = SecurityNetty3Transport.profileSsl(profileSettings, settings);
final boolean clientAuth = PROFILE_CLIENT_AUTH_SETTING.get(profileSettings, settings).enabled();
final boolean extractClientCert = profileSsl && clientAuth;
String type = entry.getValue().get(SETTING_NAME, "node");

4
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandler.java → elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandler.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.logging.ESLogger;
import org.jboss.netty.channel.ChannelFuture;
@ -27,7 +27,7 @@ import java.util.Queue;
* itself from the pipeline.
*
* NOTE: This class assumes that the transport will not use a closed channel again or attempt to reconnect, which
* is the way that NettyTransport currently works
* is the way that Netty3Transport currently works
*/
public class HandshakeWaitingHandler extends SimpleChannelHandler {

6
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandler.java → elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandler.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.jboss.netty.channel.ChannelEvent;
@ -17,12 +17,12 @@ import java.net.InetSocketAddress;
*
*/
@ChannelHandler.Sharable
public class IPFilterNettyUpstreamHandler extends IpFilteringHandlerImpl {
public class IPFilterNetty3UpstreamHandler extends IpFilteringHandlerImpl {
private final IPFilter filter;
private final String profile;
public IPFilterNettyUpstreamHandler(IPFilter filter, String profile) {
public IPFilterNetty3UpstreamHandler(IPFilter filter, String profile) {
this.filter = filter;
this.profile = profile;
}

17
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransport.java → elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransport.java
View File

@ -3,17 +3,15 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Setting;
import org.elasticsearch.common.settings.Setting.Property;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.http.netty.NettyHttpServerTransport;
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
import org.elasticsearch.http.netty3.Netty3HttpServerTransport;
import org.elasticsearch.xpack.security.ssl.ServerSSLService;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
@ -26,7 +24,6 @@ import org.jboss.netty.handler.ssl.SslHandler;
import javax.net.ssl.SSLEngine;
import java.util.Collections;
import java.util.List;
import static org.elasticsearch.http.HttpTransportSettings.SETTING_HTTP_COMPRESSION;
@ -37,7 +34,7 @@ import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNo
/**
*
*/
public class SecurityNettyHttpServerTransport extends NettyHttpServerTransport {
public class SecurityNetty3HttpServerTransport extends Netty3HttpServerTransport {
public static final boolean SSL_DEFAULT = false;
public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.NO.name();
@ -55,8 +52,8 @@ public class SecurityNettyHttpServerTransport extends NettyHttpServerTransport {
private final Settings sslSettings;
@Inject
public SecurityNettyHttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter,
ServerSSLService sslService, ThreadPool threadPool) {
public SecurityNetty3HttpServerTransport(Settings settings, NetworkService networkService, BigArrays bigArrays, IPFilter ipFilter,
ServerSSLService sslService, ThreadPool threadPool) {
super(settings, networkService, bigArrays, threadPool);
this.ipFilter = ipFilter;
this.ssl = SSL_SETTING.get(settings);
@ -109,7 +106,7 @@ public class SecurityNettyHttpServerTransport extends NettyHttpServerTransport {
private final SSLClientAuth clientAuth;
public HttpSslChannelPipelineFactory(NettyHttpServerTransport transport) {
public HttpSslChannelPipelineFactory(Netty3HttpServerTransport transport) {
super(transport, detailedErrorsEnabled, threadPool.getThreadContext());
clientAuth = CLIENT_AUTH_SETTING.get(settings);
}
@ -124,7 +121,7 @@ public class SecurityNettyHttpServerTransport extends NettyHttpServerTransport {
pipeline.addFirst("ssl", new SslHandler(engine));
}
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(ipFilter, IPFilter.HTTP_PROFILE_NAME));
pipeline.addFirst("ipfilter", new IPFilterNetty3UpstreamHandler(ipFilter, IPFilter.HTTP_PROFILE_NAME));
return pipeline;
}
}

23
elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransport.java → elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3Transport.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.SuppressForbidden;
import org.elasticsearch.common.inject.Inject;
@ -20,7 +20,7 @@ import org.elasticsearch.xpack.security.ssl.ServerSSLService;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.netty.NettyTransport;
import org.elasticsearch.transport.netty3.Netty3Transport;
import org.jboss.netty.channel.Channel;
import org.jboss.netty.channel.ChannelHandlerContext;
import org.jboss.netty.channel.ChannelPipeline;
@ -41,10 +41,7 @@ import static org.elasticsearch.xpack.security.Security.settingPrefix;
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isCloseDuringHandshakeException;
import static org.elasticsearch.xpack.security.transport.SSLExceptionHelper.isNotSslRecordException;
/**
*
*/
public class SecurityNettyTransport extends NettyTransport {
public class SecurityNetty3Transport extends Netty3Transport {
public static final String CLIENT_AUTH_DEFAULT = SSLClientAuth.REQUIRED.name();
public static final boolean SSL_DEFAULT = false;
@ -82,10 +79,10 @@ public class SecurityNettyTransport extends NettyTransport {
private final boolean ssl;
@Inject
public SecurityNettyTransport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
@Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService,
ClientSSLService clientSSLService, NamedWriteableRegistry namedWriteableRegistry,
CircuitBreakerService circuitBreakerService) {
public SecurityNetty3Transport(Settings settings, ThreadPool threadPool, NetworkService networkService, BigArrays bigArrays,
@Nullable IPFilter authenticator, @Nullable ServerSSLService serverSSLService,
ClientSSLService clientSSLService, NamedWriteableRegistry namedWriteableRegistry,
CircuitBreakerService circuitBreakerService) {
super(settings, threadPool, networkService, bigArrays, namedWriteableRegistry, circuitBreakerService);
this.authenticator = authenticator;
this.ssl = SSL_SETTING.get(settings);
@ -148,7 +145,7 @@ public class SecurityNettyTransport extends NettyTransport {
private final Settings profileSettings;
public SslServerChannelPipelineFactory(NettyTransport nettyTransport, String name, Settings settings, Settings profileSettings) {
public SslServerChannelPipelineFactory(Netty3Transport nettyTransport, String name, Settings settings, Settings profileSettings) {
super(nettyTransport, name, settings);
this.profileSettings = profileSettings;
}
@ -172,7 +169,7 @@ public class SecurityNettyTransport extends NettyTransport {
pipeline.addFirst("ssl", new SslHandler(serverEngine));
}
if (authenticator != null) {
pipeline.addFirst("ipfilter", new IPFilterNettyUpstreamHandler(authenticator, name));
pipeline.addFirst("ipfilter", new IPFilterNetty3UpstreamHandler(authenticator, name));
}
return pipeline;
}
@ -180,7 +177,7 @@ public class SecurityNettyTransport extends NettyTransport {
private class SslClientChannelPipelineFactory extends ClientChannelPipelineFactory {
public SslClientChannelPipelineFactory(NettyTransport transport) {
public SslClientChannelPipelineFactory(Netty3Transport transport) {
super(transport);
}

14
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/http/netty/NettyHttpMockUtil.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/http/netty3/Netty3HttpMockUtil.java
View File

@ -3,20 +3,20 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.http.netty;
package org.elasticsearch.http.netty3;
import org.elasticsearch.transport.netty.OpenChannelsHandler;
import org.elasticsearch.transport.netty3.Netty3OpenChannelsHandler;
import static org.mockito.Mockito.mock;
/** Allows setting a mock into NettyHttpServerTransport */
public class NettyHttpMockUtil {
/** Allows setting a mock into Netty3HttpServerTransport */
public class Netty3HttpMockUtil {
/**
* We don't really need to start Netty for these tests, but we can't create a pipeline
* with a null handler. So we set it to a mock for tests.
*/
public static void setOpenChannelsHandlerToMock(NettyHttpServerTransport transport) throws Exception {
transport.serverOpenChannels = mock(OpenChannelsHandler.class);
public static void setOpenChannelsHandlerToMock(Netty3HttpServerTransport transport) throws Exception {
transport.serverOpenChannels = mock(Netty3OpenChannelsHandler.class);
}
}

4
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.junit.Before;
@ -137,7 +137,7 @@ public class IndexPrivilegeTests extends AbstractPrivilegeTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

4
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/LicensingTests.java
View File

@ -42,7 +42,7 @@ import org.elasticsearch.rest.RestStatus;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.graph.GraphLicensee;
import org.elasticsearch.xpack.monitoring.MonitoringLicensee;
@ -124,7 +124,7 @@ public class LicensingTests extends SecurityIntegTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

4
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ldap/AbstractAdLdapRealmTestCase.java
View File

@ -15,7 +15,7 @@ import org.elasticsearch.xpack.security.authc.activedirectory.ActiveDirectoryRea
import org.elasticsearch.xpack.security.authc.ldap.LdapRealm;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.junit.AfterClass;
import org.junit.BeforeClass;
@ -166,7 +166,7 @@ public abstract class AbstractAdLdapRealmTestCase extends SecurityIntegTestCase
return Settings.builder()
.put("xpack.security.ssl.keystore.path", store)
.put("xpack.security.ssl.keystore.password", password)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
.put("xpack.security.ssl.truststore.path", store)
.put("xpack.security.ssl.truststore.password", password).build();
}

9
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecurityIntegTestCase.java
View File

@ -16,17 +16,14 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.transport.MockTcpTransportPlugin;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.test.ESIntegTestCase.SuppressLocalMode;
import org.elasticsearch.test.transport.AssertingLocalTransport;
import org.elasticsearch.test.transport.MockTransportService;
import org.elasticsearch.xpack.XPackClient;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
@ -37,10 +34,8 @@ import java.net.InetSocketAddress;
import java.nio.file.Path;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.stream.Collectors;
@ -367,7 +362,7 @@ public abstract class SecurityIntegTestCase extends ESIntegTestCase {
final List<NodeInfo> nodes = nodeInfos.getNodes();
assertTrue("there is at least one node", nodes.size() > 0);
NodeInfo ni = randomFrom(nodes);
useSSL = SecurityNettyHttpServerTransport.SSL_SETTING.get(ni.getSettings());
useSSL = SecurityNetty3HttpServerTransport.SSL_SETTING.get(ni.getSettings());
TransportAddress publishAddress = ni.getHttp().address().publishAddress();
assertEquals(1, publishAddress.uniqueAddressTypeId());
InetSocketAddress address = ((InetSocketTransportAddress) publishAddress).address();

29
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/test/SecuritySettingsSource.java
View File

@ -10,7 +10,8 @@ import org.elasticsearch.common.Strings;
import org.elasticsearch.common.io.PathUtils;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.concurrent.ThreadContext;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.discovery.DiscoveryModule;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.monitoring.Monitoring;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.ESIntegTestCase.Scope;
@ -24,8 +25,8 @@ import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.test.SecurityTestUtils;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.test.discovery.ClusterDiscoveryConfiguration;
import org.elasticsearch.xpack.watcher.Watcher;
import org.elasticsearch.xpack.XPackPlugin;
@ -53,7 +54,7 @@ import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.UnicastZen {
public static final Settings DEFAULT_SETTINGS = Settings.builder()
.put("node.mode", "network")
.put(DiscoveryModule.DISCOVERY_TYPE_SETTING.getKey(), "zen")
.build();
public static final String DEFAULT_USER_NAME = "test_user";
@ -161,7 +162,7 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
@Override
public Collection<Class<? extends Plugin>> nodePlugins() {
return Arrays.asList(xpackPluginClass(), MockNettyPlugin.class);
return Arrays.asList(xpackPluginClass(), MockNetty3Plugin.class);
}
@Override
@ -258,18 +259,18 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
Path store = resolveResourcePath(resourcePathToStore);
final String sslEnabledSetting =
randomFrom(SecurityNettyTransport.SSL_SETTING.getKey(), SecurityNettyTransport.DEPRECATED_SSL_SETTING.getKey());
randomFrom(SecurityNetty3Transport.SSL_SETTING.getKey(), SecurityNetty3Transport.DEPRECATED_SSL_SETTING.getKey());
Settings.Builder builder = Settings.builder().put(sslEnabledSetting, sslTransportEnabled);
if (transportClient == false) {
builder.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false);
builder.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false);
}
if (sslTransportEnabled) {
builder.put("xpack.security.ssl.keystore.path", store)
.put("xpack.security.ssl.keystore.password", password)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), hostnameVerificationEnabled)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), hostnameVerificationEnabled)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
hostnameVerificationResolveNameEnabled);
}
@ -286,20 +287,20 @@ public class SecuritySettingsSource extends ClusterDiscoveryConfiguration.Unicas
boolean transportClient) {
Settings.Builder builder = Settings.builder();
final String sslEnabledSetting =
randomFrom(SecurityNettyTransport.SSL_SETTING.getKey(), SecurityNettyTransport.DEPRECATED_SSL_SETTING.getKey());
randomFrom(SecurityNetty3Transport.SSL_SETTING.getKey(), SecurityNetty3Transport.DEPRECATED_SSL_SETTING.getKey());
builder.put(sslEnabledSetting, sslTransportEnabled);
if (transportClient == false) {
builder.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false);
builder.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false);
}
if (sslTransportEnabled) {
builder.put("xpack.security.ssl.key.path", resolveResourcePath(keyPath))
.put("xpack.security.ssl.key.password", password)
.put("xpack.security.ssl.cert", Strings.arrayToCommaDelimitedString(resolvePathsToString(certificateFiles)))
.put(randomFrom(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(),
SecurityNettyTransport.DEPRECATED_HOSTNAME_VERIFICATION_SETTING.getKey()), hostnameVerificationEnabled)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
.put(randomFrom(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(),
SecurityNetty3Transport.DEPRECATED_HOSTNAME_VERIFICATION_SETTING.getKey()), hostnameVerificationEnabled)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(),
hostnameVerificationResolveNameEnabled);
if (trustedCertificates.isEmpty() == false) {

10
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/netty/NettyMockUtil.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/transport/netty3/Netty3MockUtil.java
View File

@ -3,17 +3,17 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.transport.netty;
package org.elasticsearch.transport.netty3;
import static org.mockito.Mockito.mock;
/** Allows setting a mock into NettyTransport */
public class NettyMockUtil {
/** Allows setting a mock into Netty3Transport */
public class Netty3MockUtil {
/**
* We don't really need to start Netty for these tests, but we can't create a pipeline
* with a null handler. So we set it to a mock for tests.
*/
public static void setOpenChannelsHandlerToMock(NettyTransport transport) throws Exception {
transport.serverOpenChannels = mock(OpenChannelsHandler.class);
public static void setOpenChannelsHandlerToMock(Netty3Transport transport) throws Exception {
transport.serverOpenChannels = mock(Netty3OpenChannelsHandler.class);
}
}

15
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java
View File

@ -8,16 +8,16 @@ package org.elasticsearch.xpack.security;
import org.elasticsearch.common.collect.MapBuilder;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.security.audit.AuditTrailService;
import org.elasticsearch.xpack.security.authc.Realm;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.XPackFeatureSet;
import org.elasticsearch.xpack.security.authz.store.RolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
import org.junit.Before;
@ -37,9 +37,6 @@ import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
/**
*
*/
public class SecurityFeatureSetTests extends ESTestCase {
private Settings settings;
@ -116,9 +113,9 @@ public class SecurityFeatureSetTests extends ESTestCase {
settings.put("xpack.security.enabled", enabled);
final boolean httpSSLEnabled = randomBoolean();
settings.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), httpSSLEnabled);
settings.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), httpSSLEnabled);
final boolean transportSSLEnabled = randomBoolean();
settings.put(SecurityNettyTransport.SSL_SETTING.getKey(), transportSSLEnabled);
settings.put(SecurityNetty3Transport.SSL_SETTING.getKey(), transportSSLEnabled);
final boolean auditingEnabled = randomBoolean();
final String[] auditOutputs = randomFrom(new String[] {"logfile"}, new String[] {"index"}, new String[] {"logfile", "index"});
when(auditTrail.usageStats())

9
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginEnabledDisabledTests.java
View File

@ -8,12 +8,12 @@ package org.elasticsearch.xpack.security;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.integration.LicensingTests;
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.hamcrest.Matcher;
import org.junit.After;
import org.junit.BeforeClass;
@ -21,9 +21,6 @@ import org.junit.BeforeClass;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.not;
/**
*
*/
public class SecurityPluginEnabledDisabledTests extends SecurityIntegTestCase {
private static boolean enabled;
@ -72,7 +69,7 @@ public class SecurityPluginEnabledDisabledTests extends SecurityIntegTestCase {
assertThat(service, matcher);
}
for (Transport transport : internalCluster().getInstances(Transport.class)) {
Matcher<Transport> matcher = instanceOf(SecurityNettyTransport.class);
Matcher<Transport> matcher = instanceOf(SecurityNetty3Transport.class);
if (!enabled) {
matcher = not(matcher);
}

96
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java
View File

@ -5,92 +5,46 @@
*/
package org.elasticsearch.xpack.security.audit;
import org.elasticsearch.common.inject.Guice;
import org.elasticsearch.common.inject.Injector;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.inject.ModuleTestCase;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.settings.SettingsModule;
import org.elasticsearch.indices.breaker.CircuitBreakerService;
import org.elasticsearch.node.Node;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.local.LocalTransport;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import static org.hamcrest.Matchers.instanceOf;
import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.notNullValue;
public class AuditTrailModuleTests extends ModuleTestCase {
public class AuditTrailModuleTests extends ESTestCase {
public void testEnabled() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node")
.put(AuditTrailModule.ENABLED_SETTING.getKey(), false)
.build();
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
Injector injector = Guice.createInjector(settingsModule, new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, is(AuditTrail.NOOP));
Settings settings = Settings.builder().put(AuditTrailModule.ENABLED_SETTING.getKey(), true).build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBinding(module, AuditTrail.class, AuditTrailService.class);
assertSetMultiBinding(module, AuditTrail.class, LoggingAuditTrail.class);
}
public void testDisabledByDefault() throws Exception {
Settings settings = Settings.builder()
.put("client.type", "node").build();
Injector injector = Guice.createInjector(new SettingsModule(settings), new AuditTrailModule(settings));
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, is(AuditTrail.NOOP));
AuditTrailModule module = new AuditTrailModule(Settings.EMPTY);
assertInstanceBinding(module, AuditTrail.class, x -> x == AuditTrail.NOOP);
}
public void testLogfile() throws Exception {
public void testIndexAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put("client.type", "node")
.build();
ThreadPool pool = new TestThreadPool("testLogFile");
try {
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING);
Injector injector = Guice.createInjector(
settingsModule,
new NetworkModule(new NetworkService(settings), settings, false, new NamedWriteableRegistry()) {
@Override
protected void configure() {
bind(Transport.class).to(LocalTransport.class).asEagerSingleton();
}
},
new AuditTrailModule(settings),
b -> {
b.bind(CircuitBreakerService.class).toInstance(Node.createCircuitBreakerService(settingsModule.getSettings(),
settingsModule.getClusterSettings()));
b.bind(ThreadPool.class).toInstance(pool);
}
);
AuditTrail auditTrail = injector.getInstance(AuditTrail.class);
assertThat(auditTrail, instanceOf(AuditTrailService.class));
AuditTrailService service = (AuditTrailService) auditTrail;
assertThat(service.auditTrails, notNullValue());
assertThat(service.auditTrails.length, is(1));
assertThat(service.auditTrails[0], instanceOf(LoggingAuditTrail.class));
} finally {
pool.shutdown();
}
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class);
}
public void testIndexAndLoggingAuditTrail() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "index,logfile").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertSetMultiBinding(module, AuditTrail.class, IndexAuditTrail.class, LoggingAuditTrail.class);
}
public void testUnknownOutput() throws Exception {
Settings settings = Settings.builder()
.put(AuditTrailModule.ENABLED_SETTING.getKey(), true)
.put(AuditTrailModule.OUTPUTS_SETTING.getKey() , "foo")
.put("client.type", "node")
.build();
SettingsModule settingsModule = new SettingsModule(settings, AuditTrailModule.ENABLED_SETTING, AuditTrailModule.OUTPUTS_SETTING);
try {
Guice.createInjector(settingsModule, new AuditTrailModule(settings));
fail("Expect initialization to fail when an unknown audit trail output is configured");
} catch (Exception e) {
// expected
}
.put(AuditTrailModule.OUTPUTS_SETTING.getKey(), "foo").build();
AuditTrailModule module = new AuditTrailModule(settings);
assertBindingFailure(module, "unknown audit trail output [foo]");
}
}

32
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java
View File

@ -5,6 +5,11 @@
*/
package org.elasticsearch.xpack.security.audit.index;
import java.net.InetAddress;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.atomic.AtomicBoolean;
import org.elasticsearch.action.Action;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.ActionRequest;
@ -13,17 +18,14 @@ import org.elasticsearch.action.ActionResponse;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.FilterClient;
import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State;
@ -34,11 +36,6 @@ import org.elasticsearch.xpack.security.user.User;
import org.junit.After;
import org.junit.Before;
import java.net.InetAddress;
import java.util.concurrent.BlockingQueue;
import java.util.concurrent.LinkedBlockingQueue;
import java.util.concurrent.atomic.AtomicBoolean;
import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verifyZeroInteractions;
@ -49,7 +46,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
private InternalClient client;
private TransportClient transportClient;
private ThreadPool threadPool;
private Transport transport;
private ClusterService clusterService;
private IndexAuditTrail auditTrail;
private AtomicBoolean messageEnqueued;
@ -57,16 +54,17 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
@Before
public void setup() {
transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
threadPool = new TestThreadPool("index audit trail tests");
transportClient = TransportClient.builder().settings(Settings.EMPTY).build();
transportClient = TransportClient.builder().settings(Settings.builder().put("transport.type", "local")).build();
clientCalled = new AtomicBoolean(false);
class IClient extends FilterClient implements InternalClient {
class IClient extends InternalClient {
IClient(Client transportClient){
super(transportClient);
super(Settings.EMPTY, null, transportClient, null);
}
@Override
protected <Request extends ActionRequest<Request>, Response extends ActionResponse, RequestBuilder extends
@ -257,7 +255,7 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
IndexAuditTrail createAuditTrail(String[] excludes) {
Settings settings = IndexAuditTrailTests.levelSettings(null, excludes);
auditTrail = new IndexAuditTrail(settings, transport, Providers.of(client), threadPool, mock(ClusterService.class)) {
auditTrail = new IndexAuditTrail(settings, client, threadPool, clusterService) {
@Override
void putTemplate(Settings settings) {
// make this a no-op so we don't have to stub out unnecessary client activities

46
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java
View File

@ -5,6 +5,17 @@
*/
package org.elasticsearch.xpack.security.audit.index;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import org.apache.lucene.util.SetOnce;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@ -15,16 +26,14 @@ import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.Requests;
import org.elasticsearch.cluster.health.ClusterHealthStatus;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.Priority;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.network.NetworkAddress;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.rest.RestRequest;
import org.elasticsearch.search.SearchHit;
@ -34,9 +43,7 @@ import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.MockTcpTransport;
import org.elasticsearch.transport.MockTcpTransportPlugin;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.transport.TransportInfo;
import org.elasticsearch.transport.TransportMessage;
import org.elasticsearch.transport.TransportRequest;
@ -46,7 +53,7 @@ import org.elasticsearch.xpack.security.authc.AuthenticationToken;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.xpack.security.user.SystemUser;
import org.elasticsearch.xpack.security.user.User;
import org.joda.time.DateTime;
@ -57,18 +64,6 @@ import org.junit.AfterClass;
import org.junit.Before;
import org.junit.BeforeClass;
import java.io.IOException;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
import static org.elasticsearch.test.InternalTestCluster.clusterName;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
@ -158,7 +153,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
if (useSecurity == false) {
mockPlugins.add(MockTcpTransportPlugin.class);
}
remoteCluster = new InternalTestCluster("network", randomLong(), createTempDir(), false, numNodes, numNodes, cluster2Name,
remoteCluster = new InternalTestCluster(randomLong(), createTempDir(), false, numNodes, numNodes, cluster2Name,
cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX, mockPlugins,
useSecurity ? getClientWrapper() : Function.identity());
remoteCluster.beforeTest(random(), 0.5);
@ -178,7 +173,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
builder.put("xpack.security.audit.index.client." + entry.getKey(), entry.getValue());
}
} else {
builder.put("xpack.security.audit.index.client." + SecurityNettyTransport.SSL_SETTING.getKey(), false);
builder.put("xpack.security.audit.index.client." + SecurityNetty3Transport.SSL_SETTING.getKey(), false);
}
remoteSettings = builder.build();
}
@ -268,13 +263,14 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
Settings settings = builder.put(settings(rollover, includes, excludes)).build();
logger.info("--> settings: [{}]", settings.getAsMap().toString());
Transport transport = mock(Transport.class);
BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{ remoteHostAddress()},
remoteHostAddress());
when(transport.boundAddress()).thenReturn(boundTransportAddress);
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(remoteHostAddress().getAddress());
when(localNode.getHostName()).thenReturn(remoteHostAddress().getHost());
ClusterService clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
threadPool = new TestThreadPool("index audit trail tests");
enqueuedMessage = new SetOnce<>();
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool, mock(ClusterService.class)) {
auditor = new IndexAuditTrail(settings, internalClient(), threadPool, clusterService) {
@Override
void enqueue(Message message, String type) {
enqueuedMessage.set(message);

19
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java
View File

@ -5,23 +5,20 @@
*/
package org.elasticsearch.xpack.security.audit.index;
import java.util.Locale;
import org.elasticsearch.action.admin.indices.mapping.get.GetMappingsResponse;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.util.Providers;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.BoundTransportAddress;
import org.elasticsearch.common.transport.LocalTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.rest.FakeRestRequest;
import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.Transport;
import org.junit.After;
import org.junit.Before;
import java.util.Locale;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.HOURLY;
import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.MONTHLY;
@ -48,11 +45,11 @@ public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase {
IndexNameResolver.Rollover rollover = randomFrom(HOURLY, DAILY, WEEKLY, MONTHLY);
Settings settings = Settings.builder().put("xpack.security.audit.index.rollover", rollover.name().toLowerCase(Locale.ENGLISH))
.put("path.home", createTempDir()).build();
Transport transport = mock(Transport.class);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool,
mock(ClusterService.class));
DiscoveryNode localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
ClusterService clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
auditor = new IndexAuditTrail(settings, internalClient(), threadPool, clusterService);
// before starting we add an event
auditor.authenticationFailed(new FakeRestRequest());

2
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/RemoteIndexAuditTrailStartingTests.java
View File

@ -105,7 +105,7 @@ public class RemoteIndexAuditTrailStartingTests extends SecurityIntegTestCase {
return builder.build();
}
};
remoteCluster = new InternalTestCluster("network", randomLong(), createTempDir(), false,
remoteCluster = new InternalTestCluster(randomLong(), createTempDir(), false,
numNodes, numNodes,
cluster2Name, cluster2SettingsSource, 0, false, SECOND_CLUSTER_NODE_PREFIX, getMockPlugins(), getClientWrapper());
remoteCluster.beforeTest(random(), 0.5);

104
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java
View File

@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.audit.logfile;
import org.elasticsearch.action.IndicesRequest;
import org.elasticsearch.action.support.IndicesOptions;
import org.elasticsearch.cluster.node.DiscoveryNode;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.bytes.BytesArray;
import org.elasticsearch.common.bytes.BytesReference;
import org.elasticsearch.common.component.Lifecycle;
@ -41,9 +43,6 @@ import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
*
*/
public class LoggingAuditTrailTests extends ESTestCase {
private static enum RestContent {
VALID() {
@ -102,7 +101,8 @@ public class LoggingAuditTrailTests extends ESTestCase {
private String prefix;
private Settings settings;
private Transport transport;
private DiscoveryNode localNode;
private ClusterService clusterService;
private ThreadContext threadContext;
@Before
@ -112,21 +112,20 @@ public class LoggingAuditTrailTests extends ESTestCase {
.put("xpack.security.audit.logfile.prefix.emit_node_host_name", randomBoolean())
.put("xpack.security.audit.logfile.prefix.emit_node_name", randomBoolean())
.build();
transport = mock(Transport.class);
when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED);
when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
LocalTransportAddress.buildUnique()));
prefix = LoggingAuditTrail.resolvePrefix(settings, transport);
localNode = mock(DiscoveryNode.class);
when(localNode.getHostAddress()).thenReturn(LocalTransportAddress.buildUnique().toString());
clusterService = mock(ClusterService.class);
when(clusterService.localNode()).thenReturn(localNode);
prefix = LoggingAuditTrail.resolvePrefix(settings, localNode);
}
public void testAnonymousAccessDeniedTransport() throws Exception {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, clusterService.localNode(), threadContext);
auditTrail.anonymousAccessDenied("_action", message);
switch (level) {
case ERROR:
@ -164,8 +163,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.anonymousAccessDenied(request);
switch (level) {
case ERROR:
@ -188,10 +186,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed(new MockToken(), "_action", message);
switch (level) {
case ERROR:
@ -222,10 +219,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed("_action", message);
switch (level) {
case ERROR:
@ -261,8 +257,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed(new MockToken(), request);
switch (level) {
case ERROR:
@ -289,8 +284,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed(request);
switch (level) {
case ERROR:
@ -311,10 +305,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
auditTrail.authenticationFailed("_realm", new MockToken(), "_action", message);
switch (level) {
case ERROR:
@ -344,8 +337,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
when(request.uri()).thenReturn("_uri");
String expectedMessage = prepareRestContent(request);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.authenticationFailed("_realm", new MockToken(), request);
switch (level) {
case ERROR:
@ -366,10 +358,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -411,10 +402,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
auditTrail.accessGranted(SystemUser.INSTANCE, "internal:_action", message);
switch (level) {
case ERROR:
@ -440,10 +430,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -485,10 +474,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
boolean runAs = randomBoolean();
User user;
if (runAs) {
@ -534,8 +522,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(request);
switch (level) {
case ERROR:
@ -557,10 +544,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(action, message);
switch (level) {
case ERROR:
@ -599,10 +585,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
TransportMessage message = randomBoolean() ? new MockMessage(threadContext) : new MockIndicesRequest(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
auditTrail.tamperedRequest(user, action, message);
switch (level) {
case ERROR:
@ -633,8 +618,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
auditTrail.connectionDenied(inetAddress, "default", rule);
@ -656,8 +640,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
auditTrail.connectionGranted(inetAddress, "default", rule);
@ -680,10 +663,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = new MockMessage(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"}));
auditTrail.runAsGranted(user, "_action", message);
switch (level) {
@ -707,10 +689,9 @@ public class LoggingAuditTrailTests extends ESTestCase {
for (Level level : Level.values()) {
threadContext = new ThreadContext(Settings.EMPTY);
CapturingLogger logger = new CapturingLogger(level);
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, transport, logger, threadContext);
auditTrail.start();
LoggingAuditTrail auditTrail = new LoggingAuditTrail(settings, clusterService, logger, threadContext);
TransportMessage message = new MockMessage(threadContext);
String origins = LoggingAuditTrail.originAttributes(message, transport, threadContext);
String origins = LoggingAuditTrail.originAttributes(message, localNode, threadContext);
User user = new User("_username", new String[]{"r1"}, new User("running as", new String[] {"r2"}));
auditTrail.runAsDenied(user, "_action", message);
switch (level) {
@ -733,7 +714,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
public void testOriginAttributes() throws Exception {
threadContext = new ThreadContext(Settings.EMPTY);
MockMessage message = new MockMessage(threadContext);
String text = LoggingAuditTrail.originAttributes(message, transport, threadContext);;
String text = LoggingAuditTrail.originAttributes(message, localNode, threadContext);;
InetSocketAddress restAddress = RemoteHostHeader.restRemoteAddress(threadContext);
if (restAddress != null) {
assertThat(text, equalTo("origin_type=[rest], origin_address=[" +
@ -742,8 +723,7 @@ public class LoggingAuditTrailTests extends ESTestCase {
}
TransportAddress address = message.remoteAddress();
if (address == null) {
assertThat(text, equalTo("origin_type=[local_node], origin_address=[" +
transport.boundAddress().publishAddress().getAddress() + "]"));
assertThat(text, equalTo("origin_type=[local_node], origin_address=[" + localNode.getHostAddress() + "]"));
return;
}

4
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/RunAsIntegTests.java
View File

@ -20,7 +20,7 @@ import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.SecuredStringTests;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.XPackPlugin;
@ -230,7 +230,7 @@ public class RunAsIntegTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(extraSettings)
.put("cluster.name", clusterName)
.put(SecurityNettyTransport.SSL_SETTING.getKey(), false)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), false)
.build();
return TransportClient.builder()

5
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java
View File

@ -16,9 +16,8 @@ import org.elasticsearch.env.Environment;
import org.elasticsearch.test.NativeRealmIntegTestCase;
import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.security.SecurityTemplateService;
import org.elasticsearch.xpack.security.authc.esnative.ESNativeRealmMigrateTool;
import org.elasticsearch.xpack.security.client.SecurityClient;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.junit.BeforeClass;
import java.util.HashSet;
@ -45,7 +44,7 @@ public class ESNativeMigrateToolTests extends NativeRealmIntegTestCase {
Settings s = Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), useSSL)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), useSSL)
.build();
return s;
}

6
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthenticationTests.java
View File

@ -21,7 +21,7 @@ import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
@ -56,8 +56,8 @@ public class PkiAuthenticationTests extends SecurityIntegTestCase {
.put(super.nodeSettings(nodeOrdinal))
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), sslClientAuth)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), sslClientAuth)
.put("xpack.security.authc.realms.file.type", FileRealm.TYPE)
.put("xpack.security.authc.realms.file.order", "0")
.put("xpack.security.authc.realms.pki1.type", PkiRealm.TYPE)

10
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiOptionalClientAuthTests.java
View File

@ -23,8 +23,8 @@ import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.junit.BeforeClass;
import javax.net.ssl.SSLContext;
@ -57,8 +57,8 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
return Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), SSLClientAuth.OPTIONAL)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), SSLClientAuth.OPTIONAL)
.put("xpack.security.authc.realms.file.type", "file")
.put("xpack.security.authc.realms.file.order", "0")
.put("xpack.security.authc.realms.pki1.type", "pki")
@ -108,7 +108,7 @@ public class PkiOptionalClientAuthTests extends SecurityIntegTestCase {
.put(sslSettingsForStore)
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.build();

10
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiWithoutClientAuthenticationTests.java
View File

@ -20,8 +20,8 @@ import org.elasticsearch.test.SecuritySettingsSource;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import javax.net.ssl.SSLContext;
import javax.net.ssl.TrustManager;
@ -61,9 +61,9 @@ public class PkiWithoutClientAuthenticationTests extends SecurityIntegTestCase {
return Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), false)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(),
.put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), false)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(),
randomFrom(SSLClientAuth.NO.name(), false, "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT)))
.put("xpack.security.authc.realms.pki1.type", "pki")
.put("xpack.security.authc.realms.pki1.order", "0")

20
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ServerTransportFilterIntegrationTests.java
View File

@ -14,14 +14,14 @@ import org.elasticsearch.common.unit.TimeValue;
import org.elasticsearch.discovery.MasterNotDiscoveredException;
import org.elasticsearch.node.MockNode;
import org.elasticsearch.node.Node;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.file.FileRealm;
import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
import org.elasticsearch.xpack.security.crypto.CryptoService;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.junit.BeforeClass;
import java.io.IOException;
@ -31,9 +31,9 @@ import java.nio.file.Path;
import java.util.Collections;
import static java.util.Collections.singletonMap;
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
import static org.elasticsearch.xpack.security.test.SecurityTestUtils.createFolder;
import static org.elasticsearch.xpack.security.test.SecurityTestUtils.writeFile;
import static org.elasticsearch.test.SecuritySettingsSource.getSSLSettingsForStore;
import static org.hamcrest.CoreMatchers.instanceOf;
import static org.hamcrest.CoreMatchers.is;
@ -66,7 +66,7 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase
if (sslTransportEnabled()) {
settingsBuilder.put("transport.profiles.client.xpack.security.truststore.path", store) // settings for client truststore
.put("transport.profiles.client.xpack.security.truststore.password", "testnode")
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true);
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true);
}
return settingsBuilder
@ -93,12 +93,11 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase
// test that starting up a node works
Settings nodeSettings = Settings.builder()
.put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode"))
.put("node.mode", "network")
.put("node.name", "my-test-node")
.put("network.host", "localhost")
.put("cluster.name", internalCluster().getClusterName())
.put("discovery.zen.ping.unicast.hosts", unicastHost)
.put(SecurityNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), sslTransportEnabled())
.put("xpack.security.audit.enabled", false)
.put("path.home", createTempDir())
.put(NetworkModule.HTTP_ENABLED.getKey(), false)
@ -124,12 +123,11 @@ public class ServerTransportFilterIntegrationTests extends SecurityIntegTestCase
.put("xpack.security.authc.realms.file.files.users_roles", writeFile(folder, "users_roles", configUsersRoles()))
.put(FileRolesStore.ROLES_FILE_SETTING.getKey(), writeFile(folder, "roles.yml", configRoles()))
.put(getSSLSettingsForStore("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks", "testnode"))
.put("node.mode", "network")
.put("node.name", "my-test-node")
.put(Security.USER_SETTING.getKey(), "test_user:changeme")
.put("cluster.name", internalCluster().getClusterName())
.put("discovery.zen.ping.unicast.hosts", "localhost:" + randomClientPort)
.put(SecurityNettyTransport.SSL_SETTING.getKey(), sslTransportEnabled())
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), sslTransportEnabled())
.put("xpack.security.audit.enabled", false)
.put(NetworkModule.HTTP_ENABLED.getKey(), false)
.put(CryptoService.FILE_SETTING.getKey(), systemKeyFile)

2
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/HandshakeWaitingHandlerTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/HandshakeWaitingHandlerTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.logging.Loggers;
import org.elasticsearch.common.settings.Settings;

13
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPFilterNettyUpstreamHandlerTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.component.Lifecycle;
import org.elasticsearch.common.network.InetAddresses;
@ -41,11 +41,8 @@ import static org.hamcrest.Matchers.is;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
/**
*
*/
public class IPFilterNettyUpstreamHandlerTests extends ESTestCase {
private IPFilterNettyUpstreamHandler nettyUpstreamHandler;
public class IPFilterNetty3UpstreamHandlerTests extends ESTestCase {
private IPFilterNetty3UpstreamHandler nettyUpstreamHandler;
@Before
public void init() throws Exception {
@ -81,9 +78,9 @@ public class IPFilterNettyUpstreamHandlerTests extends ESTestCase {
}
if (isHttpEnabled) {
nettyUpstreamHandler = new IPFilterNettyUpstreamHandler(ipFilter, IPFilter.HTTP_PROFILE_NAME);
nettyUpstreamHandler = new IPFilterNetty3UpstreamHandler(ipFilter, IPFilter.HTTP_PROFILE_NAME);
} else {
nettyUpstreamHandler = new IPFilterNettyUpstreamHandler(ipFilter, "default");
nettyUpstreamHandler = new IPFilterNetty3UpstreamHandler(ipFilter, "default");
}
}

10
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/IPHostnameVerificationTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPHostnameVerificationTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.client.Client;
import org.elasticsearch.common.settings.Settings;
@ -61,8 +61,8 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase {
.put(TransportSettings.BIND_HOST.getKey(), "127.0.0.1")
.put("network.host", "127.0.0.1")
.put("xpack.security.ssl.client.auth", "false")
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
.build();
}
@ -78,8 +78,8 @@ public class IPHostnameVerificationTests extends SecurityIntegTestCase {
clientSettings = builder.build();
return Settings.builder().put(clientSettings)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_RESOLVE_NAME_SETTING.getKey(), false)
.put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath())
.put("xpack.security.ssl.keystore.password", "testnode-ip-only")
.put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath())

60
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyHttpServerTransportTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3HttpServerTransportTests.java
View File

@ -3,14 +3,14 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.network.NetworkService;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.BigArrays;
import org.elasticsearch.env.Environment;
import org.elasticsearch.http.HttpTransportSettings;
import org.elasticsearch.http.netty.NettyHttpMockUtil;
import org.elasticsearch.http.netty3.Netty3HttpMockUtil;
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
import org.elasticsearch.xpack.security.ssl.ServerSSLService;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
@ -31,7 +31,7 @@ import static org.hamcrest.Matchers.is;
import static org.hamcrest.Matchers.not;
import static org.mockito.Mockito.mock;
public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public class SecurityNetty3HttpServerTransportTests extends ESTestCase {
private ServerSSLService serverSSLService;
@ -47,10 +47,10 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
}
public void testDefaultClientAuth() throws Exception {
Settings settings = Settings.builder().put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build();
SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -59,11 +59,11 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public void testOptionalClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(true));
@ -72,11 +72,11 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public void testRequiredClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE");
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -85,11 +85,11 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public void testNoClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.NO.name(), SSLClientAuth.NO.name().toLowerCase(Locale.ROOT), "false", "FALSE");
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -97,20 +97,20 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public void testCustomSSLConfiguration() throws Exception {
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyHttpServerTransport transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build();
SecurityNetty3HttpServerTransport transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory();
SSLEngine defaultEngine = factory.getPipeline().get(SslHandler.class).getEngine();
settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put("xpack.security.http.ssl.supported_protocols", "TLSv1.2")
.build();
transport = new SecurityNettyHttpServerTransport(settings, mock(NetworkService.class),
transport = new SecurityNetty3HttpServerTransport(settings, mock(NetworkService.class),
mock(BigArrays.class), mock(IPFilter.class), serverSSLService, mock(ThreadPool.class));
NettyHttpMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3HttpMockUtil.setOpenChannelsHandlerToMock(transport);
factory = transport.configureServerChannelPipelineFactory();
SSLEngine customEngine = factory.getPipeline().get(SslHandler.class).getEngine();
assertThat(customEngine.getEnabledProtocols(), arrayContaining("TLSv1.2"));
@ -119,29 +119,29 @@ public class SecurityNettyHttpServerTransportTests extends ESTestCase {
public void testDisablesCompressionByDefaultForSsl() throws Exception {
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build();
Settings.Builder pluginSettingsBuilder = Settings.builder();
SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
SecurityNetty3HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
assertThat(HttpTransportSettings.SETTING_HTTP_COMPRESSION.get(pluginSettingsBuilder.build()), is(false));
}
public void testLeavesCompressionOnIfNotSsl() throws Exception {
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), false).build();
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), false).build();
Settings.Builder pluginSettingsBuilder = Settings.builder();
SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
SecurityNetty3HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
}
public void testDoesNotChangeExplicitlySetCompression() throws Exception {
Settings settings = Settings.builder()
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(HttpTransportSettings.SETTING_HTTP_COMPRESSION.getKey(), true)
.build();
Settings.Builder pluginSettingsBuilder = Settings.builder();
SecurityNettyHttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
SecurityNetty3HttpServerTransport.overrideSettings(pluginSettingsBuilder, settings);
assertThat(pluginSettingsBuilder.build().isEmpty(), is(true));
}
}

78
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransportTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SecurityNetty3TransportTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
import org.elasticsearch.common.network.NetworkService;
@ -17,7 +17,7 @@ import org.elasticsearch.xpack.security.ssl.ServerSSLService;
import org.elasticsearch.xpack.security.transport.SSLClientAuth;
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.netty.NettyMockUtil;
import org.elasticsearch.transport.netty3.Netty3MockUtil;
import org.jboss.netty.channel.ChannelPipelineFactory;
import org.jboss.netty.handler.ssl.SslHandler;
import org.junit.Before;
@ -30,7 +30,7 @@ import static org.hamcrest.Matchers.notNullValue;
import static org.hamcrest.Matchers.nullValue;
import static org.mockito.Mockito.mock;
public class SecurityNettyTransportTests extends ESTestCase {
public class SecurityNetty3TransportTests extends ESTestCase {
private ServerSSLService serverSSLService;
private ClientSSLService clientSSLService;
@ -49,43 +49,43 @@ public class SecurityNettyTransportTests extends ESTestCase {
}
public void testThatSSLCanBeDisabledByProfile() throws Exception {
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
Settings.builder().put("xpack.security.ssl", false).build());
assertThat(factory.getPipeline().get(SslHandler.class), nullValue());
}
public void testThatSSLCanBeEnabledByProfile() throws Exception {
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), false).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), false).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
Settings.builder().put("xpack.security.ssl", true).build());
assertThat(factory.getPipeline().get(SslHandler.class), notNullValue());
}
public void testThatProfileTakesDefaultSSLSetting() throws Exception {
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine(), notNullValue());
}
public void testDefaultClientAuth() throws Exception {
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -94,12 +94,12 @@ public class SecurityNettyTransportTests extends ESTestCase {
public void testRequiredClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true");
Settings settings = Settings.builder()
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -108,12 +108,12 @@ public class SecurityNettyTransportTests extends ESTestCase {
public void testNoClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT));
Settings settings = Settings.builder()
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
@ -122,12 +122,12 @@ public class SecurityNettyTransportTests extends ESTestCase {
public void testOptionalClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
Settings settings = Settings.builder()
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyTransport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.CLIENT_AUTH_SETTING.getKey(), value).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client", Settings.EMPTY);
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(true));
@ -135,39 +135,39 @@ public class SecurityNettyTransportTests extends ESTestCase {
public void testProfileRequiredClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.REQUIRED.name(), SSLClientAuth.REQUIRED.name().toLowerCase(Locale.ROOT), "true", "TRUE");
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING, value).build());
Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING, value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(true));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
}
public void testProfileNoClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.NO.name(), "false", "FALSE", SSLClientAuth.NO.name().toLowerCase(Locale.ROOT));
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class), mock(NetworkService.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class), mock(NetworkService.class),
mock(BigArrays.class), null, serverSSLService, clientSSLService, mock(NamedWriteableRegistry.class),
mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(false));
}
public void testProfileOptionalClientAuth() throws Exception {
String value = randomFrom(SSLClientAuth.OPTIONAL.name(), SSLClientAuth.OPTIONAL.name().toLowerCase(Locale.ROOT));
Settings settings = Settings.builder().put(SecurityNettyTransport.SSL_SETTING.getKey(), true).build();
SecurityNettyTransport transport = new SecurityNettyTransport(settings, mock(ThreadPool.class),
Settings settings = Settings.builder().put(SecurityNetty3Transport.SSL_SETTING.getKey(), true).build();
SecurityNetty3Transport transport = new SecurityNetty3Transport(settings, mock(ThreadPool.class),
mock(NetworkService.class), mock(BigArrays.class), null, serverSSLService, clientSSLService,
mock(NamedWriteableRegistry.class), mock(CircuitBreakerService.class));
NettyMockUtil.setOpenChannelsHandlerToMock(transport);
Netty3MockUtil.setOpenChannelsHandlerToMock(transport);
ChannelPipelineFactory factory = transport.configureServerChannelPipelineFactory("client",
Settings.builder().put(SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
Settings.builder().put(SecurityNetty3Transport.PROFILE_CLIENT_AUTH_SETTING.getKey(), value).build());
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getNeedClientAuth(), is(false));
assertThat(factory.getPipeline().get(SslHandler.class).getEngine().getWantClientAuth(), is(true));
}

10
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty/SslHostnameVerificationTests.java → elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/SslHostnameVerificationTests.java
View File

@ -3,7 +3,7 @@
* or more contributor license agreements. Licensed under the Elastic License;
* you may not use this file except in compliance with the Elastic License.
*/
package org.elasticsearch.xpack.security.transport.netty;
package org.elasticsearch.xpack.security.transport.netty3;
import org.elasticsearch.client.Client;
import org.elasticsearch.client.transport.NoNodeAvailableException;
@ -11,10 +11,10 @@ import org.elasticsearch.client.transport.TransportClient;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.Security;
import java.net.InetSocketAddress;
import java.nio.file.Files;
@ -59,7 +59,7 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase {
.put("xpack.security.ssl.truststore.path", keystore.toAbsolutePath())
.put("xpack.security.ssl.truststore.password", "testnode-no-subjaltname")
// disable hostname verification as this test uses non-localhost addresses
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
.build();
}
@ -77,7 +77,7 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase {
}
}
builder.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
builder.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), false)
.put("xpack.security.ssl.keystore.path", keystore.toAbsolutePath()) // settings for client keystore
.put("xpack.security.ssl.keystore.password", "testnode-no-subjaltname");
@ -96,7 +96,7 @@ public class SslHostnameVerificationTests extends SecurityIntegTestCase {
InetSocketAddress inetSocketAddress = ((InetSocketTransportAddress) transportAddress).address();
Settings settings = Settings.builder().put(transportClientSettings())
.put(SecurityNettyTransport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.put(SecurityNetty3Transport.HOSTNAME_VERIFICATION_SETTING.getKey(), true)
.build();
try (TransportClient client = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {

12
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslClientAuthTests.java
View File

@ -24,8 +24,8 @@ import org.elasticsearch.xpack.XPackPlugin;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import javax.net.ssl.SSLHandshakeException;
import java.io.IOException;
@ -43,9 +43,9 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
return Settings.builder()
.put(super.nodeSettings(nodeOrdinal))
// invert the require auth settings
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNettyHttpServerTransport.CLIENT_AUTH_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3HttpServerTransport.CLIENT_AUTH_SETTING.getKey(), true)
.put("transport.profiles.default.xpack.security.ssl.client.auth", false)
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.build();
@ -94,7 +94,7 @@ public class SslClientAuthTests extends SecurityIntegTestCase {
}
Settings settings = Settings.builder()
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.keystore.path", store)
.put("xpack.security.ssl.keystore.password", "testclient-client-profile")
.put("cluster.name", internalCluster().getClusterName())

4
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslIntegrationTests.java
View File

@ -25,7 +25,7 @@ import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.http.HttpServerTransport;
import org.elasticsearch.xpack.security.ssl.ClientSSLService;
import org.elasticsearch.xpack.security.ssl.SSLConfiguration.Global;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3HttpServerTransport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
@ -49,7 +49,7 @@ public class SslIntegrationTests extends SecurityIntegTestCase {
protected Settings nodeSettings(int nodeOrdinal) {
return Settings.builder().put(super.nodeSettings(nodeOrdinal))
.put(NetworkModule.HTTP_ENABLED.getKey(), true)
.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), true).build();
.put(SecurityNetty3HttpServerTransport.SSL_SETTING.getKey(), true).build();
}
@Override

21
elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/ssl/SslMultiPortTests.java
View File

@ -11,7 +11,8 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.transport.InetSocketTransportAddress;
import org.elasticsearch.common.transport.TransportAddress;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.xpack.security.transport.netty3.SecurityNetty3Transport;
import org.elasticsearch.test.SecurityIntegTestCase;
import org.elasticsearch.transport.Transport;
import org.elasticsearch.xpack.XPackPlugin;
@ -236,7 +237,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
public void testThatTransportClientCanConnectToNoSslProfile() throws Exception {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put(SecurityNettyTransport.SSL_SETTING.getKey(), false)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), false)
.put("cluster.name", internalCluster().getClusterName())
.build();
try (TransportClient transportClient = TransportClient.builder().settings(settings).addPlugin(XPackPlugin.class).build()) {
@ -309,7 +310,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.truststore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
@ -331,7 +332,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.truststore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
@ -355,7 +356,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.truststore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
@ -378,7 +379,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.put("xpack.security.ssl.truststore.path",
getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/truststore-testnode-only.jks"))
.put("xpack.security.ssl.truststore.password", "truststore-testnode-only")
@ -401,7 +402,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.build();
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
transportClient.addTransportAddress(randomFrom(internalCluster().getInstance(Transport.class).boundAddress().boundAddresses()));
@ -421,7 +422,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.build();
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("client")));
@ -441,7 +442,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.build();
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(),
@ -462,7 +463,7 @@ public class SslMultiPortTests extends SecurityIntegTestCase {
Settings settings = Settings.builder()
.put(Security.USER_SETTING.getKey(), DEFAULT_USER_NAME + ":" + DEFAULT_PASSWORD)
.put("cluster.name", internalCluster().getClusterName())
.put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
.put(SecurityNetty3Transport.SSL_SETTING.getKey(), true)
.build();
try (TransportClient transportClient = TransportClient.builder().addPlugin(XPackPlugin.class).settings(settings).build()) {
transportClient.addTransportAddress(new InetSocketTransportAddress(InetAddress.getLoopbackAddress(), getProfilePort("no_ssl")));

9
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
View File

@ -64,6 +64,7 @@ import org.elasticsearch.xpack.notification.email.Account;
import org.elasticsearch.xpack.notification.email.support.BodyPartSource;
import org.elasticsearch.xpack.rest.action.RestXPackInfoAction;
import org.elasticsearch.xpack.rest.action.RestXPackUsageAction;
import org.elasticsearch.xpack.security.InternalClient;
import org.elasticsearch.xpack.security.Security;
import org.elasticsearch.xpack.security.authc.AuthenticationModule;
import org.elasticsearch.xpack.support.clock.Clock;
@ -181,12 +182,10 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin {
@Override
public Collection<Object> createComponents(Client client, ClusterService clusterService, ThreadPool threadPool,
ResourceWatcherService resourceWatcherService) {
if (transportClientMode) {
return Collections.emptyList();
}
List<Object> components = new ArrayList<>();
final InternalClient internalClient = new InternalClient(settings, threadPool, client, security.getCryptoService());
components.add(internalClient);
components.addAll(licensing.createComponents(clusterService, getClock(), security.getSecurityLicenseState()));
// watcher http stuff

2
elasticsearch/x-pack/src/main/java/org/elasticsearch/xpack/common/init/proxy/ClientProxy.java
View File

@ -46,6 +46,6 @@ public class ClientProxy {
public static InternalClient fromClient(Client client) {
return client instanceof InternalClient ? (InternalClient) client :
new InternalClient.Insecure(client.settings(), client.threadPool(), client);
new InternalClient(client.settings(), client.threadPool(), client, null);
}
}

8
elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/MockNettyPlugin.java → elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/MockNetty3Plugin.java
View File

@ -6,12 +6,12 @@
package org.elasticsearch.xpack;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.transport.NettyPlugin;
import org.elasticsearch.transport.Netty3Plugin;
public final class MockNettyPlugin extends NettyPlugin {
// se NettyPlugin.... this runs without the permission from the netty module so it will fail since reindex can't set the property
public final class MockNetty3Plugin extends Netty3Plugin {
// se Netty3Plugin.... this runs without the permission from the netty3 module so it will fail since reindex can't set the property
// to make it still work we disable that check for pseudo integ tests
public MockNettyPlugin(Settings settings) {
public MockNetty3Plugin(Settings settings) {
super(Settings.builder().put(settings).put("netty.assert.buglevel", false).build());
}
}

31
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestAckWatchAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -23,6 +22,9 @@ import org.elasticsearch.xpack.watcher.transport.actions.ack.AckWatchRequest;
import org.elasticsearch.xpack.watcher.transport.actions.ack.AckWatchResponse;
import org.elasticsearch.xpack.watcher.watch.Watch;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
/**
* The rest action to ack a watch
*/
@ -31,13 +33,26 @@ public class RestAckWatchAction extends WatcherRestHandler {
@Inject
public RestAckWatchAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/_ack", this);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/_ack", this);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/_ack/{actions}", this);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/_ack/{actions}", this);
// these are going to be removed in 6.0
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/{actions}/_ack", this);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/{actions}/_ack", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}/_ack", this,
POST, "/_watcher/watch/{id}/_ack", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}/_ack", this,
PUT, "/_watcher/watch/{id}/_ack", deprecationLogger);
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}/_ack/{actions}", this,
POST, "/_watcher/watch/{id}/_ack/{actions}", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}/_ack/{actions}", this,
PUT, "/_watcher/watch/{id}/_ack/{actions}", deprecationLogger);
// @deprecated The following can be totally dropped in 6.0
// Note: we deprecated "/{actions}/_ack" totally; so we don't replace it with a matching _xpack variant
controller.registerAsDeprecatedHandler(POST, "/_watcher/watch/{id}/{actions}/_ack", this,
"[POST /_watcher/watch/{id}/{actions}/_ack] is deprecated! Use " +
"[POST /_xpack/watcher/watch/{id}/_ack/{actions}] instead.",
deprecationLogger);
controller.registerAsDeprecatedHandler(PUT, "/_watcher/watch/{id}/{actions}/_ack", this,
"[PUT /_watcher/watch/{id}/{actions}/_ack] is deprecated! Use " +
"[PUT /_xpack/watcher/watch/{id}/_ack/{actions}] instead.",
deprecationLogger);
}
@Override

21
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestActivateWatchAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -23,6 +22,9 @@ import org.elasticsearch.xpack.watcher.transport.actions.activate.ActivateWatchR
import org.elasticsearch.xpack.watcher.transport.actions.activate.ActivateWatchResponse;
import org.elasticsearch.xpack.watcher.watch.Watch;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
/**
* The rest action to de/activate a watch
*/
@ -31,11 +33,18 @@ public class RestActivateWatchAction extends WatcherRestHandler {
@Inject
public RestActivateWatchAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/_activate", this);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/_activate", this);
DeactivateRestHandler deactivateRestHandler = new DeactivateRestHandler(settings);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/_deactivate", deactivateRestHandler);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/_deactivate", deactivateRestHandler);
final DeactivateRestHandler deactivateRestHandler = new DeactivateRestHandler(settings);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}/_activate", this,
POST, "/_watcher/watch/{id}/_activate", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}/_activate", this,
PUT, "/_watcher/watch/{id}/_activate", deprecationLogger);
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}/_deactivate", deactivateRestHandler,
POST, "/_watcher/watch/{id}/_deactivate", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}/_deactivate", deactivateRestHandler,
PUT, "/_watcher/watch/{id}/_deactivate", deprecationLogger);
}
@Override

5
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestDeleteWatchAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -32,7 +31,9 @@ public class RestDeleteWatchAction extends WatcherRestHandler {
@Inject
public RestDeleteWatchAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(DELETE, URI_BASE + "/watch/{id}", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(DELETE, URI_BASE + "/watch/{id}", this,
DELETE, "/_watcher/watch/{id}", deprecationLogger);
}
@Override

17
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestExecuteWatchAction.java
View File

@ -6,7 +6,6 @@
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.ElasticsearchParseException;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.ParseField;
import org.elasticsearch.common.ParseFieldMatcher;
import org.elasticsearch.common.inject.Inject;
@ -32,6 +31,8 @@ import org.elasticsearch.xpack.watcher.trigger.TriggerService;
import java.io.IOException;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
import static org.elasticsearch.xpack.watcher.rest.action.RestExecuteWatchAction.Field.IGNORE_CONDITION;
import static org.elasticsearch.xpack.watcher.rest.action.RestExecuteWatchAction.Field.RECORD_EXECUTION;
@ -44,11 +45,17 @@ public class RestExecuteWatchAction extends WatcherRestHandler {
@Inject
public RestExecuteWatchAction(Settings settings, RestController controller, TriggerService triggerService) {
super(settings);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/{id}/_execute", this);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/{id}/_execute", this);
controller.registerHandler(RestRequest.Method.POST, URI_BASE + "/watch/_execute", this);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/watch/_execute", this);
this.triggerService = triggerService;
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}/_execute", this,
POST, "/_watcher/watch/{id}/_execute", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}/_execute", this,
PUT, "/_watcher/watch/{id}/_execute", deprecationLogger);
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/_execute", this,
POST, "/_watcher/watch/_execute", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/_execute", this,
PUT, "/_watcher/watch/_execute", deprecationLogger);
}
@Override

6
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestGetWatchAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -32,7 +31,10 @@ public class RestGetWatchAction extends WatcherRestHandler {
@Inject
public RestGetWatchAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(GET, URI_BASE + "/watch/{id}", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(GET, URI_BASE + "/watch/{id}", this,
GET, "/_watcher/watch/{id}", deprecationLogger);
}
@Override

33
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestHijackOperationAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -19,29 +18,34 @@ import org.elasticsearch.xpack.watcher.client.WatcherClient;
import org.elasticsearch.xpack.watcher.rest.WatcherRestHandler;
import org.elasticsearch.xpack.watcher.watch.WatchStore;
import static org.elasticsearch.rest.RestRequest.Method.DELETE;
import static org.elasticsearch.rest.RestRequest.Method.GET;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
/**
*/
public class RestHijackOperationAction extends WatcherRestHandler {
private static String ALLOW_DIRECT_ACCESS_TO_WATCH_INDEX_SETTING = "xpack.watcher.index.rest.direct_access";
private static final String ALLOW_DIRECT_ACCESS_TO_WATCH_INDEX_SETTING = "xpack.watcher.index.rest.direct_access";
@Inject
public RestHijackOperationAction(Settings settings, RestController controller) {
super(settings);
if (!settings.getAsBoolean(ALLOW_DIRECT_ACCESS_TO_WATCH_INDEX_SETTING, false)) {
WatcherRestHandler unsupportedHandler = new UnsupportedHandler(settings);
controller.registerHandler(RestRequest.Method.POST, WatchStore.INDEX + "/watch", this);
controller.registerHandler(RestRequest.Method.POST, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(RestRequest.Method.PUT, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(RestRequest.Method.POST, WatchStore.INDEX + "/watch/{id}/_update", this);
controller.registerHandler(RestRequest.Method.DELETE, WatchStore.INDEX + "/watch/_query", this);
controller.registerHandler(RestRequest.Method.DELETE, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(RestRequest.Method.GET, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(RestRequest.Method.POST, WatchStore.INDEX + "/watch/_bulk", unsupportedHandler);
controller.registerHandler(RestRequest.Method.POST, WatchStore.INDEX + "/_bulk", unsupportedHandler);
controller.registerHandler(RestRequest.Method.PUT, WatchStore.INDEX + "/watch/_bulk", unsupportedHandler);
controller.registerHandler(RestRequest.Method.PUT, WatchStore.INDEX + "/_bulk", unsupportedHandler);
controller.registerHandler(RestRequest.Method.DELETE, WatchStore.INDEX, unsupportedHandler);
controller.registerHandler(POST, WatchStore.INDEX + "/watch", this);
controller.registerHandler(POST, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(PUT, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(POST, WatchStore.INDEX + "/watch/{id}/_update", this);
controller.registerHandler(DELETE, WatchStore.INDEX + "/watch/_query", this);
controller.registerHandler(DELETE, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(GET, WatchStore.INDEX + "/watch/{id}", this);
controller.registerHandler(POST, WatchStore.INDEX + "/watch/_bulk", unsupportedHandler);
controller.registerHandler(POST, WatchStore.INDEX + "/_bulk", unsupportedHandler);
controller.registerHandler(PUT, WatchStore.INDEX + "/watch/_bulk", unsupportedHandler);
controller.registerHandler(PUT, WatchStore.INDEX + "/_bulk", unsupportedHandler);
controller.registerHandler(DELETE, WatchStore.INDEX, unsupportedHandler);
}
}
@ -73,4 +77,5 @@ public class RestHijackOperationAction extends WatcherRestHandler {
channel.sendResponse(new BytesRestResponse(RestStatus.BAD_REQUEST, jsonBuilder));
}
}
}

9
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestPutWatchAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
@ -33,8 +32,12 @@ public class RestPutWatchAction extends WatcherRestHandler {
@Inject
public RestPutWatchAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(POST, URI_BASE + "/watch/{id}", this);
controller.registerHandler(PUT, URI_BASE + "/watch/{id}", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/watch/{id}", this,
POST, "/_watcher/watch/{id}", deprecationLogger);
controller.registerWithDeprecatedHandler(PUT, URI_BASE + "/watch/{id}", this,
PUT, "/_watcher/watch/{id}", deprecationLogger);
}
@Override

15
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestWatchServiceAction.java
View File

@ -15,6 +15,9 @@ import org.elasticsearch.xpack.watcher.client.WatcherClient;
import org.elasticsearch.xpack.watcher.rest.WatcherRestHandler;
import org.elasticsearch.xpack.watcher.transport.actions.service.WatcherServiceRequest;
import static org.elasticsearch.rest.RestRequest.Method.POST;
import static org.elasticsearch.rest.RestRequest.Method.PUT;
/**
*/
public class RestWatchServiceAction extends WatcherRestHandler {
@ -22,9 +25,15 @@ public class RestWatchServiceAction extends WatcherRestHandler {
@Inject
public RestWatchServiceAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/_restart", this);
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/_start", new StartRestHandler(settings));
controller.registerHandler(RestRequest.Method.PUT, URI_BASE + "/_stop", new StopRestHandler(settings));
// @deprecated Remove in 6.0
// NOTE: we switched from PUT in 2.x to POST in 5.x
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/_restart", this,
PUT, "/_watcher/_restart", deprecationLogger);
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/_start", new StartRestHandler(settings),
PUT, "/_watcher/_start", deprecationLogger);
controller.registerWithDeprecatedHandler(POST, URI_BASE + "/_stop", new StopRestHandler(settings),
PUT, "/_watcher/_stop", deprecationLogger);
}
@Override

9
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/rest/action/RestWatcherStatsAction.java
View File

@ -5,7 +5,6 @@
*/
package org.elasticsearch.xpack.watcher.rest.action;
import org.elasticsearch.client.node.NodeClient;
import org.elasticsearch.common.Strings;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
@ -31,8 +30,12 @@ public class RestWatcherStatsAction extends WatcherRestHandler {
@Inject
public RestWatcherStatsAction(Settings settings, RestController controller) {
super(settings);
controller.registerHandler(GET, URI_BASE + "/stats", this);
controller.registerHandler(GET, URI_BASE + "/stats/{metric}", this);
// @deprecated Remove deprecations in 6.0
controller.registerWithDeprecatedHandler(GET, URI_BASE + "/stats", this,
GET, "/_watcher/stats", deprecationLogger);
controller.registerWithDeprecatedHandler(GET, URI_BASE + "/stats/{metric}", this,
GET, "/_watcher/stats/{metric}", deprecationLogger);
}
@Override

2
elasticsearch/x-pack/watcher/src/main/java/org/elasticsearch/xpack/watcher/support/init/proxy/WatcherClientProxy.java
View File

@ -52,7 +52,7 @@ public class WatcherClientProxy extends ClientProxy {
*/
public static WatcherClientProxy of(Client client) {
return new WatcherClientProxy(Settings.EMPTY, client instanceof InternalClient ? (InternalClient) client :
new InternalClient.Insecure(client.settings(), client.threadPool(), client));
new InternalClient(client.settings(), client.threadPool(), client, null));
}
public IndexResponse index(IndexRequest request, TimeValue timeout) {

4
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/WatcherPluginDisableTests.java
View File

@ -11,7 +11,7 @@ import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
import org.elasticsearch.client.ResponseException;
import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.monitoring.Monitoring;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.security.Security;
@ -51,7 +51,7 @@ public class WatcherPluginDisableTests extends ESIntegTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
return Arrays.asList(XPackPlugin.class, MockNettyPlugin.class);
return Arrays.asList(XPackPlugin.class, MockNetty3Plugin.class);
}
@Override

4
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainIntegrationTests.java
View File

@ -10,7 +10,7 @@ import org.elasticsearch.common.network.NetworkModule;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.index.IndexNotFoundException;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.watcher.input.http.HttpInput;
import org.elasticsearch.xpack.common.http.HttpRequestTemplate;
import org.elasticsearch.xpack.common.http.auth.basic.BasicAuth;
@ -47,7 +47,7 @@ public class ChainIntegrationTests extends AbstractWatcherIntegrationTestCase {
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

4
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/http/HttpInputIntegrationTests.java
View File

@ -12,7 +12,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.XContentBuilder;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.test.junit.annotations.TestLogging;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.watcher.client.WatcherClient;
import org.elasticsearch.xpack.watcher.condition.compare.CompareCondition;
import org.elasticsearch.xpack.watcher.history.HistoryStore;
@ -54,7 +54,7 @@ public class HttpInputIntegrationTests extends AbstractWatcherIntegrationTestCas
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

4
elasticsearch/x-pack/watcher/src/test/java/org/elasticsearch/xpack/watcher/test/integration/WatcherSettingsFilterTests.java
View File

@ -15,7 +15,7 @@ import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.common.xcontent.support.XContentMapValues;
import org.elasticsearch.plugins.Plugin;
import org.elasticsearch.xpack.MockNettyPlugin;
import org.elasticsearch.xpack.MockNetty3Plugin;
import org.elasticsearch.xpack.monitoring.test.MonitoringIntegTestCase;
import org.elasticsearch.xpack.security.authc.support.SecuredString;
import org.elasticsearch.xpack.watcher.test.AbstractWatcherIntegrationTestCase;
@ -55,7 +55,7 @@ public class WatcherSettingsFilterTests extends AbstractWatcherIntegrationTestCa
@Override
protected Collection<Class<? extends Plugin>> nodePlugins() {
ArrayList<Class<? extends Plugin>> plugins = new ArrayList<>(super.nodePlugins());
plugins.add(MockNettyPlugin.class); // for http
plugins.add(MockNetty3Plugin.class); // for http
return plugins;
}

2
elasticsearch/x-pack/watcher/src/test/resources/rest-api-spec/api/xpack.watcher.restart.json
View File

@ -1,7 +1,7 @@
{
"xpack.watcher.restart": {
"documentation": "http://www.elastic.co/guide/en/watcher/current/appendix-api-service.html",
"methods": [ "PUT" ],
"methods": [ "POST" ],
"url": {
"path": "/_xpack/watcher/_restart",
"paths": [ "/_xpack/watcher/_restart" ],

2
elasticsearch/x-pack/watcher/src/test/resources/rest-api-spec/api/xpack.watcher.start.json
View File

@ -1,7 +1,7 @@
{
"xpack.watcher.start": {
"documentation": "http://www.elastic.co/guide/en/watcher/current/appendix-api-service.html",
"methods": [ "PUT" ],
"methods": [ "POST" ],
"url": {
"path": "/_xpack/watcher/_start",
"paths": [ "/_xpack/watcher/_start" ],

2
elasticsearch/x-pack/watcher/src/test/resources/rest-api-spec/api/xpack.watcher.stop.json
View File

@ -1,7 +1,7 @@
{
"xpack.watcher.stop": {
"documentation": "http://www.elastic.co/guide/en/watcher/current/appendix-api-service.html",
"methods": [ "PUT" ],
"methods": [ "POST" ],
"url": {
"path": "/_xpack/watcher/_stop",
"paths": [ "/_xpack/watcher/_stop" ],