honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLI: Fix esusers tool to not create bogus role entry 

If a user was created, but the user was not supplied roles on the commandline,
a bogus 'user:' was added to the roles file. This fix checks, if roles were
supplied when creating a user and only changes the roles file in that case.

Original commit: elastic/x-pack-elasticsearch@286951c016
This commit is contained in:
Alexander Reelsen 2014-10-06 09:09:55 +02:00
parent 14fed747fb
commit fe7d79384f
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/main/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersTool.java
View File

@ -127,11 +127,12 @@ public class ESUsersTool extends CliTool {
users.put(username, hasher.hash(passwd));
FileUserPasswdStore.writeFile(users, file);
file = FileUserRolesStore.resolveFile(settings, env);
Map<String, String[]> userRoles = new HashMap<>(FileUserRolesStore.parseFile(file, null));
userRoles.put(username, roles);
FileUserRolesStore.writeFile(userRoles, file);
if (roles != null && roles.length > 0) {
file = FileUserRolesStore.resolveFile(settings, env);
Map<String, String[]> userRoles = new HashMap<>(FileUserRolesStore.parseFile(file, null));
userRoles.put(username, roles);
FileUserRolesStore.writeFile(userRoles, file);
}
return ExitStatus.OK;
}
}

20
src/test/java/org/elasticsearch/shield/authc/esusers/tool/ESUsersToolTests.java
View File

@ -142,6 +142,26 @@ public class ESUsersToolTests extends CliToolTestCase {
assertThat(lines, containsInAnyOrder("user2:r3,r4", "user1:r1,r2"));
}
@Test
public void testUseradd_Cmd_AddingUserWithoutRolesDoesNotAddEmptyRole() throws Exception {
File userFile = writeFile("user2:hash2");
File userRolesFile = writeFile("user2:r3,r4");
Settings settings = ImmutableSettings.builder()
.put("shield.authc.esusers.files.users", userFile)
.put("shield.authc.esusers.files.users_roles", userRolesFile)
.build();
ESUsersTool.Useradd cmd = new ESUsersTool.Useradd(new MockTerminal(), "user1", SecuredStringTests.build("changeme"));
CliTool.ExitStatus status = execute(cmd, settings);
assertThat(status, is(CliTool.ExitStatus.OK));
assertFileExists(userRolesFile);
List<String> lines = Files.readLines(userRolesFile, Charsets.UTF_8);
assertThat(lines, hasSize(1));
assertThat(lines, not(hasItem(startsWith("user1"))));
}
@Test
public void testUseradd_Cmd_Append_UserAlreadyExists() throws Exception {
File userFile = writeFile("user1:hash1");