Search in sources :

Example 1 with NodesReloadSecureSettingsResponse

use of org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testReloadAllNodesWithPasswordWithoutTLSFails.

public void testReloadAllNodesWithPasswordWithoutTLSFails() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    final char[] password = randomAlphaOfLength(12).toCharArray();
    writeEmptyKeystore(environment, password);
    final CountDownLatch latch = new CountDownLatch(1);
    client().admin().cluster().prepareReloadSecureSettings().setNodesIds(Strings.EMPTY_ARRAY).setSecureStorePassword(new SecureString(password)).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            reloadSettingsError.set(new AssertionError("Nodes request succeeded when it should have failed", null));
            latch.countDown();
        }

        @Override
        public void onFailure(Exception e) {
            try {
                if (e instanceof RemoteTransportException) {
                    // transport client was used, so need to unwrap the returned exception
                    assertThat(e.getCause(), instanceOf(Exception.class));
                    e = (Exception) e.getCause();
                }
                assertThat(e, instanceOf(OpenSearchException.class));
                assertThat(e.getMessage(), containsString("Secure settings cannot be updated cluster wide when TLS for the " + "transport layer is not enabled"));
            } finally {
                latch.countDown();
            }
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 2 with NodesReloadSecureSettingsResponse

use of org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testWrongKeystorePassword.

public void testWrongKeystorePassword() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    // "some" keystore should be present in this case
    writeEmptyKeystore(environment, new char[0]);
    final CountDownLatch latch = new CountDownLatch(1);
    client().admin().cluster().prepareReloadSecureSettings().setNodesIds("_local").setSecureStorePassword(new SecureString(new char[] { 'W', 'r', 'o', 'n', 'g' })).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(1));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                    assertThat(nodeResponse.reloadException(), instanceOf(SecurityException.class));
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the wrong password case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 3 with NodesReloadSecureSettingsResponse

use of org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testInvalidKeystoreFile.

public void testInvalidKeystoreFile() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    // invalid "keystore" file should be present in the config dir
    try (InputStream keystore = ReloadSecureSettingsIT.class.getResourceAsStream("invalid.txt.keystore")) {
        if (Files.exists(environment.configFile()) == false) {
            Files.createDirectory(environment.configFile());
        }
        Files.copy(keystore, KeyStoreWrapper.keystorePath(environment.configFile()), StandardCopyOption.REPLACE_EXISTING);
    }
    final CountDownLatch latch = new CountDownLatch(1);
    final SecureString emptyPassword = randomBoolean() ? new SecureString(new char[0]) : null;
    client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(emptyPassword).setNodesIds(Strings.EMPTY_ARRAY).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(cluster().size()));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the invalid keystore format case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) InputStream(java.io.InputStream) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 4 with NodesReloadSecureSettingsResponse

use of org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testMissingKeystoreFile.

public void testMissingKeystoreFile() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    // keystore file should be missing for this test case
    Files.deleteIfExists(KeyStoreWrapper.keystorePath(environment.configFile()));
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    final CountDownLatch latch = new CountDownLatch(1);
    final SecureString emptyPassword = randomBoolean() ? new SecureString(new char[0]) : null;
    client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(emptyPassword).setNodesIds(Strings.EMPTY_ARRAY).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(cluster().size()));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                    assertThat(nodeResponse.reloadException(), instanceOf(IllegalStateException.class));
                    assertThat(nodeResponse.reloadException().getMessage(), containsString("Keystore is missing"));
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the missing keystore case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 5 with NodesReloadSecureSettingsResponse

use of org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method successfulReloadCall.

private void successfulReloadCall() throws InterruptedException {
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final CountDownLatch latch = new CountDownLatch(1);
    final SecureString emptyPassword = randomBoolean() ? new SecureString(new char[0]) : null;
    client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(emptyPassword).setNodesIds(Strings.EMPTY_ARRAY).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(cluster().size()));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), nullValue());
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
}
Also used : AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException)

Aggregations

NodesReloadSecureSettingsResponse (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)8 SecureString (org.opensearch.common.settings.SecureString)8 AccessControlException (java.security.AccessControlException)7 CountDownLatch (java.util.concurrent.CountDownLatch)7 AtomicReference (java.util.concurrent.atomic.AtomicReference)7 OpenSearchException (org.opensearch.OpenSearchException)7 RemoteTransportException (org.opensearch.transport.RemoteTransportException)7 Map (java.util.Map)6 Environment (org.opensearch.env.Environment)6 PluginsService (org.opensearch.plugins.PluginsService)5 IOException (java.io.IOException)1 InputStream (java.io.InputStream)1 Arrays.asList (java.util.Arrays.asList)1 Collections (java.util.Collections)1 Collections.unmodifiableList (java.util.Collections.unmodifiableList)1 List (java.util.List)1 Set (java.util.Set)1 Matchers.containsString (org.hamcrest.Matchers.containsString)1 NodesReloadSecureSettingsRequest (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsRequest)1 NodesReloadSecureSettingsRequestBuilder (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsRequestBuilder)1