Search in sources :

Example 1 with PluginsService

use of org.opensearch.plugins.PluginsService in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testReloadAllNodesWithPasswordWithoutTLSFails.

public void testReloadAllNodesWithPasswordWithoutTLSFails() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    final char[] password = randomAlphaOfLength(12).toCharArray();
    writeEmptyKeystore(environment, password);
    final CountDownLatch latch = new CountDownLatch(1);
    client().admin().cluster().prepareReloadSecureSettings().setNodesIds(Strings.EMPTY_ARRAY).setSecureStorePassword(new SecureString(password)).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            reloadSettingsError.set(new AssertionError("Nodes request succeeded when it should have failed", null));
            latch.countDown();
        }

        @Override
        public void onFailure(Exception e) {
            try {
                if (e instanceof RemoteTransportException) {
                    // transport client was used, so need to unwrap the returned exception
                    assertThat(e.getCause(), instanceOf(Exception.class));
                    e = (Exception) e.getCause();
                }
                assertThat(e, instanceOf(OpenSearchException.class));
                assertThat(e.getMessage(), containsString("Secure settings cannot be updated cluster wide when TLS for the " + "transport layer is not enabled"));
            } finally {
                latch.countDown();
            }
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 2 with PluginsService

use of org.opensearch.plugins.PluginsService in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testWrongKeystorePassword.

public void testWrongKeystorePassword() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    // "some" keystore should be present in this case
    writeEmptyKeystore(environment, new char[0]);
    final CountDownLatch latch = new CountDownLatch(1);
    client().admin().cluster().prepareReloadSecureSettings().setNodesIds("_local").setSecureStorePassword(new SecureString(new char[] { 'W', 'r', 'o', 'n', 'g' })).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(1));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                    assertThat(nodeResponse.reloadException(), instanceOf(SecurityException.class));
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the wrong password case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 3 with PluginsService

use of org.opensearch.plugins.PluginsService in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testInvalidKeystoreFile.

public void testInvalidKeystoreFile() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    // invalid "keystore" file should be present in the config dir
    try (InputStream keystore = ReloadSecureSettingsIT.class.getResourceAsStream("invalid.txt.keystore")) {
        if (Files.exists(environment.configFile()) == false) {
            Files.createDirectory(environment.configFile());
        }
        Files.copy(keystore, KeyStoreWrapper.keystorePath(environment.configFile()), StandardCopyOption.REPLACE_EXISTING);
    }
    final CountDownLatch latch = new CountDownLatch(1);
    final SecureString emptyPassword = randomBoolean() ? new SecureString(new char[0]) : null;
    client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(emptyPassword).setNodesIds(Strings.EMPTY_ARRAY).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(cluster().size()));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the invalid keystore format case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) InputStream(java.io.InputStream) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 4 with PluginsService

use of org.opensearch.plugins.PluginsService in project OpenSearch by opensearch-project.

the class ReloadSecureSettingsIT method testMissingKeystoreFile.

public void testMissingKeystoreFile() throws Exception {
    final PluginsService pluginsService = internalCluster().getInstance(PluginsService.class);
    final MockReloadablePlugin mockReloadablePlugin = pluginsService.filterPlugins(MockReloadablePlugin.class).stream().findFirst().get();
    final Environment environment = internalCluster().getInstance(Environment.class);
    final AtomicReference<AssertionError> reloadSettingsError = new AtomicReference<>();
    // keystore file should be missing for this test case
    Files.deleteIfExists(KeyStoreWrapper.keystorePath(environment.configFile()));
    final int initialReloadCount = mockReloadablePlugin.getReloadCount();
    final CountDownLatch latch = new CountDownLatch(1);
    final SecureString emptyPassword = randomBoolean() ? new SecureString(new char[0]) : null;
    client().admin().cluster().prepareReloadSecureSettings().setSecureStorePassword(emptyPassword).setNodesIds(Strings.EMPTY_ARRAY).execute(new ActionListener<NodesReloadSecureSettingsResponse>() {

        @Override
        public void onResponse(NodesReloadSecureSettingsResponse nodesReloadResponse) {
            try {
                assertThat(nodesReloadResponse, notNullValue());
                final Map<String, NodesReloadSecureSettingsResponse.NodeResponse> nodesMap = nodesReloadResponse.getNodesMap();
                assertThat(nodesMap.size(), equalTo(cluster().size()));
                for (final NodesReloadSecureSettingsResponse.NodeResponse nodeResponse : nodesReloadResponse.getNodes()) {
                    assertThat(nodeResponse.reloadException(), notNullValue());
                    assertThat(nodeResponse.reloadException(), instanceOf(IllegalStateException.class));
                    assertThat(nodeResponse.reloadException().getMessage(), containsString("Keystore is missing"));
                }
            } catch (final AssertionError e) {
                reloadSettingsError.set(e);
            } finally {
                latch.countDown();
            }
        }

        @Override
        public void onFailure(Exception e) {
            reloadSettingsError.set(new AssertionError("Nodes request failed", e));
            latch.countDown();
        }
    });
    latch.await();
    if (reloadSettingsError.get() != null) {
        throw reloadSettingsError.get();
    }
    // in the missing keystore case no reload should be triggered
    assertThat(mockReloadablePlugin.getReloadCount(), equalTo(initialReloadCount));
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) AtomicReference(java.util.concurrent.atomic.AtomicReference) CountDownLatch(java.util.concurrent.CountDownLatch) OpenSearchException(org.opensearch.OpenSearchException) RemoteTransportException(org.opensearch.transport.RemoteTransportException) AccessControlException(java.security.AccessControlException) Environment(org.opensearch.env.Environment) Map(java.util.Map) SecureString(org.opensearch.common.settings.SecureString) NodesReloadSecureSettingsResponse(org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)

Example 5 with PluginsService

use of org.opensearch.plugins.PluginsService in project OpenSearch by opensearch-project.

the class SearchRestCancellationIT method initBlockFactory.

private static List<ScriptedBlockPlugin> initBlockFactory() {
    List<ScriptedBlockPlugin> plugins = new ArrayList<>();
    for (PluginsService pluginsService : internalCluster().getDataNodeInstances(PluginsService.class)) {
        plugins.addAll(pluginsService.filterPlugins(ScriptedBlockPlugin.class));
    }
    for (ScriptedBlockPlugin plugin : plugins) {
        plugin.reset();
        plugin.enableBlock();
    }
    return plugins;
}
Also used : PluginsService(org.opensearch.plugins.PluginsService) ArrayList(java.util.ArrayList)

Aggregations

PluginsService (org.opensearch.plugins.PluginsService)13 SecureString (org.opensearch.common.settings.SecureString)6 Environment (org.opensearch.env.Environment)6 AccessControlException (java.security.AccessControlException)5 CountDownLatch (java.util.concurrent.CountDownLatch)5 AtomicReference (java.util.concurrent.atomic.AtomicReference)5 OpenSearchException (org.opensearch.OpenSearchException)5 NodesReloadSecureSettingsResponse (org.opensearch.action.admin.cluster.node.reload.NodesReloadSecureSettingsResponse)5 RemoteTransportException (org.opensearch.transport.RemoteTransportException)5 Map (java.util.Map)4 ArrayList (java.util.ArrayList)3 Matchers.containsString (org.hamcrest.Matchers.containsString)3 SecureSettings (org.opensearch.common.settings.SecureSettings)2 TransportRequest (org.opensearch.transport.TransportRequest)2 AWSCredentials (com.amazonaws.auth.AWSCredentials)1 AmazonS3 (com.amazonaws.services.s3.AmazonS3)1 InputStream (java.io.InputStream)1 Semaphore (java.util.concurrent.Semaphore)1 DiscoveryNode (org.opensearch.cluster.node.DiscoveryNode)1 MockSecureSettings (org.opensearch.common.settings.MockSecureSettings)1