private static void issueWarnings(Client tc) { NodesInfoResponse nir = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); Version maxVersion = nir.getNodes().stream().max((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); Version minVersion = nir.getNodes().stream().min((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); if(!maxVersion.equals(minVersion)) { System.out.println("WARNING: Your cluster consists of different node versions. It is not recommended to run sgadmin against a mixed cluster. This may fail."); System.out.println(" Minimum node version is "+minVersion.toString()); System.out.println(" Maximum node version is "+maxVersion.toString()); } else { System.out.println("Elasticsearch Version: "+minVersion.toString()); } if(nir.getNodes().size() > 0) { List<PluginInfo> pluginInfos = nir.getNodes().get(0).getPlugins().getPluginInfos(); String sgVersion = pluginInfos.stream().filter(p->p.getClassname().equals("com.floragunn.searchguard.SearchGuardPlugin")).map(p->p.getVersion()).findFirst().orElse("<unknown>"); System.out.println("Search Guard Version: "+sgVersion); } } }
NodesInfoResponse nir = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); sb.append(Strings.toString(nir,true, true)); } catch (Exception e1) {
final NodesInfoResponse nodesInfo = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet();
@Test public void testTransportClientImpersonationWildcard() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") .build(); setup(settings); Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
@SuppressWarnings("resource") @Test public void testNodeClientDisallowedWithNonServerCertificate2() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } }
@SuppressWarnings("resource") @Test public void testNodeClientDisallowedWithNonServerCertificate() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("kirk-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"kirk") .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } catch (Exception e) { Assert.fail(e.toString()); } }
@SuppressWarnings("resource") @Test public void testNodeClientAllowedWithServerCertificate() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost+":"+clusterInfo.nodePort) .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(clusterInfo.numNodes+1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } }
@Test public void testTransportClientImpersonationWildcardUsernameAttribute() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") .build(); setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml") .setSgRolesMapping("sg_roles_mapping_transport_username.yml") .setSgInternalUsers("sg_internal_users_transport_username.yml") , settings); Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("internalusers").source("internalusers", FileHelper.readYamlContent("sg_internal_users_spock_add_roles.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("config").source("config", FileHelper.readYamlContent("sg_config_anon.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config"})).actionGet();
@Test public void testTransportClientImpersonation() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") .build(); setup(settings); try (TransportClient tc = getInternalTransportClient()) { tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); } Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
final NodesInfoResponse res = client.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet();
@Test public void testTransportClientImpersonationUsernameAttribute() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") .build(); setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml") .setSgRolesMapping("sg_roles_mapping_transport_username.yml") .setSgInternalUsers("sg_internal_users_transport_username.yml") , settings); try (TransportClient tc = getInternalTransportClient()) { tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); } Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());
return channel -> client.admin().cluster().nodesInfo(nodesInfoRequest, new NodesResponseRestListener<>(channel));
@Override protected ActionFuture<NodesInfoResponse> doExecute(NodesInfoRequest request) { return client.admin().cluster().nodesInfo(request); }
@Override public void processResponse(final ClusterStateResponse clusterStateResponse) throws Exception { NodesInfoRequest nodesInfoRequest = new NodesInfoRequest(); nodesInfoRequest.clear().plugins(true); client.admin().cluster().nodesInfo(nodesInfoRequest, new RestResponseListener<NodesInfoResponse>(channel) { @Override public RestResponse buildResponse(final NodesInfoResponse nodesInfoResponse) throws Exception { return RestTable.buildResponse(buildTable(request, clusterStateResponse, nodesInfoResponse), channel); } }); } });
private static void issueWarnings(Client tc) { NodesInfoResponse nir = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); Version maxVersion = nir.getNodes().stream().max((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); Version minVersion = nir.getNodes().stream().min((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); if(!maxVersion.equals(minVersion)) { System.out.println("WARNING: Your cluster consists of different node versions. It is not recommended to run sgadmin against a mixed cluster. This may fail."); System.out.println(" Minimum node version is "+minVersion.toString()); System.out.println(" Maximum node version is "+maxVersion.toString()); } else { System.out.println("Elasticsearch Version: "+minVersion.toString()); } if(nir.getNodes().size() > 0) { List<PluginInfo> pluginInfos = nir.getNodes().get(0).getPlugins().getPluginInfos(); String sgVersion = pluginInfos.stream().filter(p->p.getClassname().equals("com.floragunn.searchguard.SearchGuardPlugin")).map(p->p.getVersion()).findFirst().orElse("<unknown>"); System.out.println("Search Guard Version: "+sgVersion); } } }
private Map<String, NodeInfo> fetchNodeInfos() { ClusterAdminClient adminClient = this.client.admin().cluster(); NodesInfoResponse nodesInfoResponse = adminClient.nodesInfo(adminClient.prepareNodesInfo().request()).actionGet(); return nodesInfoResponse.getNodesMap(); }