public SnapshotRestoreEvaluator(final Settings settings, AuditLog auditLog) { this.enableSnapshotRestorePrivilege = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE, ConfigConstants.SG_DEFAULT_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE); this.restoreSgIndexEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_RESTORE_SGINDEX_ENABLED, false); this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); this.auditLog = auditLog; }
public OIDClusterRequestEvaluator(final Settings settings) { this.certOid = settings.get(ConfigConstants.SEARCHGUARD_CERT_OID, "1.2.3.4.5.5"); }
public DefaultInterClusterRequestEvaluator(final Settings settings) { this.certOid = settings.get(ConfigConstants.SEARCHGUARD_CERT_OID, "1.2.3.4.5.5"); this.nodesDn = settings.getAsList(ConfigConstants.SEARCHGUARD_NODES_DN, Collections.emptyList()); }
LegacyConfigurationLoader(final Client client, ThreadPool threadPool, final Settings settings) { super(); this.client = client; //this.threadContext = threadPool.getThreadContext(); this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); log.debug("Index is: {}", searchguardIndex); }
public SearchGuardIndexAccessEvaluator(final Settings settings, AuditLog auditLog) { this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); this.auditLog = auditLog; final List<String> sgIndexdeniedActionPatternsListAll = new ArrayList<String>(); sgIndexdeniedActionPatternsListAll.add("indices:data/write*"); sgIndexdeniedActionPatternsListAll.add("indices:admin/close"); sgIndexdeniedActionPatternsListAll.add("indices:admin/delete"); sgIndexdeniedActionPatternsListAll.add("cluster:admin/snapshot/restore"); sgDeniedActionPatternsAll = sgIndexdeniedActionPatternsListAll.toArray(new String[0]); final List<String> sgIndexdeniedActionPatternsListSnapshotRestoreAllowed = new ArrayList<String>(); sgIndexdeniedActionPatternsListAll.add("indices:data/write*"); sgIndexdeniedActionPatternsListAll.add("indices:admin/delete"); sgDeniedActionPatternsSnapshotRestoreAllowed = sgIndexdeniedActionPatternsListSnapshotRestoreAllowed.toArray(new String[0]); this.restoreSgIndexEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_RESTORE_SGINDEX_ENABLED, false); }
ConfigurationLoader(final Client client, ThreadPool threadPool, final Settings settings) { super(); this.client = client; //this.threadContext = threadPool.getThreadContext(); this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); log.debug("Index is: {}", searchguardIndex); }
@Override public void onChange(final Settings settings) { enabled = settings.getAsBoolean("searchguard.dynamic.http.xff.enabled", true); if(enabled) { detector = new RemoteIpDetector(); detector.setInternalProxies(settings.get("searchguard.dynamic.http.xff.internalProxies", detector.getInternalProxies())); detector.setProxiesHeader(settings.get("searchguard.dynamic.http.xff.proxiesHeader", detector.getProxiesHeader())); detector.setRemoteIpHeader(settings.get("searchguard.dynamic.http.xff.remoteIpHeader", detector.getRemoteIpHeader())); detector.setTrustedProxies(settings.get("searchguard.dynamic.http.xff.trustedProxies", detector.getTrustedProxies())); } else { detector = null; } } }
@Inject public Configuration(Environment env,Settings settings) { this.environment = env; this.settings=settings; this.useSmart = settings.get("use_smart", "false").equals("true"); this.enableLowercase = settings.get("enable_lowercase", "true").equals("true"); this.enableRemoteDict = settings.get("enable_remote_dict", "true").equals("true"); Dictionary.initial(this); }
public static InputStream resolveStream(String propName, Settings settings) { final String content = settings.get(propName, null); if(content == null) { return null; } return new ByteArrayInputStream(content.getBytes(StandardCharsets.US_ASCII)); }
public static String resolve(String propName, Settings settings, Path configPath, boolean mustBeValid) { final String originalPath = settings.get(propName, null); return resolve(originalPath, propName, settings, configPath, mustBeValid); }
public String kibanaServerUsername() { return getConfigSettings().get("searchguard.dynamic.kibana.server_username","kibanaserver"); }
public String kibanaIndex() { return getConfigSettings().get("searchguard.dynamic.kibana.index",".kibana"); }
private String getPort() { return instance.settings().get("http.port"); }
@Test public void verify_default_index_settings_in_standalone() { Settings underTest = new NewIndex("issues", defaultSettingsConfiguration).getSettings().build(); assertThat(underTest.get("index.number_of_shards")).isNotEmpty(); assertThat(underTest.get("index.mapper.dynamic")).isEqualTo("false"); assertThat(underTest.get("index.refresh_interval")).isEqualTo("30s"); assertThat(underTest.get("index.number_of_shards")).isEqualTo("1"); assertThat(underTest.get("index.number_of_replicas")).isEqualTo("0"); }
private Map<String, String> convertSettingResponse(String settingResponse, String indexName) { ObjectMapper mapper = new ObjectMapper(); try { Settings settings = Settings.fromXContent(XContentType.JSON.xContent().createParser(NamedXContentRegistry.EMPTY, DeprecationHandler.THROW_UNSUPPORTED_OPERATION, settingResponse)); String prefix = indexName + ".settings."; // Backwards compatibility. TODO Change to return Settings object. Map<String, String> result = new HashMap<String, String>(); Set<String> keySet = settings.keySet(); for (String key : keySet) { result.put(key.substring(prefix.length()), settings.get(key)); } return result; } catch (IOException e) { throw new ElasticsearchException("Could not map alias response : " + settingResponse, e); } }
public SearchGuardIndexSearcherWrapper(final IndexService indexService, final Settings settings, final AdminDNs adminDNs) { index = indexService.index(); threadContext = indexService.getThreadPool().getThreadContext(); this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); this.adminDns = adminDNs; }
@Test public void verify_default_index_settings_in_cluster() { settings.setProperty(CLUSTER_ENABLED.getKey(), "true"); Settings underTest = new NewIndex("issues", defaultSettingsConfiguration).getSettings().build(); assertThat(underTest.get("index.number_of_shards")).isNotEmpty(); assertThat(underTest.get("index.mapper.dynamic")).isEqualTo("false"); assertThat(underTest.get("index.refresh_interval")).isEqualTo("30s"); assertThat(underTest.get("index.number_of_shards")).isEqualTo("1"); assertThat(underTest.get("index.number_of_replicas")).isEqualTo("1"); }
if(nodeSettings.get("tribe.name", null) == null) { expectedNodeCount++;
@Override protected ConfigUpdateNodeResponse nodeOperation(final NodeConfigUpdateRequest request) { final Map<String, Settings> setn = configurationRepository.reloadConfiguration(Arrays.asList(request.request.getConfigTypes())); String licenseText = null; if(setn.get("config") != null) { licenseText = setn.get("config").get("searchguard.dynamic.license"); } if(licenseText != null && !licenseText.isEmpty()) { try { final SearchGuardLicense license = new SearchGuardLicense(XContentHelper.convertToMap(XContentType.JSON.xContent(), LicenseHelper.validateLicense(licenseText), true), clusterService); if(!license.isValid()) { logger.warn("License "+license.getUid()+" is invalid due to "+license.getMsgs()); //throw an exception here if loading of invalid license should be denied } } catch (Exception e) { logger.error("Invalid license",e); return new ConfigUpdateNodeResponse(clusterService.localNode(), new String[0], "Invalid license: "+e); } } backendRegistry.get().invalidateCache(); return new ConfigUpdateNodeResponse(clusterService.localNode(), setn.keySet().toArray(new String[0]), null); } }
@Test public void testConfigurationFile() throws BackendException { final String index = "es"; ModifiableConfiguration config = GraphDatabaseConfiguration.buildGraphConfiguration(); config.set(LOCAL_MODE, true, index); config.set(CLIENT_ONLY, true, index); config.set(INDEX_CONF_FILE, Joiner.on(File.separator).join("target", "test-classes", "es_nodename_foo.yml"), index); config.set(GraphDatabaseConfiguration.INDEX_DIRECTORY, StorageSetup.getHomeDir("es"), index); Configuration indexConfig = config.restrictTo(index); ElasticSearchIndex idx = new ElasticSearchIndex(indexConfig); // Shouldn't throw exception idx.close(); assertEquals("foo", idx.getNode().settings().get("node.name")); config = GraphDatabaseConfiguration.buildGraphConfiguration(); config.set(LOCAL_MODE, true, index); config.set(CLIENT_ONLY, true, index); config.set(INDEX_CONF_FILE, Joiner.on(File.separator).join("target", "test-classes", "es_nodename_bar.yml"), index); config.set(GraphDatabaseConfiguration.INDEX_DIRECTORY, StorageSetup.getHomeDir("es"), index); indexConfig = config.restrictTo(index); idx = new ElasticSearchIndex(indexConfig); // Shouldn't throw exception idx.close(); assertEquals("bar", idx.getNode().settings().get("node.name")); }