UserInjector(Settings settings, ThreadPool threadPool, AuditLog auditLog, XFFResolver xffResolver) { this.threadPool = threadPool; this.auditLog = auditLog; this.xffResolver = xffResolver; this.injectUserEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_INJECT_USER_ENABLED, false); }
private static boolean isSslOnlyMode(final Settings settings) { return settings.getAsBoolean(ConfigConstants.SEARCHGUARD_SSL_ONLY, false); }
private static boolean isDisabled(final Settings settings) { return settings.getAsBoolean(ConfigConstants.SEARCHGUARD_DISABLED, false); }
public PinyinConfig(Settings settings) { this.keepFirstLetter=settings.getAsBoolean("keep_first_letter",true); this.keepSeparateFirstLetter=settings.getAsBoolean("keep_separate_first_letter",false); this.keepFullPinyin=settings.getAsBoolean("keep_full_pinyin", true); this.keepJoinedFullPinyin =settings.getAsBoolean("keep_joined_full_pinyin", false); this.keepNoneChinese=settings.getAsBoolean("keep_none_chinese",true); this.keepNoneChineseTogether=settings.getAsBoolean("keep_none_chinese_together",true); this.noneChinesePinyinTokenize =settings.getAsBoolean("none_chinese_pinyin_tokenize",true); this.keepOriginal=settings.getAsBoolean("keep_original", false); this.LimitFirstLetterLength=settings.getAsInt("limit_first_letter_length", 16); this.lowercase=settings.getAsBoolean("lowercase", true); this.trimWhitespace=settings.getAsBoolean("trim_whitespace", true); this.keepNoneChineseInFirstLetter =settings.getAsBoolean("keep_none_chinese_in_first_letter", true); this.keepNoneChineseInJoinedFullPinyin =settings.getAsBoolean("keep_none_chinese_in_joined_full_pinyin", false); this.removeDuplicateTerm =settings.getAsBoolean("remove_duplicated_term", false); this.fixedPinyinOffset =settings.getAsBoolean("fixed_pinyin_offset", false); this.ignorePinyinOffset =settings.getAsBoolean("ignore_pinyin_offset", true); } }
public SnapshotRestoreEvaluator(final Settings settings, AuditLog auditLog) { this.enableSnapshotRestorePrivilege = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE, ConfigConstants.SG_DEFAULT_ENABLE_SNAPSHOT_RESTORE_PRIVILEGE); this.restoreSgIndexEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_RESTORE_SGINDEX_ENABLED, false); this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); this.auditLog = auditLog; }
public boolean multitenancyEnabled() { return privilegesInterceptor.getClass() != PrivilegesInterceptor.class && getConfigSettings().getAsBoolean("searchguard.dynamic.kibana.multitenancy_enabled", true); }
public boolean notFailOnForbiddenEnabled() { return privilegesInterceptor.getClass() != PrivilegesInterceptor.class && getConfigSettings().getAsBoolean("searchguard.dynamic.kibana.do_not_fail_on_forbidden", false); }
public SearchGuardIndexAccessEvaluator(final Settings settings, AuditLog auditLog) { this.searchguardIndex = settings.get(ConfigConstants.SEARCHGUARD_CONFIG_INDEX_NAME, ConfigConstants.SG_DEFAULT_CONFIG_INDEX); this.auditLog = auditLog; final List<String> sgIndexdeniedActionPatternsListAll = new ArrayList<String>(); sgIndexdeniedActionPatternsListAll.add("indices:data/write*"); sgIndexdeniedActionPatternsListAll.add("indices:admin/close"); sgIndexdeniedActionPatternsListAll.add("indices:admin/delete"); sgIndexdeniedActionPatternsListAll.add("cluster:admin/snapshot/restore"); sgDeniedActionPatternsAll = sgIndexdeniedActionPatternsListAll.toArray(new String[0]); final List<String> sgIndexdeniedActionPatternsListSnapshotRestoreAllowed = new ArrayList<String>(); sgIndexdeniedActionPatternsListAll.add("indices:data/write*"); sgIndexdeniedActionPatternsListAll.add("indices:admin/delete"); sgDeniedActionPatternsSnapshotRestoreAllowed = sgIndexdeniedActionPatternsListSnapshotRestoreAllowed.toArray(new String[0]); this.restoreSgIndexEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_RESTORE_SGINDEX_ENABLED, false); }
public boolean transportInterClusterAuthEnabled() { final boolean interClusterAuthInitiallyDisabled = staticSettings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_DISABLE_INTERTRANSPORT_AUTH_INITIALLY, false); if(interClusterAuthInitiallyDisabled) { if(dynamicSgConfig == null) { if(log.isTraceEnabled()) { log.trace("dynamicSgConfig is null, initially static interClusterAuthDisabled"); } return false; } else { final boolean interClusterAuthDynamicallyDisabled = dynamicSgConfig.getAsBoolean("searchguard.dynamic.disable_intertransport_auth", false); if(log.isTraceEnabled()) { log.trace("searchguard.dynamic.disable_intertransport_auth {}", interClusterAuthDynamicallyDisabled); } return !interClusterAuthDynamicallyDisabled; } } else { return true; } } }
public boolean restAuthEnabled() { final boolean restInitiallyDisabled = staticSettings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_DISABLE_REST_AUTH_INITIALLY, false); if(restInitiallyDisabled) { if(dynamicSgConfig == null) { if(log.isTraceEnabled()) { log.trace("dynamicSgConfig is null, initially static restDisabled"); } return false; } else { final boolean restDynamicallyDisabled = dynamicSgConfig.getAsBoolean("searchguard.dynamic.disable_rest_auth", false); if(log.isTraceEnabled()) { log.trace("searchguard.dynamic.disable_rest_auth {}", restDynamicallyDisabled); } return !restDynamicallyDisabled; } } else { return true; } }
public static void registerMngtRestApiHandler(final Settings settings) { if (enterpriseModulesDisabled()) { return; } if(!settings.getAsBoolean("http.enabled", true)) { try { final Class<?> clazz = Class.forName("com.floragunn.searchguard.dlic.rest.api.SearchGuardRestApiActions"); addLoadedModule(clazz); } catch (final Throwable e) { log.warn("Unable to register Rest Management Api Module due to {}", e.toString()); if(log.isDebugEnabled()) { log.debug("Stacktrace: ",e); } } } }
logDiffsForWrite = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_HISTORY_WRITE_LOG_DIFFS, false); logWriteMetadataOnly = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_HISTORY_WRITE_METADATA_ONLY, false); logReadMetadataOnly = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_HISTORY_READ_METADATA_ONLY, false); logExternalConfig = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_HISTORY_EXTERNAL_CONFIG_ENABLED, false); logInternalConfig = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_HISTORY_INTERNAL_CONFIG_ENABLED, false); immutableIndicesPatterns = new HashSet<String>(settings.getAsList(ConfigConstants.SEARCHGUARD_COMPLIANCE_IMMUTABLE_INDICES, Collections.emptyList())); final String saltAsString = settings.get(ConfigConstants.SEARCHGUARD_COMPLIANCE_SALT, ConfigConstants.SEARCHGUARD_COMPLIANCE_SALT_DEFAULT);
final boolean enabled = ads.getAsBoolean("enabled", true); final boolean httpEnabled = enabled && ads.getAsBoolean("http_enabled", true); final boolean transportEnabled = enabled && ads.getAsBoolean("transport_enabled", true); final boolean enabled = ads.getAsBoolean("enabled", true); final boolean httpEnabled = enabled && ads.getAsBoolean("http_enabled", true); final boolean transportEnabled = enabled && ads.getAsBoolean("transport_enabled", true); ads.getAsBoolean("http_authenticator.challenge", true), ads.getAsInt("order", 0)); anonymousAuthEnabled = settings.getAsBoolean("searchguard.dynamic.http.anonymous_auth_enabled", false) && !esSettings.getAsBoolean(ConfigConstants.SEARCHGUARD_COMPLIANCE_DISABLE_ANONYMOUS_AUTHENTICATION, false);
public AdminDNs(final Settings settings) { this.injectUserEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_INJECT_USER_ENABLED, false); this.injectAdminUserEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_UNSUPPORTED_INJECT_ADMIN_USER_ENABLED, false);
enterpriseModulesEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ENTERPRISE_MODULES_ENABLED, true); ReflectionHelper.init(enterpriseModulesEnabled); if(!client && !tribeNodeClient && !settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ALLOW_UNSAFE_DEMOCERTIFICATES, false)) {
getConfigSettings().getAsBoolean("searchguard.dynamic.kibana.do_not_fail_on_forbidden", false) || getConfigSettings().getAsBoolean("searchguard.dynamic.do_not_fail_on_forbidden", false); if (config.getAsBoolean("searchguard.dynamic.multi_rolespan_enabled", false)) { permGiven = sgRoles.impliesTypePermGlobal(requestedResolved, user, allIndexPermsRequiredA, resolver, clusterService); } else {
boolean enterpriseModulesEnabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ENTERPRISE_MODULES_ENABLED, true);
public PrivilegesEvaluator(final ClusterService clusterService, final ThreadPool threadPool, final ConfigurationRepository configurationRepository, final ActionGroupHolder ah, final IndexNameExpressionResolver resolver, AuditLog auditLog, final Settings settings, final PrivilegesInterceptor privilegesInterceptor, final ClusterInfoHolder clusterInfoHolder) { super(); this.configurationRepository = configurationRepository; this.clusterService = clusterService; this.resolver = resolver; this.auditLog = auditLog; this.threadContext = threadPool.getThreadContext(); this.privilegesInterceptor = privilegesInterceptor; try { rolesMappingResolution = ConfigConstants.RolesMappingResolution.valueOf(settings.get(ConfigConstants.SEARCHGUARD_ROLES_MAPPING_RESOLUTION, ConfigConstants.RolesMappingResolution.MAPPING_ONLY.toString()).toUpperCase()); } catch (Exception e) { log.error("Cannot apply roles mapping resolution",e); rolesMappingResolution = ConfigConstants.RolesMappingResolution.MAPPING_ONLY; } this.checkSnapshotRestoreWritePrivileges = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES, ConfigConstants.SG_DEFAULT_CHECK_SNAPSHOT_RESTORE_WRITE_PRIVILEGES); this.clusterInfoHolder = clusterInfoHolder; //this.typeSecurityDisabled = settings.getAsBoolean(ConfigConstants.SEARCHGUARD_DISABLE_TYPE_SECURITY, false); configModel = new ConfigModel(ah, configurationRepository); irr = new IndexResolverReplacer(resolver, clusterService, clusterInfoHolder); snapshotRestoreEvaluator = new SnapshotRestoreEvaluator(settings, auditLog); sgIndexAccessEvaluator = new SearchGuardIndexAccessEvaluator(settings, auditLog); dlsFlsEvaluator = new DlsFlsEvaluator(settings, threadPool); termsAggregationEvaluator = new TermsAggregationEvaluator(); }
@Override public void onChange(final Settings settings) { enabled = settings.getAsBoolean("searchguard.dynamic.http.xff.enabled", true); if(enabled) { detector = new RemoteIpDetector(); detector.setInternalProxies(settings.get("searchguard.dynamic.http.xff.internalProxies", detector.getInternalProxies())); detector.setProxiesHeader(settings.get("searchguard.dynamic.http.xff.proxiesHeader", detector.getProxiesHeader())); detector.setRemoteIpHeader(settings.get("searchguard.dynamic.http.xff.remoteIpHeader", detector.getRemoteIpHeader())); detector.setTrustedProxies(settings.get("searchguard.dynamic.http.xff.trustedProxies", detector.getTrustedProxies())); } else { detector = null; } } }
public FsBlobStore(Settings settings, Path path) throws IOException { this.path = path; this.readOnly = settings.getAsBoolean("readonly", false); if (!this.readOnly) { Files.createDirectories(path); } this.bufferSizeInBytes = (int) settings.getAsBytesSize("repositories.fs.buffer_size", new ByteSizeValue(100, ByteSizeUnit.KB)).getBytes(); }