private static void issueWarnings(Client tc) { NodesInfoResponse nir = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); Version maxVersion = nir.getNodes().stream().max((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); Version minVersion = nir.getNodes().stream().min((n1,n2) -> n1.getVersion().compareTo(n2.getVersion())).get().getVersion(); if(!maxVersion.equals(minVersion)) { System.out.println("WARNING: Your cluster consists of different node versions. It is not recommended to run sgadmin against a mixed cluster. This may fail."); System.out.println(" Minimum node version is "+minVersion.toString()); System.out.println(" Maximum node version is "+maxVersion.toString()); } else { System.out.println("Elasticsearch Version: "+minVersion.toString()); } if(nir.getNodes().size() > 0) { List<PluginInfo> pluginInfos = nir.getNodes().get(0).getPlugins().getPluginInfos(); String sgVersion = pluginInfos.stream().filter(p->p.getClassname().equals("com.floragunn.searchguard.SearchGuardPlugin")).map(p->p.getVersion()).findFirst().orElse("<unknown>"); System.out.println("Search Guard Version: "+sgVersion); } } }
private long getBulkQueueSize() { NodesInfoResponse response = client.admin().cluster().prepareNodesInfo().setThreadPool(true).get(); for (NodeInfo node : response.getNodes()) { Iterator<Info> iterator = node.getThreadPool().iterator(); while (iterator.hasNext()) { Info info = iterator.next(); if ("bulk".equals(info.getName())) { return info.getQueueSize().getSingles(); } } } return DEFAULT_BULK_QUEUE_SIZE; } private boolean isBulkProcessorAvailable() {
for(NodeInfo ni: nir.getNodes()) { Settings nodeSettings = ni.getSettings();
@Test public void testTransportClientImpersonationWildcard() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") .build(); setup(settings); Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
final NodesInfoResponse res = client.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); final List<NodeInfo> nodes = res.getNodes(); final List<NodeInfo> dataNodes = nodes.stream().filter(n->n.getNode().getRoles().contains(Role.DATA) && !n.getNode().getRoles().contains(Role.MASTER)).collect(Collectors.toList()); final List<NodeInfo> clientNodes = nodes.stream().filter(n->!n.getNode().getRoles().contains(Role.MASTER) && !n.getNode().getRoles().contains(Role.DATA)).collect(Collectors.toList()); if (nodeInfo.getHttp() != null && nodeInfo.getHttp().address() != null) { final TransportAddress his = nodeInfo.getHttp().address() .publishAddress(); clusterInfo.httpPort = his.getPort(); final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort(); final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort(); clusterInfo.nodeHost = is.getAddress(); if (nodeInfo.getHttp() != null && nodeInfo.getHttp().address() != null) { final TransportAddress his = nodeInfo.getHttp().address() .publishAddress(); clusterInfo.httpPort = his.getPort(); final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort();
NodesInfoResponse nir = tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet(); sb.append(Strings.toString(nir,true, true)); } catch (Exception e1) {
@Test public void testTransportClientImpersonationWildcardUsernameAttribute() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "*") .build(); setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml") .setSgRolesMapping("sg_roles_mapping_transport_username.yml") .setSgInternalUsers("sg_internal_users_transport_username.yml") , settings); Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
@SuppressWarnings("resource") @Test public void testNodeClientDisallowedWithNonServerCertificate2() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } }
@SuppressWarnings("resource") @Test public void testNodeClientAllowedWithServerCertificate() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .putList("discovery.zen.ping.unicast.hosts", clusterInfo.nodeHost+":"+clusterInfo.nodePort) .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(clusterInfo.numNodes+1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } }
@SuppressWarnings("resource") @Test public void testNodeClientDisallowedWithNonServerCertificate() throws Exception { setup(); Assert.assertEquals(clusterInfo.numNodes, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getNumberOfNodes()); Assert.assertEquals(ClusterHealthStatus.GREEN, clusterHelper.nodeClient().admin().cluster().health(new ClusterHealthRequest().waitForGreenStatus()).actionGet().getStatus()); final Settings tcSettings = Settings.builder() .put(minimumSearchGuardSettings(Settings.EMPTY).get(0)) .put("cluster.name", clusterInfo.clustername) .put("node.data", false) .put("node.master", false) .put("node.ingest", false) .put("path.home", ".") .put("discovery.initial_state_timeout","8s") .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("kirk-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"kirk") .build(); log.debug("Start node client"); try (Node node = new PluginAwareNode(false, tcSettings, Netty4Plugin.class, SearchGuardPlugin.class).start()) { Thread.sleep(50); Assert.assertEquals(1, node.client().admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); } catch (Exception e) { Assert.fail(e.toString()); } }
@Test public void testTransportClientImpersonation() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") .build(); setup(settings); try (TransportClient tc = getInternalTransportClient()) { tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); } Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
@Test public void testTransportClientImpersonationUsernameAttribute() throws Exception { final Settings settings = Settings.builder() .putList("searchguard.authcz.impersonation_dn.CN=spock,OU=client,O=client,L=Test,C=DE", "worf", "nagilum") .build(); setup(Settings.EMPTY, new DynamicSgConfig().setSgConfig("sg_config_transport_username.yml") .setSgRolesMapping("sg_roles_mapping_transport_username.yml") .setSgInternalUsers("sg_internal_users_transport_username.yml") , settings); try (TransportClient tc = getInternalTransportClient()) { tc.index(new IndexRequest("starfleet").type("ships").setRefreshPolicy(RefreshPolicy.IMMEDIATE).source("{\"content\":1}", XContentType.JSON)).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, cur.getNodes().size()); } Settings tcSettings = Settings.builder() .put("searchguard.ssl.transport.keystore_filepath", FileHelper.getAbsoluteFilePathFromClassPath("spock-keystore.jks")) .put(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_KEYSTORE_ALIAS,"spock") .put("path.home", ".") .put("request.headers.sg_impersonate_as", "worf") .build(); try (TransportClient tc = getInternalTransportClient(clusterInfo, tcSettings)) { NodesInfoRequest nir = new NodesInfoRequest(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(nir).actionGet().getNodes().size()); } }
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("internalusers").source("internalusers", FileHelper.readYamlContent("sg_internal_users_spock_add_roles.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config","roles","rolesmapping","internalusers","actiongroups"})).actionGet(); Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size()); tc.index(new IndexRequest("searchguard").type("sg").setRefreshPolicy(RefreshPolicy.IMMEDIATE).id("config").source("config", FileHelper.readYamlContent("sg_config_anon.yml"))).actionGet(); ConfigUpdateResponse cur = tc.execute(ConfigUpdateAction.INSTANCE, new ConfigUpdateRequest(new String[]{"config"})).actionGet();
tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());
Assert.assertEquals(clusterInfo.numNodes, tc.admin().cluster().nodesInfo(new NodesInfoRequest()).actionGet().getNodes().size());