Etusivu Tutki Apua
Kirjaudu sisään
lqb
/
elasticsearch
peilaus alkaen https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Tiedostot Ongelmat 0 Wiki
Selaa lähdekoodia

S3 repo plugin populate SettingsFilter (#30652)

The accessKey and secretKey repo settings (in the cluster state)
of the s3 client are registered and will populate the SettingsFilter.
Albert Zaharovits 7 vuotta sitten
vanhempi
b4ae29a192
commit
8e9d2b1e28
2 muutettua tiedostoa jossa 48 lisäystä ja 2 poistoa
Jaettu näkymä Näytä diff tilastot
  1. 3 1
      plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java
  2. 45 1
      plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/S3BlobStoreRepositoryTests.java

+ 3 - 1
plugins/repository-s3/src/main/java/org/elasticsearch/repositories/s3/S3RepositoryPlugin.java
Näytä tiedosto 

@@ -90,6 +90,8 @@ public class S3RepositoryPlugin extends Plugin implements RepositoryPlugin {
 
             S3ClientSettings.PROXY_PASSWORD_SETTING,
 
             S3ClientSettings.READ_TIMEOUT_SETTING,
 
             S3ClientSettings.MAX_RETRIES_SETTING,
 
-            S3ClientSettings.USE_THROTTLE_RETRIES_SETTING);
 
+            S3ClientSettings.USE_THROTTLE_RETRIES_SETTING,
 
+            S3Repository.ACCESS_KEY_SETTING,
 
+            S3Repository.SECRET_KEY_SETTING);
 
     }
 
 }

+ 45 - 1
plugins/repository-s3/src/test/java/org/elasticsearch/repositories/s3/S3BlobStoreRepositoryTests.java
Näytä tiedosto 

@@ -21,7 +21,10 @@ package org.elasticsearch.repositories.s3;
 
 import com.amazonaws.services.s3.AmazonS3;
 
 import com.amazonaws.services.s3.model.CannedAccessControlList;
 
 import com.amazonaws.services.s3.model.StorageClass;
 
+
 
+import org.elasticsearch.client.node.NodeClient;
 
 import org.elasticsearch.common.settings.Settings;
 
+import org.elasticsearch.common.settings.SettingsFilter;
 
 import org.elasticsearch.common.unit.ByteSizeUnit;
 
 import org.elasticsearch.common.unit.ByteSizeValue;
 
 import org.elasticsearch.common.xcontent.NamedXContentRegistry;
 
@@ -29,6 +32,12 @@ import org.elasticsearch.env.Environment;
 
 import org.elasticsearch.plugins.Plugin;
 
 import org.elasticsearch.repositories.Repository;
 
 import org.elasticsearch.repositories.blobstore.ESBlobStoreRepositoryIntegTestCase;
 
+import org.elasticsearch.rest.AbstractRestChannel;
 
+import org.elasticsearch.rest.RestController;
 
+import org.elasticsearch.rest.RestRequest;
 
+import org.elasticsearch.rest.RestResponse;
 
+import org.elasticsearch.rest.action.admin.cluster.RestGetRepositoriesAction;
 
+import org.elasticsearch.test.rest.FakeRestRequest;
 
 import org.junit.AfterClass;
 
 import org.junit.BeforeClass;
 
 
@@ -38,9 +47,14 @@ import java.util.Locale;
 
 import java.util.Map;
 
 import java.util.concurrent.ConcurrentHashMap;
 
 import java.util.concurrent.ConcurrentMap;
 
+import java.util.concurrent.CountDownLatch;
 
+import java.util.concurrent.atomic.AtomicReference;
 
 
 import static java.util.Collections.emptyMap;
 
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 
+import static org.hamcrest.Matchers.containsString;
 
+import static org.hamcrest.Matchers.not;
 
+import static org.mockito.Mockito.mock;
 
 
 public class S3BlobStoreRepositoryTests extends ESBlobStoreRepositoryIntegTestCase {
 
 
@@ -81,7 +95,9 @@ public class S3BlobStoreRepositoryTests extends ESBlobStoreRepositoryIntegTestCa
 
                 .put(S3Repository.BUFFER_SIZE_SETTING.getKey(), bufferSize)
 
                 .put(S3Repository.SERVER_SIDE_ENCRYPTION_SETTING.getKey(), serverSideEncryption)
 
                 .put(S3Repository.CANNED_ACL_SETTING.getKey(), cannedACL)
 
-                .put(S3Repository.STORAGE_CLASS_SETTING.getKey(), storageClass)));
 
+                .put(S3Repository.STORAGE_CLASS_SETTING.getKey(), storageClass)
 
+                .put(S3Repository.ACCESS_KEY_SETTING.getKey(), "not_used_but_this_is_a_secret")
 
+                .put(S3Repository.SECRET_KEY_SETTING.getKey(), "not_used_but_this_is_a_secret")));
 
     }
 
 
     @Override
 
@@ -106,4 +122,32 @@ public class S3BlobStoreRepositoryTests extends ESBlobStoreRepositoryIntegTestCa
 
                 }));
 
         }
 
     }
 
+
 
+    public void testInsecureRepositoryCredentials() throws Exception {
 
+        final String repositoryName = "testInsecureRepositoryCredentials";
 
+        createTestRepository(repositoryName);
 
+        final NodeClient nodeClient = internalCluster().getInstance(NodeClient.class);
 
+        final RestGetRepositoriesAction getRepoAction = new RestGetRepositoriesAction(Settings.EMPTY, mock(RestController.class),
 
+                internalCluster().getInstance(SettingsFilter.class));
 
+        final RestRequest getRepoRequest = new FakeRestRequest();
 
+        getRepoRequest.params().put("repository", repositoryName);
 
+        final CountDownLatch getRepoLatch = new CountDownLatch(1);
 
+        final AtomicReference<AssertionError> getRepoError = new AtomicReference<>();
 
+        getRepoAction.handleRequest(getRepoRequest, new AbstractRestChannel(getRepoRequest, true) {
 
+            @Override
 
+            public void sendResponse(RestResponse response) {
 
+                try {
 
+                    assertThat(response.content().utf8ToString(), not(containsString("not_used_but_this_is_a_secret")));
 
+                } catch (final AssertionError ex) {
 
+                    getRepoError.set(ex);
 
+                }
 
+                getRepoLatch.countDown();
 
+            }
 
+        }, nodeClient);
 
+        getRepoLatch.await();
 
+        if (getRepoError.get() != null) {
 
+            throw getRepoError.get();
 
+        }
 
+    }
 
+
 
 }