Skip to content

Commit 4101fc4

Browse files
nik9000nik9000
authored
Switch security to new style Requests (#32290)
In #29623 we added `Request` object flavored requests to the low level REST client and in #30315 we deprecated the old `performRequest`s. This changes all calls in the `x-pack/plugin/security` project to use the new versions.
1 parent 6706309 commit 4101fc4

12 files changed

+163
-139
lines changed

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java

+31-34
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,12 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.Header;
9-
import org.apache.http.entity.ContentType;
10-
import org.apache.http.entity.StringEntity;
11-
import org.apache.http.message.BasicHeader;
128
import org.apache.http.util.EntityUtils;
139
import org.elasticsearch.action.DocWriteResponse;
1410
import org.elasticsearch.action.bulk.BulkResponse;
1511
import org.elasticsearch.action.get.GetResponse;
16-
import org.elasticsearch.client.Response;
12+
import org.elasticsearch.client.Request;
13+
import org.elasticsearch.client.RequestOptions;
1714
import org.elasticsearch.common.settings.SecureString;
1815
import org.elasticsearch.common.settings.Settings;
1916
import org.elasticsearch.common.xcontent.XContentType;
@@ -24,10 +21,8 @@
2421
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
2522

2623
import java.io.IOException;
27-
import java.util.Collections;
2824

2925
import static org.hamcrest.Matchers.containsString;
30-
import static org.hamcrest.Matchers.equalTo;
3126

3227
public class BulkUpdateTests extends SecurityIntegTestCase {
3328

@@ -77,46 +72,48 @@ public void testThatBulkUpdateDoesNotLoseFields() {
7772

7873
public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
7974
final String path = "/index1/type/1";
80-
final Header basicAuthHeader = new BasicHeader("Authorization",
81-
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
82-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
75+
final RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
76+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
77+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
78+
final RequestOptions options = optionsBuilder.build();
8379

84-
StringEntity body = new StringEntity("{\"test\":\"test\"}", ContentType.APPLICATION_JSON);
85-
Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader);
86-
assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
80+
Request createRequest = new Request("PUT", path);
81+
createRequest.setOptions(options);
82+
createRequest.setJsonEntity("{\"test\":\"test\"}");
83+
getRestClient().performRequest(createRequest);
8784

88-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
89-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
90-
assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
85+
Request getRequest = new Request("GET", path);
86+
getRequest.setOptions(options);
87+
assertThat(EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity()), containsString("\"test\":\"test\""));
9188

9289
if (randomBoolean()) {
9390
flushAndRefresh();
9491
}
9592

9693
//update with new field
97-
body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", ContentType.APPLICATION_JSON);
98-
response = getRestClient().performRequest("POST", path + "/_update", Collections.emptyMap(), body, basicAuthHeader);
99-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
94+
Request updateRequest = new Request("POST", path + "/_update");
95+
updateRequest.setOptions(options);
96+
updateRequest.setJsonEntity("{\"doc\": {\"not test\": \"not test\"}}");
97+
getRestClient().performRequest(updateRequest);
10098

101-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
102-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
103-
String responseBody = EntityUtils.toString(response.getEntity());
104-
assertThat(responseBody, containsString("\"test\":\"test\""));
105-
assertThat(responseBody, containsString("\"not test\":\"not test\""));
99+
String afterUpdate = EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity());
100+
assertThat(afterUpdate, containsString("\"test\":\"test\""));
101+
assertThat(afterUpdate, containsString("\"not test\":\"not test\""));
106102

107103
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
108104
// FLS kicks in because the request can't be found and only returns meta fields
109105
flushAndRefresh();
110106

111-
body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
112-
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", ContentType.APPLICATION_JSON);
113-
response = getRestClient().performRequest("POST", "/_bulk", Collections.emptyMap(), body, basicAuthHeader);
114-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
115-
116-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
117-
responseBody = EntityUtils.toString(response.getEntity());
118-
assertThat(responseBody, containsString("\"test\":\"test\""));
119-
assertThat(responseBody, containsString("\"not test\":\"not test\""));
120-
assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
107+
Request bulkRequest = new Request("POST", "/_bulk");
108+
bulkRequest.setOptions(options);
109+
bulkRequest.setJsonEntity(
110+
"{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
111+
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n");
112+
getRestClient().performRequest(bulkRequest);
113+
114+
String afterBulk = EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity());
115+
assertThat(afterBulk, containsString("\"test\":\"test\""));
116+
assertThat(afterBulk, containsString("\"not test\":\"not test\""));
117+
assertThat(afterBulk, containsString("\"bulk updated\":\"bulk updated\""));
121118
}
122119
}

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java

+11-5
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,11 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.message.BasicHeader;
98
import org.apache.http.util.EntityUtils;
109
import org.elasticsearch.action.ActionListener;
1110
import org.elasticsearch.action.support.PlainActionFuture;
11+
import org.elasticsearch.client.Request;
12+
import org.elasticsearch.client.RequestOptions;
1213
import org.elasticsearch.client.Response;
1314
import org.elasticsearch.common.Strings;
1415
import org.elasticsearch.common.settings.SecureString;
@@ -160,10 +161,15 @@ public void onFailure(Exception e) {
160161
}
161162

162163
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
163-
Response response = getRestClient().performRequest("POST", path, params,
164-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
165-
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
166-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))));
164+
Request request = new Request("POST", path);
165+
for (Map.Entry<String, String> param : params.entrySet()) {
166+
request.addParameter(param.getKey(), param.getValue());
167+
}
168+
RequestOptions.Builder options = request.getOptions().toBuilder();
169+
options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
170+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
171+
request.setOptions(options);
172+
Response response = getRestClient().performRequest(request);
167173
assertNotNull(response.getEntity());
168174
assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
169175
}

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java

+8-4
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.message.BasicHeader;
8+
import org.elasticsearch.client.Request;
9+
import org.elasticsearch.client.RequestOptions;
910
import org.elasticsearch.client.ResponseException;
1011
import org.elasticsearch.common.settings.SecureString;
1112
import org.elasticsearch.xpack.core.security.authc.support.Hasher;
@@ -388,9 +389,12 @@ public void testUserU14() throws Exception {
388389

389390
public void testThatUnknownUserIsRejectedProperly() throws Exception {
390391
try {
391-
getRestClient().performRequest("GET", "/",
392-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
393-
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecureString("passwd".toCharArray()))));
392+
Request request = new Request("GET", "/");
393+
RequestOptions.Builder options = request.getOptions().toBuilder();
394+
options.addHeader("Authorization",
395+
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecureString("passwd".toCharArray())));
396+
request.setOptions(options);
397+
getRestClient().performRequest(request);
394398
fail("request should have failed");
395399
} catch(ResponseException e) {
396400
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));

x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java

+20-14
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
*/
66
package org.elasticsearch.license;
77

8-
import org.apache.http.message.BasicHeader;
98
import org.elasticsearch.ElasticsearchSecurityException;
109
import org.elasticsearch.action.DocWriteResponse;
1110
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@@ -15,6 +14,8 @@
1514
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
1615
import org.elasticsearch.action.index.IndexResponse;
1716
import org.elasticsearch.client.Client;
17+
import org.elasticsearch.client.Request;
18+
import org.elasticsearch.client.RequestOptions;
1819
import org.elasticsearch.client.Response;
1920
import org.elasticsearch.client.ResponseException;
2021
import org.elasticsearch.client.transport.NoNodeAvailableException;
@@ -189,31 +190,36 @@ public void testEnableDisableBehaviour() throws Exception {
189190
}
190191

191192
public void testRestAuthenticationByLicenseType() throws Exception {
192-
Response response = getRestClient().performRequest("GET", "/");
193+
Response unauthorizedRootResponse = getRestClient().performRequest(new Request("GET", "/"));
193194
// the default of the licensing tests is basic
194-
assertThat(response.getStatusLine().getStatusCode(), is(200));
195+
assertThat(unauthorizedRootResponse.getStatusLine().getStatusCode(), is(200));
195196
ResponseException e = expectThrows(ResponseException.class,
196-
() -> getRestClient().performRequest("GET", "/_xpack/security/_authenticate"));
197+
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
197198
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
198199

199200
// generate a new license with a mode that enables auth
200201
License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.TRIAL,
201202
License.OperationMode.PLATINUM, License.OperationMode.STANDARD);
202203
enableLicensing(mode);
203-
e = expectThrows(ResponseException.class, () -> getRestClient().performRequest("GET", "/"));
204+
e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/")));
204205
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
205206
e = expectThrows(ResponseException.class,
206-
() -> getRestClient().performRequest("GET", "/_xpack/security/_authenticate"));
207+
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
207208
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
208209

209-
final String basicAuthValue = UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
210-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()));
211-
response = getRestClient().performRequest("GET", "/", new BasicHeader("Authorization", basicAuthValue));
212-
assertThat(response.getStatusLine().getStatusCode(), is(200));
213-
response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
214-
new BasicHeader("Authorization", basicAuthValue));
215-
assertThat(response.getStatusLine().getStatusCode(), is(200));
216-
210+
RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
211+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
212+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
213+
RequestOptions options = optionsBuilder.build();
214+
215+
Request rootRequest = new Request("GET", "/");
216+
rootRequest.setOptions(options);
217+
Response authorizedRootResponse = getRestClient().performRequest(rootRequest);
218+
assertThat(authorizedRootResponse.getStatusLine().getStatusCode(), is(200));
219+
Request authenticateRequest = new Request("GET", "/_xpack/security/_authenticate");
220+
authenticateRequest.setOptions(options);
221+
Response authorizedAuthenticateResponse = getRestClient().performRequest(authenticateRequest);
222+
assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200));
217223
}
218224

219225
public void testSecurityActionsByLicenseType() throws Exception {

x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java

+15-21
Original file line numberDiff line numberDiff line change
@@ -5,12 +5,8 @@
55
*/
66
package org.elasticsearch.test;
77

8-
9-
import org.apache.http.HttpEntity;
10-
import org.apache.http.entity.ContentType;
11-
import org.apache.http.message.BasicHeader;
12-
import org.apache.http.nio.entity.NStringEntity;
13-
import org.elasticsearch.client.Response;
8+
import org.elasticsearch.client.Request;
9+
import org.elasticsearch.client.RequestOptions;
1410
import org.elasticsearch.client.RestClient;
1511
import org.elasticsearch.common.settings.SecureString;
1612
import org.elasticsearch.common.util.set.Sets;
@@ -26,7 +22,6 @@
2622

2723
import java.io.IOException;
2824
import java.util.Arrays;
29-
import java.util.Collections;
3025
import java.util.Set;
3126

3227
/**
@@ -82,23 +77,22 @@ public void setupReservedPasswords() throws IOException {
8277
public void setupReservedPasswords(RestClient restClient) throws IOException {
8378
logger.info("setting up reserved passwords for test");
8479
{
85-
String payload = "{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}";
86-
HttpEntity entity = new NStringEntity(payload, ContentType.APPLICATION_JSON);
87-
BasicHeader authHeader = new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
88-
UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD));
89-
String route = "/_xpack/security/user/elastic/_password";
90-
Response response = restClient.performRequest("PUT", route, Collections.emptyMap(), entity, authHeader);
91-
assertEquals(response.getStatusLine().getReasonPhrase(), 200, response.getStatusLine().getStatusCode());
80+
Request request = new Request("PUT", "/_xpack/security/user/elastic/_password");
81+
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
82+
RequestOptions.Builder options = request.getOptions().toBuilder();
83+
options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD));
84+
request.setOptions(options);
85+
restClient.performRequest(request);
9286
}
9387

88+
RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
89+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, reservedPassword));
90+
RequestOptions options = optionsBuilder.build();
9491
for (String username : Arrays.asList(KibanaUser.NAME, LogstashSystemUser.NAME, BeatsSystemUser.NAME)) {
95-
String payload = "{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}";
96-
HttpEntity entity = new NStringEntity(payload, ContentType.APPLICATION_JSON);
97-
BasicHeader authHeader = new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
98-
UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, reservedPassword));
99-
String route = "/_xpack/security/user/" + username + "/_password";
100-
Response response = restClient.performRequest("PUT", route, Collections.emptyMap(), entity, authHeader);
101-
assertEquals(response.getStatusLine().getReasonPhrase(), 200, response.getStatusLine().getStatusCode());
92+
Request request = new Request("PUT", "/_xpack/security/user/" + username + "/_password");
93+
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
94+
request.setOptions(options);
95+
restClient.performRequest(request);
10296
}
10397
logger.info("setting up reserved passwords finished");
10498
}

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java

+10-7
Original file line numberDiff line numberDiff line change
@@ -5,14 +5,14 @@
55
*/
66
package org.elasticsearch.xpack.security;
77

8-
import org.apache.http.message.BasicHeader;
8+
import org.elasticsearch.client.Request;
99
import org.elasticsearch.client.Response;
10+
import org.elasticsearch.client.RequestOptions;
1011
import org.elasticsearch.client.ResponseException;
1112
import org.elasticsearch.common.settings.SecureString;
1213
import org.elasticsearch.test.SecurityIntegTestCase;
1314
import org.elasticsearch.test.SecuritySettingsSource;
1415
import org.elasticsearch.test.SecuritySettingsSourceField;
15-
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
1616

1717
import java.io.IOException;
1818

@@ -31,17 +31,20 @@ protected boolean addMockHttpTransport() {
3131
public void testThatPluginIsLoaded() throws IOException {
3232
try {
3333
logger.info("executing unauthorized request to /_xpack info");
34-
getRestClient().performRequest("GET", "/_xpack");
34+
getRestClient().performRequest(new Request("GET", "/_xpack"));
3535
fail("request should have failed");
3636
} catch(ResponseException e) {
3737
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(UNAUTHORIZED.getStatus()));
3838
}
3939

4040
logger.info("executing authorized request to /_xpack infos");
41-
Response response = getRestClient().performRequest("GET", "/_xpack",
42-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
43-
basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
44-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))));
41+
42+
Request request = new Request("GET", "/_xpack");
43+
RequestOptions.Builder options = request.getOptions().toBuilder();
44+
options.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
45+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
46+
request.setOptions(options);
47+
Response response = getRestClient().performRequest(request);
4548
assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
4649
}
4750
}

0 commit comments

Comments
 (0)