Skip to content

Commit 7bc61f8

Browse files
nik9000nik9000
committed
Switch security to new style Requests (#32290)
In #29623 we added `Request` object flavored requests to the low level REST client and in #30315 we deprecated the old `performRequest`s. This changes all calls in the `x-pack/plugin/security` project to use the new versions.
1 parent 0e3c799 commit 7bc61f8

12 files changed

+163
-139
lines changed

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/BulkUpdateTests.java

+31-34
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,12 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.Header;
9-
import org.apache.http.entity.ContentType;
10-
import org.apache.http.entity.StringEntity;
11-
import org.apache.http.message.BasicHeader;
128
import org.apache.http.util.EntityUtils;
139
import org.elasticsearch.action.DocWriteResponse;
1410
import org.elasticsearch.action.bulk.BulkResponse;
1511
import org.elasticsearch.action.get.GetResponse;
16-
import org.elasticsearch.client.Response;
12+
import org.elasticsearch.client.Request;
13+
import org.elasticsearch.client.RequestOptions;
1714
import org.elasticsearch.common.network.NetworkModule;
1815
import org.elasticsearch.common.settings.SecureString;
1916
import org.elasticsearch.common.settings.Settings;
@@ -25,10 +22,8 @@
2522
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
2623

2724
import java.io.IOException;
28-
import java.util.Collections;
2925

3026
import static org.hamcrest.Matchers.containsString;
31-
import static org.hamcrest.Matchers.equalTo;
3227

3328
public class BulkUpdateTests extends SecurityIntegTestCase {
3429

@@ -74,46 +69,48 @@ public void testThatBulkUpdateDoesNotLoseFields() {
7469

7570
public void testThatBulkUpdateDoesNotLoseFieldsHttp() throws IOException {
7671
final String path = "/index1/type/1";
77-
final Header basicAuthHeader = new BasicHeader("Authorization",
78-
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
79-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
72+
final RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
73+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
74+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
75+
final RequestOptions options = optionsBuilder.build();
8076

81-
StringEntity body = new StringEntity("{\"test\":\"test\"}", ContentType.APPLICATION_JSON);
82-
Response response = getRestClient().performRequest("PUT", path, Collections.emptyMap(), body, basicAuthHeader);
83-
assertThat(response.getStatusLine().getStatusCode(), equalTo(201));
77+
Request createRequest = new Request("PUT", path);
78+
createRequest.setOptions(options);
79+
createRequest.setJsonEntity("{\"test\":\"test\"}");
80+
getRestClient().performRequest(createRequest);
8481

85-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
86-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
87-
assertThat(EntityUtils.toString(response.getEntity()), containsString("\"test\":\"test\""));
82+
Request getRequest = new Request("GET", path);
83+
getRequest.setOptions(options);
84+
assertThat(EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity()), containsString("\"test\":\"test\""));
8885

8986
if (randomBoolean()) {
9087
flushAndRefresh();
9188
}
9289

9390
//update with new field
94-
body = new StringEntity("{\"doc\": {\"not test\": \"not test\"}}", ContentType.APPLICATION_JSON);
95-
response = getRestClient().performRequest("POST", path + "/_update", Collections.emptyMap(), body, basicAuthHeader);
96-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
91+
Request updateRequest = new Request("POST", path + "/_update");
92+
updateRequest.setOptions(options);
93+
updateRequest.setJsonEntity("{\"doc\": {\"not test\": \"not test\"}}");
94+
getRestClient().performRequest(updateRequest);
9795

98-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
99-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
100-
String responseBody = EntityUtils.toString(response.getEntity());
101-
assertThat(responseBody, containsString("\"test\":\"test\""));
102-
assertThat(responseBody, containsString("\"not test\":\"not test\""));
96+
String afterUpdate = EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity());
97+
assertThat(afterUpdate, containsString("\"test\":\"test\""));
98+
assertThat(afterUpdate, containsString("\"not test\":\"not test\""));
10399

104100
// this part is important. Without this, the document may be read from the translog which would bypass the bug where
105101
// FLS kicks in because the request can't be found and only returns meta fields
106102
flushAndRefresh();
107103

108-
body = new StringEntity("{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
109-
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n", ContentType.APPLICATION_JSON);
110-
response = getRestClient().performRequest("POST", "/_bulk", Collections.emptyMap(), body, basicAuthHeader);
111-
assertThat(response.getStatusLine().getStatusCode(), equalTo(200));
112-
113-
response = getRestClient().performRequest("GET", path, basicAuthHeader);
114-
responseBody = EntityUtils.toString(response.getEntity());
115-
assertThat(responseBody, containsString("\"test\":\"test\""));
116-
assertThat(responseBody, containsString("\"not test\":\"not test\""));
117-
assertThat(responseBody, containsString("\"bulk updated\":\"bulk updated\""));
104+
Request bulkRequest = new Request("POST", "/_bulk");
105+
bulkRequest.setOptions(options);
106+
bulkRequest.setJsonEntity(
107+
"{\"update\": {\"_index\": \"index1\", \"_type\": \"type\", \"_id\": \"1\"}}\n" +
108+
"{\"doc\": {\"bulk updated\":\"bulk updated\"}}\n");
109+
getRestClient().performRequest(bulkRequest);
110+
111+
String afterBulk = EntityUtils.toString(getRestClient().performRequest(getRequest).getEntity());
112+
assertThat(afterBulk, containsString("\"test\":\"test\""));
113+
assertThat(afterBulk, containsString("\"not test\":\"not test\""));
114+
assertThat(afterBulk, containsString("\"bulk updated\":\"bulk updated\""));
118115
}
119116
}

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java

+11-5
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,11 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.message.BasicHeader;
98
import org.apache.http.util.EntityUtils;
109
import org.elasticsearch.action.ActionListener;
1110
import org.elasticsearch.action.support.PlainActionFuture;
11+
import org.elasticsearch.client.Request;
12+
import org.elasticsearch.client.RequestOptions;
1213
import org.elasticsearch.client.Response;
1314
import org.elasticsearch.common.Strings;
1415
import org.elasticsearch.common.network.NetworkModule;
@@ -162,10 +163,15 @@ public void onFailure(Exception e) {
162163
}
163164

164165
static void executeHttpRequest(String path, Map<String, String> params) throws Exception {
165-
Response response = getRestClient().performRequest("POST", path, params,
166-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
167-
UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
168-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))));
166+
Request request = new Request("POST", path);
167+
for (Map.Entry<String, String> param : params.entrySet()) {
168+
request.addParameter(param.getKey(), param.getValue());
169+
}
170+
RequestOptions.Builder options = request.getOptions().toBuilder();
171+
options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
172+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
173+
request.setOptions(options);
174+
Response response = getRestClient().performRequest(request);
169175
assertNotNull(response.getEntity());
170176
assertTrue(EntityUtils.toString(response.getEntity()).contains("cluster_name"));
171177
}

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/IndexPrivilegeTests.java

+8-4
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,8 @@
55
*/
66
package org.elasticsearch.integration;
77

8-
import org.apache.http.message.BasicHeader;
8+
import org.elasticsearch.client.Request;
9+
import org.elasticsearch.client.RequestOptions;
910
import org.elasticsearch.client.ResponseException;
1011
import org.elasticsearch.common.network.NetworkModule;
1112
import org.elasticsearch.common.settings.SecureString;
@@ -392,9 +393,12 @@ public void testUserU14() throws Exception {
392393

393394
public void testThatUnknownUserIsRejectedProperly() throws Exception {
394395
try {
395-
getRestClient().performRequest("GET", "/",
396-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
397-
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecureString("passwd".toCharArray()))));
396+
Request request = new Request("GET", "/");
397+
RequestOptions.Builder options = request.getOptions().toBuilder();
398+
options.addHeader("Authorization",
399+
UsernamePasswordToken.basicAuthHeaderValue("idonotexist", new SecureString("passwd".toCharArray())));
400+
request.setOptions(options);
401+
getRestClient().performRequest(request);
398402
fail("request should have failed");
399403
} catch(ResponseException e) {
400404
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));

x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java

+20-14
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,6 @@
55
*/
66
package org.elasticsearch.license;
77

8-
import org.apache.http.message.BasicHeader;
98
import org.elasticsearch.ElasticsearchSecurityException;
109
import org.elasticsearch.action.DocWriteResponse;
1110
import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@@ -15,6 +14,8 @@
1514
import org.elasticsearch.action.admin.indices.stats.IndicesStatsResponse;
1615
import org.elasticsearch.action.index.IndexResponse;
1716
import org.elasticsearch.client.Client;
17+
import org.elasticsearch.client.Request;
18+
import org.elasticsearch.client.RequestOptions;
1819
import org.elasticsearch.client.Response;
1920
import org.elasticsearch.client.ResponseException;
2021
import org.elasticsearch.client.transport.NoNodeAvailableException;
@@ -185,31 +186,36 @@ public void testEnableDisableBehaviour() throws Exception {
185186
}
186187

187188
public void testRestAuthenticationByLicenseType() throws Exception {
188-
Response response = getRestClient().performRequest("GET", "/");
189+
Response unauthorizedRootResponse = getRestClient().performRequest(new Request("GET", "/"));
189190
// the default of the licensing tests is basic
190-
assertThat(response.getStatusLine().getStatusCode(), is(200));
191+
assertThat(unauthorizedRootResponse.getStatusLine().getStatusCode(), is(200));
191192
ResponseException e = expectThrows(ResponseException.class,
192-
() -> getRestClient().performRequest("GET", "/_xpack/security/_authenticate"));
193+
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
193194
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(403));
194195

195196
// generate a new license with a mode that enables auth
196197
License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.TRIAL,
197198
License.OperationMode.PLATINUM, License.OperationMode.STANDARD);
198199
enableLicensing(mode);
199-
e = expectThrows(ResponseException.class, () -> getRestClient().performRequest("GET", "/"));
200+
e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/")));
200201
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
201202
e = expectThrows(ResponseException.class,
202-
() -> getRestClient().performRequest("GET", "/_xpack/security/_authenticate"));
203+
() -> getRestClient().performRequest(new Request("GET", "/_xpack/security/_authenticate")));
203204
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401));
204205

205-
final String basicAuthValue = UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
206-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()));
207-
response = getRestClient().performRequest("GET", "/", new BasicHeader("Authorization", basicAuthValue));
208-
assertThat(response.getStatusLine().getStatusCode(), is(200));
209-
response = getRestClient().performRequest("GET", "/_xpack/security/_authenticate",
210-
new BasicHeader("Authorization", basicAuthValue));
211-
assertThat(response.getStatusLine().getStatusCode(), is(200));
212-
206+
RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
207+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
208+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
209+
RequestOptions options = optionsBuilder.build();
210+
211+
Request rootRequest = new Request("GET", "/");
212+
rootRequest.setOptions(options);
213+
Response authorizedRootResponse = getRestClient().performRequest(rootRequest);
214+
assertThat(authorizedRootResponse.getStatusLine().getStatusCode(), is(200));
215+
Request authenticateRequest = new Request("GET", "/_xpack/security/_authenticate");
216+
authenticateRequest.setOptions(options);
217+
Response authorizedAuthenticateResponse = getRestClient().performRequest(authenticateRequest);
218+
assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200));
213219
}
214220

215221
public void testSecurityActionsByLicenseType() throws Exception {

x-pack/plugin/security/src/test/java/org/elasticsearch/test/NativeRealmIntegTestCase.java

+15-21
Original file line numberDiff line numberDiff line change
@@ -5,13 +5,9 @@
55
*/
66
package org.elasticsearch.test;
77

8-
8+
import org.elasticsearch.client.Request;
9+
import org.elasticsearch.client.RequestOptions;
910
import org.elasticsearch.client.RestClient;
10-
import org.apache.http.HttpEntity;
11-
import org.apache.http.entity.ContentType;
12-
import org.apache.http.message.BasicHeader;
13-
import org.apache.http.nio.entity.NStringEntity;
14-
import org.elasticsearch.client.Response;
1511
import org.elasticsearch.common.network.NetworkModule;
1612
import org.elasticsearch.common.settings.SecureString;
1713
import org.elasticsearch.common.settings.Settings;
@@ -28,7 +24,6 @@
2824

2925
import java.io.IOException;
3026
import java.util.Arrays;
31-
import java.util.Collections;
3227
import java.util.Set;
3328

3429
/**
@@ -87,23 +82,22 @@ public void setupReservedPasswords() throws IOException {
8782
public void setupReservedPasswords(RestClient restClient) throws IOException {
8883
logger.info("setting up reserved passwords for test");
8984
{
90-
String payload = "{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}";
91-
HttpEntity entity = new NStringEntity(payload, ContentType.APPLICATION_JSON);
92-
BasicHeader authHeader = new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
93-
UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD));
94-
String route = "/_xpack/security/user/elastic/_password";
95-
Response response = restClient.performRequest("PUT", route, Collections.emptyMap(), entity, authHeader);
96-
assertEquals(response.getStatusLine().getReasonPhrase(), 200, response.getStatusLine().getStatusCode());
85+
Request request = new Request("PUT", "/_xpack/security/user/elastic/_password");
86+
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
87+
RequestOptions.Builder options = request.getOptions().toBuilder();
88+
options.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, BOOTSTRAP_PASSWORD));
89+
request.setOptions(options);
90+
restClient.performRequest(request);
9791
}
9892

93+
RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
94+
optionsBuilder.addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, reservedPassword));
95+
RequestOptions options = optionsBuilder.build();
9996
for (String username : Arrays.asList(KibanaUser.NAME, LogstashSystemUser.NAME, BeatsSystemUser.NAME)) {
100-
String payload = "{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}";
101-
HttpEntity entity = new NStringEntity(payload, ContentType.APPLICATION_JSON);
102-
BasicHeader authHeader = new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
103-
UsernamePasswordToken.basicAuthHeaderValue(ElasticUser.NAME, reservedPassword));
104-
String route = "/_xpack/security/user/" + username + "/_password";
105-
Response response = restClient.performRequest("PUT", route, Collections.emptyMap(), entity, authHeader);
106-
assertEquals(response.getStatusLine().getReasonPhrase(), 200, response.getStatusLine().getStatusCode());
97+
Request request = new Request("PUT", "/_xpack/security/user/" + username + "/_password");
98+
request.setJsonEntity("{\"password\": \"" + new String(reservedPassword.getChars()) + "\"}");
99+
request.setOptions(options);
100+
restClient.performRequest(request);
107101
}
108102
logger.info("setting up reserved passwords finished");
109103
}

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityPluginTests.java

+10-7
Original file line numberDiff line numberDiff line change
@@ -5,15 +5,15 @@
55
*/
66
package org.elasticsearch.xpack.security;
77

8-
import org.apache.http.message.BasicHeader;
8+
import org.elasticsearch.client.Request;
99
import org.elasticsearch.client.Response;
10+
import org.elasticsearch.client.RequestOptions;
1011
import org.elasticsearch.client.ResponseException;
1112
import org.elasticsearch.common.settings.SecureString;
1213
import org.elasticsearch.common.settings.Settings;
1314
import org.elasticsearch.test.SecurityIntegTestCase;
1415
import org.elasticsearch.test.SecuritySettingsSource;
1516
import org.elasticsearch.test.SecuritySettingsSourceField;
16-
import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
1717

1818
import java.io.IOException;
1919

@@ -35,17 +35,20 @@ public Settings nodeSettings(int nodeOrdinal) {
3535
public void testThatPluginIsLoaded() throws IOException {
3636
try {
3737
logger.info("executing unauthorized request to /_xpack info");
38-
getRestClient().performRequest("GET", "/_xpack");
38+
getRestClient().performRequest(new Request("GET", "/_xpack"));
3939
fail("request should have failed");
4040
} catch(ResponseException e) {
4141
assertThat(e.getResponse().getStatusLine().getStatusCode(), is(UNAUTHORIZED.getStatus()));
4242
}
4343

4444
logger.info("executing authorized request to /_xpack infos");
45-
Response response = getRestClient().performRequest("GET", "/_xpack",
46-
new BasicHeader(UsernamePasswordToken.BASIC_AUTH_HEADER,
47-
basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
48-
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()))));
45+
46+
Request request = new Request("GET", "/_xpack");
47+
RequestOptions.Builder options = request.getOptions().toBuilder();
48+
options.addHeader("Authorization", basicAuthHeaderValue(SecuritySettingsSource.TEST_USER_NAME,
49+
new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
50+
request.setOptions(options);
51+
Response response = getRestClient().performRequest(request);
4952
assertThat(response.getStatusLine().getStatusCode(), is(OK.getStatus()));
5053
}
5154
}

0 commit comments

Comments
 (0)