Skip to content

Commit 94d4862

Browse files
tvernumtvernum
authored
Fix exit code for Security CLI tools (#37956)
The certgen, certutil and saml-metadata tools did not correctly return their exit code to the calling shell. These commands now explicitly exit with the code that was returned from the main(args, terminal) method. Backport of #38078
1 parent ec8ddc8 commit 94d4862

File tree

5 files changed

+21
-11
lines changed

5 files changed

+21
-11
lines changed

qa/vagrant/src/main/java/org/elasticsearch/packaging/test/ArchiveTestCase.java

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -311,15 +311,17 @@ public void test90SecurityCliPackaging() {
311311

312312
if (distribution().equals(Distribution.DEFAULT_TAR) || distribution().equals(Distribution.DEFAULT_ZIP)) {
313313
assertTrue(Files.exists(installation.lib.resolve("tools").resolve("security-cli")));
314-
Platforms.onLinux(() -> {
315-
final Result result = sh.run(bin.elasticsearchCertutil + " help");
314+
final Platforms.PlatformAction action = () -> {
315+
Result result = sh.run(bin.elasticsearchCertutil + " --help");
316316
assertThat(result.stdout, containsString("Simplifies certificate creation for use with the Elastic Stack"));
317-
});
318317

319-
Platforms.onWindows(() -> {
320-
final Result result = sh.run(bin.elasticsearchCertutil + " help");
321-
assertThat(result.stdout, containsString("Simplifies certificate creation for use with the Elastic Stack"));
322-
});
318+
// Ensure that the exit code from the java command is passed back up through the shell script
319+
result = sh.runIgnoreExitCode(bin.elasticsearchCertutil + " invalid-command");
320+
assertThat(result.exitCode, is(64));
321+
assertThat(result.stdout, containsString("Unknown command [invalid-command]"));
322+
};
323+
Platforms.onLinux(action);
324+
Platforms.onWindows(action);
323325
} else if (distribution().equals(Distribution.OSS_TAR) || distribution().equals(Distribution.OSS_ZIP)) {
324326
assertFalse(Files.exists(installation.lib.resolve("tools").resolve("security-cli")));
325327
}

x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/CertificateGenerateTool.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,6 @@
3838
import org.elasticsearch.xpack.core.ssl.PemUtils;
3939

4040
import javax.security.auth.x500.X500Principal;
41-
4241
import java.io.IOException;
4342
import java.io.OutputStream;
4443
import java.io.OutputStreamWriter;
@@ -154,7 +153,7 @@ private static class InputFileParser {
154153
}
155154

156155
public static void main(String[] args) throws Exception {
157-
new CertificateGenerateTool().main(args, Terminal.DEFAULT);
156+
exit(new CertificateGenerateTool().main(args, Terminal.DEFAULT));
158157
}
159158

160159
@Override

x-pack/plugin/security/cli/src/main/java/org/elasticsearch/xpack/security/cli/CertificateTool.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -134,7 +134,7 @@ private static class CertificateToolParser {
134134

135135

136136
public static void main(String[] args) throws Exception {
137-
new CertificateTool().main(args, Terminal.DEFAULT);
137+
exit(new CertificateTool().main(args, Terminal.DEFAULT));
138138
}
139139

140140
CertificateTool() {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlMetadataCommand.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,7 @@ public class SamlMetadataCommand extends EnvironmentAwareCommand {
9393
private KeyStoreWrapper keyStoreWrapper;
9494

9595
public static void main(String[] args) throws Exception {
96-
new SamlMetadataCommand().main(args, Terminal.DEFAULT);
96+
exit(new SamlMetadataCommand().main(args, Terminal.DEFAULT));
9797
}
9898

9999
public SamlMetadataCommand() {

x-pack/qa/vagrant/src/test/resources/packaging/tests/certgen.bash

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -406,3 +406,12 @@ DATA_SETTINGS
406406
echo "$testSearch" | grep '"_index":"books"'
407407
echo "$testSearch" | grep '"_id":"0"'
408408
}
409+
410+
@test "[$GROUP] exit code on failure" {
411+
run sudo -E -u $MASTER_USER "$MASTER_HOME/bin/elasticsearch-certgen" --not-a-valid-option
412+
[ "$status" -ne 0 ] || {
413+
echo "Expected elasticsearch-certgen tool exit code to be non-zero"
414+
echo "$output"
415+
false
416+
}
417+
}

0 commit comments

Comments
 (0)