Skip to content

Commit c5ec6da

Browse files
committed
Settings: Fix secure settings by prefix (#25064)
This commit fixes a bug in retrieving a sub Settings object for a given prefix with secure settings. Before this commit the returned Settings would be filtered by the prefix, but the found setting names would not have the prefix removed.
1 parent eb7b522 commit c5ec6da

File tree

2 files changed

+21
-8
lines changed

2 files changed

+21
-8
lines changed

core/src/main/java/org/elasticsearch/common/settings/Settings.java

Lines changed: 11 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -219,15 +219,15 @@ private Object convertMapsToArrays(Map<String, Object> map) {
219219
*/
220220
public Settings getByPrefix(String prefix) {
221221
return new Settings(new FilteredMap(this.settings, (k) -> k.startsWith(prefix), prefix), secureSettings == null ? null :
222-
new PrefixedSecureSettings(secureSettings, s -> prefix + s, s -> s.startsWith(prefix)));
222+
new PrefixedSecureSettings(secureSettings, prefix, s -> s.startsWith(prefix)));
223223
}
224224

225225
/**
226226
* Returns a new settings object that contains all setting of the current one filtered by the given settings key predicate.
227227
*/
228228
public Settings filter(Predicate<String> predicate) {
229229
return new Settings(new FilteredMap(this.settings, predicate, null), secureSettings == null ? null :
230-
new PrefixedSecureSettings(secureSettings, UnaryOperator.identity(), predicate));
230+
new PrefixedSecureSettings(secureSettings, "", predicate));
231231
}
232232

233233
/**
@@ -1257,13 +1257,15 @@ public int size() {
12571257

12581258
private static class PrefixedSecureSettings implements SecureSettings {
12591259
private final SecureSettings delegate;
1260-
private final UnaryOperator<String> keyTransform;
1260+
private final UnaryOperator<String> addPrefix;
1261+
private final UnaryOperator<String> removePrefix;
12611262
private final Predicate<String> keyPredicate;
12621263
private final SetOnce<Set<String>> settingNames = new SetOnce<>();
12631264

1264-
PrefixedSecureSettings(SecureSettings delegate, UnaryOperator<String> keyTransform, Predicate<String> keyPredicate) {
1265+
PrefixedSecureSettings(SecureSettings delegate, String prefix, Predicate<String> keyPredicate) {
12651266
this.delegate = delegate;
1266-
this.keyTransform = keyTransform;
1267+
this.addPrefix = s -> prefix + s;
1268+
this.removePrefix = s -> s.substring(prefix.length());
12671269
this.keyPredicate = keyPredicate;
12681270
}
12691271

@@ -1276,7 +1278,8 @@ public boolean isLoaded() {
12761278
public Set<String> getSettingNames() {
12771279
synchronized (settingNames) {
12781280
if (settingNames.get() == null) {
1279-
Set<String> names = delegate.getSettingNames().stream().filter(keyPredicate).collect(Collectors.toSet());
1281+
Set<String> names = delegate.getSettingNames().stream()
1282+
.filter(keyPredicate).map(removePrefix).collect(Collectors.toSet());
12801283
settingNames.set(Collections.unmodifiableSet(names));
12811284
}
12821285
}
@@ -1285,12 +1288,12 @@ public Set<String> getSettingNames() {
12851288

12861289
@Override
12871290
public SecureString getString(String setting) throws GeneralSecurityException{
1288-
return delegate.getString(keyTransform.apply(setting));
1291+
return delegate.getString(addPrefix.apply(setting));
12891292
}
12901293

12911294
@Override
12921295
public InputStream getFile(String setting) throws GeneralSecurityException{
1293-
return delegate.getFile(keyTransform.apply(setting));
1296+
return delegate.getFile(addPrefix.apply(setting));
12941297
}
12951298

12961299
@Override

core/src/test/java/org/elasticsearch/common/settings/SettingsTests.java

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -444,6 +444,16 @@ public void testPrefixMap() {
444444
expectThrows(NoSuchElementException.class, () -> prefixIterator.next());
445445
}
446446

447+
public void testSecureSettingsPrefix() {
448+
MockSecureSettings secureSettings = new MockSecureSettings();
449+
secureSettings.setString("test.prefix.foo", "somethingsecure");
450+
Settings.Builder builder = Settings.builder();
451+
builder.setSecureSettings(secureSettings);
452+
Settings settings = builder.build();
453+
Settings prefixSettings = settings.getByPrefix("test.prefix.");
454+
assertTrue(prefixSettings.names().contains("foo"));
455+
}
456+
447457
public void testEmptyFilterMap() {
448458
Settings.Builder builder = Settings.builder();
449459
builder.put("a", "a1");

0 commit comments

Comments
 (0)