Skip to content

Commit f77559c

Browse files
jkakavasjkakavas
committed
Correct more merge woes
1 parent 7af0714 commit f77559c

File tree

2 files changed

+38
-42
lines changed

2 files changed

+38
-42
lines changed

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordActionTests.java

+2-2
Original file line numberDiff line numberDiff line change
@@ -161,8 +161,8 @@ public void testIncorrectPasswordHashingAlgorithm() {
161161
request.passwordHash(hasher.hash(SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING));
162162
final AtomicReference<Throwable> throwableRef = new AtomicReference<>();
163163
final AtomicReference<ChangePasswordResponse> responseRef = new AtomicReference<>();
164-
TransportService transportService = new TransportService(Settings.EMPTY, null, null, TransportService.NOOP_TRANSPORT_INTERCEPTOR,
165-
x -> null, null, Collections.emptySet());
164+
TransportService transportService = new TransportService(Settings.EMPTY, mock(Transport.class), null,
165+
TransportService.NOOP_TRANSPORT_INTERCEPTOR, x -> null, null, Collections.emptySet());
166166
Settings passwordHashingSettings = Settings.builder().put(XPackSettings.PASSWORD_HASHING_ALGORITHM.getKey(),
167167
randomFrom("pbkdf2_50000", "pbkdf2_10000", "bcrypt11", "bcrypt8", "bcrypt")).build();
168168
TransportChangePasswordAction action = new TransportChangePasswordAction(passwordHashingSettings, mock(ThreadPool.class),

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/NativeRealmIntegTests.java

+36-40
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@
3535
import org.elasticsearch.xpack.core.security.action.user.ChangePasswordResponse;
3636
import org.elasticsearch.xpack.core.security.action.user.DeleteUserResponse;
3737
import org.elasticsearch.xpack.core.security.action.user.GetUsersResponse;
38+
import org.elasticsearch.xpack.core.security.authc.support.Hasher;
3839
import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
3940
import org.elasticsearch.xpack.core.security.authz.permission.Role;
4041
import org.elasticsearch.xpack.core.security.authz.store.ReservedRolesStore;
@@ -72,22 +73,24 @@
7273
public class NativeRealmIntegTests extends NativeRealmIntegTestCase {
7374

7475
private static boolean anonymousEnabled;
76+
private static Hasher hasher;
7577

7678
private boolean roleExists;
7779

7880
@BeforeClass
7981
public static void init() {
8082
anonymousEnabled = randomBoolean();
83+
hasher = getFastStoredHashAlgoForTests();
8184
}
8285

8386
@Override
8487
public Settings nodeSettings(int nodeOrdinal) {
88+
Settings.Builder builder = Settings.builder().put(super.nodeSettings(nodeOrdinal))
89+
.put("xpack.security.authc.password_hashing.algorithm", hasher.name());
8590
if (anonymousEnabled) {
86-
return Settings.builder().put(super.nodeSettings(nodeOrdinal))
87-
.put(AnonymousUser.ROLES_SETTING.getKey(), "native_anonymous")
88-
.build();
91+
builder.put(AnonymousUser.ROLES_SETTING.getKey(), "native_anonymous");
8992
}
90-
return super.nodeSettings(nodeOrdinal);
93+
return builder.build();
9194
}
9295

9396
@Before
@@ -111,7 +114,7 @@ public void setupAnonymousRoleIfNecessary() throws Exception {
111114
public void testDeletingNonexistingUserAndRole() throws Exception {
112115
SecurityClient c = securityClient();
113116
// first create the index so it exists
114-
c.preparePutUser("joe", "s3kirt".toCharArray(), getFastStoredHashAlgoForTests(), "role1", "user").get();
117+
c.preparePutUser("joe", "s3kirt".toCharArray(), hasher, "role1", "user").get();
115118
DeleteUserResponse resp = c.prepareDeleteUser("missing").get();
116119
assertFalse("user shouldn't be found", resp.found());
117120
DeleteRoleResponse resp2 = c.prepareDeleteRole("role").get();
@@ -131,7 +134,7 @@ public void testAddAndGetUser() throws Exception {
131134
final List<User> existingUsers = Arrays.asList(c.prepareGetUsers().get().users());
132135
final int existing = existingUsers.size();
133136
logger.error("--> creating user");
134-
c.preparePutUser("joe", "s3kirt".toCharArray(), getFastStoredHashAlgoForTests(), "role1", "user").get();
137+
c.preparePutUser("joe", "s3kirt".toCharArray(), hasher, "role1", "user").get();
135138
logger.error("--> waiting for .security index");
136139
ensureGreen(SECURITY_INDEX_NAME);
137140
logger.info("--> retrieving user");
@@ -142,8 +145,8 @@ public void testAddAndGetUser() throws Exception {
142145
assertArrayEquals(joe.roles(), new String[]{"role1", "user"});
143146

144147
logger.info("--> adding two more users");
145-
c.preparePutUser("joe2", "s3kirt2".toCharArray(), getFastStoredHashAlgoForTests(), "role2", "user").get();
146-
c.preparePutUser("joe3", "s3kirt3".toCharArray(), getFastStoredHashAlgoForTests(), "role3", "user").get();
148+
c.preparePutUser("joe2", "s3kirt2".toCharArray(), hasher, "role2", "user").get();
149+
c.preparePutUser("joe3", "s3kirt3".toCharArray(), hasher, "role3", "user").get();
147150
GetUsersResponse allUsersResp = c.prepareGetUsers().get();
148151
assertTrue("users should exist", allUsersResp.hasUsers());
149152
assertEquals("should be " + (3 + existing) + " users total", 3 + existing, allUsersResp.users().length);
@@ -237,7 +240,7 @@ public void testAddUserAndRoleThenAuth() throws Exception {
237240
new BytesArray("{\"match_all\": {}}"))
238241
.get();
239242
logger.error("--> creating user");
240-
c.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), "test_role").get();
243+
c.preparePutUser("joe", "s3krit".toCharArray(), hasher, "test_role").get();
241244
logger.error("--> waiting for .security index");
242245
ensureGreen(SECURITY_INDEX_NAME);
243246
logger.info("--> retrieving user");
@@ -258,7 +261,7 @@ public void testAddUserAndRoleThenAuth() throws Exception {
258261
public void testUpdatingUserAndAuthentication() throws Exception {
259262
SecurityClient c = securityClient();
260263
logger.error("--> creating user");
261-
c.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), SecuritySettingsSource.TEST_ROLE).get();
264+
c.preparePutUser("joe", "s3krit".toCharArray(), hasher, SecuritySettingsSource.TEST_ROLE).get();
262265
logger.error("--> waiting for .security index");
263266
ensureGreen(SECURITY_INDEX_NAME);
264267
logger.info("--> retrieving user");
@@ -275,7 +278,7 @@ public void testUpdatingUserAndAuthentication() throws Exception {
275278

276279
assertEquals(1L, searchResp.getHits().getTotalHits());
277280

278-
c.preparePutUser("joe", "s3krit2".toCharArray(), getFastStoredHashAlgoForTests(), SecuritySettingsSource.TEST_ROLE).get();
281+
c.preparePutUser("joe", "s3krit2".toCharArray(), hasher, SecuritySettingsSource.TEST_ROLE).get();
279282

280283
try {
281284
client().filterWithHeader(Collections.singletonMap("Authorization", token)).prepareSearch("idx").get();
@@ -293,8 +296,7 @@ public void testUpdatingUserAndAuthentication() throws Exception {
293296
public void testCreateDeleteAuthenticate() {
294297
SecurityClient c = securityClient();
295298
logger.error("--> creating user");
296-
c.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(),
297-
SecuritySettingsSource.TEST_ROLE).get();
299+
c.preparePutUser("joe", "s3krit".toCharArray(), hasher, SecuritySettingsSource.TEST_ROLE).get();
298300
logger.error("--> waiting for .security index");
299301
ensureGreen(SECURITY_INDEX_NAME);
300302
logger.info("--> retrieving user");
@@ -332,7 +334,7 @@ public void testCreateAndUpdateRole() {
332334
new BytesArray("{\"match_all\": {}}"))
333335
.get();
334336
logger.error("--> creating user");
335-
c.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), "test_role").get();
337+
c.preparePutUser("joe", "s3krit".toCharArray(), hasher, "test_role").get();
336338
logger.error("--> waiting for .security index");
337339
ensureGreen(SECURITY_INDEX_NAME);
338340

@@ -381,7 +383,7 @@ public void testAuthenticateWithDeletedRole() {
381383
.addIndices(new String[]{"*"}, new String[]{"read"}, new String[]{"body", "title"}, null,
382384
new BytesArray("{\"match_all\": {}}"))
383385
.get();
384-
c.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), "test_role").get();
386+
c.preparePutUser("joe", "s3krit".toCharArray(), hasher, "test_role").get();
385387
logger.error("--> waiting for .security index");
386388
ensureGreen(SECURITY_INDEX_NAME);
387389

@@ -415,7 +417,7 @@ public void testPutUserWithoutPassword() {
415417
assertThat(client.prepareGetUsers("joes").get().hasUsers(), is(false));
416418
// check that putting a user without a password fails if the user doesn't exist
417419
try {
418-
client.preparePutUser("joe", null, getFastStoredHashAlgoForTests(), "admin_role").get();
420+
client.preparePutUser("joe", null, hasher, "admin_role").get();
419421
fail("cannot create a user without a password");
420422
} catch (IllegalArgumentException e) {
421423
assertThat(e.getMessage(), containsString("password must be specified"));
@@ -424,16 +426,15 @@ public void testPutUserWithoutPassword() {
424426
assertThat(client.prepareGetUsers("joes").get().hasUsers(), is(false));
425427

426428
// create joe with a password and verify the user works
427-
client.preparePutUser("joe", SecuritySettingsSourceField.TEST_PASSWORD.toCharArray(),
428-
getFastStoredHashAlgoForTests(), "admin_role").get();
429+
client.preparePutUser("joe", SecuritySettingsSourceField.TEST_PASSWORD.toCharArray(), hasher, "admin_role").get();
429430
assertThat(client.prepareGetUsers("joe").get().hasUsers(), is(true));
430431
final String token = basicAuthHeaderValue("joe", SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING);
431432
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token)).admin().cluster()
432433
.prepareHealth().get();
433434
assertFalse(response.isTimedOut());
434435

435436
// modify joe without sending the password
436-
client.preparePutUser("joe", null, getFastStoredHashAlgoForTests(), "read_role").fullName("Joe Smith").get();
437+
client.preparePutUser("joe", null, hasher, "read_role").fullName("Joe Smith").get();
437438
GetUsersResponse getUsersResponse = client.prepareGetUsers("joe").get();
438439
assertThat(getUsersResponse.hasUsers(), is(true));
439440
assertThat(getUsersResponse.users().length, is(1));
@@ -454,7 +455,7 @@ public void testPutUserWithoutPassword() {
454455

455456
// update the user with password and admin role again
456457
String secondPassword = SecuritySettingsSourceField.TEST_PASSWORD + "2";
457-
client.preparePutUser("joe", secondPassword.toCharArray(), getFastStoredHashAlgoForTests(), "admin_role").
458+
client.preparePutUser("joe", secondPassword.toCharArray(), hasher, "admin_role").
458459
fullName("Joe Smith").get();
459460
getUsersResponse = client.prepareGetUsers("joe").get();
460461
assertThat(getUsersResponse.hasUsers(), is(true));
@@ -483,7 +484,7 @@ public void testPutUserWithoutPassword() {
483484
public void testCannotCreateUserWithShortPassword() throws Exception {
484485
SecurityClient client = securityClient();
485486
try {
486-
client.preparePutUser("joe", randomAlphaOfLengthBetween(0, 5).toCharArray(), getFastStoredHashAlgoForTests(),
487+
client.preparePutUser("joe", randomAlphaOfLengthBetween(0, 5).toCharArray(), hasher,
487488
"admin_role").get();
488489
fail("cannot create a user without a password < 6 characters");
489490
} catch (ValidationException v) {
@@ -494,7 +495,7 @@ public void testCannotCreateUserWithShortPassword() throws Exception {
494495
public void testCannotCreateUserWithInvalidCharactersInName() throws Exception {
495496
SecurityClient client = securityClient();
496497
ValidationException v = expectThrows(ValidationException.class,
497-
() -> client.preparePutUser("fóóbár", "my-am@zing-password".toCharArray(), getFastStoredHashAlgoForTests(),
498+
() -> client.preparePutUser("fóóbár", "my-am@zing-password".toCharArray(), hasher,
498499
"admin_role").get()
499500
);
500501
assertThat(v.getMessage(), containsString("names must be"));
@@ -505,7 +506,7 @@ public void testUsersAndRolesDoNotInterfereWithIndicesStats() throws Exception {
505506

506507
SecurityClient client = securityClient();
507508
if (randomBoolean()) {
508-
client.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(),
509+
client.preparePutUser("joe", "s3krit".toCharArray(), hasher,
509510
SecuritySettingsSource.TEST_ROLE).get();
510511
} else {
511512
client.preparePutRole("read_role")
@@ -526,7 +527,7 @@ public void testOperationsOnReservedUsers() throws Exception {
526527
final String username = randomFrom(ElasticUser.NAME, KibanaUser.NAME);
527528
IllegalArgumentException exception = expectThrows(IllegalArgumentException.class,
528529
() -> securityClient().preparePutUser(username, randomBoolean() ? SecuritySettingsSourceField.TEST_PASSWORD.toCharArray()
529-
: null, getFastStoredHashAlgoForTests(), "admin").get());
530+
: null, hasher, "admin").get());
530531
assertThat(exception.getMessage(), containsString("Username [" + username + "] is reserved"));
531532

532533
exception = expectThrows(IllegalArgumentException.class,
@@ -538,22 +539,19 @@ public void testOperationsOnReservedUsers() throws Exception {
538539
assertThat(exception.getMessage(), containsString("user [" + AnonymousUser.DEFAULT_ANONYMOUS_USERNAME + "] is anonymous"));
539540

540541
exception = expectThrows(IllegalArgumentException.class,
541-
() -> securityClient().prepareChangePassword(AnonymousUser.DEFAULT_ANONYMOUS_USERNAME, "foobar".toCharArray(),
542-
getFastStoredHashAlgoForTests()).get());
542+
() -> securityClient().prepareChangePassword(AnonymousUser.DEFAULT_ANONYMOUS_USERNAME, "foobar".toCharArray(), hasher).get());
543543
assertThat(exception.getMessage(), containsString("user [" + AnonymousUser.DEFAULT_ANONYMOUS_USERNAME + "] is anonymous"));
544544

545545
exception = expectThrows(IllegalArgumentException.class,
546-
() -> securityClient().preparePutUser(AnonymousUser.DEFAULT_ANONYMOUS_USERNAME, "foobar".toCharArray(),
547-
getFastStoredHashAlgoForTests()).get());
546+
() -> securityClient().preparePutUser(AnonymousUser.DEFAULT_ANONYMOUS_USERNAME, "foobar".toCharArray(), hasher).get());
548547
assertThat(exception.getMessage(), containsString("Username [" + AnonymousUser.DEFAULT_ANONYMOUS_USERNAME + "] is reserved"));
549548

550549
exception = expectThrows(IllegalArgumentException.class,
551-
() -> securityClient().preparePutUser(SystemUser.NAME, "foobar".toCharArray(), getFastStoredHashAlgoForTests()).get());
550+
() -> securityClient().preparePutUser(SystemUser.NAME, "foobar".toCharArray(), hasher).get());
552551
assertThat(exception.getMessage(), containsString("user [" + SystemUser.NAME + "] is internal"));
553552

554553
exception = expectThrows(IllegalArgumentException.class,
555-
() -> securityClient().prepareChangePassword(SystemUser.NAME, "foobar".toCharArray(),
556-
getFastStoredHashAlgoForTests()).get());
554+
() -> securityClient().prepareChangePassword(SystemUser.NAME, "foobar".toCharArray(), hasher).get());
557555
assertThat(exception.getMessage(), containsString("user [" + SystemUser.NAME + "] is internal"));
558556

559557
exception = expectThrows(IllegalArgumentException.class,
@@ -591,7 +589,7 @@ public void testOperationsOnReservedRoles() throws Exception {
591589
}
592590

593591
public void testCreateAndChangePassword() throws Exception {
594-
securityClient().preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(),
592+
securityClient().preparePutUser("joe", "s3krit".toCharArray(), hasher,
595593
SecuritySettingsSource.TEST_ROLE).get();
596594
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
597595
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token))
@@ -600,7 +598,7 @@ public void testCreateAndChangePassword() throws Exception {
600598

601599
ChangePasswordResponse passwordResponse = securityClient(
602600
client().filterWithHeader(Collections.singletonMap("Authorization", token)))
603-
.prepareChangePassword("joe", SecuritySettingsSourceField.TEST_PASSWORD.toCharArray(), getFastStoredHashAlgoForTests()).get();
601+
.prepareChangePassword("joe", SecuritySettingsSourceField.TEST_PASSWORD.toCharArray(), hasher).get();
604602
assertThat(passwordResponse, notNullValue());
605603

606604

@@ -680,8 +678,7 @@ public void testRealmUsageStats() {
680678
final int numNativeUsers = scaledRandomIntBetween(1, 32);
681679
SecurityClient securityClient = new SecurityClient(client());
682680
for (int i = 0; i < numNativeUsers; i++) {
683-
securityClient.preparePutUser("joe" + i, "s3krit".toCharArray(), getFastStoredHashAlgoForTests(),
684-
"superuser").get();
681+
securityClient.preparePutUser("joe" + i, "s3krit".toCharArray(), hasher,"superuser").get();
685682
}
686683

687684
XPackUsageResponse response = new XPackUsageRequestBuilder(client()).get();
@@ -701,8 +698,7 @@ public void testRealmUsageStats() {
701698

702699
public void testSetEnabled() throws Exception {
703700

704-
securityClient().preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(),
705-
SecuritySettingsSource.TEST_ROLE).get();
701+
securityClient().preparePutUser("joe", "s3krit".toCharArray(), hasher, SecuritySettingsSource.TEST_ROLE).get();
706702
final String token = basicAuthHeaderValue("joe", new SecureString("s3krit".toCharArray()));
707703
ClusterHealthResponse response = client().filterWithHeader(Collections.singletonMap("Authorization", token))
708704
.admin().cluster().prepareHealth().get();
@@ -726,7 +722,7 @@ public void testSetEnabled() throws Exception {
726722

727723
public void testNegativeLookupsThenCreateRole() throws Exception {
728724
SecurityClient securityClient = new SecurityClient(client());
729-
securityClient.preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), "unknown_role").get();
725+
securityClient.preparePutUser("joe", "s3krit".toCharArray(), hasher, "unknown_role").get();
730726

731727
final int negativeLookups = scaledRandomIntBetween(1, 10);
732728
for (int i = 0; i < negativeLookups; i++) {
@@ -762,9 +758,9 @@ public void testNegativeLookupsThenCreateRole() throws Exception {
762758
* the loader returned a null value, while the other caller(s) would get a null value unexpectedly
763759
*/
764760
public void testConcurrentRunAs() throws Exception {
765-
securityClient().preparePutUser("joe", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), SecuritySettingsSource
761+
securityClient().preparePutUser("joe", "s3krit".toCharArray(), hasher, SecuritySettingsSource
766762
.TEST_ROLE).get();
767-
securityClient().preparePutUser("executor", "s3krit".toCharArray(), getFastStoredHashAlgoForTests(), "superuser").get();
763+
securityClient().preparePutUser("executor", "s3krit".toCharArray(), hasher, "superuser").get();
768764
final String token = basicAuthHeaderValue("executor", new SecureString("s3krit".toCharArray()));
769765
final Client client = client().filterWithHeader(MapBuilder.<String, String>newMapBuilder()
770766
.put("Authorization", token)

0 commit comments

Comments
 (0)