Watcher notification settings Upgrade checks (#36907)

Upgrade checks for watcher notifications account deprecations in #36403 and #36736 .
elastic · Jan 20, 2019 · 6ab4d18 · 6ab4d18
1 parent c58cb40
commit 6ab4d18
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 1 deletion.
diff --git a/...ugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java b/...ugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DeprecationChecks.java
@@ -49,7 +49,8 @@ private DeprecationChecks() {
             NodeDeprecationChecks::azureRepositoryChanges,
             NodeDeprecationChecks::gcsRepositoryChanges,
             NodeDeprecationChecks::fileDiscoveryPluginRemoved,
-            NodeDeprecationChecks::defaultSSLSettingsRemoved
+            NodeDeprecationChecks::defaultSSLSettingsRemoved,
+            NodeDeprecationChecks::watcherNotificationsSecureSettingsCheck
         ));
 
     static List<Function<IndexMetaData, DeprecationIssue>> INDEX_SETTINGS_CHECKS =

diff --git a/.../deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java b/.../deprecation/src/main/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecks.java
@@ -150,6 +150,29 @@ static DeprecationIssue discoveryConfigurationCheck(List<NodeInfo> nodeInfos, Li
         return null;
     }
 
+    static DeprecationIssue watcherNotificationsSecureSettingsCheck(List<NodeInfo> nodeInfos, List<NodeStats> nodeStats) {
+        List<String> nodesFound = nodeInfos.stream().filter(nodeInfo ->
+                        (false == nodeInfo.getSettings().getByPrefix("xpack.notification.email.account.")
+                            .filter(s -> s.endsWith(".smtp.password")).isEmpty())
+                        || (false == nodeInfo.getSettings().getByPrefix("xpack.notification.hipchat.account.")
+                                .filter(s -> s.endsWith(".auth_token")).isEmpty())
+                        || (false == nodeInfo.getSettings().getByPrefix("xpack.notification.jira.account.")
+                                .filter(s -> s.endsWith(".url") || s.endsWith(".user") || s.endsWith(".password")).isEmpty())
+                        || (false == nodeInfo.getSettings().getByPrefix("xpack.notification.pagerduty.account.")
+                                .filter(s -> s.endsWith(".service_api_key")).isEmpty())
+                        || (false == nodeInfo.getSettings().getByPrefix("xpack.notification.slack.account.").filter(s -> s.endsWith(".url"))
+                                .isEmpty()))
+                .map(nodeInfo -> nodeInfo.getNode().getName()).collect(Collectors.toList());
+        if (nodesFound.size() > 0) {
+            return new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                    "Watcher notification accounts' authentication settings must be defined securely",
+                    "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html" +
+                        "#watcher-notifications-account-settings",
+                    "nodes which have insecure notification account settings are: " + nodesFound);
+        }
+        return null;
+    }
+
     static DeprecationIssue azureRepositoryChanges(List<NodeInfo> nodeInfos, List<NodeStats> nodeStats) {
         List<String> nodesFound = nodeInfos.stream()
             .filter(nodeInfo ->

diff --git a/...ecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java b/...ecation/src/test/java/org/elasticsearch/xpack/deprecation/NodeDeprecationChecksTests.java
@@ -105,6 +105,44 @@ public void testBulkThreadPoolCheck() {
         assertSettingsAndIssue("thread_pool.bulk.queue_size", Integer.toString(randomIntBetween(1, 20000)), expected);
     }
 
+    public void testWatcherNotificationsSecureSettings() {
+        DeprecationIssue expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                "Watcher notification accounts' authentication settings must be defined securely",
+                "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html"
+                        + "#watcher-notifications-account-settings",
+                "nodes which have insecure notification account settings are: [node_check]");
+        assertSettingsAndIssue("xpack.notification.email.account." + randomAlphaOfLength(4) + ".smtp.password", randomAlphaOfLength(4),
+                expected);
+        expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                "Watcher notification accounts' authentication settings must be defined securely",
+                "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html"
+                        + "#watcher-notifications-account-settings",
+                "nodes which have insecure notification account settings are: [node_check]");
+        assertSettingsAndIssue("xpack.notification.hipchat.account." + randomAlphaOfLength(4) + ".auth_token", randomAlphaOfLength(4),
+                expected);
+        expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                "Watcher notification accounts' authentication settings must be defined securely",
+                "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html"
+                        + "#watcher-notifications-account-settings",
+                "nodes which have insecure notification account settings are: [node_check]");
+        assertSettingsAndIssue("xpack.notification.jira.account." + randomAlphaOfLength(4) + ".url", randomAlphaOfLength(4), expected);
+        assertSettingsAndIssue("xpack.notification.jira.account." + randomAlphaOfLength(4) + ".user", randomAlphaOfLength(4), expected);
+        assertSettingsAndIssue("xpack.notification.jira.account." + randomAlphaOfLength(4) + ".password", randomAlphaOfLength(4), expected);
+        expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                "Watcher notification accounts' authentication settings must be defined securely",
+                "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html"
+                        + "#watcher-notifications-account-settings",
+                "nodes which have insecure notification account settings are: [node_check]");
+        assertSettingsAndIssue("xpack.notification.pagerduty.account." + randomAlphaOfLength(4) + ".service_api_key",
+                randomAlphaOfLength(4), expected);
+        expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,
+                "Watcher notification accounts' authentication settings must be defined securely",
+                "https://www.elastic.co/guide/en/elasticsearch/reference/master/breaking-changes-7.0.html"
+                        + "#watcher-notifications-account-settings",
+                "nodes which have insecure notification account settings are: [node_check]");
+        assertSettingsAndIssue("xpack.notification.slack.account." + randomAlphaOfLength(4) + ".url", randomAlphaOfLength(4), expected);
+    }
+
     public void testTribeNodeCheck() {
         String tribeSetting = "tribe." + randomAlphaOfLengthBetween(1, 20) + ".cluster.name";
         DeprecationIssue expected = new DeprecationIssue(DeprecationIssue.Level.CRITICAL,