diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java index ea5bb6e9f97a7..65d2e5874aba5 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java @@ -100,6 +100,8 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase { + private static final String REALM_NAME = "saml1"; + private SamlRealm samlRealm; private TokenService tokenService; private List indexRequests; @@ -111,10 +113,17 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase { @Before public void setup() throws Exception { + final Path metadata = PathUtils.get(SamlRealm.class.getResource("idp1.xml").toURI()); final Settings settings = Settings.builder() - .put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true) - .put("path.home", createTempDir()) - .build(); + .put(XPackSettings.TOKEN_SERVICE_ENABLED_SETTING.getKey(), true) + .put("path.home", createTempDir()) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_METADATA_PATH), metadata.toString()) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.IDP_ENTITY_ID), SamlRealmTests.TEST_IDP_ENTITY_ID) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ENTITY_ID), SamlRealmTestHelper.SP_ENTITY_ID) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_ACS), SamlRealmTestHelper.SP_ACS_URL) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.SP_LOGOUT), SamlRealmTestHelper.SP_LOGOUT_URL) + .put(getFullSettingKey(REALM_NAME, SamlRealmSettings.PRINCIPAL_ATTRIBUTE.getAttribute()), "uid") + .build(); final ThreadContext threadContext = new ThreadContext(settings); final ThreadPool threadPool = mock(ThreadPool.class); @@ -181,21 +190,12 @@ void doExecute(Action action, Request request, ActionListener future = new PlainActionFuture<>(); realm.authenticate(new UsernamePasswordToken("user1", new SecureString("test123")), future); @@ -87,15 +87,15 @@ public void testAuthenticate() throws Exception { } private RealmConfig getRealmConfig(Settings settings) { - return new RealmConfig(REALM_IDENTIFIER, - mergeSettings(settings, globalSettings), - TestEnvironment.newEnvironment(globalSettings), threadContext); + return new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(settings), threadContext); } public void testAuthenticateCaching() throws Exception { Settings settings = Settings.builder() .put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "cache.hash_algo", - Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT)).build(); + Hasher.values()[randomIntBetween(0, Hasher.values().length - 1)].name().toLowerCase(Locale.ROOT)) + .put(globalSettings) + .build(); RealmConfig config = getRealmConfig(settings); when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class))) .thenAnswer(VERIFY_PASSWORD_ANSWER); @@ -111,7 +111,7 @@ public void testAuthenticateCaching() throws Exception { } public void testAuthenticateCachingRefresh() throws Exception { - RealmConfig config = getRealmConfig(Settings.EMPTY); + RealmConfig config = getRealmConfig(globalSettings); userPasswdStore = spy(new UserPasswdStore(config)); userRolesStore = spy(new UserRolesStore(config)); when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class))) @@ -150,7 +150,7 @@ public void testAuthenticateCachingRefresh() throws Exception { } public void testToken() throws Exception { - RealmConfig config = getRealmConfig(Settings.EMPTY); + RealmConfig config = getRealmConfig(globalSettings); when(userPasswdStore.verifyPassword(eq("user1"), eq(new SecureString("test123")), any(Supplier.class))) .thenAnswer(VERIFY_PASSWORD_ANSWER); when(userRolesStore.roles("user1")).thenReturn(new String[]{"role1", "role2"}); @@ -169,7 +169,7 @@ public void testToken() throws Exception { public void testLookup() throws Exception { when(userPasswdStore.userExists("user1")).thenReturn(true); when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" }); - RealmConfig config = getRealmConfig(Settings.EMPTY); + RealmConfig config = getRealmConfig(globalSettings); FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool); PlainActionFuture future = new PlainActionFuture<>(); @@ -186,7 +186,7 @@ public void testLookup() throws Exception { public void testLookupCaching() throws Exception { when(userPasswdStore.userExists("user1")).thenReturn(true); when(userRolesStore.roles("user1")).thenReturn(new String[] { "role1", "role2" }); - RealmConfig config = getRealmConfig(Settings.EMPTY); + RealmConfig config = getRealmConfig(globalSettings); FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool); PlainActionFuture future = new PlainActionFuture<>(); @@ -201,7 +201,7 @@ public void testLookupCaching() throws Exception { } public void testLookupCachingWithRefresh() throws Exception { - RealmConfig config = getRealmConfig(Settings.EMPTY); + RealmConfig config = getRealmConfig(globalSettings); userPasswdStore = spy(new UserPasswdStore(config)); userRolesStore = spy(new UserRolesStore(config)); doReturn(true).when(userPasswdStore).userExists("user1"); @@ -239,15 +239,16 @@ public void testLookupCachingWithRefresh() throws Exception { } public void testUsageStats() throws Exception { - int userCount = randomIntBetween(0, 1000); + final int userCount = randomIntBetween(0, 1000); when(userPasswdStore.usersCount()).thenReturn(userCount); - Settings.Builder settings = Settings.builder(); - - int order = randomIntBetween(0, 10); - settings.put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order); + final int order = randomIntBetween(0, 10); + Settings settings = Settings.builder() + .put(RealmSettings.realmSettingPrefix(REALM_IDENTIFIER) + "order", order) + .put(globalSettings) + .build(); - RealmConfig config = getRealmConfig(settings.build()); + RealmConfig config = getRealmConfig(settings); FileRealm realm = new FileRealm(config, userPasswdStore, userRolesStore, threadPool); PlainActionFuture> future = new PlainActionFuture<>(); @@ -271,8 +272,4 @@ static class UserRolesStore extends FileUserRolesStore { } } - private Settings mergeSettings(Settings local, Settings global) { - return Settings.builder().put(global).put(local).build(); - } - } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java index 8b381da08e1b0..c0a93d36ab89d 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java @@ -102,7 +102,10 @@ public void shutdown() throws InterruptedException { public void testAuthenticateSubTreeGroupSearch() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; - Settings settings = buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE); + Settings settings = Settings.builder() + .put(defaultGlobalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) + .build(); RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings); LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool); LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService), @@ -123,15 +126,15 @@ public void testAuthenticateSubTreeGroupSearch() throws Exception { } private RealmConfig getRealmConfig(RealmConfig.RealmIdentifier identifier, Settings settings) { - final Settings globalSettings = mergeSettings(settings, defaultGlobalSettings); - final Environment env = TestEnvironment.newEnvironment(globalSettings); - return new RealmConfig(identifier, globalSettings, env, new ThreadContext(globalSettings)); + final Environment env = TestEnvironment.newEnvironment(settings); + return new RealmConfig(identifier, settings, env, new ThreadContext(settings)); } public void testAuthenticateOneLevelGroupSearch() throws Exception { String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() + .put(defaultGlobalSettings) .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL)) .build(); RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings); @@ -158,6 +161,7 @@ public void testAuthenticateCaching() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() + .put(defaultGlobalSettings) .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) .build(); RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings); @@ -185,6 +189,7 @@ public void testAuthenticateCachingRefresh() throws Exception { String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) + .put(defaultGlobalSettings) .build(); RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings); @@ -218,6 +223,7 @@ public void testAuthenticateNoncaching() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() + .put(defaultGlobalSettings) .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER, CachingUsernamePasswordRealmSettings.CACHE_TTL_SETTING), -1) .build(); @@ -287,6 +293,7 @@ public void testLdapRealmSelectsLdapSessionFactory() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() + .put(defaultGlobalSettings) .putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls()) .putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), userTemplate) .put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), groupSearchBase) @@ -326,6 +333,7 @@ public void testLdapRealmThrowsExceptionForUserTemplateAndSearchSettings() throw final RealmConfig.RealmIdentifier identifier = new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search"); Settings settings = Settings.builder() + .put(defaultGlobalSettings) .putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls()) .putList(getFullSettingKey(identifier.getName(), LdapSessionFactorySettings.USER_DN_TEMPLATES_SETTING), "cn=foo") .put(getFullSettingKey(identifier.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), "cn=bar") @@ -346,6 +354,7 @@ public void testLdapRealmThrowsExceptionWhenNeitherUserTemplateNorSearchSettings final RealmConfig.RealmIdentifier identifier = new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "test-ldap-realm-user-search"); Settings settings = Settings.builder() + .put(defaultGlobalSettings) .putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls()) .put(getFullSettingKey(identifier, SearchGroupsResolverSettings.BASE_DN), "") .put(getFullSettingKey(identifier, SearchGroupsResolverSettings.SCOPE), LdapSearchScope.SUB_TREE) @@ -364,6 +373,7 @@ public void testLdapRealmMapsUserDNToRole() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; Settings settings = Settings.builder() + .put(defaultGlobalSettings) .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), getDataPath("/org/elasticsearch/xpack/security/authc/support/role_mapping.yml")) @@ -395,7 +405,10 @@ public void testLdapConnectionFailureIsTreatedAsAuthenticationFailure() throws E LDAPURL url = new LDAPURL("ldap", "..", 12345, null, null, null, null); String groupSearchBase = "o=sevenSeas"; String userTemplate = VALID_USER_TEMPLATE; - Settings settings = buildLdapSettings(new String[] { url.toString() }, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE); + Settings settings = Settings.builder() + .put(defaultGlobalSettings) + .put(buildLdapSettings(new String[]{url.toString()}, userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) + .build(); RealmConfig config = getRealmConfig(REALM_IDENTIFIER, settings); LdapSessionFactory ldapFactory = new LdapSessionFactory(config, sslService, threadPool); LdapRealm ldap = new LdapRealm(config, ldapFactory, buildGroupAsRoleMapper(resourceWatcherService), @@ -416,6 +429,7 @@ public void testUsageStats() throws Exception { final RealmConfig.RealmIdentifier identifier = new RealmConfig.RealmIdentifier(LdapRealmSettings.LDAP_TYPE, "ldap-realm"); String groupSearchBase = "o=sevenSeas"; Settings.Builder settings = Settings.builder() + .put(defaultGlobalSettings) .putList(getFullSettingKey(identifier, URLS_SETTING), ldapUrls()) .put(getFullSettingKey(identifier, PoolingSessionFactorySettings.BIND_DN), "cn=Thomas Masterman Hardy,ou=people,o=sevenSeas") diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java index e484af1b272a7..c0c0a08a59a56 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapSessionFactoryTests.java @@ -58,12 +58,13 @@ public void testBindWithReadTimeout() throws Exception { String userTemplates = "cn={0},ou=people,o=sevenSeas"; Settings settings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrl, userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(RealmSettings.getFullSettingKey(REALM_IDENTIFIER, SessionFactorySettings.TIMEOUT_TCP_READ_SETTING), "1ms") .put("path.home", createTempDir()) .build(); - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, mergeSettings(settings, globalSettings), + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool); String user = "Horatio Hornblower"; @@ -88,8 +89,11 @@ public void testBindWithTemplates() throws Exception { "wrongname={0},ou=people,o=sevenSeas", "cn={0},ou=people,o=sevenSeas", //this last one should work }; - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings), + Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE)) + .build(); + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory sessionFactory = new LdapSessionFactory(config, sslService, threadPool); @@ -112,8 +116,11 @@ public void testBindWithBogusTemplates() throws Exception { "wrongname={0},ou=people,o=sevenSeas", "asdf={0},ou=people,o=sevenSeas", //none of these should work }; - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings), + Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplates, groupSearchBase, LdapSearchScope.SUB_TREE)) + .build(); + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool); @@ -131,9 +138,12 @@ public void testBindWithBogusTemplates() throws Exception { public void testGroupLookupSubtree() throws Exception { String groupSearchBase = "o=sevenSeas"; String userTemplate = "cn={0},ou=people,o=sevenSeas"; - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE), globalSettings), - TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); + Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.SUB_TREE)) + .build(); + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, + TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool); @@ -151,8 +161,11 @@ public void testGroupLookupSubtree() throws Exception { public void testGroupLookupOneLevel() throws Exception { String groupSearchBase = "ou=crews,ou=groups,o=sevenSeas"; String userTemplate = "cn={0},ou=people,o=sevenSeas"; - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL), globalSettings), + Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.ONE_LEVEL)) + .build(); + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool); @@ -170,8 +183,11 @@ public void testGroupLookupOneLevel() throws Exception { public void testGroupLookupBase() throws Exception { String groupSearchBase = "cn=HMS Lydia,ou=crews,ou=groups,o=sevenSeas"; String userTemplate = "cn={0},ou=people,o=sevenSeas"; - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.BASE), globalSettings), + Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), userTemplate, groupSearchBase, LdapSearchScope.BASE)) + .build(); + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); LdapSessionFactory ldapFac = new LdapSessionFactory(config, sslService, threadPool); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java index 73e5a3f2b6656..29a96f11060e3 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapUserSearchSessionFactoryTests.java @@ -85,6 +85,7 @@ private MockSecureSettings newSecureSettings(String key, String value) { public void testSupportsUnauthenticatedSessions() throws Exception { final boolean useAttribute = randomBoolean(); Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, "", LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), "") .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -97,7 +98,7 @@ public void testSupportsUnauthenticatedSessions() throws Exception { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); try { @@ -109,10 +110,8 @@ public void testSupportsUnauthenticatedSessions() throws Exception { assertDeprecationWarnings(config.identifier(), useAttribute, useLegacyBindPassword); } - private RealmConfig getRealmConfig(Settings.Builder builder) { - return new RealmConfig(REALM_IDENTIFIER, - mergeSettings(builder.build(), globalSettings), - TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); + private RealmConfig getRealmConfig(Settings settings) { + return new RealmConfig(REALM_IDENTIFIER, settings, TestEnvironment.newEnvironment(settings), new ThreadContext(settings)); } public void testUserSearchSubTree() throws Exception { @@ -121,6 +120,7 @@ public void testUserSearchSubTree() throws Exception { final boolean useAttribute = randomBoolean(); Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -132,7 +132,7 @@ public void testUserSearchSubTree() throws Exception { } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -166,6 +166,7 @@ public void testUserSearchBaseScopeFailsWithWrongBaseDN() throws Exception { final boolean useAttribute = randomBoolean(); Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -178,7 +179,7 @@ public void testUserSearchBaseScopeFailsWithWrongBaseDN() throws Exception { } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -200,6 +201,7 @@ public void testUserSearchBaseScopePassesWithCorrectBaseDN() throws Exception { String userSearchBase = "cn=William Bush,ou=people,o=sevenSeas"; Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -213,7 +215,7 @@ public void testUserSearchBaseScopePassesWithCorrectBaseDN() throws Exception { } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -246,6 +248,7 @@ public void testUserSearchOneLevelScopeFailsWithWrongBaseDN() throws Exception { String userSearchBase = "o=sevenSeas"; Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -260,7 +263,7 @@ public void testUserSearchOneLevelScopeFailsWithWrongBaseDN() throws Exception { } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -282,6 +285,7 @@ public void testUserSearchOneLevelScopePassesWithCorrectBaseDN() throws Exceptio String userSearchBase = "ou=people,o=sevenSeas"; Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -296,7 +300,7 @@ public void testUserSearchOneLevelScopePassesWithCorrectBaseDN() throws Exceptio } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(cn={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -329,6 +333,7 @@ public void testUserSearchWithBadAttributeFails() throws Exception { String userSearchBase = "o=sevenSeas"; Settings.Builder builder = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -341,7 +346,7 @@ public void testUserSearchWithBadAttributeFails() throws Exception { } else { builder.put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_FILTER), "(uid1={0})"); } - RealmConfig config = getRealmConfig(builder); + RealmConfig config = getRealmConfig(builder.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -363,13 +368,14 @@ public void testUserSearchWithoutAttributePasses() throws Exception { String userSearchBase = "o=sevenSeas"; final Settings.Builder realmSettings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), "cn=Horatio Hornblower,ou=people,o=sevenSeas") .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), randomBoolean()); final boolean useLegacyBindPassword = configureBindPassword(realmSettings); - RealmConfig config = getRealmConfig(realmSettings); + RealmConfig config = getRealmConfig(realmSettings.build()); LdapUserSearchSessionFactory sessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); @@ -401,12 +407,13 @@ public void testConnectionPoolDefaultSettings() throws Exception { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; final Settings.Builder realmSettings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), "cn=Horatio Hornblower,ou=people,o=sevenSeas"); configureBindPassword(realmSettings); - RealmConfig config = getRealmConfig(realmSettings); + RealmConfig config = getRealmConfig(realmSettings.build()); LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost", randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE, @@ -430,6 +437,7 @@ public void testConnectionPoolSettings() throws Exception { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; final Settings.Builder realmSettings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), @@ -438,7 +446,7 @@ public void testConnectionPoolSettings() throws Exception { .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.POOL_SIZE), 12) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.HEALTH_CHECK_ENABLED), false); configureBindPassword(realmSettings); - RealmConfig config = getRealmConfig(realmSettings); + RealmConfig config = getRealmConfig(realmSettings.build()); LDAPConnectionPool connectionPool = LdapUserSearchSessionFactory.createConnectionPool(config, new SingleServerSet("localhost", randomFrom(ldapServers).getListenPort()), TimeValue.timeValueSeconds(5), NoOpLogger.INSTANCE, @@ -457,10 +465,13 @@ public void testConnectionPoolSettings() throws Exception { public void testThatEmptyBindDNWithHealthCheckEnabledDoesNotThrow() throws Exception { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; - RealmConfig config = getRealmConfig(Settings.builder() - .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) - .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) - .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass")); + final Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) + .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) + .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass") + .build(); + RealmConfig config = getRealmConfig(settings); LdapUserSearchSessionFactory searchSessionFactory = null; try { @@ -477,11 +488,14 @@ public void testThatEmptyBindDNWithHealthCheckEnabledDoesNotThrow() throws Excep public void testThatEmptyBindDNAndDisabledPoolingDoesNotThrow() throws Exception { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; - RealmConfig config = getRealmConfig(Settings.builder() - .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) - .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) - .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), false) - .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass")); + final Settings settings = Settings.builder() + .put(globalSettings) + .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) + .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) + .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), false) + .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.LEGACY_BIND_PASSWORD), "pass") + .build(); + RealmConfig config = getRealmConfig(settings); LdapUserSearchSessionFactory searchSessionFactory = null; try { @@ -502,11 +516,11 @@ public void testEmptyBindDNReturnsAnonymousBindRequest() throws LDAPException { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; final Settings.Builder realmSettings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase); final boolean useLegacyBindPassword = configureBindPassword(realmSettings); - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(realmSettings.build(), globalSettings), + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, realmSettings.build(), TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); try (LdapUserSearchSessionFactory searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool)) { assertThat(searchSessionFactory.bindCredentials, notNullValue()); @@ -519,12 +533,12 @@ public void testThatBindRequestReturnsSimpleBindRequest() throws LDAPException { String groupSearchBase = "o=sevenSeas"; String userSearchBase = "o=sevenSeas"; final Settings.Builder realmSettings = Settings.builder() + .put(globalSettings) .put(buildLdapSettings(ldapUrls(), Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER, PoolingSessionFactorySettings.BIND_DN), "cn=ironman") .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase); final boolean useLegacyBindPassword = configureBindPassword(realmSettings); - RealmConfig config = new RealmConfig(REALM_IDENTIFIER, - mergeSettings(realmSettings.build(), globalSettings), + RealmConfig config = new RealmConfig(REALM_IDENTIFIER, realmSettings.build(), TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)); try (LdapUserSearchSessionFactory searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool)) { assertThat(searchSessionFactory.bindCredentials, notNullValue()); @@ -543,6 +557,7 @@ public void testThatConnectErrorIsNotThrownOnConstruction() throws Exception { inMemoryDirectoryServer.shutDown(true); final Settings.Builder ldapSettingsBuilder = Settings.builder() + .put(globalSettings) .put(LdapTestCase.buildLdapSettings(new String[]{ldapUrl}, Strings.EMPTY_ARRAY, groupSearchBase, LdapSearchScope.SUB_TREE)) .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.SEARCH_BASE_DN), userSearchBase) @@ -554,7 +569,7 @@ public void testThatConnectErrorIsNotThrownOnConstruction() throws Exception { .put(getFullSettingKey(REALM_IDENTIFIER.getName(), LdapUserSearchSessionFactorySettings.POOL_ENABLED), randomBoolean()); final boolean useLegacyBindPassword = configureBindPassword(ldapSettingsBuilder); - RealmConfig config = getRealmConfig(ldapSettingsBuilder); + RealmConfig config = getRealmConfig(ldapSettingsBuilder.build()); LdapUserSearchSessionFactory searchSessionFactory = null; try { searchSessionFactory = getLdapUserSearchSessionFactory(config, sslService, threadPool); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java index cf3840fb4ce99..bba13e9ec2cac 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapTestCase.java @@ -22,7 +22,6 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.test.SecuritySettingsSource; import org.elasticsearch.watcher.ResourceWatcherService; import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.elasticsearch.xpack.core.security.authc.ldap.LdapSessionFactorySettings; @@ -205,15 +204,4 @@ public Void run() { } }); } - - protected Settings mergeSettings(Settings local, Settings global) { - final Settings.Builder builder = Settings.builder() - .put(global, true) - .put(local, false); - final Settings.Builder tmpLocal = Settings.builder().put(local, true); - SecuritySettingsSource.addSecureSettings(builder, - mainSecure -> SecuritySettingsSource.addSecureSettings(tmpLocal, localSecure -> mainSecure.merge(localSecure)) - ); - return builder.build(); - } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java index eb91fe04e057b..bb93e95950e86 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactoryTests.java @@ -124,10 +124,11 @@ public void testUnauthenticatedSessionThrowsUnsupportedOperationException() thro private SessionFactory createSessionFactory() { Settings global = Settings.builder().put("path.home", createTempDir()).build(); final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "_name"); - final RealmConfig realmConfig = new RealmConfig(realmIdentifier, mergeSettings( + final RealmConfig realmConfig = new RealmConfig(realmIdentifier, Settings.builder() .put(getFullSettingKey(realmIdentifier, SessionFactorySettings.URLS_SETTING), "ldap://localhost:389") - .build(), global), + .put(global) + .build(), TestEnvironment.newEnvironment(global), new ThreadContext(Settings.EMPTY)); return new SessionFactory(realmConfig, null, threadPool) { @@ -137,8 +138,4 @@ public void session(String user, SecureString password, ActionListener roles) throws Exception { X509AuthenticationToken token = buildToken(); UserRoleMapper roleMapper = buildRoleMapper(roles, token.dn()); - PkiRealm realm = buildRealm(roleMapper, Settings.EMPTY); + PkiRealm realm = buildRealm(roleMapper, globalSettings); verify(roleMapper).refreshRealmOnChange(realm); final String expectedUsername = token.principal(); @@ -159,8 +159,7 @@ private UserRoleMapper buildRoleMapper(Set roles, String dn) { return roleMapper; } - private PkiRealm buildRealm(UserRoleMapper roleMapper, Settings realmSettings, Realm... otherRealms) { - final Settings settings = mergeSettings(realmSettings, globalSettings); + private PkiRealm buildRealm(UserRoleMapper roleMapper, Settings settings, Realm... otherRealms) { final RealmConfig config = new RealmConfig(new RealmConfig.RealmIdentifier("pki", REALM_NAME), settings, TestEnvironment.newEnvironment(settings), new ThreadContext(settings)); PkiRealm realm = new PkiRealm(config, roleMapper); @@ -183,15 +182,15 @@ private AuthenticationResult authenticate(X509AuthenticationToken token, PkiReal } public void testCustomUsernamePattern() throws Exception { - ThreadContext threadContext = new ThreadContext(globalSettings); - X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")); - UserRoleMapper roleMapper = mock(UserRoleMapper.class); - final Settings realmSettings = Settings.builder() + final Settings settings = Settings.builder() + .put(globalSettings) .put("xpack.security.authc.realms.pki.my_pki.username_pattern", "OU=(.*?),") .build(); - PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), - mergeSettings(realmSettings, globalSettings), - TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper); + ThreadContext threadContext = new ThreadContext(settings); + X509Certificate certificate = readCert(getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.crt")); + UserRoleMapper roleMapper = mock(UserRoleMapper.class); + PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), settings, + TestEnvironment.newEnvironment(settings), threadContext), roleMapper); realm.initialize(Collections.emptyList(), licenseState); Mockito.doAnswer(invocation -> { ActionListener> listener = (ActionListener>) invocation.getArguments()[1]; @@ -217,13 +216,13 @@ public void testVerificationUsingATruststore() throws Exception { MockSecureSettings secureSettings = new MockSecureSettings(); secureSettings.setString("xpack.security.authc.realms.pki.my_pki.truststore.secure_password", "testnode"); Settings settings = Settings.builder() + .put(globalSettings) .put("xpack.security.authc.realms.pki.my_pki.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode.jks")) .setSecureSettings(secureSettings) .build(); ThreadContext threadContext = new ThreadContext(globalSettings); - PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), - mergeSettings(settings, globalSettings), + PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "my_pki"), settings, TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper); realm.initialize(Collections.emptyList(), licenseState); Mockito.doAnswer(invocation -> { @@ -250,14 +249,14 @@ public void testVerificationFailsUsingADifferentTruststore() throws Exception { MockSecureSettings secureSettings = new MockSecureSettings(); secureSettings.setString("xpack.security.authc.realms.pki.mypki.truststore.secure_password", "testnode-client-profile"); Settings settings = Settings.builder() - .put("xpack.security.authc.realms.pki.mypki.truststore.path", + .put(globalSettings) + .put("xpack.security.authc.realms.pki.mypki.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks")) .setSecureSettings(secureSettings) .build(); - final ThreadContext threadContext = new ThreadContext(globalSettings); - PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), - mergeSettings(settings, globalSettings), - TestEnvironment.newEnvironment(globalSettings), threadContext), roleMapper); + final ThreadContext threadContext = new ThreadContext(settings); + PkiRealm realm = new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings, + TestEnvironment.newEnvironment(settings), threadContext), roleMapper); realm.initialize(Collections.emptyList(), licenseState); Mockito.doAnswer(invocation -> { ActionListener> listener = (ActionListener>) invocation.getArguments()[1]; @@ -276,13 +275,13 @@ public void testVerificationFailsUsingADifferentTruststore() throws Exception { public void testTruststorePathWithoutPasswordThrowsException() throws Exception { Settings settings = Settings.builder() + .put(globalSettings) .put("xpack.security.authc.realms.pki.mypki.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks")) .build(); IllegalArgumentException e = expectThrows(IllegalArgumentException.class, () -> - new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), - mergeSettings(settings, globalSettings), - TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)), mock(UserRoleMapper.class)) + new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings, + TestEnvironment.newEnvironment(settings), new ThreadContext(settings)), mock(UserRoleMapper.class)) ); assertThat(e.getMessage(), containsString("Neither [xpack.security.authc.realms.pki.mypki.truststore.secure_password] or [" + "xpack.security.authc.realms.pki.mypki.truststore.password] is configured")); @@ -290,13 +289,13 @@ public void testTruststorePathWithoutPasswordThrowsException() throws Exception public void testTruststorePathWithLegacyPasswordDoesNotThrow() throws Exception { Settings settings = Settings.builder() + .put(globalSettings) .put("xpack.security.authc.realms.pki.mypki.truststore.path", getDataPath("/org/elasticsearch/xpack/security/transport/ssl/certs/simple/testnode-client-profile.jks")) .put("xpack.security.authc.realms.pki.mypki.truststore.password", "testnode-client-profile") .build(); - new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), - mergeSettings(settings, globalSettings), - TestEnvironment.newEnvironment(globalSettings), new ThreadContext(globalSettings)), mock(UserRoleMapper.class)); + new PkiRealm(new RealmConfig(new RealmConfig.RealmIdentifier("pki", "mypki"), settings, + TestEnvironment.newEnvironment(settings), new ThreadContext(settings)), mock(UserRoleMapper.class)); assertSettingDeprecationsAndWarnings(new Setting[]{ PkiRealmSettings.LEGACY_TRUST_STORE_PASSWORD.getConcreteSettingForNamespace("mypki") }); @@ -363,6 +362,7 @@ public void testDelegatedAuthorization() throws Exception { otherRealm.registerUser(lookupUser); final Settings realmSettings = Settings.builder() + .put(globalSettings) .putList("xpack.security.authc.realms.pki." + REALM_NAME + ".authorization_realms", "other_realm") .build(); final UserRoleMapper roleMapper = buildRoleMapper(Collections.emptySet(), token.dn()); @@ -387,9 +387,4 @@ static X509Certificate readCert(Path path) throws Exception { return (X509Certificate) factory.generateCertificate(in); } } - - private static Settings mergeSettings(Settings local, Settings global) { - return Settings.builder().put(global).put(local).build(); - } - } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java index 73982c5dfd01c..7bf13e8be265c 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlTestCase.java @@ -11,7 +11,6 @@ import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.io.PathUtils; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.core.ssl.CertParsingUtils; import org.elasticsearch.xpack.core.ssl.PemUtils; @@ -136,8 +135,4 @@ protected ElasticsearchSecurityException expectSamlException(ThrowingRunnable ru assertThat("Exception " + exception + " should be a SAML exception", SamlUtils.isSamlException(exception), is(true)); return exception; } - - protected Settings mergeSettings(Settings local, Settings global) { - return Settings.builder().put(global).put(local).build(); - } } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java index 48465641eb4b2..7f7899e65943c 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapperTests.java @@ -282,9 +282,10 @@ public void testYaml() throws Exception { Path file = getDataPath("role_mapping.yml"); final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap1"); Settings ldapSettings = Settings.builder() - .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), file.toAbsolutePath()) - .build(); - RealmConfig config = new RealmConfig(realmIdentifier, mergeSettings(ldapSettings, settings), + .put(settings) + .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), file.toAbsolutePath()) + .build(); + RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings, TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY)); DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool)); @@ -298,10 +299,10 @@ public void testYaml() throws Exception { public void testRelativeDN() { final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap1"); Settings ldapSettings = Settings.builder() + .put(settings) .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), true) .build(); - RealmConfig config = new RealmConfig(realmIdentifier, - mergeSettings(ldapSettings, settings), + RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings, TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY)); DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool)); @@ -314,10 +315,11 @@ public void testUserDNMapping() throws Exception { final RealmConfig.RealmIdentifier realmIdentifier = new RealmConfig.RealmIdentifier("ldap", "ldap-userdn-role"); Path file = getDataPath("role_mapping.yml"); Settings ldapSettings = Settings.builder() + .put(settings) .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.ROLE_MAPPING_FILE_SETTING), file.toAbsolutePath()) .put(getFullSettingKey(realmIdentifier, DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING), false) .build(); - RealmConfig config = new RealmConfig(realmIdentifier, mergeSettings(ldapSettings, settings), + RealmConfig config = new RealmConfig(realmIdentifier, ldapSettings, TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY)); DnRoleMapper mapper = new DnRoleMapper(config, new ResourceWatcherService(settings, threadPool)); @@ -335,9 +337,4 @@ protected DnRoleMapper createMapper(Path file, ResourceWatcherService watcherSer RealmConfig config = new RealmConfig(identifier, mergedSettings, env, new ThreadContext(Settings.EMPTY)); return new DnRoleMapper(config, watcherService); } - - private Settings mergeSettings(Settings local, Settings global) { - return Settings.builder().put(global).put(local).build(); - } - } diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java index d84213726381d..2b3eedeea940e 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheckTests.java @@ -45,6 +45,7 @@ public void init() throws IOException { public void testBootstrapCheckOfValidFile() { Path file = getDataPath("role_mapping.yml"); Settings ldapSettings = Settings.builder() + .put(settings) .put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath()) .build(); RealmConfig config = getRealmConfig(ldapSettings); @@ -54,15 +55,15 @@ public void testBootstrapCheckOfValidFile() { assertFalse(check.check(new BootstrapContext(settings, null)).isFailure()); } - private RealmConfig getRealmConfig(Settings realmSettings) { - return new RealmConfig(REALM_ID, mergeSettings(realmSettings, settings), - TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY)); + private static RealmConfig getRealmConfig(Settings settings) { + return new RealmConfig(REALM_ID, settings, TestEnvironment.newEnvironment(settings), new ThreadContext(Settings.EMPTY)); } public void testBootstrapCheckOfMissingFile() { final String fileName = randomAlphaOfLength(10); Path file = createTempDir().resolve(fileName); Settings ldapSettings = Settings.builder() + .put(settings) .put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath()) .build(); RealmConfig config = getRealmConfig(ldapSettings); @@ -82,6 +83,7 @@ public void testBootstrapCheckWithInvalidYaml() throws IOException { Files.write(file, Collections.singletonList("junk"), StandardCharsets.UTF_16); Settings ldapSettings = Settings.builder() + .put(settings) .put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath()) .build(); RealmConfig config = getRealmConfig(ldapSettings); @@ -101,6 +103,7 @@ public void testBootstrapCheckWithInvalidDn() throws IOException { Files.write(file, Collections.singletonList("role: not-a-dn")); Settings ldapSettings = Settings.builder() + .put(settings) .put(ROLE_MAPPING_FILE_SETTING, file.toAbsolutePath()) .build(); RealmConfig config = getRealmConfig(ldapSettings); @@ -115,7 +118,4 @@ public void testBootstrapCheckWithInvalidDn() throws IOException { assertThat(result.getMessage(), containsString("not-a-dn")); } - private Settings mergeSettings(Settings local, Settings global) { - return Settings.builder().put(global).put(local).build(); - } }