From be7028ef7bb01195abc276dbf1451361816860f9 Mon Sep 17 00:00:00 2001 From: Anup Date: Sun, 23 Sep 2018 17:25:11 +0530 Subject: [PATCH] Make credentials mandatory when launching xpack/migrate Made credentials mandatory for xpack. Closes #29847. The x-pack user and roles APIs aren't available unless security is enabled, so the tool should always be called with the -u and -p options specified. --- .../authc/esnative/ESNativeRealmMigrateTool.java | 4 ++-- .../authc/esnative/ESNativeMigrateToolTests.java | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java index 3f645eab78c5b..229c47c763cf6 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeRealmMigrateTool.java @@ -104,10 +104,10 @@ public MigrateUserOrRoles() { super("Migrates users or roles from file to native realm"); this.username = parser.acceptsAll(Arrays.asList("u", "username"), "User used to authenticate with Elasticsearch") - .withRequiredArg(); + .withRequiredArg().required(); this.password = parser.acceptsAll(Arrays.asList("p", "password"), "Password used to authenticate with Elasticsearch") - .withRequiredArg(); + .withRequiredArg().required(); this.url = parser.acceptsAll(Arrays.asList("U", "url"), "URL of Elasticsearch host") .withRequiredArg(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java index 6d75cf093714a..7f3e2cfce9854 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ESNativeMigrateToolTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.security.authc.esnative; +import joptsimple.OptionException; import joptsimple.OptionParser; import joptsimple.OptionSet; import org.elasticsearch.cli.MockTerminal; @@ -24,6 +25,7 @@ import java.util.HashSet; import java.util.Set; +import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.is; /** @@ -155,4 +157,13 @@ public void testRetrieveRoles() throws Exception { assertThat("expected list to contain: " + r, roles.contains(r), is(true)); } } + + public void testMissingPasswordParameter() { + ESNativeRealmMigrateTool.MigrateUserOrRoles muor = new ESNativeRealmMigrateTool.MigrateUserOrRoles(); + + final OptionException ex = expectThrows(OptionException.class, + () -> muor.getParser().parse("-u", "elastic", "-U", "http://localhost:9200")); + + assertThat(ex.getMessage(), containsString("password")); + } }