Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Elasticsearch keystore passphrase for startup scripts #44775

Merged
Changes from 1 commit
Commits
Show all changes
122 commits
Select commit Hold shift + click to select a range
c58f3aa
Add passphrase support to elasticsearch-keystore
jkakavas Jan 15, 2019
c74685f
Address feedback
jkakavas Jan 23, 2019
af3d5e9
Allow creating obfuscated keystores without prompting for a passphrase
jkakavas Jan 23, 2019
d118da4
Create obfuscated keystores for integTestCluster tasks. This can be p…
jkakavas Jan 23, 2019
041143e
Merge remote-tracking branch 'origin/master' into elasticsearch-keyst…
jkakavas Jan 23, 2019
852533a
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
jkakavas Feb 6, 2019
668c438
address feedback
jkakavas Feb 6, 2019
95e1a78
Handle tests by creating obfuscated keystores by default - At least u…
jkakavas Feb 6, 2019
bc5b99d
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
jkakavas Feb 6, 2019
f095d90
Merge remote-tracking branch 'origin/feature-pwd-protected-keystore' …
jkakavas Jun 14, 2019
76ea066
fix checkstyl
jkakavas Jun 14, 2019
3bf1830
Address feedback
jkakavas Jun 14, 2019
500c79a
Merge remote-tracking branch 'origin/feature-pwd-protected-keystore' …
jkakavas Jun 27, 2019
ba4a9ba
revert unnecessary formatting changes
jkakavas Jun 27, 2019
2b74f64
remove nopass again
jkakavas Jun 27, 2019
ecc0ed6
Addresses feedback
jkakavas Jun 28, 2019
ac5cf83
Merge remote-tracking branch 'origin/feature-pwd-protected-keystore' …
jkakavas Jun 30, 2019
ca55074
address feedback
jkakavas Jul 9, 2019
690df96
Merge remote-tracking branch 'origin/feature-pwd-protected-keystore' …
jkakavas Jul 9, 2019
250c9f2
Read keystore password from stdin on startup
williamrandolph Jun 24, 2019
a167d5c
Add thread safety and fix typos
williamrandolph Jun 24, 2019
e390afe
Remove command line flag for standard input
williamrandolph Jun 27, 2019
8c99702
Let bin/elasticsearch read passwd from FIFO/file
williamrandolph Jul 1, 2019
ef66eaf
Improve bin/elasticsearch portability
williamrandolph Jul 3, 2019
6a2ecc5
Avoid multiple buffered readers of standard input
williamrandolph Jul 10, 2019
85c9160
Avoid forbidden and restricted APIs
williamrandolph Jul 11, 2019
3d11327
Add keystore passphrase support to docker images
williamrandolph Jul 11, 2019
9ab6cdf
Merge branch 'elasticsearch-keystore-cli-passphrase' into elasticsear…
williamrandolph Jul 12, 2019
c9c0b42
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Jul 23, 2019
193ff6e
Send all input via the terminal in tests
williamrandolph Jul 23, 2019
54de1eb
Remove some unused imports
williamrandolph Jul 24, 2019
636ac69
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Jul 30, 2019
e581b55
Back out OSX delay workaround
williamrandolph Jul 30, 2019
c0b1fc2
Address PR feedback
williamrandolph Jul 30, 2019
e1f50b6
Discard standard input in cluster integration tests
williamrandolph Jul 30, 2019
30ce2a2
Close stdin to elasticsearch process
williamrandolph Jul 30, 2019
ef8a6c4
Add a write to stdin for restclusters
williamrandolph Jul 30, 2019
eb32c60
Check that keystore command can be executed
williamrandolph Jul 31, 2019
9fb0a52
Remove unused imports
williamrandolph Jul 31, 2019
52305c0
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Jul 31, 2019
a66994a
Adjust bin/elasticsearch for running in docker
williamrandolph Aug 1, 2019
a44fc58
RPM Packaging Tests for Keystore
williamrandolph Aug 6, 2019
97ddb4e
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Aug 6, 2019
1d22a27
Remove extra keystore test
williamrandolph Aug 7, 2019
17aa6d5
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Aug 7, 2019
94b98e7
Add integration tests for archives
williamrandolph Aug 7, 2019
e227ce2
Update new vagrant tests to run on Windows
williamrandolph Aug 13, 2019
c1e4008
Simplify code to set keystore password in test
williamrandolph Aug 13, 2019
3bd969a
Merging feature branch into PR branch
williamrandolph Aug 16, 2019
7a7739a
Remove FIFO checks from bin/elasticsearch
williamrandolph Aug 22, 2019
8e5d02e
Assume password on stdin when bootstrapping
williamrandolph Aug 22, 2019
775c35c
Clean up terminal interfaces and tests
williamrandolph Aug 22, 2019
3b0fd80
Checkstyle - remove unused imports
williamrandolph Aug 23, 2019
d693a44
Create new has-passwd keystore CLI subcommand
williamrandolph Aug 23, 2019
7d98e3d
Revert unused addition to CommandTestCase
williamrandolph Aug 23, 2019
425c6c5
Add license headers to new files
williamrandolph Aug 23, 2019
bef250b
Reorder clauses for clarity
williamrandolph Aug 23, 2019
5896f31
merge feature branch into PR branch
williamrandolph Aug 23, 2019
7de60e9
Restore import dropped during merge
williamrandolph Aug 23, 2019
155464a
Move keystore tests into a single test class
williamrandolph Aug 23, 2019
60a9f0b
Adapt keystore management tests for RPMs
williamrandolph Aug 26, 2019
1e26b2f
Refactor keystore os tests for clarity
williamrandolph Aug 26, 2019
dc1f312
Checkstyle: remove unused import
williamrandolph Aug 27, 2019
d7ce46e
Add license header to keystore test
williamrandolph Aug 27, 2019
c3e6795
Improvements to vagrant tests
williamrandolph Aug 29, 2019
f108fa3
Get Windows tests to pass
williamrandolph Aug 31, 2019
0cfa719
Undo changes having to do with string encoding
williamrandolph Sep 1, 2019
a613b45
Add TTY-based tests for non-Windows archives
williamrandolph Sep 2, 2019
6b090a6
Rename test for accuracy
williamrandolph Sep 2, 2019
3f79421
Remove unneeded changes to clean up diff
williamrandolph Sep 2, 2019
c4868ff
Revert unneeded changes to windows batch scripts
williamrandolph Sep 4, 2019
1e1e459
Remove unneeded whitespace change
williamrandolph Sep 4, 2019
9e6f767
One more whitespace tweak
williamrandolph Sep 4, 2019
5585c61
Use delayed expansion variable for Windows pwd
williamrandolph Sep 6, 2019
2c69dba
Respond to PR feedback
williamrandolph Sep 6, 2019
c97749a
Fix BufferedReader usage
williamrandolph Sep 6, 2019
e06da98
Improve os tests
williamrandolph Sep 6, 2019
1436534
Escape special characters in password for windows
williamrandolph Sep 6, 2019
a1a125b
Remove obsolete comment
williamrandolph Sep 6, 2019
d5a04a7
Handle backslashes in bash keystore passwords
williamrandolph Sep 7, 2019
cb61eb7
Give elasticsearch-keystore a true silent mode
williamrandolph Sep 9, 2019
4611d54
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Sep 9, 2019
19442c8
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Sep 19, 2019
c9a6e63
Use shell env vars rather than writing to env file
williamrandolph Sep 19, 2019
6b760b2
Remove redundant non-special-char tests
williamrandolph Sep 19, 2019
d47e1fe
Test for specific password failure message
williamrandolph Sep 26, 2019
87ecea4
Avoid intermediate Strings when reading secrets
williamrandolph Oct 2, 2019
34e431f
Merging upstream changes from feature branch
williamrandolph Oct 2, 2019
13c27f3
Specify InputStream encoding in tests
williamrandolph Oct 2, 2019
1501bf3
Remove exit message override
williamrandolph Oct 2, 2019
2273b11
Use Conditional pattern for packages and archives
williamrandolph Oct 3, 2019
0982d04
Use keystore passphrase file only with systemd
williamrandolph Oct 4, 2019
7146b36
Add a information to assertion failure message
williamrandolph Oct 4, 2019
7a65f22
Clear out stray keystore files between tests groups
williamrandolph Oct 4, 2019
67fa0f8
Unset systemd environment variables after use
williamrandolph Oct 4, 2019
b0e3a4b
Move entrypoint to an ok location for dpkg
williamrandolph Oct 5, 2019
3883d59
Rename systemd entrypoint script
williamrandolph Oct 7, 2019
0c0a56a
Use null message to suppress error output for CLI
williamrandolph Oct 7, 2019
945aead
Cleanup static import references
williamrandolph Oct 7, 2019
026ee0d
Improve error message
williamrandolph Oct 7, 2019
f271e59
Re-work methods for reading from standard input
williamrandolph Oct 7, 2019
43ce860
Remove custom buffer limit for BufferedReader
williamrandolph Oct 7, 2019
16bc6be
Update comment to match code
williamrandolph Oct 7, 2019
1855bce
Use static import for static methods
williamrandolph Oct 7, 2019
43ed544
Rename log files between tests
williamrandolph Oct 9, 2019
b7c2d66
Merge changes from master
williamrandolph Oct 10, 2019
2725769
Add some docker support after merge
williamrandolph Oct 10, 2019
44bfb95
Add sleep time to daemonized ES startup in qa test
williamrandolph Oct 10, 2019
457fc59
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Oct 15, 2019
ef850d2
Set file permissions for Windows keystore tests
williamrandolph Oct 15, 2019
e548d55
Run chown on autocreated keystore on Windows tests
williamrandolph Oct 15, 2019
7eb26c2
Simplify tests with StringReader
williamrandolph Oct 16, 2019
36d61ae
Clarify purpose of unit test
williamrandolph Oct 16, 2019
6fc4994
Sundry trivial cleanup
williamrandolph Oct 16, 2019
94e6a3f
Refactor big Powershell script string
williamrandolph Oct 16, 2019
1ef3dfb
Get powershell output path via static method
williamrandolph Oct 16, 2019
c31c88e
Checkstyle - remove unused import
williamrandolph Oct 16, 2019
6eb3e35
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Oct 16, 2019
b85eed9
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
williamrandolph Oct 24, 2019
56b83f1
Use expectThrows instead of JUnit rule
williamrandolph Oct 28, 2019
f982f91
Bootstrap's readPassphrase delegates to Terminal
williamrandolph Oct 28, 2019
73e35e7
Remove unused imports
williamrandolph Oct 28, 2019
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Merge branch 'feature-pwd-protected-keystore' into elasticsearch-keys…
…tore-init-passphrase
williamrandolph committed Jul 23, 2019
commit c9c0b42daf04404cdd2d400a29130e5a77a83daf
Original file line number Diff line number Diff line change
@@ -36,18 +36,12 @@ class ChangeKeyStorePasswordCommand extends BaseKeyStoreCommand {

@Override
protected void executeCommand(Terminal terminal, OptionSet options, Environment env) throws Exception {
SecureString newPassword = null;
try {
newPassword = readPassword(terminal, true);
try (SecureString newPassword = readPassword(terminal, true)) {
final KeyStoreWrapper keyStore = getKeyStore();
keyStore.save(env.configFile(), newPassword.getChars());
terminal.println("Elasticsearch keystore password changed successfully.");
} catch (SecurityException e) {
throw new UserException(ExitCodes.DATA_ERROR, e.getMessage());
} finally {
if (null != newPassword) {
newPassword.close();
}
}
}
}
Original file line number Diff line number Diff line change
@@ -45,8 +45,8 @@ class CreateKeyStoreCommand extends EnvironmentAwareCommand {

@Override
protected void execute(Terminal terminal, OptionSet options, Environment env) throws Exception {
SecureString password = null;
try {
try (SecureString password = options.has(passwordOption) ?
BaseKeyStoreCommand.readPassword(terminal, true) : new SecureString(new char[0])) {
Path keystoreFile = KeyStoreWrapper.keystorePath(env.configFile());
if (Files.exists(keystoreFile)) {
if (terminal.promptYesNo("An elasticsearch keystore already exists. Overwrite?", false) == false) {
@@ -55,17 +55,6 @@ protected void execute(Terminal terminal, OptionSet options, Environment env) th
}
}
KeyStoreWrapper keystore = KeyStoreWrapper.create();
password = options.has(passwordOption) ?
BaseKeyStoreCommand.readPassword(terminal, true) : new SecureString(new char[0]);
keystore.save(env.configFile(), password.getChars());
terminal.println("Created elasticsearch keystore in " + KeyStoreWrapper.keystorePath(env.configFile()));
} catch (SecurityException e) {
throw new UserException(ExitCodes.IO_ERROR, "Error creating the elasticsearch keystore.");
} finally {
if (null != password) {
password.close();
}
KeyStoreWrapper keystore = KeyStoreWrapper.create();
keystore.save(env.configFile(), password.getChars());
terminal.println("Created elasticsearch keystore in " + KeyStoreWrapper.keystorePath(env.configFile()));
} catch (SecurityException e) {
Original file line number Diff line number Diff line change
@@ -143,7 +143,7 @@ public void testStdinShort() throws Exception {
String password = "keystorepassword";
KeyStoreWrapper.create().save(env.configFile(), password.toCharArray());
terminal.addSecretInput(password);
terminal.addSecretInput("secret value 1");
setInput("secret value 1");
execute("-x", "foo");
assertSecureString("foo", "secret value 1", password);
}
@@ -152,7 +152,7 @@ public void testStdinLong() throws Exception {
String password = "keystorepassword";
KeyStoreWrapper.create().save(env.configFile(), password.toCharArray());
terminal.addSecretInput(password);
terminal.addSecretInput("secret value 2");
setInput("secret value 2");
execute("--stdin", "foo");
assertSecureString("foo", "secret value 2", password);
}
You are viewing a condensed version of this merge commit. You can view the full changes here.