Skip to content

Commit

Permalink
remove usages of useless client_type setting
Browse files Browse the repository at this point in the history
  • Loading branch information
kt-eliatra authored and jochenkressin committed Jan 26, 2024
1 parent e9c33fe commit 060f682
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 61 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -240,7 +240,7 @@ public void close() throws IOException {
}

private final SslExceptionHandler evaluateSslExceptionHandler() {
if (client || disabled || sslOnly) {
if (disabled || sslOnly) {
return new SslExceptionHandler() {
};
}
Expand Down Expand Up @@ -334,37 +334,34 @@ public Object run() {
throw new IllegalStateException(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_ENABLED + " must be set to 'true'");
}


if (!client) {
final List<Path> filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction<List<Path>>() {
@Override
public List<Path> run() {
final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath();
if (Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) {
try (Stream<Path> s = Files.walk(confPath)) {
return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList());
} catch (Exception e) {
log.error(e);
return null;
}
}

return Collections.emptyList();
final List<Path> filesWithWrongPermissions = AccessController.doPrivileged(new PrivilegedAction<List<Path>>() {
@Override
public List<Path> run() {
final Path confPath = new Environment(settings, configPath).configFile().toAbsolutePath();
if (Files.isDirectory(confPath, LinkOption.NOFOLLOW_LINKS)) {
try (Stream<Path> s = Files.walk(confPath)) {
return s.distinct().filter(p -> checkFilePermissions(p)).collect(Collectors.toList());
} catch (Exception e) {
log.error(e);
return null;
}
}
});
return Collections.emptyList();
}
});

if (filesWithWrongPermissions != null && filesWithWrongPermissions.size() > 0) {
for (final Path p : filesWithWrongPermissions) {
if (Files.isDirectory(p, LinkOption.NOFOLLOW_LINKS)) {
log.warn("Directory " + p + " has insecure file permissions (should be 0700)");
} else {
log.warn("File " + p + " has insecure file permissions (should be 0600)");
}
if (filesWithWrongPermissions != null && filesWithWrongPermissions.size() > 0) {
for (final Path p : filesWithWrongPermissions) {
if (Files.isDirectory(p, LinkOption.NOFOLLOW_LINKS)) {
log.warn("Directory " + p + " has insecure file permissions (should be 0700)");
} else {
log.warn("File " + p + " has insecure file permissions (should be 0600)");
}
}
}

if (!client && !settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ALLOW_UNSAFE_DEMOCERTIFICATES, false)) {
if (!settings.getAsBoolean(ConfigConstants.SEARCHGUARD_ALLOW_UNSAFE_DEMOCERTIFICATES, false)) {
//check for demo certificates
final List<String> files = AccessController.doPrivileged(new PrivilegedAction<List<String>>() {
@Override
Expand Down Expand Up @@ -480,7 +477,7 @@ public List<RestHandler> getRestHandlers(Settings settings, RestController restC

final List<RestHandler> handlers = new ArrayList<RestHandler>();

if (!client && !disabled) {
if (!disabled) {

handlers.addAll(super.getRestHandlers(settings, restController, clusterSettings, indexScopedSettings, settingsFilter,
indexNameExpressionResolver, nodesInCluster));
Expand Down Expand Up @@ -580,7 +577,7 @@ public List<ScriptContext<?>> getContexts() {
public void onIndexModule(IndexModule indexModule) {
// called for every index!

if (!disabled && !client && !sslOnly) {
if (!disabled && !sslOnly) {
if (adminDns == null) {
throw new IllegalStateException("adminDns is not yet initialized");
}
Expand Down Expand Up @@ -681,7 +678,7 @@ public void validateReaderContext(ReaderContext context, TransportRequest transp
@Override
public List<ActionFilter> getActionFilters() {
List<ActionFilter> filters = new ArrayList<>(1);
if (!client && !disabled && !sslOnly) {
if (!disabled && !sslOnly) {
ResourceOwnerService resourceOwnerService = new ResourceOwnerService(localClient, clusterService, threadPool, protectedConfigIndexService,
evaluator, settings);
ExtendedActionHandlingService extendedActionHandlingService = new ExtendedActionHandlingService(resourceOwnerService, settings);
Expand All @@ -706,7 +703,7 @@ public List<ActionFilter> getActionFilters() {
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry, ThreadContext threadContext) {
List<TransportInterceptor> interceptors = new ArrayList<TransportInterceptor>(1);

if (!client && !disabled && !sslOnly) {
if (!disabled && !sslOnly) {
interceptors.add(new TransportInterceptor() {

@Override
Expand Down Expand Up @@ -766,7 +763,7 @@ public Map<String, Supplier<HttpServerTransport>> getHttpTransports(Settings set
Map<String, Supplier<HttpServerTransport>> httpTransports = new HashMap<String, Supplier<HttpServerTransport>>(1);

if (!disabled) {
if (!client && httpSSLEnabled) {
if (httpSSLEnabled) {

final ValidatingDispatcher validatingDispatcher = new ValidatingDispatcher(threadPool.getThreadContext(), dispatcher, settings,
configPath, evaluateSslExceptionHandler());
Expand All @@ -775,7 +772,7 @@ public Map<String, Supplier<HttpServerTransport>> getHttpTransports(Settings set
evaluateSslExceptionHandler(), xContentRegistry, searchGuardRestFilter.wrap(validatingDispatcher), clusterSettings, sharedGroupFactory, tracer, perRequestThreadContext);

httpTransports.put("com.floragunn.searchguard.http.SearchGuardHttpServerTransport", () -> sghst);
} else if (!client) {
} else {
httpTransports.put("com.floragunn.searchguard.http.SearchGuardHttpServerTransport",
() -> new SearchGuardNonSslHttpServerTransport(settings, networkService, threadPool, xContentRegistry, searchGuardRestFilter.wrap(dispatcher),
perRequestThreadContext, clusterSettings, sharedGroupFactory, tracer));
Expand All @@ -798,7 +795,7 @@ public Collection<?> createComponents(PluginServices services) {

final List<Object> components = new ArrayList<Object>();

if (client || disabled) {
if (disabled) {
return components;
}

Expand Down Expand Up @@ -1222,7 +1219,7 @@ public List<String> getSettingsFilter() {
@Override
public void onNodeStarted() {
log.info("Node started");
if (!sslOnly && !client && !disabled) {
if (!sslOnly && !disabled) {
cr.initOnNodeStart();
moduleRegistry.onNodeStarted();
protectedConfigIndexService.onNodeStart();
Expand Down
Original file line number Diff line number Diff line change
@@ -1,23 +1,22 @@
/*
* Copyright 2015-2017 floragunn GmbH
*
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*
*
*/

package org.elasticsearch.node;

import org.elasticsearch.client.internal.Client;
import org.elasticsearch.common.logging.LogConfigurator;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.env.Environment;
Expand All @@ -32,7 +31,7 @@
public class PluginAwareNode extends Node {

private static final AtomicBoolean loggingInitialized = new AtomicBoolean();

private final boolean masterEligible;

public PluginAwareNode(boolean masterEligible, final Settings preparedSettings) {
Expand All @@ -48,8 +47,7 @@ public PluginAwareNode(boolean masterEligible, final Settings preparedSettings,
}

private static Environment createEnvironment(Settings preparedSettings) {
Settings settings = Settings.builder().put(preparedSettings).put(Client.CLIENT_TYPE_SETTING_S.getKey(), "node").build();
return configureESLogging(InternalSettingsPreparer.prepareEnvironment(settings,
return configureESLogging(InternalSettingsPreparer.prepareEnvironment(preparedSettings,
Collections.emptyMap(),
null,
() -> System.getenv("HOSTNAME")));
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -222,9 +222,7 @@ private void initSSLConfig() {
initTransportSSLConfig();
}

final boolean client = !"node".equals(this.settings.get(SearchGuardSSLPlugin.CLIENT_TYPE));

if (!client && httpSSLEnabled) {
if (httpSSLEnabled) {
initHttpSSLConfig();
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -83,8 +83,6 @@
public class SearchGuardSSLPlugin extends Plugin implements ActionPlugin, NetworkPlugin {

protected final Logger log = LogManager.getLogger(this.getClass());
protected static final String CLIENT_TYPE = "client.type";
protected final boolean client;
protected final boolean httpSSLEnabled;
protected final boolean transportSSLEnabled;
protected final Settings settings;
Expand All @@ -104,7 +102,6 @@ protected SearchGuardSSLPlugin(final Settings settings, final Path configPath, b
if (disabled) {
this.settings = null;
this.staticSettings = null;
this.client = false;
this.httpSSLEnabled = false;
this.transportSSLEnabled = false;
this.sgks = null;
Expand Down Expand Up @@ -194,7 +191,6 @@ public Object run() {

this.settings = settings;
this.staticSettings = new StaticSettings(settings, configPath);
client = !"node".equals(this.settings.get(SearchGuardSSLPlugin.CLIENT_TYPE));

httpSSLEnabled = settings.getAsBoolean(SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED,
SSLConfigConstants.SEARCHGUARD_SSL_HTTP_ENABLED_DEFAULT);
Expand Down Expand Up @@ -222,7 +218,7 @@ public Map<String, Supplier<HttpServerTransport>> getHttpTransports(Settings set
NetworkService networkService, Dispatcher dispatcher, BiConsumer<HttpPreRequest, ThreadContext> perRequestThreadContext, ClusterSettings clusterSettings, Tracer tracer) {

final Map<String, Supplier<HttpServerTransport>> httpTransports = new HashMap<String, Supplier<HttpServerTransport>>(1);
if (!client && httpSSLEnabled) {
if (httpSSLEnabled) {

final ValidatingDispatcher validatingDispatcher = new ValidatingDispatcher(threadPool.getThreadContext(), dispatcher, settings,
configPath, NOOP_SSL_EXCEPTION_HANDLER);
Expand All @@ -243,9 +239,7 @@ public List<RestHandler> getRestHandlers(Settings settings, RestController restC

final List<RestHandler> handlers = new ArrayList<RestHandler>(1);

if (!client) {
handlers.add(new SearchGuardSSLInfoAction(settings, configPath, restController, sgks, Objects.requireNonNull(principalExtractor)));
}
handlers.add(new SearchGuardSSLInfoAction(settings, configPath, restController, sgks, Objects.requireNonNull(principalExtractor)));

return handlers;
}
Expand All @@ -254,7 +248,7 @@ public List<RestHandler> getRestHandlers(Settings settings, RestController restC
public List<TransportInterceptor> getTransportInterceptors(NamedWriteableRegistry namedWriteableRegistry, ThreadContext threadContext) {
List<TransportInterceptor> interceptors = new ArrayList<TransportInterceptor>(1);

if (transportSSLEnabled && !client) {
if (transportSSLEnabled) {
interceptors.add(new SearchGuardSSLTransportInterceptor(settings, null, null, NOOP_SSL_EXCEPTION_HANDLER));
}

Expand All @@ -280,10 +274,6 @@ public Map<String, Supplier<Transport>> getTransports(Settings settings, ThreadP
public Collection<?> createComponents(PluginServices services) {
final List<Object> components = new ArrayList<>(1);

if (client) {
return components;
}

final String principalExtractorClass = settings.get(SSLConfigConstants.SEARCHGUARD_SSL_TRANSPORT_PRINCIPAL_EXTRACTOR_CLASS, null);

if (principalExtractorClass == null) {
Expand Down Expand Up @@ -372,7 +362,7 @@ public List<Setting<?>> getSettings() {
public Settings additionalSettings() {
final Settings.Builder builder = Settings.builder();

if (!client && httpSSLEnabled) {
if (httpSSLEnabled) {

if (settings.get("http.compression") == null) {
builder.put("http.compression", false);
Expand Down
2 changes: 0 additions & 2 deletions ssl/src/test/java/com/floragunn/searchguard/ssl/SSLTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -114,7 +114,6 @@ public void testCipherAndProtocols() throws Exception {
.put("searchguard.ssl.http.enabled_ciphers","SSL_RSA_EXPORT_WITH_RC4_40_MD5")
//WEAK and insecure protocol, do NOT use this, its here for unittesting only!!!
.put("searchguard.ssl.http.enabled_protocols","SSLv3")
.put("client.type","node")
.put("path.home",".")
.build();

Expand All @@ -134,7 +133,6 @@ public void testCipherAndProtocols() throws Exception {
.put("searchguard.ssl.transport.enabled_ciphers","SSL_RSA_EXPORT_WITH_RC4_40_MD5")
//WEAK and insecure protocol, do NOT use this, its here for unittesting only!!!
.put("searchguard.ssl.transport.enabled_protocols","SSLv3")
.put("client.type","node")
.put("path.home",".")
.build();

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,7 @@ public PluginAwareNode(boolean masterEligible, final Settings preparedSettings,
}

private static Environment createEnvironment(Settings preparedSettings) {
Settings settings = Settings.builder().put(preparedSettings).put("client.type", "node").build();
return configureESLogging(InternalSettingsPreparer.prepareEnvironment(settings,
return configureESLogging(InternalSettingsPreparer.prepareEnvironment(preparedSettings,
Collections.emptyMap(),
null,
() -> System.getenv("HOSTNAME")));
Expand Down

0 comments on commit 060f682

Please sign in to comment.