Ensure we never read from a closed MockSecureSettings object (#25322)

If secure settings are closed after the node has been constructed no key-store access is permitted. We should also try to be as close as possible to the real behavior if we mock secure settings. This change also adds the same behavior as bootstrap has to InternalTestCluster to ensure we fail if we try to read from secure settings after the node has been constructed.
author: Simon Willnauer <simonw@apache.org> 2017-06-21 08:14:38 +0200
committer: GitHub <noreply@github.com> 2017-06-21 08:14:38 +0200
commit: 86a544de3b250a22af51b18eba08465cbca42c8d (patch)
tree: df10e29ad341053daae9001d21919bde34a37fa6 /test/framework
parent: 406a15e7a90b39d7ed209983d1f90045bba7e0f2 (diff)
2 files changed, 23 insertions, 1 deletions
diff --git a/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java b/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java
index 21cd1961d7..bb5720c99e 100644
--- a/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java
+++ b/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java
@@ -26,6 +26,7 @@ import java.util.HashMap;
 import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
+import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
  * A mock implementation of secure settings for tests to use.
@@ -35,6 +36,7 @@ public class MockSecureSettings implements SecureSettings {
     private Map<String, SecureString> secureStrings = new HashMap<>();
     private Map<String, byte[]> files = new HashMap<>();
     private Set<String> settingNames = new HashSet<>();
+    private final AtomicBoolean closed = new AtomicBoolean(false);
 
     @Override
     public boolean isLoaded() {
@@ -48,24 +50,36 @@ public class MockSecureSettings implements SecureSettings {
 
     @Override
     public SecureString getString(String setting) {
+        ensureOpen();
         return secureStrings.get(setting);
     }
 
     @Override
     public InputStream getFile(String setting) {
+        ensureOpen();
         return new ByteArrayInputStream(files.get(setting));
     }
 
     public void setString(String setting, String value) {
+        ensureOpen();
         secureStrings.put(setting, new SecureString(value.toCharArray()));
         settingNames.add(setting);
     }
 
     public void setFile(String setting, byte[] value) {
+        ensureOpen();
         files.put(setting, value);
         settingNames.add(setting);
     }
 
     @Override
-    public void close() throws IOException {}
+    public void close() throws IOException {
+        closed.set(true);
+    }
+
+    private void ensureOpen() {
+        if (closed.get()) {
+            throw new IllegalStateException("secure settings are already closed");
+        }
+    }
 }
diff --git a/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java b/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java
index b70638f96e..6448278aae 100644
--- a/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java
+++ b/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java
@@ -53,6 +53,7 @@ import org.elasticsearch.common.io.FileSystemUtils;
 import org.elasticsearch.common.lease.Releasables;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.network.NetworkModule;
+import org.elasticsearch.common.settings.SecureSettings;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.Settings.Builder;
 import org.elasticsearch.common.transport.TransportAddress;
@@ -102,6 +103,7 @@ import org.junit.Assert;
 
 import java.io.Closeable;
 import java.io.IOException;
+import java.io.UncheckedIOException;
 import java.net.InetSocketAddress;
 import java.nio.file.Path;
 import java.util.ArrayList;
@@ -605,7 +607,13 @@ public final class InternalTestCluster extends TestCluster {
         } else if (!usingSingleNodeDiscovery && finalSettings.get(DISCOVERY_ZEN_MINIMUM_MASTER_NODES_SETTING.getKey()) == null) {
             throw new IllegalArgumentException(DISCOVERY_ZEN_MINIMUM_MASTER_NODES_SETTING.getKey() + " must be configured");
         }
+        SecureSettings secureSettings = finalSettings.getSecureSettings();
         MockNode node = new MockNode(finalSettings.build(), plugins);
+        try {
+            IOUtils.close(secureSettings);
+        } catch (IOException e) {
+            throw new UncheckedIOException(e);
+        }
         return new NodeAndClient(name, node, nodeId);
     }
author	Simon Willnauer <simonw@apache.org>	2017-06-21 08:14:38 +0200
committer	GitHub <noreply@github.com>	2017-06-21 08:14:38 +0200
commit	86a544de3b250a22af51b18eba08465cbca42c8d (patch)
tree	df10e29ad341053daae9001d21919bde34a37fa6 /test/framework
parent	406a15e7a90b39d7ed209983d1f90045bba7e0f2 (diff)