diff options
author | Simon Willnauer <simonw@apache.org> | 2017-06-21 08:14:38 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-06-21 08:14:38 +0200 |
commit | 86a544de3b250a22af51b18eba08465cbca42c8d (patch) | |
tree | df10e29ad341053daae9001d21919bde34a37fa6 /test/framework | |
parent | 406a15e7a90b39d7ed209983d1f90045bba7e0f2 (diff) |
Ensure we never read from a closed MockSecureSettings object (#25322)
If secure settings are closed after the node has been constructed
no key-store access is permitted. We should also try to be as close as possible
to the real behavior if we mock secure settings. This change also adds
the same behavior as bootstrap has to InternalTestCluster to ensure we fail
if we try to read from secure settings after the node has been constructed.
Diffstat (limited to 'test/framework')
-rw-r--r-- | test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java | 16 | ||||
-rw-r--r-- | test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java | 8 |
2 files changed, 23 insertions, 1 deletions
diff --git a/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java b/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java index 21cd1961d7..bb5720c99e 100644 --- a/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java +++ b/test/framework/src/main/java/org/elasticsearch/common/settings/MockSecureSettings.java @@ -26,6 +26,7 @@ import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; +import java.util.concurrent.atomic.AtomicBoolean; /** * A mock implementation of secure settings for tests to use. @@ -35,6 +36,7 @@ public class MockSecureSettings implements SecureSettings { private Map<String, SecureString> secureStrings = new HashMap<>(); private Map<String, byte[]> files = new HashMap<>(); private Set<String> settingNames = new HashSet<>(); + private final AtomicBoolean closed = new AtomicBoolean(false); @Override public boolean isLoaded() { @@ -48,24 +50,36 @@ public class MockSecureSettings implements SecureSettings { @Override public SecureString getString(String setting) { + ensureOpen(); return secureStrings.get(setting); } @Override public InputStream getFile(String setting) { + ensureOpen(); return new ByteArrayInputStream(files.get(setting)); } public void setString(String setting, String value) { + ensureOpen(); secureStrings.put(setting, new SecureString(value.toCharArray())); settingNames.add(setting); } public void setFile(String setting, byte[] value) { + ensureOpen(); files.put(setting, value); settingNames.add(setting); } @Override - public void close() throws IOException {} + public void close() throws IOException { + closed.set(true); + } + + private void ensureOpen() { + if (closed.get()) { + throw new IllegalStateException("secure settings are already closed"); + } + } } diff --git a/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java b/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java index b70638f96e..6448278aae 100644 --- a/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java +++ b/test/framework/src/main/java/org/elasticsearch/test/InternalTestCluster.java @@ -53,6 +53,7 @@ import org.elasticsearch.common.io.FileSystemUtils; import org.elasticsearch.common.lease.Releasables; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.network.NetworkModule; +import org.elasticsearch.common.settings.SecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings.Builder; import org.elasticsearch.common.transport.TransportAddress; @@ -102,6 +103,7 @@ import org.junit.Assert; import java.io.Closeable; import java.io.IOException; +import java.io.UncheckedIOException; import java.net.InetSocketAddress; import java.nio.file.Path; import java.util.ArrayList; @@ -605,7 +607,13 @@ public final class InternalTestCluster extends TestCluster { } else if (!usingSingleNodeDiscovery && finalSettings.get(DISCOVERY_ZEN_MINIMUM_MASTER_NODES_SETTING.getKey()) == null) { throw new IllegalArgumentException(DISCOVERY_ZEN_MINIMUM_MASTER_NODES_SETTING.getKey() + " must be configured"); } + SecureSettings secureSettings = finalSettings.getSecureSettings(); MockNode node = new MockNode(finalSettings.build(), plugins); + try { + IOUtils.close(secureSettings); + } catch (IOException e) { + throw new UncheckedIOException(e); + } return new NodeAndClient(name, node, nodeId); } |