Skip to content

Commit

Permalink
Validate monitoring username at parse time (elastic#47821)
Browse files Browse the repository at this point in the history
  • Loading branch information
@danhermann
danhermann committed Oct 31, 2019
1 parent 046f5bf commit b8597a6
Show file tree
Hide file tree
Showing 2 changed files with 63 additions and 1 deletion.
42 changes: 41 additions & 1 deletion ...nitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -176,7 +176,47 @@ public Iterator<Setting<?>> settings() {
*/
public static final Setting.AffixSetting<String> AUTH_USERNAME_SETTING =
Setting.affixKeySetting("xpack.monitoring.exporters.","auth.username",
(key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered));
(key) -> Setting.simpleString(
key,
new Setting.Validator<String>() {
@Override
public void validate(String password) {
// no username validation that is independent of other settings
}

@Override
public void validate(String username, Map<Setting<?>, Object> settings) {
final String namespace =
HttpExporter.AUTH_USERNAME_SETTING.getNamespace(
HttpExporter.AUTH_USERNAME_SETTING.getConcreteSetting(key));
final String password =
(String) settings.get(AUTH_PASSWORD_SETTING.getConcreteSettingForNamespace(namespace));

// password must be specified along with username for any auth
if (Strings.isNullOrEmpty(username) == false) {
if (Strings.isNullOrEmpty(password)) {
throw new SettingsException(
"[" + AUTH_USERNAME_SETTING.getConcreteSettingForNamespace(namespace).getKey() + "] is set " +
"but [" + AUTH_PASSWORD_SETTING.getConcreteSettingForNamespace(namespace).getKey() + "] is " +
"missing");
}
}
}

@Override
public Iterator<Setting<?>> settings() {
final String namespace =
HttpExporter.AUTH_USERNAME_SETTING.getNamespace(
HttpExporter.AUTH_USERNAME_SETTING.getConcreteSetting(key));
final List<Setting<?>> settings = List.of(
HttpExporter.AUTH_PASSWORD_SETTING.getConcreteSettingForNamespace(namespace));
return settings.iterator();
}

},
Property.Dynamic,
Property.NodeScope,
Property.Filtered));
/**
* Password for basic auth.
*/
Expand Down
22 changes: 22 additions & 0 deletions ...ing/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterTests.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,28 @@ public void testExporterWithPasswordButNoUsername() {
assertThat(exception.getMessage(), equalTo(expected));
}

public void testExporterWithUsernameButNoPassword() {
final String expected =
"[xpack.monitoring.exporters._http.auth.username] is set but [xpack.monitoring.exporters._http.auth.password] is missing";
final String prefix = "xpack.monitoring.exporters._http";
final Settings settings = Settings.builder()
.put(prefix + ".type", HttpExporter.TYPE)
.put(prefix + ".host", "localhost:9200")
.put(prefix + ".auth.username", "_user")
.build();

final IllegalArgumentException e = expectThrows(
IllegalArgumentException.class,
() -> HttpExporter.AUTH_USERNAME_SETTING.getConcreteSetting(prefix + ".auth.username").get(settings));
assertThat(
e,
hasToString(
containsString("Failed to parse value for setting [xpack.monitoring.exporters._http.auth.username]")));

assertThat(e.getCause(), instanceOf(SettingsException.class));
assertThat(e.getCause(), hasToString(containsString(expected)));
}

public void testExporterWithUnknownBlacklistedClusterAlerts() {
final SSLIOSessionStrategy sslStrategy = mock(SSLIOSessionStrategy.class);
when(sslService.sslIOSessionStrategy(any(Settings.class))).thenReturn(sslStrategy);
Expand Down

0 comments on commit b8597a6

Please sign in to comment.