From 5308746270292775ddb14c377e96871b0e8e256e Mon Sep 17 00:00:00 2001 From: Albert Zaharovits Date: Sun, 20 Jan 2019 12:51:24 +0200 Subject: [PATCH] Remove Watcher Account "unsecure" settings (#36736) Removes all sensitive settings (passwords, auth tokens, urls, etc...) for watcher notifications accounts. These settings were deprecated (and herein removed) in favor of their secure sibling that is set inside the elasticsearch keystore. For example: `xpack.notification.email.account..smtp.password` is no longer a valid setting, and it is replaced by `xpack.notification.email.account..smtp.secure_password` --- .../migration/migrate_7_0/settings.asciidoc | 23 ++++++++ .../settings/notification-settings.asciidoc | 20 +++---- .../watcher/notification/email/Account.java | 20 +++---- .../notification/email/EmailService.java | 7 +-- .../notification/hipchat/HipChatAccount.java | 17 ++---- .../notification/hipchat/HipChatService.java | 8 +-- .../notification/jira/JiraAccount.java | 40 +++++-------- .../notification/jira/JiraService.java | 17 +----- .../pagerduty/PagerDutyAccount.java | 25 +++----- .../pagerduty/PagerDutyService.java | 9 +-- .../notification/slack/SlackAccount.java | 28 ++++----- .../notification/slack/SlackService.java | 9 +-- .../actions/email/EmailAttachmentTests.java | 5 +- .../actions/email/EmailMessageIdTests.java | 5 +- .../jira/ExecutableJiraActionTests.java | 19 ++++--- .../watcher/actions/jira/JiraActionTests.java | 10 +++- .../slack/ExecutableSlackActionTests.java | 7 ++- .../watcher/history/HistoryStoreTests.java | 7 ++- .../HistoryTemplateEmailMappingsTests.java | 6 +- .../notification/email/AccountTests.java | 38 +++---------- .../hipchat/HipChatAccountsTests.java | 5 +- .../hipchat/HipChatServiceTests.java | 22 +++++-- .../hipchat/IntegrationAccountTests.java | 21 +++++-- .../hipchat/UserAccountTests.java | 23 ++++++-- .../notification/hipchat/V1AccountTests.java | 12 +++- .../notification/jira/JiraAccountTests.java | 57 ++++++++++++------- .../pagerduty/PagerDutyAccountsTests.java | 7 ++- .../build.gradle | 2 +- 28 files changed, 243 insertions(+), 226 deletions(-) diff --git a/docs/reference/migration/migrate_7_0/settings.asciidoc b/docs/reference/migration/migrate_7_0/settings.asciidoc index 9a271c65271a3..b5ae85eb7dff6 100644 --- a/docs/reference/migration/migrate_7_0/settings.asciidoc +++ b/docs/reference/migration/migrate_7_0/settings.asciidoc @@ -131,3 +131,26 @@ The removal of these default settings also removes the ability for a component t fallback to a default configuration when using TLS. Each component (realm, transport, http, http client, etc) must now be configured with their own settings for TLS if it is being used. + +[float] +[[watcher-notifications-account-settings]] +==== Watcher notifications account settings + +The following settings have been removed in favor of the secure variants. +The <> have to be defined inside each cluster +node's keystore, i.e., they are not to be specified via the cluster settings API. + +- `xpack.notification.email.account..smtp.password`, instead use +`xpack.notification.email.account..smtp.secure_password` +- `xpack.notification.hipchat.account..auth_token`, instead use +`xpack.notification.hipchat.account..secure_auth_token` +- `xpack.notification.jira.account..url`, instead use +`xpack.notification.jira.account..secure_url` +- `xpack.notification.jira.account..user`, instead use +`xpack.notification.jira.account..secure_user` +- `xpack.notification.jira.account..password`, instead use +`xpack.notification.jira.account..secure_password` +- `xpack.notification.pagerduty.account..service_api_key`, instead use +`xpack.notification.pagerduty.account..secure_service_api_key` +- `xpack.notification.slack.account..url`, instead use +`xpack.notification.slack.account..secure_url` diff --git a/docs/reference/settings/notification-settings.asciidoc b/docs/reference/settings/notification-settings.asciidoc index e098f22716876..2f14dd276b849 100644 --- a/docs/reference/settings/notification-settings.asciidoc +++ b/docs/reference/settings/notification-settings.asciidoc @@ -115,7 +115,7 @@ can specify the following email account attributes: `smtp.user` (<>);; The user name for SMTP. Required. - `smtp.password` (<>);; + `smtp.secure_password` (<>);; The password for the specified SMTP user. `smtp.starttls.enable` (<>);; @@ -222,9 +222,8 @@ via HipChat. You can specify the following HipChat account attributes: The HipChat account profile to use: `integration`, `user`, or `v1`. Required. - `auth_token`;; - The authentication token to use to access - the HipChat API. Required. + `secure_auth_token` (<>);; + The authentication token to use to access the HipChat API. Required. `host`;; The HipChat server hostname. Defaults to `api.hipchat.com`. @@ -268,9 +267,8 @@ via Slack. You can specify the following Slack account attributes: [[slack-account-attributes]] - `url`;; - The Incoming Webhook URL to use to post - messages to Slack. Required. + `secure_url` (<>);; + The Incoming Webhook URL to use to post messages to Slack. Required. `message_defaults.from`;; The sender name to display in the @@ -309,13 +307,13 @@ issues in Jira. You can specify the following Jira account attributes: [[jira-account-attributes]] - `url`;; + `secure_url` (<>);; The URL of the Jira Software server. Required. - `user`;; + `secure_user` (<>);; The name of the user to connect to the Jira Software server. Required. - `password`;; + `secure_password` (<>);; The password of the user to connect to the Jira Software server. Required. `issue_defaults`;; @@ -341,7 +339,7 @@ via PagerDuty. You can specify the following PagerDuty account attributes: A name for the PagerDuty account associated with the API key you are using to access PagerDuty. Required. - `service_api_key`;; + `secure_service_api_key` (<>);; The https://developer.pagerduty.com/documentation/rest/authentication[ PagerDuty API key] to use to access PagerDuty. Required. diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/Account.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/Account.java index 02c0e1167dd95..b6a6e259ecc74 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/Account.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/Account.java @@ -32,8 +32,7 @@ public class Account { static final String SMTP_PROTOCOL = "smtp"; - private static final String SMTP_PASSWORD = "password"; - private static final Setting SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_" + SMTP_PASSWORD, null); + public static final Setting SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_password", null); static { SecurityManager sm = System.getSecurityManager(); @@ -213,7 +212,7 @@ static class Smtp { port = settings.getAsInt("port", settings.getAsInt("localport", settings.getAsInt("local_port", 25))); user = settings.get("user", settings.get("from", null)); - password = getSecureSetting(SMTP_PASSWORD, settings, SECURE_PASSWORD_SETTING); + password = getSecureSetting(settings, SECURE_PASSWORD_SETTING); //password = passStr != null ? passStr.toCharArray() : null; properties = loadSmtpProperties(settings); } @@ -225,17 +224,12 @@ static class Smtp { * Note: if your setting was not previously secure, than the string reference that is in the setting object is still * insecure. This is only constructing a new SecureString with the char[] of the insecure setting. */ - private static SecureString getSecureSetting(String settingName, Settings settings, Setting secureSetting) { - String value = settings.get(settingName); - if (value == null) { - SecureString secureString = secureSetting.get(settings); - if (secureString != null && secureString.length() > 0) { - return secureString; - } else { - return null; - } + private static SecureString getSecureSetting(Settings settings, Setting secureSetting) { + SecureString secureString = secureSetting.get(settings); + if (secureString != null && secureString.length() > 0) { + return secureString; } else { - return new SecureString(value.toCharArray()); + return null; } } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java index 0933ba4616280..de7161dcdd1d6 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/email/EmailService.java @@ -65,10 +65,6 @@ public class EmailService extends NotificationService { Setting.affixKeySetting("xpack.notification.email.account.", "smtp.user", (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope)); - private static final Setting.AffixSetting SETTING_SMTP_PASSWORD = - Setting.affixKeySetting("xpack.notification.email.account.", "smtp.password", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); - private static final Setting.AffixSetting SETTING_SECURE_PASSWORD = Setting.affixKeySetting("xpack.notification.email.account.", "smtp.secure_password", (key) -> SecureSetting.secureString(key, null)); @@ -122,7 +118,6 @@ public EmailService(Settings settings, @Nullable CryptoService cryptoService, Cl clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_HOST, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_PORT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_USER, (s, o) -> {}, (s, o) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_PASSWORD, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_TIMEOUT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_CONNECTION_TIMEOUT, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_SMTP_WRITE_TIMEOUT, (s, o) -> {}, (s, o) -> {}); @@ -182,7 +177,7 @@ public Email email() { private static List> getDynamicSettings() { return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_PROFILE, SETTING_EMAIL_DEFAULTS, SETTING_SMTP_AUTH, SETTING_SMTP_HOST, - SETTING_SMTP_PASSWORD, SETTING_SMTP_PORT, SETTING_SMTP_STARTTLS_ENABLE, SETTING_SMTP_USER, SETTING_SMTP_STARTTLS_REQUIRED, + SETTING_SMTP_PORT, SETTING_SMTP_STARTTLS_ENABLE, SETTING_SMTP_USER, SETTING_SMTP_STARTTLS_REQUIRED, SETTING_SMTP_TIMEOUT, SETTING_SMTP_CONNECTION_TIMEOUT, SETTING_SMTP_WRITE_TIMEOUT, SETTING_SMTP_LOCAL_ADDRESS, SETTING_SMTP_LOCAL_PORT, SETTING_SMTP_SEND_PARTIAL, SETTING_SMTP_WAIT_ON_QUIT, SETTING_SMTP_SSL_TRUST_ADDRESS); } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java index 53f8c1533a193..67aee91f13976 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccount.java @@ -23,7 +23,6 @@ public abstract class HipChatAccount { - public static final String AUTH_TOKEN_SETTING = "auth_token"; public static final String ROOM_SETTING = HipChatMessage.Field.ROOM.getPreferredName(); public static final String DEFAULT_ROOM_SETTING = "message_defaults." + HipChatMessage.Field.ROOM.getPreferredName(); public static final String DEFAULT_USER_SETTING = "message_defaults." + HipChatMessage.Field.USER.getPreferredName(); @@ -32,7 +31,7 @@ public abstract class HipChatAccount { public static final String DEFAULT_COLOR_SETTING = "message_defaults." + HipChatMessage.Field.COLOR.getPreferredName(); public static final String DEFAULT_NOTIFY_SETTING = "message_defaults." + HipChatMessage.Field.NOTIFY.getPreferredName(); - private static final Setting SECURE_AUTH_TOKEN_SETTING = SecureSetting.secureString("secure_" + AUTH_TOKEN_SETTING, null); + static final Setting SECURE_AUTH_TOKEN_SETTING = SecureSetting.secureString("secure_auth_token", null); protected final Logger logger; protected final String name; @@ -52,16 +51,12 @@ protected HipChatAccount(String name, Profile profile, Settings settings, HipCha } private static String getAuthToken(String name, Settings settings) { - String authToken = settings.get(AUTH_TOKEN_SETTING); - if (authToken == null || authToken.length() == 0) { - SecureString secureString = SECURE_AUTH_TOKEN_SETTING.get(settings); - if (secureString == null || secureString.length() < 1) { - throw new SettingsException("hipchat account [" + name + "] missing required [" + AUTH_TOKEN_SETTING + "] setting"); - } - authToken = secureString.toString(); + SecureString secureString = SECURE_AUTH_TOKEN_SETTING.get(settings); + if (secureString == null || secureString.length() < 1) { + throw new SettingsException( + "hipchat account [" + name + "] missing required [" + SECURE_AUTH_TOKEN_SETTING.getKey() + "] secure setting"); } - - return authToken; + return secureString.toString(); } public abstract String type(); diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java index 39b1f0cb61709..efa403fd7697e 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatService.java @@ -34,11 +34,6 @@ public class HipChatService extends NotificationService { static final Setting SETTING_DEFAULT_PORT = Setting.intSetting("xpack.notification.hipchat.port", 443, Setting.Property.Dynamic, Setting.Property.NodeScope); - private static final Setting.AffixSetting SETTING_AUTH_TOKEN = - Setting.affixKeySetting("xpack.notification.hipchat.account.", "auth_token", - (key) -> Setting.simpleString(key, Setting.Property.Dynamic, Setting.Property.NodeScope, Setting.Property.Filtered, - Setting.Property.Deprecated)); - private static final Setting.AffixSetting SETTING_AUTH_TOKEN_SECURE = Setting.affixKeySetting("xpack.notification.hipchat.account.", "secure_auth_token", (key) -> SecureSetting.secureString(key, null)); @@ -75,7 +70,6 @@ public HipChatService(Settings settings, HttpClient httpClient, ClusterSettings clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_HOST, (s) -> {}); clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_PORT, (s) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_AUTH_TOKEN, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_PROFILE, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_ROOM, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_HOST, (s, o) -> {}, (s, o) -> {}); @@ -101,7 +95,7 @@ protected HipChatAccount createAccount(String name, Settings accountSettings) { } private static List> getDynamicSettings() { - return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_AUTH_TOKEN, SETTING_PROFILE, SETTING_ROOM, SETTING_MESSAGE_DEFAULTS, + return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_PROFILE, SETTING_ROOM, SETTING_MESSAGE_DEFAULTS, SETTING_DEFAULT_HOST, SETTING_DEFAULT_PORT, SETTING_HOST, SETTING_PORT); } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java index 17f8657ec9d88..b539d007eeef8 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccount.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.watcher.notification.jira; import org.elasticsearch.common.Booleans; -import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.settings.SecureSetting; import org.elasticsearch.common.settings.SecureString; @@ -42,15 +41,12 @@ public class JiraAccount { **/ public static final String DEFAULT_PATH = "/rest/api/2/issue"; - static final String USER_SETTING = "user"; - static final String PASSWORD_SETTING = "password"; - static final String URL_SETTING = "url"; static final String ISSUE_DEFAULTS_SETTING = "issue_defaults"; static final String ALLOW_HTTP_SETTING = "allow_http"; - private static final Setting SECURE_USER_SETTING = SecureSetting.secureString("secure_" + USER_SETTING, null); - private static final Setting SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_" + PASSWORD_SETTING, null); - private static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); + public static final Setting SECURE_USER_SETTING = SecureSetting.secureString("secure_user", null); + public static final Setting SECURE_PASSWORD_SETTING = SecureSetting.secureString("secure_password", null); + public static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_url", null); private final HttpClient httpClient; private final String name; @@ -62,7 +58,7 @@ public class JiraAccount { public JiraAccount(String name, Settings settings, HttpClient httpClient) { this.httpClient = httpClient; this.name = name; - String url = getSetting(name, URL_SETTING, settings, SECURE_URL_SETTING); + String url = getSetting(name, settings, SECURE_URL_SETTING); try { URI uri = new URI(url); Scheme protocol = Scheme.parse(uri.getScheme()); @@ -71,16 +67,11 @@ public JiraAccount(String name, Settings settings, HttpClient httpClient) { } this.url = uri; } catch (URISyntaxException | IllegalArgumentException e) { - throw new SettingsException("invalid jira [" + name + "] account settings. invalid [" + URL_SETTING + "] setting", e); - } - this.user = getSetting(name, USER_SETTING, settings, SECURE_USER_SETTING); - if (Strings.isEmpty(this.user)) { - throw requiredSettingException(name, USER_SETTING); - } - this.password = getSetting(name, PASSWORD_SETTING, settings, SECURE_PASSWORD_SETTING); - if (Strings.isEmpty(this.password)) { - throw requiredSettingException(name, PASSWORD_SETTING); + throw new SettingsException( + "invalid jira [" + name + "] account settings. invalid [" + SECURE_URL_SETTING.getKey() + "] setting", e); } + this.user = getSetting(name, settings, SECURE_USER_SETTING); + this.password = getSetting(name, settings, SECURE_PASSWORD_SETTING); try (XContentBuilder builder = XContentBuilder.builder(XContentType.JSON.xContent())) { builder.startObject(); settings.getAsSettings(ISSUE_DEFAULTS_SETTING).toXContent(builder, ToXContent.EMPTY_PARAMS); @@ -95,17 +86,12 @@ public JiraAccount(String name, Settings settings, HttpClient httpClient) { } } - private static String getSetting(String accountName, String settingName, Settings settings, Setting secureSetting) { - String value = settings.get(settingName); - if (value == null) { - SecureString secureString = secureSetting.get(settings); - if (secureString == null || secureString.length() < 1) { - throw requiredSettingException(accountName, settingName); - } - value = secureString.toString(); + private static String getSetting(String accountName, Settings settings, Setting secureSetting) { + SecureString secureString = secureSetting.get(settings); + if (secureString == null || secureString.length() < 1) { + throw requiredSettingException(accountName, secureSetting.getKey()); } - - return value; + return secureString.toString(); } public String getName() { diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java index 425ef0ee44fd1..9989d0145ed50 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/jira/JiraService.java @@ -32,18 +32,6 @@ public class JiraService extends NotificationService { Setting.affixKeySetting("xpack.notification.jira.account.", "allow_http", (key) -> Setting.boolSetting(key, false, Property.Dynamic, Property.NodeScope)); - private static final Setting.AffixSetting SETTING_URL = - Setting.affixKeySetting("xpack.notification.jira.account.", "url", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); - - private static final Setting.AffixSetting SETTING_USER = - Setting.affixKeySetting("xpack.notification.jira.account.", "user", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered)); - - private static final Setting.AffixSetting SETTING_PASSWORD = - Setting.affixKeySetting("xpack.notification.jira.account.", "password", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); - private static final Setting.AffixSetting SETTING_SECURE_USER = Setting.affixKeySetting("xpack.notification.jira.account.", "secure_user", (key) -> SecureSetting.secureString(key, null)); @@ -68,9 +56,6 @@ public JiraService(Settings settings, HttpClient httpClient, ClusterSettings clu // ensure logging of setting changes clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_ALLOW_HTTP, (s, o) -> {}, (s, o) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_USER, (s, o) -> {}, (s, o) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_PASSWORD, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); // do an initial load reload(settings); @@ -82,7 +67,7 @@ protected JiraAccount createAccount(String name, Settings settings) { } private static List> getDynamicSettings() { - return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_ALLOW_HTTP, SETTING_URL, SETTING_USER, SETTING_PASSWORD, SETTING_DEFAULTS); + return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_ALLOW_HTTP, SETTING_DEFAULTS); } private static List> getSecureSettings() { diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java index fdc5ca07b84c1..b2a1a1b8b9de2 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccount.java @@ -19,19 +19,17 @@ public class PagerDutyAccount { - private static final String SERVICE_KEY_SETTING = "service_api_key"; private static final String TRIGGER_DEFAULTS_SETTING = "event_defaults"; - private static final Setting SECURE_SERVICE_API_KEY_SETTING = - SecureSetting.secureString("secure_" + SERVICE_KEY_SETTING, null); + public static final Setting SECURE_SERVICE_API_KEY_SETTING = SecureSetting.secureString("secure_service_api_key", null); private final String name; private final String serviceKey; private final HttpClient httpClient; private final IncidentEventDefaults eventDefaults; - PagerDutyAccount(String name, Settings accountSettings, Settings serviceSettings, HttpClient httpClient) { + PagerDutyAccount(String name, Settings accountSettings, HttpClient httpClient) { this.name = name; - this.serviceKey = getServiceKey(name, accountSettings, serviceSettings); + this.serviceKey = getServiceKey(name, accountSettings); this.httpClient = httpClient; this.eventDefaults = new IncidentEventDefaults(accountSettings.getAsSettings(TRIGGER_DEFAULTS_SETTING)); @@ -51,17 +49,12 @@ public SentEvent send(IncidentEvent event, Payload payload, String watchId) thro return SentEvent.responded(event, request, response); } - private static String getServiceKey(String name, Settings accountSettings, Settings serviceSettings) { - String serviceKey = accountSettings.get(SERVICE_KEY_SETTING, serviceSettings.get(SERVICE_KEY_SETTING, null)); - if (serviceKey == null) { - SecureString secureString = SECURE_SERVICE_API_KEY_SETTING.get(accountSettings); - if (secureString == null || secureString.length() < 1) { - throw new SettingsException("invalid pagerduty account [" + name + "]. missing required [" + SERVICE_KEY_SETTING + - "] setting"); - } - serviceKey = secureString.toString(); + private static String getServiceKey(String name, Settings accountSettings) { + SecureString secureString = SECURE_SERVICE_API_KEY_SETTING.get(accountSettings); + if (secureString == null || secureString.length() < 1) { + throw new SettingsException( + "invalid pagerduty account [" + name + "]. missing required [" + SECURE_SERVICE_API_KEY_SETTING.getKey() + "] setting"); } - - return serviceKey; + return secureString.toString(); } } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java index 6a0fa5b5bf45b..84d7c16b43784 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyService.java @@ -26,10 +26,6 @@ public class PagerDutyService extends NotificationService { private static final Setting SETTING_DEFAULT_ACCOUNT = Setting.simpleString("xpack.notification.pagerduty.default_account", Property.Dynamic, Property.NodeScope); - private static final Setting.AffixSetting SETTING_SERVICE_API_KEY = - Setting.affixKeySetting("xpack.notification.pagerduty.account.", "service_api_key", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); - private static final Setting.AffixSetting SETTING_SECURE_SERVICE_API_KEY = Setting.affixKeySetting("xpack.notification.pagerduty.account.", "secure_service_api_key", (key) -> SecureSetting.secureString(key, null)); @@ -45,7 +41,6 @@ public PagerDutyService(Settings settings, HttpClient httpClient, ClusterSetting this.httpClient = httpClient; // ensure logging of setting changes clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_SERVICE_API_KEY, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); // do an initial load reload(settings); @@ -53,11 +48,11 @@ public PagerDutyService(Settings settings, HttpClient httpClient, ClusterSetting @Override protected PagerDutyAccount createAccount(String name, Settings accountSettings) { - return new PagerDutyAccount(name, accountSettings, accountSettings, httpClient); + return new PagerDutyAccount(name, accountSettings, httpClient); } private static List> getDynamicSettings() { - return Arrays.asList(SETTING_SERVICE_API_KEY, SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); + return Arrays.asList(SETTING_DEFAULTS, SETTING_DEFAULT_ACCOUNT); } private static List> getSecureSettings() { diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java index 98857cc4cb28a..db6b043fffe3b 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackAccount.java @@ -32,11 +32,9 @@ public class SlackAccount { - - public static final String URL_SETTING = "url"; public static final String MESSAGE_DEFAULTS_SETTING = "message_defaults"; - private static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_" + URL_SETTING, null); + private static final Setting SECURE_URL_SETTING = SecureSetting.secureString("secure_url", null); final String name; final URI url; @@ -44,9 +42,9 @@ public class SlackAccount { final Logger logger; final SlackMessageDefaults messageDefaults; - public SlackAccount(String name, Settings settings, Settings defaultSettings, HttpClient httpClient, Logger logger) { + public SlackAccount(String name, Settings settings, HttpClient httpClient, Logger logger) { this.name = name; - this.url = url(name, settings, defaultSettings); + this.url = url(name, settings); this.messageDefaults = new SlackMessageDefaults(settings.getAsSettings(MESSAGE_DEFAULTS_SETTING)); this.httpClient = httpClient; this.logger = logger; @@ -120,21 +118,17 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws } } - static URI url(String name, Settings settings, Settings defaultSettings) { - String url = settings.get(URL_SETTING, defaultSettings.get(URL_SETTING, null)); - if (url == null) { - SecureString secureStringUrl = SECURE_URL_SETTING.get(settings); - if (secureStringUrl != null && secureStringUrl.length() > 0) { - url = secureStringUrl.toString(); - } - } - if (url == null) { - throw new SettingsException("invalid slack [" + name + "] account settings. missing required [" + URL_SETTING + "] setting"); + static URI url(String name, Settings settings) { + SecureString secureStringUrl = SECURE_URL_SETTING.get(settings); + if (secureStringUrl == null || secureStringUrl.length() < 1) { + throw new SettingsException( + "invalid slack [" + name + "] account settings. missing required [" + SECURE_URL_SETTING.getKey() + "] setting"); } try { - return new URI(url); + return new URI(secureStringUrl.toString()); } catch (URISyntaxException e) { - throw new SettingsException("invalid slack [" + name + "] account settings. invalid [" + URL_SETTING + "] setting", e); + throw new SettingsException( + "invalid slack [" + name + "] account settings. invalid [" + SECURE_URL_SETTING.getKey() + "] setting", e); } } } diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java index 0d8d0bc67faf6..9c3c4151530b0 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/notification/slack/SlackService.java @@ -28,10 +28,6 @@ public class SlackService extends NotificationService { private static final Setting SETTING_DEFAULT_ACCOUNT = Setting.simpleString("xpack.notification.slack.default_account", Property.Dynamic, Property.NodeScope); - private static final Setting.AffixSetting SETTING_URL = - Setting.affixKeySetting("xpack.notification.slack.account.", "url", - (key) -> Setting.simpleString(key, Property.Dynamic, Property.NodeScope, Property.Filtered, Property.Deprecated)); - private static final Setting.AffixSetting SETTING_URL_SECURE = Setting.affixKeySetting("xpack.notification.slack.account.", "secure_url", (key) -> SecureSetting.secureString(key, null)); @@ -48,7 +44,6 @@ public SlackService(Settings settings, HttpClient httpClient, ClusterSettings cl this.httpClient = httpClient; // ensure logging of setting changes clusterSettings.addSettingsUpdateConsumer(SETTING_DEFAULT_ACCOUNT, (s) -> {}); - clusterSettings.addAffixUpdateConsumer(SETTING_URL, (s, o) -> {}, (s, o) -> {}); clusterSettings.addAffixUpdateConsumer(SETTING_DEFAULTS, (s, o) -> {}, (s, o) -> {}); // do an initial load reload(settings); @@ -56,11 +51,11 @@ public SlackService(Settings settings, HttpClient httpClient, ClusterSettings cl @Override protected SlackAccount createAccount(String name, Settings accountSettings) { - return new SlackAccount(name, accountSettings, accountSettings, httpClient, logger); + return new SlackAccount(name, accountSettings, httpClient, logger); } private static List> getDynamicSettings() { - return Arrays.asList(SETTING_URL, SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS); + return Arrays.asList(SETTING_DEFAULT_ACCOUNT, SETTING_DEFAULTS); } private static List> getSecureSettings() { diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java index abc418f5c5e03..f8d7171a13d8c 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailAttachmentTests.java @@ -8,6 +8,7 @@ import org.elasticsearch.action.search.SearchResponse; import org.elasticsearch.common.Strings; import org.elasticsearch.common.io.Streams; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -82,13 +83,15 @@ public void cleanup() throws Exception { @Override protected Settings nodeSettings(int nodeOrdinal) { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD); return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) .put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) - .put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD) .put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.host", "localhost") + .setSecureSettings(secureSettings) .build(); } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailMessageIdTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailMessageIdTests.java index 08d25e3908b0e..495ac99fb9ed0 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailMessageIdTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/email/EmailMessageIdTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.actions.email; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; @@ -42,12 +43,14 @@ public class EmailMessageIdTests extends ESTestCase { public void startSmtpServer() { server = EmailServer.localhost(logger); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD); Settings settings = Settings.builder() .put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) - .put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD) .put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.host", "localhost") + .setSecureSettings(secureSettings) .build(); Set> registeredSettings = new HashSet<>(ClusterSettings.BUILT_IN_CLUSTER_SETTINGS); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/ExecutableJiraActionTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/ExecutableJiraActionTests.java index c4604d8e2a14d..4806412aeaa60 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/ExecutableJiraActionTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/ExecutableJiraActionTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.actions.jira; import org.elasticsearch.common.collect.MapBuilder; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.script.ScriptService; import org.elasticsearch.test.ESTestCase; @@ -63,11 +64,11 @@ public void testProxy() throws Exception { final String user = randomAlphaOfLength(10); final String password = randomAlphaOfLength(10); - Settings accountSettings = Settings.builder() - .put("url", url) - .put("user", user) - .put("password", password) - .build(); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), url); + secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), user); + secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), password); + Settings accountSettings = Settings.builder().setSecureSettings(secureSettings).build(); JiraAccount account = new JiraAccount("account1", accountSettings, httpClient); @@ -259,10 +260,12 @@ public void testExecutionFieldsStringArraysNotOverridden() throws Exception { } private JiraAction.Simulated simulateExecution(Map actionFields, Map accountFields) throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), "https://internal-jira.elastic.co:443"); + secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), "elastic"); + secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), "secret"); Settings.Builder settings = Settings.builder() - .put("url", "https://internal-jira.elastic.co:443") - .put("user", "elastic") - .put("password", "secret") + .setSecureSettings(secureSettings) .putProperties(accountFields, s -> "issue_defaults." + s); JiraAccount account = new JiraAccount("account", settings.build(), mock(HttpClient.class)); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/JiraActionTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/JiraActionTests.java index a0d09e39c029e..b4ce31f75778e 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/JiraActionTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/jira/JiraActionTests.java @@ -9,6 +9,7 @@ import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.collect.MapBuilder; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.ToXContent; import org.elasticsearch.common.xcontent.XContentBuilder; @@ -216,10 +217,13 @@ public void testExecute() throws Exception { HttpClient httpClient = mock(HttpClient.class); when(httpClient.execute(any(HttpRequest.class))).thenReturn(new HttpResponse(HttpStatus.SC_CREATED)); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("secure_url", "https://internal-jira.elastic.co:443"); + secureSettings.setString("secure_user", "elastic"); + secureSettings.setString("secure_password", "secret"); + Settings.Builder settings = Settings.builder() - .put("url", "https://internal-jira.elastic.co:443") - .put("user", "elastic") - .put("password", "secret") + .setSecureSettings(secureSettings) .put("issue_defaults.customfield_000", "foo") .put("issue_defaults.customfield_001", "bar"); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackActionTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackActionTests.java index 4c945ec9fd526..e78f1afc548c5 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackActionTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/actions/slack/ExecutableSlackActionTests.java @@ -5,6 +5,7 @@ */ package org.elasticsearch.xpack.watcher.actions.slack; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext; @@ -40,8 +41,10 @@ public void testProxy() throws Exception { ArgumentCaptor argumentCaptor = ArgumentCaptor.forClass(HttpRequest.class); when(httpClient.execute(argumentCaptor.capture())).thenReturn(new HttpResponse(200)); - Settings accountSettings = Settings.builder().put("url", "http://example.org").build(); - SlackAccount account = new SlackAccount("account1", accountSettings, Settings.EMPTY, httpClient, logger); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("secure_url", "http://example.org"); + Settings accountSettings = Settings.builder().setSecureSettings(secureSettings).build(); + SlackAccount account = new SlackAccount("account1", accountSettings, httpClient, logger); SlackService service = mock(SlackService.class); when(service.getAccount(eq("account1"))).thenReturn(account); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryStoreTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryStoreTests.java index 2ea364de18b4e..c12cfe380c0dc 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryStoreTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryStoreTests.java @@ -16,6 +16,7 @@ import org.elasticsearch.action.index.IndexRequest; import org.elasticsearch.action.index.IndexResponse; import org.elasticsearch.client.Client; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.test.ESTestCase; @@ -121,7 +122,11 @@ public void testStoreWithHideSecrets() throws Exception { final String password = randomFrom("secret", "supersecret", "123456"); final String url = "https://" + randomFrom("localhost", "internal-jira.elastic.co") + ":" + randomFrom(80, 8080, 449, 9443); - Settings settings = Settings.builder().put("url", url).put("user", username).put("password", password).build(); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("secure_url", url); + secureSettings.setString("secure_user", username); + secureSettings.setString("secure_password", password); + Settings settings = Settings.builder().setSecureSettings(secureSettings).build(); JiraAccount account = new JiraAccount("_account", settings, httpClient); JiraIssue jiraIssue = account.createIssue(singletonMap("foo", "bar"), null); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java index c9d642b8dc05f..af1a7ad19fcce 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/history/HistoryTemplateEmailMappingsTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.history; import org.elasticsearch.action.search.SearchResponse; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.protocol.xpack.watcher.PutWatchResponse; import org.elasticsearch.search.aggregations.Aggregations; @@ -52,16 +53,17 @@ public void cleanup() throws Exception { @Override protected Settings nodeSettings(int nodeOrdinal) { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.email.account.test.smtp.secure_password", EmailServer.PASSWORD); return Settings.builder() .put(super.nodeSettings(nodeOrdinal)) // email .put("xpack.notification.email.account.test.smtp.auth", true) .put("xpack.notification.email.account.test.smtp.user", EmailServer.USERNAME) - .put("xpack.notification.email.account.test.smtp.password", EmailServer.PASSWORD) .put("xpack.notification.email.account.test.smtp.port", server.port()) .put("xpack.notification.email.account.test.smtp.host", "localhost") - + .setSecureSettings(secureSettings) .build(); } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/AccountTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/AccountTests.java index 1cbaecef8fec5..5e87a4305fee8 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/AccountTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/email/AccountTests.java @@ -116,8 +116,9 @@ public void testConfig() throws Exception { String password = null; if (randomBoolean()) { password = randomAlphaOfLength(8); - smtpBuilder.put("password", password); - smtpProps.put("mail.smtp.password", password); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), password); + builder.setSecureSettings(secureSettings); } for (int i = 0; i < 5; i++) { String name = randomAlphaOfLength(5); @@ -157,11 +158,13 @@ public void testConfig() throws Exception { } public void testSend() throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), EmailServer.PASSWORD); Account account = new Account(new Account.Config("default", Settings.builder() .put("smtp.host", "localhost") .put("smtp.port", server.port()) .put("smtp.user", EmailServer.USERNAME) - .put("smtp.password", EmailServer.PASSWORD) + .setSecureSettings(secureSettings) .build()), null, logger); Email email = Email.builder() @@ -192,11 +195,13 @@ public void testSend() throws Exception { } public void testSendCCAndBCC() throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("smtp." + Account.SECURE_PASSWORD_SETTING.getKey(), EmailServer.PASSWORD); Account account = new Account(new Account.Config("default", Settings.builder() .put("smtp.host", "localhost") .put("smtp.port", server.port()) .put("smtp.user", EmailServer.USERNAME) - .put("smtp.password", EmailServer.PASSWORD) + .setSecureSettings(secureSettings) .build()), null, logger); Email email = Email.builder() @@ -293,29 +298,4 @@ public void testAccountTimeoutsConfiguredAsNumberAreRejected() { }); } - public void testEnsurePasswordSetAsSecureSetting() { - String password = "password"; - MockSecureSettings secureSettings = new MockSecureSettings(); - secureSettings.setString("smtp.secure_password", password); - - Settings settings = Settings.builder() - .put("smtp.host", "localhost") - .put("smtp.port", server.port()) - .put("smtp.connection_timeout", TimeValue.timeValueMinutes(4)) - .setSecureSettings(secureSettings) - .build(); - - Account.Config config = new Account.Config("default", settings); - assertThat(config.smtp.password.getChars(), equalTo(password.toCharArray())); - - settings = Settings.builder() - .put("smtp.host", "localhost") - .put("smtp.port", server.port()) - .put("smtp.connection_timeout", TimeValue.timeValueMinutes(4)) - .put("smtp.password", password) - .build(); - - config = new Account.Config("default", settings); - assertThat(config.smtp.password.getChars(), equalTo(password.toCharArray())); - } } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccountsTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccountsTests.java index 795f5aaacc7c9..3057d935d7138 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccountsTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatAccountsTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.watcher.common.http.HttpClient; @@ -50,9 +51,11 @@ public void testProxy() throws Exception { } private void addAccountSettings(String name, Settings.Builder builder) { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.hipchat.account." + name + ".secure_auth_token", randomAlphaOfLength(50)); HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values()); builder.put("xpack.notification.hipchat.account." + name + ".profile", profile.value()); - builder.put("xpack.notification.hipchat.account." + name + ".auth_token", randomAlphaOfLength(50)); + builder.setSecureSettings(secureSettings); if (profile == HipChatAccount.Profile.INTEGRATION) { builder.put("xpack.notification.hipchat.account." + name + ".room", randomAlphaOfLength(10)); } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatServiceTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatServiceTests.java index 7b5d6c7f081a4..a10a102e414ca 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatServiceTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/HipChatServiceTests.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.watcher.notification.hipchat; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.test.ESTestCase; @@ -40,9 +41,11 @@ public void testSingleAccountV1() throws Exception { HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token"); Settings.Builder settingsBuilder = Settings.builder() .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.V1.value()) - .put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); + .setSecureSettings(secureSettings); if (host != null) { settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); } @@ -86,10 +89,12 @@ public void testSingleAccountIntegration() throws Exception { HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token"); Settings.Builder settingsBuilder = Settings.builder() .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.INTEGRATION.value()) - .put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token") + .setSecureSettings(secureSettings) .put("xpack.notification.hipchat.account." + accountName + ".room", room); if (host != null) { settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); @@ -122,10 +127,12 @@ public void testSingleAccountIntegration() throws Exception { public void testSingleAccountIntegrationNoRoomSetting() throws Exception { String accountName = randomAlphaOfLength(10); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token"); Settings.Builder settingsBuilder = Settings.builder() .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.INTEGRATION.value()) - .put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); + .setSecureSettings(secureSettings); SettingsException e = expectThrows(SettingsException.class, () -> new HipChatService(settingsBuilder.build(), httpClient, new ClusterSettings(settingsBuilder.build(), new HashSet<>(HipChatService.getSettings()))).getAccount(null)); @@ -141,9 +148,12 @@ public void testSingleAccountUser() throws Exception { HipChatMessage.Color defaultColor = randomBoolean() ? null : randomFrom(HipChatMessage.Color.values()); HipChatMessage.Format defaultFormat = randomBoolean() ? null : randomFrom(HipChatMessage.Format.values()); Boolean defaultNotify = randomBoolean() ? null : (Boolean) randomBoolean(); + + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.hipchat.account." + accountName + ".secure_auth_token", "_token"); Settings.Builder settingsBuilder = Settings.builder() .put("xpack.notification.hipchat.account." + accountName + ".profile", HipChatAccount.Profile.USER.value()) - .put("xpack.notification.hipchat.account." + accountName + ".auth_token", "_token"); + .setSecureSettings(secureSettings); if (host != null) { settingsBuilder.put("xpack.notification.hipchat.account." + accountName + ".host", host); } @@ -189,6 +199,8 @@ public void testMultipleAccounts() throws Exception { Settings.Builder settingsBuilder = Settings.builder(); String defaultAccount = "_a" + randomIntBetween(0, 4); settingsBuilder.put("xpack.notification.hipchat.default_account", defaultAccount); + final MockSecureSettings secureSettings = new MockSecureSettings(); + settingsBuilder.setSecureSettings(secureSettings); final boolean customGlobalServer = randomBoolean(); if (customGlobalServer) { @@ -201,7 +213,7 @@ public void testMultipleAccounts() throws Exception { String prefix = "xpack.notification.hipchat.account." + name; HipChatAccount.Profile profile = randomFrom(HipChatAccount.Profile.values()); settingsBuilder.put(prefix + ".profile", profile); - settingsBuilder.put(prefix + ".auth_token", "_token" + i); + secureSettings.setString(prefix + ".secure_auth_token", "_token" + i); if (profile == HipChatAccount.Profile.INTEGRATION) { settingsBuilder.put(prefix + ".room", "_room" + i); } diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/IntegrationAccountTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/IntegrationAccountTests.java index b85348d7810bb..df1f5d3f47294 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/IntegrationAccountTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/IntegrationAccountTests.java @@ -7,6 +7,7 @@ import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Strings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.common.xcontent.ToXContent; @@ -36,7 +37,9 @@ public void testSettings() throws Exception { Settings.Builder sb = Settings.builder(); String authToken = randomAlphaOfLength(50); - sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, authToken); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken); + sb.setSecureSettings(secureSettings); String host = HipChatServer.DEFAULT.host(); if (randomBoolean()) { @@ -90,13 +93,16 @@ public void testSettingsNoAuthToken() throws Exception { new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { - assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); + assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting")); } } public void testSettingsWithoutRoom() throws Exception { Settings.Builder sb = Settings.builder(); - sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAlphaOfLength(50)); + String authToken = randomAlphaOfLength(50); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken); + sb.setSecureSettings(secureSettings); try { new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); @@ -107,7 +113,10 @@ public void testSettingsWithoutRoom() throws Exception { public void testSettingsWithoutMultipleRooms() throws Exception { Settings.Builder sb = Settings.builder(); - sb.put(IntegrationAccount.AUTH_TOKEN_SETTING, randomAlphaOfLength(50)); + String authToken = randomAlphaOfLength(50); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken); + sb.setSecureSettings(secureSettings); sb.put(IntegrationAccount.ROOM_SETTING, "_r1,_r2"); try { new IntegrationAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); @@ -121,10 +130,12 @@ public void testSend() throws Exception { String token = randomAlphaOfLength(10); HttpClient httpClient = mock(HttpClient.class); String room = "Room with Spaces"; + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), token); IntegrationAccount account = new IntegrationAccount("_name", Settings.builder() .put("host", "_host") .put("port", "443") - .put("auth_token", token) + .setSecureSettings(secureSettings) .put("room", room) .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/UserAccountTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/UserAccountTests.java index 28609efd025d5..6893999776b02 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/UserAccountTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/UserAccountTests.java @@ -8,6 +8,7 @@ import org.apache.logging.log4j.Logger; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.test.ESTestCase; @@ -43,7 +44,9 @@ public void testSettings() throws Exception { Settings.Builder sb = Settings.builder(); String authToken = randomAlphaOfLength(50); - sb.put(UserAccount.AUTH_TOKEN_SETTING, authToken); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(UserAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken); + sb.setSecureSettings(secureSettings); String host = HipChatServer.DEFAULT.host(); if (randomBoolean()) { @@ -111,16 +114,18 @@ public void testSettingsNoAuthToken() throws Exception { new UserAccount("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { - assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); + assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting")); } } public void testSend() throws Exception { HttpClient httpClient = mock(HttpClient.class); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "_token"); UserAccount account = new UserAccount("_name", Settings.builder() .put("host", "_host") .put("port", "443") - .put("auth_token", "_token") + .setSecureSettings(secureSettings) .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); @@ -240,9 +245,11 @@ public void testSend() throws Exception { } public void testColorIsOptional() throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token"); Settings settings = Settings.builder() .put("user", "testuser") - .put("auth_token", "awesome-auth-token") + .setSecureSettings(secureSettings) .build(); UserAccount userAccount = createUserAccount(settings); @@ -256,9 +263,11 @@ public void testColorIsOptional() throws Exception { } public void testFormatIsOptional() throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token"); Settings settings = Settings.builder() .put("user", "testuser") - .put("auth_token", "awesome-auth-token") + .setSecureSettings(secureSettings) .build(); UserAccount userAccount = createUserAccount(settings); @@ -272,9 +281,11 @@ public void testFormatIsOptional() throws Exception { } public void testRoomNameIsUrlEncoded() throws Exception { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "awesome-auth-token"); Settings settings = Settings.builder() .put("user", "testuser") - .put("auth_token", "awesome-auth-token") + .setSecureSettings(secureSettings) .build(); HipChatServer hipChatServer = mock(HipChatServer.class); HttpClient httpClient = mock(HttpClient.class); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/V1AccountTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/V1AccountTests.java index c7391afb29bb6..105965539f604 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/V1AccountTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/hipchat/V1AccountTests.java @@ -7,6 +7,7 @@ import org.apache.logging.log4j.Logger; import org.elasticsearch.common.bytes.BytesReference; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.test.ESTestCase; @@ -32,7 +33,9 @@ public void testSettings() throws Exception { Settings.Builder sb = Settings.builder(); String authToken = randomAlphaOfLength(50); - sb.put(V1Account.AUTH_TOKEN_SETTING, authToken); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(V1Account.SECURE_AUTH_TOKEN_SETTING.getKey(), authToken); + sb.setSecureSettings(secureSettings); String host = HipChatServer.DEFAULT.host(); if (randomBoolean()) { @@ -96,16 +99,19 @@ public void testSettingsNoAuthToken() throws Exception { new V1Account("_name", sb.build(), HipChatServer.DEFAULT, mock(HttpClient.class), mock(Logger.class)); fail("Expected SettingsException"); } catch (SettingsException e) { - assertThat(e.getMessage(), is("hipchat account [_name] missing required [auth_token] setting")); + assertThat(e.getMessage(), is("hipchat account [_name] missing required [secure_auth_token] secure setting")); } } public void testSend() throws Exception { HttpClient httpClient = mock(HttpClient.class); + String authToken = randomAlphaOfLength(50); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(IntegrationAccount.SECURE_AUTH_TOKEN_SETTING.getKey(), "_token"); V1Account account = new V1Account("_name", Settings.builder() .put("host", "_host") .put("port", "443") - .put("auth_token", "_token") + .setSecureSettings(secureSettings) .build(), HipChatServer.DEFAULT, httpClient, mock(Logger.class)); HipChatMessage.Format format = randomFrom(HipChatMessage.Format.values()); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccountTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccountTests.java index 01ee6d399875e..997a6aa6a8dc3 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccountTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/jira/JiraAccountTests.java @@ -9,6 +9,7 @@ import org.elasticsearch.common.collect.MapBuilder; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsException; import org.elasticsearch.test.ESTestCase; @@ -53,29 +54,38 @@ public void init() throws Exception { public void testJiraAccountSettings() { final String url = "https://internal-jira.elastic.co:443"; + final MockSecureSettings secureSettings = new MockSecureSettings(); SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount(null, Settings.EMPTY, null)); - assertThat(e.getMessage(), containsString("invalid jira [null] account settings. missing required [url] setting")); + assertThat(e.getMessage(), containsString("invalid jira [null] account settings. missing required [secure_url] setting")); - Settings settings1 = Settings.builder().put("url", url).build(); + secureSettings.setString("secure_url", url); + Settings settings1 = Settings.builder().setSecureSettings(secureSettings).build(); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings1, null)); - assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [user] setting")); + assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_user] setting")); - Settings settings2 = Settings.builder().put("url", url).put("user", "").build(); + secureSettings.setString("secure_user", ""); + Settings settings2 = Settings.builder().setSecureSettings(secureSettings).build(); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings2, null)); - assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [user] setting")); + assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_user] setting")); - Settings settings3 = Settings.builder().put("url", url).put("user", "foo").build(); + secureSettings.setString("secure_user", "foo"); + Settings settings3 = Settings.builder().setSecureSettings(secureSettings).build(); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings3, null)); - assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [password] setting")); + assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_password] setting")); - Settings settings4 = Settings.builder().put("url", url).put("user", "foo").put("password", "").build(); + secureSettings.setString("secure_password", ""); + Settings settings4 = Settings.builder().setSecureSettings(secureSettings).build(); e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings4, null)); - assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [password] setting")); + assertThat(e.getMessage(), containsString("invalid jira [test] account settings. missing required [secure_password] setting")); } public void testUnsecureAccountUrl() throws Exception { - Settings settings = Settings.builder().put("url", "http://localhost").put("user", "foo").put("password", "bar").build(); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString(JiraAccount.SECURE_USER_SETTING.getKey(), "foo"); + secureSettings.setString(JiraAccount.SECURE_PASSWORD_SETTING.getKey(), "password"); + secureSettings.setString(JiraAccount.SECURE_URL_SETTING.getKey(), "http://localhost"); + Settings settings = Settings.builder().setSecureSettings(secureSettings).build(); SettingsException e = expectThrows(SettingsException.class, () -> new JiraAccount("test", settings, null)); assertThat(e.getMessage(), containsString("invalid jira [test] account settings. unsecure scheme [HTTP]")); @@ -128,15 +138,19 @@ public void testCreateIssue() throws Exception { } public void testCustomUrls() throws Exception { - assertCustomUrl(Settings.builder().put("url", "https://localhost/foo").build(), "/foo"); - assertCustomUrl(Settings.builder().put("url", "https://localhost/foo/").build(), "/foo/"); + assertCustomUrl("https://localhost/foo", "/foo"); + assertCustomUrl("https://localhost/foo/", "/foo/"); // this ensures we retain backwards compatibility - assertCustomUrl(Settings.builder().put("url", "https://localhost/").build(), JiraAccount.DEFAULT_PATH); - assertCustomUrl(Settings.builder().put("url", "https://localhost").build(), JiraAccount.DEFAULT_PATH); + assertCustomUrl("https://localhost/", JiraAccount.DEFAULT_PATH); + assertCustomUrl("https://localhost", JiraAccount.DEFAULT_PATH); } - private void assertCustomUrl(Settings urlSettings, String expectedPath) throws IOException { - Settings settings = Settings.builder().put(urlSettings).put("user", "foo").put("password", "bar").build(); + private void assertCustomUrl(String urlSettings, String expectedPath) throws IOException { + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("secure_url", urlSettings); + secureSettings.setString("secure_user", "foo"); + secureSettings.setString("secure_password", "bar"); + Settings settings = Settings.builder().setSecureSettings(secureSettings).build(); HttpClient client = mock(HttpClient.class); HttpResponse response = new HttpResponse(200); @@ -153,9 +167,14 @@ private void assertCustomUrl(Settings urlSettings, String expectedPath) throws I } private void addAccountSettings(String name, Settings.Builder builder) { - builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.URL_SETTING, "https://internal-jira.elastic.co:443"); - builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.USER_SETTING, randomAlphaOfLength(10)); - builder.put("xpack.notification.jira.account." + name + "." + JiraAccount.PASSWORD_SETTING, randomAlphaOfLength(10)); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_URL_SETTING.getKey(), + "https://internal-jira.elastic.co:443"); + secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_USER_SETTING.getKey(), + randomAlphaOfLength(10)); + secureSettings.setString("xpack.notification.jira.account." + name + "." + JiraAccount.SECURE_PASSWORD_SETTING.getKey(), + randomAlphaOfLength(10)); + builder.setSecureSettings(secureSettings); Map defaults = randomIssueDefaults(); for (Map.Entry setting : defaults.entrySet()) { diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccountsTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccountsTests.java index 1e88c69614270..22d3e2adf4176 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccountsTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/notification/pagerduty/PagerDutyAccountsTests.java @@ -7,6 +7,7 @@ import org.elasticsearch.common.bytes.BytesArray; import org.elasticsearch.common.settings.ClusterSettings; +import org.elasticsearch.common.settings.MockSecureSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.test.ESTestCase; @@ -83,7 +84,11 @@ public void testContextIsSentCorrect() throws Exception { } private void addAccountSettings(String name, Settings.Builder builder) { - builder.put("xpack.notification.pagerduty.account." + name + ".service_api_key", randomAlphaOfLength(50)); + final MockSecureSettings secureSettings = new MockSecureSettings(); + secureSettings.setString( + "xpack.notification.pagerduty.account." + name + "." + PagerDutyAccount.SECURE_SERVICE_API_KEY_SETTING.getKey(), + randomAlphaOfLength(50)); + builder.setSecureSettings(secureSettings); Settings defaults = SlackMessageDefaultsTests.randomSettings(); for (String setting : defaults.keySet()) { builder.copy("xpack.notification.pagerduty.message_defaults." + setting, setting, defaults); diff --git a/x-pack/qa/smoke-test-watcher-with-security/build.gradle b/x-pack/qa/smoke-test-watcher-with-security/build.gradle index f5007e5b0910b..2ff2ff9272fa5 100644 --- a/x-pack/qa/smoke-test-watcher-with-security/build.gradle +++ b/x-pack/qa/smoke-test-watcher-with-security/build.gradle @@ -22,7 +22,7 @@ integTestCluster { setting 'xpack.notification.email.account._email.smtp.host', 'host.domain' setting 'xpack.notification.email.account._email.smtp.port', '587' setting 'xpack.notification.email.account._email.smtp.user', '_user' - setting 'xpack.notification.email.account._email.smtp.password', '_passwd' + keystoreSetting 'xpack.notification.email.account._email.smtp.secure_password', '_passwd' setting 'xpack.license.self_generated.type', 'trial' extraConfigFile 'roles.yml', 'roles.yml' setupCommand 'setupTestAdminUser',