Java Code Examples for org.elasticsearch.common.settings.Settings#getGroups()

The following examples show how to use org.elasticsearch.common.settings.Settings#getGroups() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: LDAPUserSearcher.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up
static List<Map.Entry<String, Settings>> getUserBaseSettings(Settings settings) {
    Map<String, Settings> userBaseSettingsMap = new HashMap<>(
            settings.getGroups(ConfigConstants.LDAP_AUTHCZ_USERS));

    if (!userBaseSettingsMap.isEmpty()) {
        if (settings.hasValue(ConfigConstants.LDAP_AUTHC_USERBASE)) {
            throw new RuntimeException(
                    "Both old-style and new-style configuration defined for LDAP authentication backend: "
                            + settings);
        }

        return Utils.getOrderedBaseSettings(userBaseSettingsMap);
    } else {
        Settings.Builder settingsBuilder = Settings.builder();
        settingsBuilder.put(ConfigConstants.LDAP_AUTHCZ_BASE,
                settings.get(ConfigConstants.LDAP_AUTHC_USERBASE, DEFAULT_USERBASE));
        settingsBuilder.put(ConfigConstants.LDAP_AUTHCZ_SEARCH,
                settings.get(ConfigConstants.LDAP_AUTHC_USERSEARCH, DEFAULT_USERSEARCH_PATTERN));

        return Collections.singletonList(Pair.of("_legacyConfig", settingsBuilder.build()));
    }
}
 
Example 2
Source File: LDAPAuthenticationBackend.java    From deprecated-security-advanced-modules with Apache License 2.0 6 votes vote down vote up
static List<Map.Entry<String, Settings>> getUserBaseSettings(Settings settings) {
    Map<String, Settings> userBaseSettingsMap = new HashMap<>(
            settings.getGroups(ConfigConstants.LDAP_AUTHCZ_USERS));

    if (!userBaseSettingsMap.isEmpty()) {
        if (settings.hasValue(ConfigConstants.LDAP_AUTHC_USERBASE)) {
            throw new RuntimeException(
                    "Both old-style and new-style configuration defined for LDAP authentication backend: "
                            + settings);
        }

        return Utils.getOrderedBaseSettings(userBaseSettingsMap);
    } else {
        Settings.Builder settingsBuilder = Settings.builder();
        settingsBuilder.put(ConfigConstants.LDAP_AUTHCZ_BASE,
                settings.get(ConfigConstants.LDAP_AUTHC_USERBASE, DEFAULT_USERBASE));
        settingsBuilder.put(ConfigConstants.LDAP_AUTHCZ_SEARCH,
                settings.get(ConfigConstants.LDAP_AUTHC_USERSEARCH, DEFAULT_USERSEARCH_PATTERN));

        return Collections.singletonList(Pair.of("_legacyConfig", settingsBuilder.build()));
    }
}
 
Example 3
Source File: ScriptModes.java    From Elasticsearch with Apache License 2.0 6 votes vote down vote up
private static void processEngineSpecificSettings(Settings settings, Map<String, ScriptEngineService> scriptEngines, ScriptContextRegistry scriptContextRegistry, Map<String, ScriptMode> scriptModes) {
    Map<String, Settings> langGroupedSettings = settings.getGroups(ENGINE_SETTINGS_PREFIX, true);
    for (Map.Entry<String, Settings> langSettings : langGroupedSettings.entrySet()) {
        //read engine specific settings that refer to a non existing script lang will be ignored
        ScriptEngineService scriptEngineService = scriptEngines.get(langSettings.getKey());
        if (scriptEngineService != null) {
            for (ScriptType scriptType : ScriptType.values()) {
                String scriptTypePrefix = scriptType + ".";
                for (ScriptContext scriptContext : scriptContextRegistry.scriptContexts()) {
                    ScriptMode scriptMode = getScriptContextMode(langSettings.getValue(), scriptTypePrefix, scriptContext);
                    if (scriptMode != null) {
                        addScriptMode(scriptEngineService, scriptType, scriptContext, scriptMode, scriptModes);
                    }
                }
            }
        }
    }
}
 
Example 4
Source File: AwarenessAllocationDecider.java    From Elasticsearch with Apache License 2.0 6 votes vote down vote up
@Inject
public AwarenessAllocationDecider(Settings settings, NodeSettingsService nodeSettingsService) {
    super(settings);
    this.awarenessAttributes = settings.getAsArray(CLUSTER_ROUTING_ALLOCATION_AWARENESS_ATTRIBUTES);

    forcedAwarenessAttributes = Maps.newHashMap();
    Map<String, Settings> forceGroups = settings.getGroups(CLUSTER_ROUTING_ALLOCATION_AWARENESS_FORCE_GROUP);
    for (Map.Entry<String, Settings> entry : forceGroups.entrySet()) {
        String[] aValues = entry.getValue().getAsArray("values");
        if (aValues.length > 0) {
            forcedAwarenessAttributes.put(entry.getKey(), aValues);
        }
    }

    nodeSettingsService.addListener(new ApplySettings());
}
 
Example 5
Source File: LDAPAuthorizationBackend2.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private static List<Map.Entry<String, Settings>> getRoleSearchSettings(Settings settings) {
    Map<String, Settings> groupedSettings = settings.getGroups(ConfigConstants.LDAP_AUTHZ_ROLES, true);

    if (!groupedSettings.isEmpty()) {
        // New style settings
        return Utils.getOrderedBaseSettings(groupedSettings);
    } else {
        // Old style settings
        return convertOldStyleSettingsToNewStyle(settings);
    }
}
 
Example 6
Source File: LDAPAuthorizationBackend.java    From deprecated-security-advanced-modules with Apache License 2.0 5 votes vote down vote up
private static List<Map.Entry<String, Settings>> getRoleSearchSettings(Settings settings) {
    Map<String, Settings> groupedSettings = settings.getGroups(ConfigConstants.LDAP_AUTHZ_ROLES, true);

    if (!groupedSettings.isEmpty()) {
        // New style settings
        return Utils.getOrderedBaseSettings(groupedSettings);
    } else {
        // Old style settings
        return convertOldStyleSettingsToNewStyle(settings);
    }
}
 
Example 7
Source File: AwarenessAllocationDecider.java    From Elasticsearch with Apache License 2.0 5 votes vote down vote up
@Override
public void onRefreshSettings(Settings settings) {
    String[] awarenessAttributes = settings.getAsArray(CLUSTER_ROUTING_ALLOCATION_AWARENESS_ATTRIBUTES,
            AwarenessAllocationDecider.this.settings.getAsArray(CLUSTER_ROUTING_ALLOCATION_AWARENESS_ATTRIBUTES));
    if ("".equals(settings.get(CLUSTER_ROUTING_ALLOCATION_AWARENESS_ATTRIBUTES, null))) {
        awarenessAttributes = Strings.EMPTY_ARRAY; // the empty string resets this
    }
    if (awarenessAttributes != null && !Arrays.equals(AwarenessAllocationDecider.this.awarenessAttributes, awarenessAttributes)) {
        logger.info("updating [cluster.routing.allocation.awareness.attributes] from [{}] to [{}]", AwarenessAllocationDecider.this.awarenessAttributes, awarenessAttributes);
        AwarenessAllocationDecider.this.awarenessAttributes = awarenessAttributes;
    }
    Map<String, String[]> forcedAwarenessAttributes = new HashMap<>();
    Map<String, Settings> forceGroups = settings.getGroups(CLUSTER_ROUTING_ALLOCATION_AWARENESS_FORCE_GROUP);
    if (forceGroups.isEmpty()) {
        // check initial values (from config file)
        forceGroups = AwarenessAllocationDecider.this.settings.getGroups(CLUSTER_ROUTING_ALLOCATION_AWARENESS_FORCE_GROUP);
    }
    if (!forceGroups.isEmpty()) {
        for (Map.Entry<String, Settings> entry : forceGroups.entrySet()) {
            String[] aValues = entry.getValue().getAsArray("values");
            if (aValues.length > 0) {
                forcedAwarenessAttributes.put(entry.getKey(), aValues);
            }
        }
    }
    AwarenessAllocationDecider.this.forcedAwarenessAttributes = forcedAwarenessAttributes;
}
 
Example 8
Source File: Security.java    From Elasticsearch with Apache License 2.0 5 votes vote down vote up
static void addBindPermissions(Permissions policy, Settings settings) throws IOException {
    // http is simple
    String httpRange = settings.get("http.netty.port", 
                           settings.get("http.port", 
                                   NettyHttpServerTransport.DEFAULT_PORT_RANGE));
    // listen is always called with 'localhost' but use wildcard to be sure, no name service is consulted.
    // see SocketPermission implies() code
    policy.add(new SocketPermission("*:" + httpRange, "listen,resolve"));
    // transport is waaaay overengineered
    Map<String, Settings> profiles = settings.getGroups("transport.profiles", true);
    if (!profiles.containsKey(NettyTransport.DEFAULT_PROFILE)) {
        profiles = new HashMap<>(profiles);
        profiles.put(NettyTransport.DEFAULT_PROFILE, Settings.EMPTY);
    }

    // loop through all profiles and add permissions for each one, if its valid.
    // (otherwise NettyTransport is lenient and ignores it)
    for (Map.Entry<String, Settings> entry : profiles.entrySet()) {
        Settings profileSettings = entry.getValue();
        String name = entry.getKey();
        String transportRange = profileSettings.get("port", 
                                    settings.get("transport.tcp.port", 
                                            NettyTransport.DEFAULT_PORT_RANGE));

        // a profile is only valid if its the default profile, or if it has an actual name and specifies a port
        boolean valid = NettyTransport.DEFAULT_PROFILE.equals(name) || (Strings.hasLength(name) && profileSettings.get("port") != null);
        if (valid) {
            // listen is always called with 'localhost' but use wildcard to be sure, no name service is consulted.
            // see SocketPermission implies() code
            policy.add(new SocketPermission("*:" + transportRange, "listen,resolve"));
        }
    }
}
 
Example 9
Source File: CustomRealm.java    From shield-custom-realm-example with Apache License 2.0 5 votes vote down vote up
/**
 * Utility method to extract a user from the realm's settings
 * @param settings the settings of the realm. This is not the node's settings
 * @return a {@link Map} of the usernames to the information about the user
 */
private static Map<String, InfoHolder> parseUsersMap(Settings settings) {
    Map<String, Settings> usersSerttings = settings.getGroups("users");
    Map<String, InfoHolder> usersMap = new HashMap<>(usersSerttings.size());
    for (Entry<String, Settings> entry : usersSerttings.entrySet()) {
        Settings userSettings = entry.getValue();
        String username = entry.getKey();
        String password = userSettings.get("password");
        if (Strings.isEmpty(password)) {
            throw new IllegalArgumentException("password must be specified for user [" + username + "]");
        }
        usersMap.put(username, new InfoHolder(password, userSettings.getAsList("roles").toArray(new String[] {})));
    }
    return Collections.unmodifiableMap(usersMap);
}
 
Example 10
Source File: GcMonitor.java    From elasticsearch-helper with Apache License 2.0 5 votes vote down vote up
public GcMonitor(Settings settings) {
    this.enabled = settings.getAsBoolean("monitor.gc.enabled", false);
    TimeValue interval = settings.getAsTime("monitor.gc.interval", timeValueSeconds(1));
    this.gcThresholds = new HashMap<>();
    Map<String, Settings> gcThresholdGroups = settings.getGroups("monitor.gc.level");
    for (Map.Entry<String, Settings> entry : gcThresholdGroups.entrySet()) {
        String name = entry.getKey();
        TimeValue warn = entry.getValue().getAsTime("warn", null);
        TimeValue info = entry.getValue().getAsTime("info", null);
        TimeValue debug = entry.getValue().getAsTime("debug", null);
        if (warn == null || info == null || debug == null) {
            logger.warn("ignoring gc_threshold for [{}], missing warn/info/debug values", name);
        } else {
            gcThresholds.put(name, new GcThreshold(name, warn.millis(), info.millis(), debug.millis()));
        }
    }
    if (!gcThresholds.containsKey(JvmInfo.YOUNG)) {
        gcThresholds.put(JvmInfo.YOUNG, new GcThreshold(JvmInfo.YOUNG, 1000, 700, 400));
    }
    if (!gcThresholds.containsKey(JvmInfo.OLD)) {
        gcThresholds.put(JvmInfo.OLD, new GcThreshold(JvmInfo.OLD, 10000, 5000, 2000));
    }
    if (!gcThresholds.containsKey("default")) {
        gcThresholds.put("default", new GcThreshold("default", 10000, 5000, 2000));
    }
    logger.debug("enabled [{}], interval [{}], gc_threshold [{}]", enabled, interval, this.gcThresholds);
    if (enabled) {
        scheduledFuture = Executors.newSingleThreadScheduledExecutor().scheduleWithFixedDelay(new GcMonitorThread(), 0L, interval.seconds(), TimeUnit.SECONDS);
    }
}
 
Example 11
Source File: ThreadPool.java    From Elasticsearch with Apache License 2.0 4 votes vote down vote up
private Map<String, Settings> getThreadPoolSettingsGroup(Settings settings) {
    Map<String, Settings> groupSettings = settings.getGroups(THREADPOOL_GROUP);
    validate(groupSettings);
    return groupSettings;
}
 
Example 12
Source File: OpenShiftTokenAuthentication.java    From openshift-elasticsearch-plugin with Apache License 2.0 4 votes vote down vote up
public OpenShiftTokenAuthentication(final Settings settings) {
    sars = settings.getGroups("subjectAccessReviews");
    PluginServiceFactory.setBackendRoleRetriever(this);
}