@Override public String executor() { return innerHandler.executor(); } }
@Override public T read(StreamInput in) throws IOException { return innerHandler.read(in); }
@Inject public GuiceHolder(final RepositoriesService repositoriesService, final TransportService remoteClusterService) { GuiceHolder.repositoriesService = repositoriesService; GuiceHolder.remoteClusterService = remoteClusterService.getRemoteClusterService(); }
/** * Registers a proxy request handler that allows to forward requests for the given action to another node. To be used when the * response type is always the same (most of the cases). */ public static void registerProxyAction(TransportService service, String action, Writeable.Reader<? extends TransportResponse> reader) { RequestHandlerRegistry<? extends TransportRequest> requestHandler = service.getRequestHandler(action); service.registerRequestHandler(getProxyAction(action), ThreadPool.Names.SAME, true, false, in -> new ProxyRequest<>(in, requestHandler::newRequest), new ProxyRequestHandler<>(service, action, request -> reader)); }
if(transportChannel.getChannelType() == null) { throw new RuntimeException("Can not determine channel type (null)"); if(!transportChannel.getChannelType().equals("direct") && !transportChannel.getChannelType().equals("netty")) { throw new RuntimeException("Unknown channel type "+transportChannel.getChannelType()); getThreadContext().putTransient(ConfigConstants.SG_CHANNEL_TYPE, transportChannel.getChannelType()); getThreadContext().putTransient(ConfigConstants.SG_ACTION_NAME, task.getAction()); if(transportChannel.getChannelType().equals("direct")) { final String userHeader = getThreadContext().getHeader(ConfigConstants.SG_USER_HEADER); getThreadContext().putHeader("_sg_trace"+System.currentTimeMillis()+"#"+UUID.randomUUID().toString(), Thread.currentThread().getName()+" DIR -> "+transportChannel.getChannelType()+" "+getThreadContext().getHeaders()); log.error("Internal or shard requests ("+task.getAction()+") not allowed from a non-server node for transport type "+transportChannel.getChannelType()); transportChannel.sendResponse(new ElasticsearchSecurityException( "Internal or shard requests not allowed from a non-server node for transport type "+transportChannel.getChannelType())); return; "No SSL client certificates found for transport type "+transportChannel.getChannelType()+". Search Guard needs the Search Guard SSL plugin to be installed"); auditLog.logSSLException(request, ex, task.getAction(), task); log.error("No SSL client certificates found for transport type "+transportChannel.getChannelType()+". Search Guard needs the Search Guard SSL plugin to be installed"); transportChannel.sendResponse(ex); return; } else { getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, new TransportAddress((InetSocketAddress) Base64Helper.deserializeObject(originalRemoteAddress))); } else { getThreadContext().putTransient(ConfigConstants.SG_REMOTE_ADDRESS, request.remoteAddress());
@Override public void handleResponse(V response) { try { handler.handleResponse(response); set(response); } catch (Exception e) { handleException(new ResponseHandlerFailureTransportException(e)); } }
@SuppressWarnings("unchecked") protected void processResponse(TransportResponseHandler handler, TransportResponse response) { try { handler.handleResponse(response); } catch (Exception e) { processException(handler, wrapInRemote(new ResponseHandlerFailureTransportException(e))); } }
@Override public void handleResponse(T response) { try { channel.sendResponse(response); } catch (IOException e) { handleException(new TransportException(e)); } }
@Override public void onResponseReceived(long requestId, Transport.ResponseContext holder) { if (holder == null) { checkForTimeout(requestId); } else if (traceEnabled() && shouldTraceAction(holder.action())) { traceReceivedResponse(requestId, holder.connection().getNode(), holder.action()); } }
public TransportInfo info() { BoundTransportAddress boundTransportAddress = boundAddress(); if (boundTransportAddress == null) { return null; } return new TransportInfo(boundTransportAddress, transport.profileBoundAddresses()); }
@Override public void doRun() { TransportException ex = new TransportException("transport stopped, action: " + holderToNotify.action()); holderToNotify.handler().handleException(ex); } });
@Override protected void addAdditionalContextValues(final String action, final TransportRequest request, final X509Certificate[] localCerts, final X509Certificate[] peerCerts, final String principal) throws Exception { boolean isInterClusterRequest = requestEvalProvider.isInterClusterRequest(request, localCerts, peerCerts, principal); if (isInterClusterRequest) { boolean fromTn = Boolean.parseBoolean(getThreadContext().getHeader("_sg_header_tn")); if(fromTn || cs.getClusterName().value().equals(getThreadContext().getHeader("_sg_remotecn"))) { if (log.isTraceEnabled() && !action.startsWith("internal:")) { log.trace("Is inter cluster request ({}/{}/{})", action, request.getClass(), request.remoteAddress()); } getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_INTERCLUSTER_REQUEST, Boolean.TRUE); } else { getThreadContext().putTransient(ConfigConstants.SG_SSL_TRANSPORT_TRUSTED_CLUSTER_REQUEST, Boolean.TRUE); } } else { if (log.isTraceEnabled()) { log.trace("Is not an inter cluster request"); } } super.addAdditionalContextValues(action, request, localCerts, peerCerts, principal); } }
/** * Returns a connection to the remote cluster, preferably a direct connection to the provided {@link DiscoveryNode}. * If such node is not connected, the returned connection will be a proxy connection that redirects to it. */ Transport.Connection getConnection(DiscoveryNode remoteClusterNode) { if (connectionManager.nodeConnected(remoteClusterNode)) { return connectionManager.getConnection(remoteClusterNode); } DiscoveryNode discoveryNode = getAnyConnectedNode(); Transport.Connection connection = connectionManager.getConnection(discoveryNode); return new ProxyConnection(connection, remoteClusterNode); }
if (remoteClusterService.isCrossClusterSearchEnabled() && (request instanceof FieldCapabilitiesRequest || request instanceof SearchRequest)) { IndicesRequest.Replaceable searchRequest = request; final Map<String, OriginalIndices> remoteClusterIndices = SearchGuardPlugin.GuiceHolder.getRemoteClusterService().groupIndices( searchRequest.indicesOptions(), searchRequest.indices(), idx -> resolver.hasIndexOrAlias(idx, clusterService.state()));
@Override public void handleResponse(T response) { contextToRestore.restore(); innerHandler.handleResponse(response); }
@Override public void handleException(TransportException e) { contextToRestore.restore(); innerHandler.handleException(e); }
sender.sendRequest(connection, action, request, options, restoringHandler);
final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort(); final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort(); final TransportAddress is = nodeInfo.getTransport().getAddress() .publishAddress(); clusterInfo.nodePort = is.getPort();
/** * Registers a proxy request handler that allows to forward requests for the given action to another node. To be used when the * response type changes based on the upcoming request (quite rare) */ public static void registerProxyActionWithDynamicResponseType(TransportService service, String action, Function<TransportRequest, Writeable.Reader<? extends TransportResponse>> responseFunction) { RequestHandlerRegistry<? extends TransportRequest> requestHandler = service.getRequestHandler(action); service.registerRequestHandler(getProxyAction(action), ThreadPool.Names.SAME, true, false, in -> new ProxyRequest<>(in, requestHandler::newRequest), new ProxyRequestHandler<>(service, action, responseFunction)); }
public User authenticate(final TransportRequest request, final String sslPrincipal, final Task task, final String action) { if(log.isDebugEnabled() && request.remoteAddress() != null) { log.debug("Transport authentication request from {}", request.remoteAddress()); log.warn("Transport authentication finally failed for {} from {}", creds == null ? impersonatedTransportUser==null?origPKIUser.getName():impersonatedTransportUser.getName():creds.getUsername(), request.remoteAddress());