Module org.elasticsearch.security
Class BaseRunAsSuperuserCommand
java.lang.Object
org.elasticsearch.cli.Command
org.elasticsearch.common.cli.EnvironmentAwareCommand
org.elasticsearch.common.cli.KeyStoreAwareCommand
org.elasticsearch.xpack.security.tool.BaseRunAsSuperuserCommand
- All Implemented Interfaces:
Closeable,AutoCloseable
A
KeyStoreAwareCommand that can be extended fpr any CLI tool that needs to allow a local user with
filesystem write access to perform actions on the node as a superuser. It leverages temporary file realm users
with a `superuser` role.-
Field Summary
FieldsFields inherited from class org.elasticsearch.cli.Command
description, parser -
Constructor Summary
ConstructorsConstructorDescriptionBaseRunAsSuperuserCommand(Function<Environment, CommandLineHttpClient> clientFunction, org.elasticsearch.core.CheckedFunction<Environment, KeyStoreWrapper, Exception> keyStoreFunction, String description) -
Method Summary
Modifier and TypeMethodDescriptionfinal voidexecute(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env, org.elasticsearch.cli.ProcessInfo processInfo) protected abstract voidexecuteCommand(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env, String username, SecureString password) This is called after we have created a temporary superuser in the file realm and verified that its credentials work.protected abstract voidvalidate(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env) This method is called before we attempt to crete a temporary superuser in the file realm.Methods inherited from class org.elasticsearch.common.cli.KeyStoreAwareCommand
decryptKeyStore, readPasswordMethods inherited from class org.elasticsearch.common.cli.EnvironmentAwareCommand
createEnv, execute, getBuildTypeMethods inherited from class org.elasticsearch.cli.Command
close, exit, main, mainWithoutErrorHandling, parseOptions, printAdditionalHelp, printUserException
-
Field Details
-
urlOption
-
-
Constructor Details
-
BaseRunAsSuperuserCommand
public BaseRunAsSuperuserCommand(Function<Environment, CommandLineHttpClient> clientFunction, org.elasticsearch.core.CheckedFunction<Environment, KeyStoreWrapper, Exception> keyStoreFunction, String description)
-
-
Method Details
-
execute
public final void execute(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env, org.elasticsearch.cli.ProcessInfo processInfo) throws Exception - Specified by:
executein classKeyStoreAwareCommand- Throws:
Exception
-
executeCommand
protected abstract void executeCommand(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env, String username, SecureString password) throws Exception This is called after we have created a temporary superuser in the file realm and verified that its credentials work. The username and password of the generated user are passed as parameters. Overriding methods should not try to close the password.- Throws:
Exception
-
validate
protected abstract void validate(org.elasticsearch.cli.Terminal terminal, joptsimple.OptionSet options, Environment env) throws Exception This method is called before we attempt to crete a temporary superuser in the file realm. Commands that implementBaseRunAsSuperuserCommandcan do preflight checks such as parsing and validating options without the need to go through the process of attempting to create and remove the temporary user unnecessarily.- Throws:
Exception
-