From 5880394ca14b433a5499d4ca5ead3caf732d0509 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Mon, 18 Oct 2021 12:59:46 -0700 Subject: [PATCH] Convert auditing license object to LicensedFeature (#79280) This commit moves the auditing license checks to use the new LicensedFeature class. --- .../license/XPackLicenseState.java | 1 - .../license/XPackLicenseStateTests.java | 104 ------------------ .../SecuritySearchOperationListenerTests.java | 20 ++-- .../xpack/security/Security.java | 4 +- .../security/audit/AuditTrailService.java | 4 +- .../audit/AuditTrailServiceTests.java | 36 +++--- .../authc/AuthenticationServiceTests.java | 2 +- .../authz/AuthorizationServiceTests.java | 3 +- ...IndicesAliasesRequestInterceptorTests.java | 6 +- .../ResizeRequestInterceptorTests.java | 6 +- 10 files changed, 40 insertions(+), 146 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java index 26e3e6892b82f..1ee9075423c96 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java @@ -41,7 +41,6 @@ public class XPackLicenseState { * Each value defines the licensed state necessary for the feature to be allowed. */ public enum Feature { - SECURITY_AUDITING(OperationMode.GOLD, false), SECURITY_TOKEN_SERVICE(OperationMode.STANDARD, false), MACHINE_LEARNING(OperationMode.PLATINUM, true), diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java index ae1c8ca5aba4c..7740f592062c8 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java @@ -88,110 +88,6 @@ public static OperationMode randomBasicStandardOrGold() { return randomFrom(BASIC, STANDARD, GOLD); } - public void testSecurityDefaults() { - Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build(); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true)); - - licenseState = TestUtils.newTestLicenseState(); - assertSecurityNotAllowed(licenseState); - } - - public void testTransportSslDoesNotAutomaticallyEnableSecurityOnTrialLicense() { - Settings settings = Settings.builder().put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true).build(); - final XPackLicenseState licenseState= new XPackLicenseState(settings, () -> 0); - assertSecurityNotAllowed(licenseState); - } - - public void testSecurityBasicWithoutExplicitSecurityEnabled() { - XPackLicenseState licenseState = TestUtils.newTestLicenseState(); - licenseState.update(BASIC, true, null); - - assertThat(licenseState.isSecurityEnabled(), is(false)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false)); - - assertThat(licenseState.isSecurityEnabled(), is(false)); - } - - public void testSecurityBasicWithExplicitSecurityEnabled() { - final Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build(); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(BASIC, true, null); - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false)); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - } - - public void testSecurityStandard() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(STANDARD, true, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - - public void testSecurityStandardExpired() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(STANDARD, false, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - - public void testSecurityGold() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(GOLD, true, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - - public void testSecurityGoldExpired() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(GOLD, false, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - - public void testSecurityPlatinum() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(PLATINUM, true, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - - public void testSecurityPlatinumExpired() { - Settings settings = randomFrom(Settings.EMPTY, - Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); - XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0); - licenseState.update(PLATINUM, false, null); - - assertThat(licenseState.isSecurityEnabled(), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true)); - assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true)); - } - public void testNewTrialDefaultsSecurityOff() { XPackLicenseState licenseState = TestUtils.newTestLicenseState(); licenseState.update(TRIAL, true, null); diff --git a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java index 6416f7d7a442c..4d0c5ada7c9c3 100644 --- a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java +++ b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java @@ -8,13 +8,12 @@ import org.elasticsearch.common.UUIDs; import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.core.TimeValue; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext; +import org.elasticsearch.core.TimeValue; import org.elasticsearch.index.IndexService; import org.elasticsearch.index.shard.IndexShard; -import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; +import org.elasticsearch.license.MockLicenseState; import org.elasticsearch.search.Scroll; import org.elasticsearch.search.SearchContextMissingException; import org.elasticsearch.search.internal.InternalScrollSearchRequest; @@ -33,6 +32,7 @@ import org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField; import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessControl; import org.elasticsearch.xpack.core.security.user.User; +import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.junit.Before; @@ -40,9 +40,9 @@ import java.util.Collections; -import static org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME; import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.AUTHORIZATION_INFO_KEY; import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.ORIGINATING_ACTION_KEY; +import static org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME; import static org.elasticsearch.xpack.security.authz.AuthorizationServiceTests.authzInfoRoles; import static org.elasticsearch.xpack.security.authz.SecuritySearchOperationListener.ensureAuthenticatedUserIsSame; import static org.hamcrest.Matchers.is; @@ -71,7 +71,7 @@ public void testUnlicensed() { try (LegacyReaderContext readerContext = new LegacyReaderContext(new ShardSearchContextId(UUIDs.randomBase64UUID(), 0L), indexService, shard, shard.acquireSearcherSupplier(), shardSearchRequest, Long.MAX_VALUE)) { - XPackLicenseState licenseState = mock(XPackLicenseState.class); + MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.isSecurityEnabled()).thenReturn(false); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext); @@ -93,7 +93,7 @@ public void testOnNewContextSetsAuthentication() throws Exception { try (LegacyReaderContext readerContext = new LegacyReaderContext(new ShardSearchContextId(UUIDs.randomBase64UUID(), 0L), indexService, shard, shard.acquireSearcherSupplier(), shardSearchRequest, Long.MAX_VALUE)) { - XPackLicenseState licenseState = mock(XPackLicenseState.class); + MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.isSecurityEnabled()).thenReturn(true); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext); @@ -126,9 +126,9 @@ public void testValidateSearchContext() throws Exception { new Authentication(new User("test", "role"), new RealmRef("realm", "file", "node"), null)); final IndicesAccessControl indicesAccessControl = mock(IndicesAccessControl.class); readerContext.putInContext(AuthorizationServiceField.INDICES_PERMISSIONS_KEY, indicesAccessControl); - XPackLicenseState licenseState = mock(XPackLicenseState.class); + MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext); AuditTrail auditTrail = mock(AuditTrail.class); @@ -225,9 +225,9 @@ public void testEnsuredAuthenticatedUserIsSame() { ShardSearchContextId contextId = new ShardSearchContextId(UUIDs.randomBase64UUID(), randomLong()); final String action = randomAlphaOfLength(4); TransportRequest request = Empty.INSTANCE; - XPackLicenseState licenseState = mock(XPackLicenseState.class); + MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); AuditTrail auditTrail = mock(AuditTrail.class); AuditTrailService auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java index e97e588830639..d01d6ca46e462 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -349,9 +349,9 @@ public class Security extends Plugin implements SystemIndexPlugin, IngestPlugin, // TODO: ip filtering does not actually track license usage yet public static final LicensedFeature.Momentary IP_FILTERING_FEATURE = - LicensedFeature.momentaryLenient(null, "security_ip_filtering", License.OperationMode.GOLD); + LicensedFeature.momentaryLenient(null, "security-ip-filtering", License.OperationMode.GOLD); public static final LicensedFeature.Momentary AUDITING_FEATURE = - LicensedFeature.momentaryLenient(null, "security_auditing", License.OperationMode.GOLD); + LicensedFeature.momentaryLenient(null, "security-auditing", License.OperationMode.GOLD); private static final String REALMS_FEATURE_FAMILY = "security-realms"; // Builtin realms (file/native) realms are Basic licensed, so don't need to be checked or tracked diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java index 570d33a101cd5..3e35aaed19cd4 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java @@ -10,13 +10,13 @@ import org.apache.logging.log4j.Logger; import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.transport.TransportResponse; import org.elasticsearch.xpack.core.security.authc.Authentication; import org.elasticsearch.xpack.core.security.authc.AuthenticationToken; import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo; +import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule; import java.net.InetAddress; @@ -43,7 +43,7 @@ public AuditTrailService(List auditTrails, XPackLicenseState license public AuditTrail get() { if (compositeAuditTrail.isEmpty() == false && licenseState.isSecurityEnabled()) { - if (licenseState.checkFeature(Feature.SECURITY_AUDITING)) { + if (Security.AUDITING_FEATURE.check(licenseState)) { return compositeAuditTrail; } else { maybeLogAuditingDisabled(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java index 1dc62ad01f48a..2366107dde570 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java @@ -11,8 +11,7 @@ import org.apache.logging.log4j.Logger; import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.license.License; -import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; +import org.elasticsearch.license.MockLicenseState; import org.elasticsearch.rest.RestRequest; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.MockLogAppender; @@ -22,6 +21,7 @@ import org.elasticsearch.xpack.core.security.authc.AuthenticationToken; import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo; import org.elasticsearch.xpack.core.security.user.User; +import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule; import org.junit.Before; @@ -47,7 +47,7 @@ public class AuditTrailServiceTests extends ESTestCase { private AuthenticationToken token; private TransportRequest request; private RestRequest restRequest; - private XPackLicenseState licenseState; + private MockLicenseState licenseState; private boolean isAuditingAllowed; @Before @@ -57,11 +57,11 @@ public void init() throws Exception { auditTrailsBuilder.add(mock(AuditTrail.class)); } auditTrails = unmodifiableList(auditTrailsBuilder); - licenseState = mock(XPackLicenseState.class); + licenseState = mock(MockLicenseState.class); service = new AuditTrailService(auditTrails, licenseState); isAuditingAllowed = randomBoolean(); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(isAuditingAllowed); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(isAuditingAllowed); token = mock(AuthenticationToken.class); request = mock(TransportRequest.class); restRequest = mock(RestRequest.class); @@ -119,7 +119,7 @@ public void testNoLogRecentlyWhenLicenseProhibitsAuditing() throws Exception { public void testAuthenticationFailed() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, token, "_action", request); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, token, "_action", request); @@ -132,7 +132,7 @@ public void testAuthenticationFailed() throws Exception { public void testAuthenticationFailedNoToken() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, "_action", request); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, "_action", request); @@ -145,7 +145,7 @@ public void testAuthenticationFailedNoToken() throws Exception { public void testAuthenticationFailedRestNoToken() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, restRequest); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, restRequest); @@ -158,7 +158,7 @@ public void testAuthenticationFailedRestNoToken() throws Exception { public void testAuthenticationFailedRest() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, token, restRequest); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, token, restRequest); @@ -171,7 +171,7 @@ public void testAuthenticationFailedRest() throws Exception { public void testAuthenticationFailedRealm() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, "_realm", token, "_action", request); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, "_realm", token, "_action", request); @@ -184,7 +184,7 @@ public void testAuthenticationFailedRealm() throws Exception { public void testAuthenticationFailedRestRealm() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationFailed(requestId, "_realm", token, restRequest); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationFailed(requestId, "_realm", token, restRequest); @@ -197,7 +197,7 @@ public void testAuthenticationFailedRestRealm() throws Exception { public void testAnonymousAccess() throws Exception { final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().anonymousAccessDenied(requestId, "_action", request); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).anonymousAccessDenied(requestId, "_action", request); @@ -214,7 +214,7 @@ public void testAccessGranted() throws Exception { () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) }); final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().accessGranted(requestId, authentication, "_action", request, authzInfo); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).accessGranted(requestId, authentication, "_action", request, authzInfo); @@ -231,7 +231,7 @@ public void testAccessDenied() throws Exception { () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) }); final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().accessDenied(requestId, authentication, "_action", request, authzInfo); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).accessDenied(requestId, authentication, "_action", request, authzInfo); @@ -245,7 +245,7 @@ public void testConnectionGranted() throws Exception { InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = randomBoolean() ? SecurityIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; service.get().connectionGranted(inetAddress, "client", rule); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).connectionGranted(inetAddress, "client", rule); @@ -259,7 +259,7 @@ public void testConnectionDenied() throws Exception { InetAddress inetAddress = InetAddress.getLoopbackAddress(); SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all"); service.get().connectionDenied(inetAddress, "client", rule); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).connectionDenied(inetAddress, "client", rule); @@ -274,7 +274,7 @@ public void testAuthenticationSuccessRest() throws Exception { new RealmRef(null, null, null)); final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationSuccess(requestId, authentication, restRequest); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationSuccess(requestId, authentication, restRequest); @@ -289,7 +289,7 @@ public void testAuthenticationSuccessTransport() throws Exception { new RealmRef(null, null, null)); final String requestId = randomAlphaOfLengthBetween(6, 12); service.get().authenticationSuccess(requestId, authentication, "_action", request); - verify(licenseState).checkFeature(Feature.SECURITY_AUDITING); + verify(licenseState).isAllowed(Security.AUDITING_FEATURE); if (isAuditingAllowed) { for (AuditTrail auditTrail : auditTrails) { verify(auditTrail).authenticationSuccess(requestId, authentication, "_action", request); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java index ea0250f1f276c..a169f31b83069 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java @@ -229,7 +229,7 @@ public void init() throws Exception { when(licenseState.isAllowed(Security.CUSTOM_REALMS_FEATURE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); when(licenseState.getOperationMode()).thenReturn(randomFrom(License.OperationMode.ENTERPRISE, License.OperationMode.PLATINUM)); ReservedRealm reservedRealm = mock(ReservedRealm.class); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java index b34c25c4603a1..8e47079edd32a 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java @@ -109,7 +109,6 @@ import org.elasticsearch.indices.TestIndexNameExpressionResolver; import org.elasticsearch.license.MockLicenseState; import org.elasticsearch.license.XPackLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.script.ScriptService; import org.elasticsearch.search.internal.AliasFilter; import org.elasticsearch.search.internal.ShardSearchRequest; @@ -254,7 +253,7 @@ public void setup() { auditTrail = mock(AuditTrail.class); MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState); threadContext = new ThreadContext(settings); threadPool = mock(ThreadPool.class); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptorTests.java index 78c1117c317df..ad59867324c9e 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptorTests.java @@ -16,7 +16,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.license.MockLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.xpack.core.security.authc.Authentication; import org.elasticsearch.xpack.core.security.authc.Authentication.RealmRef; @@ -30,6 +29,7 @@ import org.elasticsearch.xpack.core.security.authz.permission.FieldPermissions; import org.elasticsearch.xpack.core.security.authz.permission.FieldPermissionsDefinition; import org.elasticsearch.xpack.core.security.user.User; +import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.audit.AuditTrailService; import java.util.Collections; @@ -52,7 +52,7 @@ public void testInterceptorThrowsWhenFLSDLSEnabled() { MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); when(licenseState.isAllowed(DOCUMENT_LEVEL_SECURITY_FEATURE)).thenReturn(true); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState); @@ -112,7 +112,7 @@ public void testInterceptorThrowsWhenTargetHasGreaterPermissions() throws Except MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); when(licenseState.isAllowed(DOCUMENT_LEVEL_SECURITY_FEATURE)).thenReturn(randomBoolean()); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptorTests.java index f0e0101843404..04227e42005d1 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptorTests.java @@ -17,7 +17,6 @@ import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.license.MockLicenseState; -import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.core.security.authc.Authentication; @@ -34,6 +33,7 @@ import org.elasticsearch.xpack.core.security.authz.permission.Role; import org.elasticsearch.xpack.core.security.authz.privilege.IndexPrivilege; import org.elasticsearch.xpack.core.security.user.User; +import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.audit.AuditTrailService; import java.util.Collections; @@ -56,7 +56,7 @@ public void testResizeRequestInterceptorThrowsWhenFLSDLSEnabled() { MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); when(licenseState.isAllowed(DOCUMENT_LEVEL_SECURITY_FEATURE)).thenReturn(true); ThreadPool threadPool = mock(ThreadPool.class); ThreadContext threadContext = new ThreadContext(Settings.EMPTY); @@ -109,7 +109,7 @@ public void testResizeRequestInterceptorThrowsWhenTargetHasGreaterPermissions() MockLicenseState licenseState = mock(MockLicenseState.class); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.isSecurityEnabled()).thenReturn(true); - when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true); + when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true); when(licenseState.isAllowed(DOCUMENT_LEVEL_SECURITY_FEATURE)).thenReturn(true); ThreadPool threadPool = mock(ThreadPool.class); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);