Skip to content

Commit 8467f94

Browse files
rjernstrjernst
authored
Convert auditing license object to LicensedFeature (#79280) (#79405)
* Convert auditing license object to LicensedFeature (#79280) This commit moves the auditing license checks to use the new LicensedFeature class. * checkstyle
1 parent e8bf64d commit 8467f94

File tree

10 files changed

+40
-148
lines changed

10 files changed

+40
-148
lines changed

x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,6 @@ public class XPackLicenseState {
4141
* Each value defines the licensed state necessary for the feature to be allowed.
4242
*/
4343
public enum Feature {
44-
SECURITY_AUDITING(OperationMode.GOLD, false),
4544
SECURITY_TOKEN_SERVICE(OperationMode.STANDARD, false),
4645

4746
OPERATOR_PRIVILEGES(OperationMode.ENTERPRISE, true);

x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java

Lines changed: 0 additions & 106 deletions
Original file line numberDiff line numberDiff line change
@@ -9,10 +9,8 @@
99
import org.elasticsearch.common.settings.Settings;
1010
import org.elasticsearch.common.util.iterable.Iterables;
1111
import org.elasticsearch.license.License.OperationMode;
12-
import org.elasticsearch.license.XPackLicenseState.Feature;
1312
import org.elasticsearch.test.ESTestCase;
1413
import org.elasticsearch.xpack.core.XPackField;
15-
import org.elasticsearch.xpack.core.XPackSettings;
1614

1715
import java.util.Arrays;
1816
import java.util.Map;
@@ -88,110 +86,6 @@ public static OperationMode randomBasicStandardOrGold() {
8886
return randomFrom(BASIC, STANDARD, GOLD);
8987
}
9088

91-
public void testSecurityDefaults() {
92-
Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build();
93-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
94-
assertThat(licenseState.isSecurityEnabled(), is(true));
95-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
96-
97-
licenseState = TestUtils.newTestLicenseState();
98-
assertSecurityNotAllowed(licenseState);
99-
}
100-
101-
public void testTransportSslDoesNotAutomaticallyEnableSecurityOnTrialLicense() {
102-
Settings settings = Settings.builder().put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true).build();
103-
final XPackLicenseState licenseState= new XPackLicenseState(settings, () -> 0);
104-
assertSecurityNotAllowed(licenseState);
105-
}
106-
107-
public void testSecurityBasicWithoutExplicitSecurityEnabled() {
108-
XPackLicenseState licenseState = TestUtils.newTestLicenseState();
109-
licenseState.update(BASIC, true, null);
110-
111-
assertThat(licenseState.isSecurityEnabled(), is(false));
112-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
113-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
114-
115-
assertThat(licenseState.isSecurityEnabled(), is(false));
116-
}
117-
118-
public void testSecurityBasicWithExplicitSecurityEnabled() {
119-
final Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build();
120-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
121-
licenseState.update(BASIC, true, null);
122-
assertThat(licenseState.isSecurityEnabled(), is(true));
123-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
124-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
125-
126-
assertThat(licenseState.isSecurityEnabled(), is(true));
127-
}
128-
129-
public void testSecurityStandard() {
130-
Settings settings = randomFrom(Settings.EMPTY,
131-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
132-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
133-
licenseState.update(STANDARD, true, null);
134-
135-
assertThat(licenseState.isSecurityEnabled(), is(true));
136-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
137-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
138-
}
139-
140-
public void testSecurityStandardExpired() {
141-
Settings settings = randomFrom(Settings.EMPTY,
142-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
143-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
144-
licenseState.update(STANDARD, false, null);
145-
146-
assertThat(licenseState.isSecurityEnabled(), is(true));
147-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
148-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
149-
}
150-
151-
public void testSecurityGold() {
152-
Settings settings = randomFrom(Settings.EMPTY,
153-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
154-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
155-
licenseState.update(GOLD, true, null);
156-
157-
assertThat(licenseState.isSecurityEnabled(), is(true));
158-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
159-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
160-
}
161-
162-
public void testSecurityGoldExpired() {
163-
Settings settings = randomFrom(Settings.EMPTY,
164-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
165-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
166-
licenseState.update(GOLD, false, null);
167-
168-
assertThat(licenseState.isSecurityEnabled(), is(true));
169-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
170-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
171-
}
172-
173-
public void testSecurityPlatinum() {
174-
Settings settings = randomFrom(Settings.EMPTY,
175-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
176-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
177-
licenseState.update(PLATINUM, true, null);
178-
179-
assertThat(licenseState.isSecurityEnabled(), is(true));
180-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
181-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
182-
}
183-
184-
public void testSecurityPlatinumExpired() {
185-
Settings settings = randomFrom(Settings.EMPTY,
186-
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
187-
XPackLicenseState licenseState = new XPackLicenseState(settings, () -> 0);
188-
licenseState.update(PLATINUM, false, null);
189-
190-
assertThat(licenseState.isSecurityEnabled(), is(true));
191-
assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
192-
assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
193-
}
194-
19589
public void testNewTrialDefaultsSecurityOff() {
19690
XPackLicenseState licenseState = TestUtils.newTestLicenseState();
19791
licenseState.update(TRIAL, true, null);

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -8,13 +8,12 @@
88

99
import org.elasticsearch.common.UUIDs;
1010
import org.elasticsearch.common.settings.Settings;
11-
import org.elasticsearch.core.TimeValue;
1211
import org.elasticsearch.common.util.concurrent.ThreadContext;
1312
import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext;
13+
import org.elasticsearch.core.TimeValue;
1414
import org.elasticsearch.index.IndexService;
1515
import org.elasticsearch.index.shard.IndexShard;
16-
import org.elasticsearch.license.XPackLicenseState;
17-
import org.elasticsearch.license.XPackLicenseState.Feature;
16+
import org.elasticsearch.license.MockLicenseState;
1817
import org.elasticsearch.search.Scroll;
1918
import org.elasticsearch.search.SearchContextMissingException;
2019
import org.elasticsearch.search.internal.InternalScrollSearchRequest;
@@ -33,16 +32,17 @@
3332
import org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField;
3433
import org.elasticsearch.xpack.core.security.authz.accesscontrol.IndicesAccessControl;
3534
import org.elasticsearch.xpack.core.security.user.User;
35+
import org.elasticsearch.xpack.security.Security;
3636
import org.elasticsearch.xpack.security.audit.AuditTrail;
3737
import org.elasticsearch.xpack.security.audit.AuditTrailService;
3838
import org.junit.Before;
3939
import org.mockito.Mockito;
4040

4141
import java.util.Collections;
4242

43-
import static org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME;
4443
import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.AUTHORIZATION_INFO_KEY;
4544
import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.ORIGINATING_ACTION_KEY;
45+
import static org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail.PRINCIPAL_ROLES_FIELD_NAME;
4646
import static org.elasticsearch.xpack.security.authz.AuthorizationServiceTests.authzInfoRoles;
4747
import static org.elasticsearch.xpack.security.authz.SecuritySearchOperationListener.ensureAuthenticatedUserIsSame;
4848
import static org.hamcrest.Matchers.is;
@@ -71,7 +71,7 @@ public void testUnlicensed() {
7171
try (LegacyReaderContext readerContext =
7272
new LegacyReaderContext(new ShardSearchContextId(UUIDs.randomBase64UUID(), 0L), indexService, shard,
7373
shard.acquireSearcherSupplier(), shardSearchRequest, Long.MAX_VALUE)) {
74-
XPackLicenseState licenseState = mock(XPackLicenseState.class);
74+
MockLicenseState licenseState = mock(MockLicenseState.class);
7575
when(licenseState.isSecurityEnabled()).thenReturn(false);
7676
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
7777
final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
@@ -93,7 +93,7 @@ public void testOnNewContextSetsAuthentication() throws Exception {
9393
try (LegacyReaderContext readerContext =
9494
new LegacyReaderContext(new ShardSearchContextId(UUIDs.randomBase64UUID(), 0L),
9595
indexService, shard, shard.acquireSearcherSupplier(), shardSearchRequest, Long.MAX_VALUE)) {
96-
XPackLicenseState licenseState = mock(XPackLicenseState.class);
96+
MockLicenseState licenseState = mock(MockLicenseState.class);
9797
when(licenseState.isSecurityEnabled()).thenReturn(true);
9898
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
9999
final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
@@ -126,9 +126,9 @@ public void testValidateSearchContext() throws Exception {
126126
new Authentication(new User("test", "role"), new RealmRef("realm", "file", "node"), null));
127127
final IndicesAccessControl indicesAccessControl = mock(IndicesAccessControl.class);
128128
readerContext.putInContext(AuthorizationServiceField.INDICES_PERMISSIONS_KEY, indicesAccessControl);
129-
XPackLicenseState licenseState = mock(XPackLicenseState.class);
129+
MockLicenseState licenseState = mock(MockLicenseState.class);
130130
when(licenseState.isSecurityEnabled()).thenReturn(true);
131-
when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
131+
when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true);
132132
ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
133133
final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
134134
AuditTrail auditTrail = mock(AuditTrail.class);
@@ -225,9 +225,9 @@ public void testEnsuredAuthenticatedUserIsSame() {
225225
ShardSearchContextId contextId = new ShardSearchContextId(UUIDs.randomBase64UUID(), randomLong());
226226
final String action = randomAlphaOfLength(4);
227227
TransportRequest request = Empty.INSTANCE;
228-
XPackLicenseState licenseState = mock(XPackLicenseState.class);
228+
MockLicenseState licenseState = mock(MockLicenseState.class);
229229
when(licenseState.isSecurityEnabled()).thenReturn(true);
230-
when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
230+
when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true);
231231
AuditTrail auditTrail = mock(AuditTrail.class);
232232
AuditTrailService auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState);
233233

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -349,9 +349,9 @@ public class Security extends Plugin implements SystemIndexPlugin, IngestPlugin,
349349

350350
// TODO: ip filtering does not actually track license usage yet
351351
public static final LicensedFeature.Momentary IP_FILTERING_FEATURE =
352-
LicensedFeature.momentaryLenient(null, "security_ip_filtering", License.OperationMode.GOLD);
352+
LicensedFeature.momentaryLenient(null, "security-ip-filtering", License.OperationMode.GOLD);
353353
public static final LicensedFeature.Momentary AUDITING_FEATURE =
354-
LicensedFeature.momentaryLenient(null, "security_auditing", License.OperationMode.GOLD);
354+
LicensedFeature.momentaryLenient(null, "security-auditing", License.OperationMode.GOLD);
355355

356356
private static final String REALMS_FEATURE_FAMILY = "security-realms";
357357
// Builtin realms (file/native) realms are Basic licensed, so don't need to be checked or tracked

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,13 +10,13 @@
1010
import org.apache.logging.log4j.Logger;
1111
import org.elasticsearch.common.transport.TransportAddress;
1212
import org.elasticsearch.license.XPackLicenseState;
13-
import org.elasticsearch.license.XPackLicenseState.Feature;
1413
import org.elasticsearch.rest.RestRequest;
1514
import org.elasticsearch.transport.TransportRequest;
1615
import org.elasticsearch.transport.TransportResponse;
1716
import org.elasticsearch.xpack.core.security.authc.Authentication;
1817
import org.elasticsearch.xpack.core.security.authc.AuthenticationToken;
1918
import org.elasticsearch.xpack.core.security.authz.AuthorizationEngine.AuthorizationInfo;
19+
import org.elasticsearch.xpack.security.Security;
2020
import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
2121

2222
import java.net.InetAddress;
@@ -43,7 +43,7 @@ public AuditTrailService(List<AuditTrail> auditTrails, XPackLicenseState license
4343

4444
public AuditTrail get() {
4545
if (compositeAuditTrail.isEmpty() == false && licenseState.isSecurityEnabled()) {
46-
if (licenseState.checkFeature(Feature.SECURITY_AUDITING)) {
46+
if (Security.AUDITING_FEATURE.check(licenseState)) {
4747
return compositeAuditTrail;
4848
} else {
4949
maybeLogAuditingDisabled();

0 commit comments

Comments
 (0)