diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index fa032f0de52..b2697c9bb06 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -198,15 +198,11 @@ public class Security implements ActionPlugin, IngestPlugin { modules.add(new AuthenticationModule(settings)); modules.add(new AuthorizationModule(settings)); - if (enabled == false || auditingEnabled(settings) == false) { - modules.add(b -> { - b.bind(AuditTrailService.class).toProvider(Providers.of(null)); - b.bind(AuditTrail.class).toInstance(AuditTrail.NOOP); - }); - } if (enabled == false) { modules.add(b -> { b.bind(CryptoService.class).toProvider(Providers.of(null)); + b.bind(AuditTrailService.class) + .toInstance(new AuditTrailService(settings, Collections.emptyList(), securityLicenseState)); }); modules.add(new SecurityModule(settings)); modules.add(new SecurityTransportModule(settings)); @@ -280,13 +276,14 @@ public class Security implements ActionPlugin, IngestPlugin { components.add(realms); // audit trails construction + Set auditTrails = new LinkedHashSet<>(); if (AUDIT_ENABLED_SETTING.get(settings)) { List outputs = AUDIT_OUTPUTS_SETTING.get(settings); if (outputs.isEmpty()) { throw new IllegalArgumentException("Audit logging is enabled but there are zero output types in " + AUDIT_ENABLED_SETTING.getKey()); } - Set auditTrails = new LinkedHashSet<>(); + for (String output : outputs) { switch (output) { case LoggingAuditTrail.NAME: @@ -301,8 +298,8 @@ public class Security implements ActionPlugin, IngestPlugin { throw new IllegalArgumentException("Unknown audit trail output [" + output + "]"); } } - components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState)); } + components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState)); return components; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java index 0b562dd2a69..ad7c4e12559 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java @@ -22,6 +22,7 @@ import org.elasticsearch.license.plugin.core.LicenseUtils; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.SecurityContext; import org.elasticsearch.xpack.security.action.SecurityActionMapper; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.user.SystemUser; import org.elasticsearch.xpack.security.user.User; @@ -60,7 +61,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil @Inject public SecurityActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService, - CryptoService cryptoService, AuditTrail auditTrail, SecurityLicenseState licenseState, + CryptoService cryptoService, AuditTrailService auditTrail, SecurityLicenseState licenseState, SecurityActionMapper actionMapper, Set requestInterceptors, ThreadPool threadPool, SecurityContext securityContext) { super(settings); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java index 07f196cbbf9..e6af432f949 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java @@ -18,88 +18,6 @@ import java.net.InetAddress; */ public interface AuditTrail { - AuditTrail NOOP = new AuditTrail() { - - static final String NAME = "noop"; - - @Override - public String name() { - return NAME; - } - - @Override - public void anonymousAccessDenied(String action, TransportMessage message) { - } - - @Override - public void anonymousAccessDenied(RestRequest request) { - } - - @Override - public void authenticationFailed(RestRequest request) { - } - - @Override - public void authenticationFailed(String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(AuthenticationToken token, String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(AuthenticationToken token, RestRequest request) { - } - - @Override - public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) { - } - - @Override - public void accessGranted(User user, String action, TransportMessage message) { - } - - @Override - public void accessDenied(User user, String action, TransportMessage message) { - } - - @Override - public void tamperedRequest(RestRequest request) { - } - - @Override - public void tamperedRequest(String action, TransportMessage message) { - } - - @Override - public void tamperedRequest(User user, String action, TransportMessage request) { - } - - @Override - public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { - } - - @Override - public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { - } - - @Override - public void runAsGranted(User user, String action, TransportMessage message) { - } - - @Override - public void runAsDenied(User user, String action, TransportMessage message) { - } - - @Override - public void runAsDenied(User user, RestRequest request) { - } - }; - String name(); void anonymousAccessDenied(String action, TransportMessage message); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java index 56f53c7bf70..13bc0ca86f5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java @@ -17,6 +17,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.rest.RestController; import org.elasticsearch.node.Node; import org.elasticsearch.rest.RestRequest; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.User; @@ -53,7 +54,7 @@ public class InternalAuthenticationService extends AbstractComponent implements private final boolean runAsEnabled; @Inject - public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, CryptoService cryptoService, + public InternalAuthenticationService(Settings settings, Realms realms, AuditTrailService auditTrail, CryptoService cryptoService, AuthenticationFailureHandler failureHandler, ThreadPool threadPool) { super(settings); this.nodeName = Node.NODE_NAME_SETTING.get(settings); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java index 6a21e03b042..0e350fc565a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java @@ -27,6 +27,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.search.action.SearchTransportService; import org.elasticsearch.xpack.security.SecurityTemplateService; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.SystemUser; @@ -80,7 +81,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A @Inject public InternalAuthorizationService(Settings settings, RolesStore rolesStore, ClusterService clusterService, - AuditTrail auditTrail, AuthenticationFailureHandler authcFailureHandler, + AuditTrailService auditTrail, AuthenticationFailureHandler authcFailureHandler, ThreadPool threadPool, IndexNameExpressionResolver nameExpressionResolver) { super(settings); this.rolesStore = rolesStore; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java index ed0a27caf44..98d977dea9c 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java @@ -19,6 +19,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import java.net.InetAddress; import java.util.ArrayList; @@ -105,7 +106,7 @@ public class IPFilter { private final SetOnce> profileBoundAddress = new SetOnce<>(); @Inject - public IPFilter(final Settings settings, AuditTrail auditTrail, ClusterSettings clusterSettings, + public IPFilter(final Settings settings, AuditTrailService auditTrail, ClusterSettings clusterSettings, SecurityLicenseState licenseState) { this.logger = Loggers.getLogger(getClass(), settings); this.auditTrail = auditTrail; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index ce39eaa4ca3..b840e48295a 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -9,7 +9,6 @@ import java.io.IOException; import java.util.Arrays; import java.util.Collection; import java.util.Collections; -import java.util.List; import java.util.Map; import org.elasticsearch.common.settings.Settings; @@ -17,10 +16,10 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.extensions.XPackExtension; -import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail; import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; +import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authc.file.FileRealm; @@ -91,7 +90,7 @@ public class SecurityTests extends ESTestCase { public void testDisabledByDefault() throws Exception { Collection components = createComponents(Settings.EMPTY); - assertNull(findComponent(AuditTrailService.class, components)); + assertNull(findComponent(AuthenticationService.class, components)); } public void testIndexAuditTrail() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java index 8794175d772..33cd4df3a1e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.security.action.filter; +import java.util.HashSet; + import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.ActionRequest; @@ -12,24 +14,22 @@ import org.elasticsearch.action.search.SearchScrollRequest; import org.elasticsearch.action.support.ActionFilterChain; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.xpack.security.SecurityContext; -import org.elasticsearch.xpack.security.action.SecurityActionMapper; -import org.elasticsearch.xpack.security.authc.Authentication; -import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.audit.AuditTrail; -import org.elasticsearch.xpack.security.authc.AuthenticationService; -import org.elasticsearch.xpack.security.authz.AuthorizationService; -import org.elasticsearch.xpack.security.crypto.CryptoService; -import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.tasks.Task; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.security.SecurityContext; +import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.action.SecurityActionMapper; +import org.elasticsearch.xpack.security.audit.AuditTrailService; +import org.elasticsearch.xpack.security.authc.Authentication; +import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; +import org.elasticsearch.xpack.security.authc.AuthenticationService; +import org.elasticsearch.xpack.security.authz.AuthorizationService; +import org.elasticsearch.xpack.security.crypto.CryptoService; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; import org.junit.Before; -import java.util.HashSet; - import static org.hamcrest.Matchers.equalTo; import static org.mockito.Matchers.eq; import static org.mockito.Matchers.isA; @@ -49,7 +49,7 @@ public class SecurityActionFilterTests extends ESTestCase { private AuthenticationService authcService; private AuthorizationService authzService; private CryptoService cryptoService; - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private SecurityLicenseState securityLicenseState; private SecurityActionFilter filter; @@ -58,7 +58,7 @@ public class SecurityActionFilterTests extends ESTestCase { authcService = mock(AuthenticationService.class); authzService = mock(AuthorizationService.class); cryptoService = mock(CryptoService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); securityLicenseState = mock(SecurityLicenseState.class); when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true); when(securityLicenseState.statsAndHealthEnabled()).thenReturn(true); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java index 42a7610decc..dbca9ce2b91 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java @@ -5,6 +5,10 @@ */ package org.elasticsearch.xpack.security.authc; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; + import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.io.stream.BytesStreamOutput; @@ -12,33 +16,28 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator; -import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.audit.AuditTrail; -import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; -import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.crypto.CryptoService; -import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.rest.FakeRestRequest; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportMessage; +import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType; +import org.elasticsearch.xpack.security.audit.AuditTrailService; +import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; +import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator; +import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; +import org.elasticsearch.xpack.security.authc.support.SecuredString; +import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; +import org.elasticsearch.xpack.security.crypto.CryptoService; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; import org.junit.After; import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; - -import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException; +import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; @@ -68,7 +67,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { Realms realms; Realm firstRealm; Realm secondRealm; - AuditTrail auditTrail; + AuditTrailService auditTrail; AuthenticationToken token; CryptoService cryptoService; ThreadPool threadPool; @@ -105,7 +104,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { realms.start(); cryptoService = mock(CryptoService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); threadPool = mock(ThreadPool.class); threadContext = new ThreadContext(Settings.EMPTY); when(threadPool.getThreadContext()).thenReturn(threadContext); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java index 60a673249b2..d546218ecd8 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security.authz; +import java.util.ArrayList; +import java.util.List; + import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction; @@ -45,24 +48,23 @@ import org.elasticsearch.action.termvectors.TermVectorsAction; import org.elasticsearch.action.termvectors.TermVectorsRequest; import org.elasticsearch.action.update.UpdateAction; import org.elasticsearch.action.update.UpdateRequest; -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData; +import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.search.action.SearchTransportService; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.xpack.security.SecurityTemplateService; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; -import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; @@ -70,15 +72,13 @@ import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; import org.elasticsearch.xpack.security.authz.store.RolesStore; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportRequest; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.After; import org.junit.Before; -import java.util.ArrayList; -import java.util.List; - import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException; import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException; import static org.hamcrest.Matchers.containsInAnyOrder; @@ -94,7 +94,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; public class InternalAuthorizationServiceTests extends ESTestCase { - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private RolesStore rolesStore; private ClusterService clusterService; private InternalAuthorizationService internalAuthorizationService; @@ -105,7 +105,7 @@ public class InternalAuthorizationServiceTests extends ESTestCase { public void setup() { rolesStore = mock(RolesStore.class); clusterService = mock(ClusterService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); threadContext = new ThreadContext(Settings.EMPTY); threadPool = mock(ThreadPool.class); when(threadPool.getThreadContext()).thenReturn(threadContext); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java index 82df1025e0c..011aff9ebb6 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.security.authz.indicesresolver; +import java.util.Set; + import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest; @@ -20,19 +22,19 @@ import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Requests; -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasAction; import org.elasticsearch.cluster.metadata.AliasMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData; +import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.index.IndexNotFoundException; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.security.SecurityTemplateService; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; -import org.elasticsearch.xpack.security.audit.AuditTrail; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.InternalAuthorizationService; import org.elasticsearch.xpack.security.authz.permission.Role; @@ -40,12 +42,10 @@ import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; import org.elasticsearch.xpack.security.authz.store.RolesStore; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.Before; -import java.util.Set; - import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.equalTo; @@ -102,7 +102,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { when(state.metaData()).thenReturn(metaData); InternalAuthorizationService authzService = new InternalAuthorizationService(settings, rolesStore, clusterService, - mock(AuditTrail.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), indexNameExpressionResolver); + mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), + indexNameExpressionResolver); defaultIndicesResolver = new DefaultIndicesAndAliasesResolver(authzService, indexNameExpressionResolver); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java index dc06a12ce4e..fadac74c3eb 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java @@ -20,6 +20,7 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.junit.Before; import org.mockito.ArgumentCaptor; @@ -45,7 +46,7 @@ import static org.mockito.Mockito.when; public class IPFilterTests extends ESTestCase { private IPFilter ipFilter; private SecurityLicenseState licenseState; - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private Transport transport; private HttpServerTransport httpTransport; private ClusterSettings clusterSettings; @@ -54,7 +55,7 @@ public class IPFilterTests extends ESTestCase { public void init() { licenseState = mock(SecurityLicenseState.class); when(licenseState.ipFilteringEnabled()).thenReturn(true); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList( IPFilter.HTTP_FILTER_ALLOW_SETTING, IPFilter.HTTP_FILTER_DENY_SETTING, diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java index f80346abfa5..db81a953475 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.transport.Transport; @@ -34,6 +35,7 @@ import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; @@ -67,7 +69,8 @@ public class IPFilterNetty3UpstreamHandlerTests extends ESTestCase { TransportSettings.TRANSPORT_PROFILES_SETTING))); SecurityLicenseState licenseState = mock(SecurityLicenseState.class); when(licenseState.ipFilteringEnabled()).thenReturn(true); - IPFilter ipFilter = new IPFilter(settings, AuditTrail.NOOP, clusterSettings, licenseState); + AuditTrailService auditTrailService = new AuditTrailService(settings, Collections.emptyList(), licenseState); + IPFilter ipFilter = new IPFilter(settings, auditTrailService, clusterSettings, licenseState); ipFilter.setBoundTransportAddress(transport.boundAddress(), transport.profileBoundAddresses()); if (isHttpEnabled) { HttpServerTransport httpTransport = mock(HttpServerTransport.class);