From 74cdc2f4cea1e84bd845edf8930bdebf998d5ab7 Mon Sep 17 00:00:00 2001 From: Jason Tedor Date: Fri, 4 Sep 2015 13:20:27 -0400 Subject: [PATCH] Remove and forbid the use of com.google.common.base.Predicate(s)? This commit removes and now forbids all uses of com.google.common.base.Predicate and com.google.common.base.Predicates across the codebase. This is one of the many steps in the eventual removal of Guava as a dependency. This was enabled by elastic/elasticsearchelastic/elasticsearch#13314. Relates elastic/elasticsearchelastic/elasticsearch#13224, elastic/elasticsearchelastic/elasticsearch#13349 Original commit: elastic/x-pack-elasticsearch@968b81849f11edb6a8000065b0d9292656610b73 --- .../shield/action/ShieldActionFilter.java | 8 +- .../shield/audit/index/IndexAuditTrail.java | 2 +- .../audit/logfile/LoggingAuditTrail.java | 2 +- .../authc/ldap/support/SessionFactory.java | 5 +- .../authz/InternalAuthorizationService.java | 19 ++-- .../shield/authz/Permission.java | 21 +++-- .../elasticsearch/shield/authz/Privilege.java | 10 +-- .../shield/authz/SystemRole.java | 4 +- .../shield/support/AutomatonPredicate.java | 5 +- .../index/IndexAuditTrailEnabledTests.java | 37 ++++---- .../audit/index/IndexAuditTrailTests.java | 29 +++--- .../RemoteIndexAuditTrailStartingTests.java | 8 +- .../shield/authz/PermissionTests.java | 22 +++-- .../shield/authz/PrivilegeTests.java | 89 ++++++++++--------- 14 files changed, 137 insertions(+), 124 deletions(-) diff --git a/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java b/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java index 8bb2ac020b0..c62e9c85552 100644 --- a/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java +++ b/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.action; -import com.google.common.base.Predicate; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionResponse; @@ -29,7 +28,10 @@ import org.elasticsearch.shield.license.LicenseEventsNotifier; import org.elasticsearch.shield.license.LicenseService; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Exceptions.authorizationError; @@ -79,7 +81,7 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte A functional requirement - when the license of shield is disabled (invalid/expires), shield will continue to operate normally, except all read operations will be blocked. */ - if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.apply(action)) { + if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) { logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" + "operations are blocked on shield license expiration. All data operations (read and write) continue to work. \n" + "If you have a new license, please update it. Otherwise, please reach out to your support contact.", action); diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index d5c62d15673..32fb8257333 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -400,7 +400,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl public void accessGranted(User user, String action, TransportMessage message) { if (!principalIsAuditor(user.principal())) { // special treatment for internal system actions - only log if explicitly told to - if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) { + if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) { if (events.contains(SYSTEM_ACCESS_GRANTED)) { try { enqueue(message("access_granted", action, user.principal(), null, indices(message), message), "access_granted"); diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index 651f7c6f0ce..960fe68e0e6 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -168,7 +168,7 @@ public class LoggingAuditTrail implements AuditTrail { String indices = indicesString(message); // special treatment for internal system actions - only log on trace - if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) { + if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) { if (logger.isTraceEnabled()) { if (indices != null) { logger.trace("{}[transport] [access_granted]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message, transport), user.principal(), action, indices, message.getClass().getSimpleName()); diff --git a/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java b/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java index 70afbc82dcf..cfd59c3110a 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java +++ b/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java @@ -19,7 +19,6 @@ import org.elasticsearch.shield.authc.support.SecuredString; import java.util.regex.Pattern; -import static com.google.common.base.Predicates.contains; import static com.google.common.collect.Iterables.all; import static java.util.Arrays.asList; @@ -129,8 +128,8 @@ public abstract class SessionFactory { return true; } - boolean allSecure = all(asList(ldapUrls), contains(STARTS_WITH_LDAPS)); - boolean allClear = all(asList(ldapUrls), contains(STARTS_WITH_LDAP)); + boolean allSecure = all(asList(ldapUrls), s -> STARTS_WITH_LDAPS.matcher(s).find()); + boolean allClear = all(asList(ldapUrls), s -> STARTS_WITH_LDAP.matcher(s).find()); if (!allSecure && !allClear) { //No mixing is allowed because we use the same socketfactory diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index 98375705f50..b4d61efcf33 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -5,8 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; -import com.google.common.base.Predicates; import com.google.common.collect.Sets; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.CompositeIndicesRequest; @@ -33,7 +31,12 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesAndAliasesResolver; import org.elasticsearch.shield.authz.store.RolesStore; import org.elasticsearch.transport.TransportRequest; -import java.util.*; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Exceptions.authorizationError; @@ -80,12 +83,12 @@ public class InternalAuthorizationService extends AbstractComponent implements A } List indicesAndAliases = new ArrayList<>(); - Predicate predicate = Predicates.or(predicates); + Predicate predicate = predicates.stream().reduce(s -> false, (p1, p2) -> p1.or(p2)); MetaData metaData = clusterService.state().metaData(); // TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles? for (Map.Entry entry : metaData.getAliasAndIndexLookup().entrySet()) { String aliasOrIndex = entry.getKey(); - if (predicate.apply(aliasOrIndex)) { + if (predicate.test(aliasOrIndex)) { indicesAndAliases.add(aliasOrIndex); } } @@ -115,7 +118,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A // first, we'll check if the action is a cluster action. If it is, we'll only check it // against the cluster permissions - if (Privilege.Cluster.ACTION_MATCHER.apply(action)) { + if (Privilege.Cluster.ACTION_MATCHER.test(action)) { Permission.Cluster cluster = permission.cluster(); if (cluster != null && cluster.check(action)) { request.putInContext(INDICES_PERMISSIONS_KEY, IndicesAccessControl.ALLOW_ALL); @@ -126,7 +129,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A } // ok... this is not a cluster action, let's verify it's an indices action - if (!Privilege.Index.ACTION_MATCHER.apply(action)) { + if (!Privilege.Index.ACTION_MATCHER.test(action)) { throw denial(user, action, request); } @@ -164,7 +167,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A } //if we are creating an index we need to authorize potential aliases created at the same time - if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) { + if (Privilege.Index.CREATE_INDEX_MATCHER.test(action)) { assert request instanceof CreateIndexRequest; Set aliases = ((CreateIndexRequest) request).aliases(); if (!aliases.isEmpty()) { diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java index 1a5ee65261a..32bdadbb47e 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; @@ -22,7 +21,17 @@ import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl; import org.elasticsearch.shield.support.AutomatonPredicate; import org.elasticsearch.shield.support.Automatons; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.SortedMap; +import java.util.function.Predicate; /** * Represents a permission in the system. There are 3 types of permissions: @@ -209,7 +218,7 @@ public interface Permission { } public boolean check(String action) { - return predicate.apply(action); + return predicate.test(action); } @Override @@ -279,7 +288,7 @@ public interface Permission { public Predicate load(String action) throws Exception { List indices = new ArrayList<>(); for (Group group : groups) { - if (group.actionMatcher.apply(action)) { + if (group.actionMatcher.test(action)) { indices.addAll(Arrays.asList(group.indices)); } } @@ -532,12 +541,12 @@ public interface Permission { } public boolean indexNameMatch(String index) { - return indexNameMatcher.apply(index); + return indexNameMatcher.test(index); } public boolean check(String action, String index) { assert index != null; - return actionMatcher.apply(action) && indexNameMatcher.apply(index); + return actionMatcher.test(action) && indexNameMatcher.test(index); } } } diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java b/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java index d74182b0c6a..abcb33072f5 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; @@ -28,6 +27,7 @@ import org.elasticsearch.shield.support.Automatons; import java.util.Locale; import java.util.Set; import java.util.concurrent.CopyOnWriteArraySet; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Automatons.patterns; @@ -206,7 +206,7 @@ public abstract class Privilege

> { public static void addCustom(String name, String... actionPatterns) { for (String pattern : actionPatterns) { - if (!Index.ACTION_MATCHER.apply(pattern)) { + if (!Index.ACTION_MATCHER.test(pattern)) { throw new IllegalArgumentException("cannot register custom index privilege [" + name + "]. index action must follow the 'indices:*' format"); } } @@ -252,7 +252,7 @@ public abstract class Privilege

> { private static Index resolve(String name) { name = name.toLowerCase(Locale.ROOT); - if (ACTION_MATCHER.apply(name)) { + if (ACTION_MATCHER.test(name)) { return action(name); } for (Index index : values) { @@ -314,7 +314,7 @@ public abstract class Privilege

> { public static void addCustom(String name, String... actionPatterns) { for (String pattern : actionPatterns) { - if (!Cluster.ACTION_MATCHER.apply(pattern)) { + if (!Cluster.ACTION_MATCHER.test(pattern)) { throw new IllegalArgumentException("cannot register custom cluster privilege [" + name + "]. cluster aciton must follow the 'cluster:*' format"); } } @@ -350,7 +350,7 @@ public abstract class Privilege

> { private static Cluster resolve(String name) { name = name.toLowerCase(Locale.ROOT); - if (ACTION_MATCHER.apply(name)) { + if (ACTION_MATCHER.test(name)) { return action(name); } for (Cluster cluster : values) { diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java b/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java index d8ac4bd1690..bdec97abb4a 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; +import java.util.function.Predicate; /** * @@ -22,6 +22,6 @@ public class SystemRole { } public boolean check(String action) { - return PREDICATE.apply(action); + return PREDICATE.test(action); } } diff --git a/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java b/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java index 26377ccba07..a8a8b0fa655 100644 --- a/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java +++ b/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java @@ -5,10 +5,11 @@ */ package org.elasticsearch.shield.support; -import com.google.common.base.Predicate; import dk.brics.automaton.Automaton; import dk.brics.automaton.RunAutomaton; +import java.util.function.Predicate; + /** * */ @@ -25,7 +26,7 @@ public class AutomatonPredicate implements Predicate { } @Override - public boolean apply(String input) { + public boolean test(String input) { return automaton.run(input); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java index ffb5bd4807f..3c45025076a 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse; import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse; import org.elasticsearch.action.exists.ExistsResponse; @@ -19,7 +18,7 @@ import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.junit.Test; -import static org.hamcrest.Matchers.*; +import static org.hamcrest.Matchers.is; @ClusterScope(scope = Scope.TEST, randomDynamicTemplates = false) public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { @@ -69,16 +68,13 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { void awaitIndexCreation() throws Exception { final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover); - boolean success = awaitBusy(new Predicate() { - @Override - public boolean apply(Void o) { - try { - ExistsResponse response = - client().prepareExists(indexName).execute().actionGet(); - return response.exists(); - } catch (Exception e) { - return false; - } + boolean success = awaitBusy(() -> { + try { + ExistsResponse response = + client().prepareExists(indexName).execute().actionGet(); + return response.exists(); + } catch (Exception e) { + return false; } }); @@ -88,19 +84,16 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { } void awaitIndexTemplateCreation() throws InterruptedException { - boolean found = awaitBusy(new Predicate() { - @Override - public boolean apply(Void aVoid) { - GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); - if (response.getIndexTemplates().size() > 0) { - for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) { - if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) { - return true; - } + boolean found = awaitBusy(() -> { + GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); + if (response.getIndexTemplates().size() > 0) { + for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) { + if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) { + return true; } } - return false; } + return false; }); if (!found) { diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 62079f6dbd3..7918a6045d3 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse; @@ -54,7 +53,10 @@ import java.util.List; import java.util.Locale; import java.util.Map; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY; import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; import static org.elasticsearch.test.InternalTestCluster.clusterName; import static org.hamcrest.Matchers.contains; @@ -62,7 +64,11 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.any; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * @@ -704,16 +710,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { } private void awaitIndexCreation(final String indexName) throws InterruptedException { - boolean found = awaitBusy(new Predicate() { - @Override - public boolean apply(Void o) { - try { - ExistsResponse response = - getClient().prepareExists(indexName).execute().actionGet(); - return response.exists(); - } catch (Exception e) { - return false; - } + boolean found = awaitBusy(() -> { + try { + ExistsResponse response = + getClient().prepareExists(indexName).execute().actionGet(); + return response.exists(); + } catch (Exception e) { + return false; } }); assertThat("[" + indexName + "] does not exist!", found, is(true)); diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java index f95febbc1b3..3e831367216 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.admin.cluster.node.info.NodeInfo; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.common.settings.Settings; @@ -127,12 +126,7 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase { public void testThatRemoteAuditInstancesAreStarted() throws Exception { Iterable auditTrails = remoteCluster.getInstances(IndexAuditTrail.class); for (final IndexAuditTrail auditTrail : auditTrails) { - awaitBusy(new Predicate() { - @Override - public boolean apply(Void aVoid) { - return auditTrail.state() == IndexAuditTrail.State.STARTED; - } - }, 2L, TimeUnit.SECONDS); + awaitBusy(() -> auditTrail.state() == IndexAuditTrail.State.STARTED, 2L, TimeUnit.SECONDS); assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED)); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java b/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java index e10264eda7f..6995af27d65 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import org.elasticsearch.action.get.GetAction; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -14,9 +13,16 @@ import org.junit.Test; import java.util.Arrays; import java.util.Collections; import java.util.Iterator; +import java.util.function.Predicate; -import static org.elasticsearch.shield.authz.Privilege.Index.*; -import static org.hamcrest.Matchers.*; +import static org.elasticsearch.shield.authz.Privilege.Index.Cluster; +import static org.elasticsearch.shield.authz.Privilege.Index.MONITOR; +import static org.elasticsearch.shield.authz.Privilege.Index.READ; +import static org.elasticsearch.shield.authz.Privilege.Index.SEARCH; +import static org.elasticsearch.shield.authz.Privilege.Index.union; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; /** * @@ -72,11 +78,11 @@ public class PermissionTests extends ESTestCase { // "baz_*foo", "/fool.*bar/" private void testAllowedIndicesMatcher(Predicate indicesMatcher) { - assertThat(indicesMatcher.apply("foobar"), is(false)); - assertThat(indicesMatcher.apply("fool"), is(false)); - assertThat(indicesMatcher.apply("fool2bar"), is(true)); - assertThat(indicesMatcher.apply("baz_foo"), is(true)); - assertThat(indicesMatcher.apply("barbapapa"), is(false)); + assertThat(indicesMatcher.test("foobar"), is(false)); + assertThat(indicesMatcher.test("fool"), is(false)); + assertThat(indicesMatcher.test("fool2bar"), is(true)); + assertThat(indicesMatcher.test("baz_foo"), is(true)); + assertThat(indicesMatcher.test("barbapapa"), is(false)); } diff --git a/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java b/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java index 1a103ae1bdf..fb2091afb6c 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import org.elasticsearch.action.get.GetAction; import org.elasticsearch.action.get.MultiGetAction; import org.elasticsearch.action.search.MultiSearchAction; @@ -18,7 +17,11 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import static org.hamcrest.Matchers.*; +import java.util.function.Predicate; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; /** * @@ -48,10 +51,10 @@ public class PrivilegeTests extends ESTestCase { @Test public void testSubActionPattern() throws Exception { AutomatonPredicate predicate = new AutomatonPredicate(Automatons.patterns("foo" + Privilege.SUB_ACTION_SUFFIX_PATTERN)); - assertThat(predicate.apply("foo[n][nodes]"), is(true)); - assertThat(predicate.apply("foo[n]"), is(true)); - assertThat(predicate.apply("bar[n][nodes]"), is(false)); - assertThat(predicate.apply("[n][nodes]"), is(false)); + assertThat(predicate.test("foo[n][nodes]"), is(true)); + assertThat(predicate.test("foo[n]"), is(true)); + assertThat(predicate.test("bar[n][nodes]"), is(false)); + assertThat(predicate.test("[n][nodes]"), is(false)); } @Test @@ -81,17 +84,17 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name name = new Privilege.Name("indices:admin/template/delete"); Privilege.Cluster cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/delete"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/delete"), is(true)); name = new Privilege.Name("indices:admin/template/get"); cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/get"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/get"), is(true)); name = new Privilege.Name("indices:admin/template/put"); cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/put"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/put"), is(true)); } @Test @@ -106,8 +109,8 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name actionName = new Privilege.Name("cluster:admin/snapshot/delete"); Privilege.Cluster cluster = Privilege.Cluster.get(actionName); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("cluster:admin/snapshot/delete"), is(true)); - assertThat(cluster.predicate().apply("cluster:admin/snapshot/dele"), is(false)); + assertThat(cluster.predicate().test("cluster:admin/snapshot/delete"), is(true)); + assertThat(cluster.predicate().test("cluster:admin/snapshot/dele"), is(false)); } @Test @@ -117,14 +120,14 @@ public class PrivilegeTests extends ESTestCase { for (Privilege.Cluster cluster : Privilege.Cluster.values()) { if ("foo".equals(cluster.name.toString())) { found = true; - assertThat(cluster.predicate().apply("cluster:bar"), is(true)); + assertThat(cluster.predicate().test("cluster:bar"), is(true)); } } assertThat(found, is(true)); Privilege.Cluster cluster = Privilege.Cluster.get(new Privilege.Name("foo")); assertThat(cluster, notNullValue()); assertThat(cluster.name().toString(), is("foo")); - assertThat(cluster.predicate().apply("cluster:bar"), is(true)); + assertThat(cluster.predicate().test("cluster:bar"), is(true)); } @Test(expected = IllegalArgumentException.class) @@ -142,8 +145,8 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name actionName = new Privilege.Name("indices:admin/mapping/delete"); Privilege.Index index = Privilege.Index.get(actionName); assertThat(index, notNullValue()); - assertThat(index.predicate().apply("indices:admin/mapping/delete"), is(true)); - assertThat(index.predicate().apply("indices:admin/mapping/dele"), is(false)); + assertThat(index.predicate().test("indices:admin/mapping/delete"), is(true)); + assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false)); } @Test @@ -204,14 +207,14 @@ public class PrivilegeTests extends ESTestCase { for (Privilege.Index index : Privilege.Index.values()) { if ("foo".equals(index.name.toString())) { found = true; - assertThat(index.predicate().apply("indices:bar"), is(true)); + assertThat(index.predicate().test("indices:bar"), is(true)); } } assertThat(found, is(true)); Privilege.Index index = Privilege.Index.get(new Privilege.Name("foo")); assertThat(index, notNullValue()); assertThat(index.name().toString(), is("foo")); - assertThat(index.predicate().apply("indices:bar"), is(true)); + assertThat(index.predicate().test("indices:bar"), is(true)); } @Test(expected = IllegalArgumentException.class) @@ -227,42 +230,42 @@ public class PrivilegeTests extends ESTestCase { @Test public void testSystem() throws Exception { Predicate predicate = Privilege.SYSTEM.predicate(); - assertThat(predicate.apply("indices:monitor/whatever"), is(true)); - assertThat(predicate.apply("cluster:monitor/whatever"), is(true)); - assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false)); - assertThat(predicate.apply("internal:whatever"), is(true)); - assertThat(predicate.apply("indices:whatever"), is(false)); - assertThat(predicate.apply("cluster:whatever"), is(false)); - assertThat(predicate.apply("cluster:admin/snapshot/status"), is(false)); - assertThat(predicate.apply("whatever"), is(false)); - assertThat(predicate.apply("cluster:admin/reroute"), is(true)); - assertThat(predicate.apply("cluster:admin/whatever"), is(false)); - assertThat(predicate.apply("indices:admin/mapping/put"), is(true)); - assertThat(predicate.apply("indices:admin/mapping/whatever"), is(false)); + assertThat(predicate.test("indices:monitor/whatever"), is(true)); + assertThat(predicate.test("cluster:monitor/whatever"), is(true)); + assertThat(predicate.test("cluster:admin/snapshot/status[nodes]"), is(false)); + assertThat(predicate.test("internal:whatever"), is(true)); + assertThat(predicate.test("indices:whatever"), is(false)); + assertThat(predicate.test("cluster:whatever"), is(false)); + assertThat(predicate.test("cluster:admin/snapshot/status"), is(false)); + assertThat(predicate.test("whatever"), is(false)); + assertThat(predicate.test("cluster:admin/reroute"), is(true)); + assertThat(predicate.test("cluster:admin/whatever"), is(false)); + assertThat(predicate.test("indices:admin/mapping/put"), is(true)); + assertThat(predicate.test("indices:admin/mapping/whatever"), is(false)); } @Test public void testSearchPrivilege() throws Exception { Predicate predicate = Privilege.Index.SEARCH.predicate(); - assertThat(predicate.apply(SearchAction.NAME), is(true)); - assertThat(predicate.apply(SearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(MultiSearchAction.NAME), is(true)); - assertThat(predicate.apply(MultiSearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(SuggestAction.NAME), is(true)); - assertThat(predicate.apply(SuggestAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(SearchAction.NAME), is(true)); + assertThat(predicate.test(SearchAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(MultiSearchAction.NAME), is(true)); + assertThat(predicate.test(MultiSearchAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(SuggestAction.NAME), is(true)); + assertThat(predicate.test(SuggestAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(GetAction.NAME), is(false)); - assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(false)); - assertThat(predicate.apply(MultiGetAction.NAME), is(false)); - assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(false)); + assertThat(predicate.test(GetAction.NAME), is(false)); + assertThat(predicate.test(GetAction.NAME + "/whatever"), is(false)); + assertThat(predicate.test(MultiGetAction.NAME), is(false)); + assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false)); } @Test public void testGetPrivilege() throws Exception { Predicate predicate = Privilege.Index.GET.predicate(); - assertThat(predicate.apply(GetAction.NAME), is(true)); - assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(MultiGetAction.NAME), is(true)); - assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(GetAction.NAME), is(true)); + assertThat(predicate.test(GetAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(MultiGetAction.NAME), is(true)); + assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(true)); } }