From 33a264a408ea6f7fc41ae17350a0ca7626b5a814 Mon Sep 17 00:00:00 2001 From: Nik Everett Date: Thu, 27 Sep 2018 17:35:04 -0400 Subject: [PATCH] Logging: Drop Settings from security logger get calls (#33940) `Settings` is no longer required to get a `Logger` and we went to quite a bit of effort to pass it to the `Logger` getters. This removes the `Settings` from all of the logger fetches in security and x-pack:core. --- .../license/StartupSelfGeneratedLicenseTask.java | 5 ++--- .../xpack/core/security/SecurityContext.java | 7 +++---- .../xpack/core/security/UserSettings.java | 10 ++++------ .../xpack/core/security/authc/Realm.java | 4 ++-- .../xpack/core/security/authc/RealmConfig.java | 6 ------ .../SecurityIndexSearcherWrapper.java | 8 +++----- .../xpack/core/ssl/RestrictedTrustConfig.java | 6 ++---- .../xpack/core/ssl/RestrictedTrustManager.java | 10 ++++------ .../xpack/core/ssl/SSLConfiguration.java | 2 +- .../watcher/transform/TransformRegistry.java | 5 ++--- .../transform/chain/ChainTransformFactory.java | 7 +++---- ...rityIndexSearcherWrapperIntegrationTests.java | 2 +- .../SecurityIndexSearcherWrapperUnitTests.java | 16 ++++++++-------- .../core/ssl/RestrictedTrustConfigTests.java | 2 +- .../core/ssl/RestrictedTrustManagerTests.java | 13 ++++++------- .../elasticsearch/xpack/security/Security.java | 2 +- .../security/authc/ExpiredTokenRemover.java | 5 ++--- .../security/authc/file/FileUserPasswdStore.java | 5 ++--- .../security/authc/file/FileUserRolesStore.java | 5 ++--- .../authc/ldap/support/SessionFactory.java | 3 ++- .../security/authc/saml/SamlAuthenticator.java | 6 ++---- .../authc/saml/SamlLogoutRequestHandler.java | 5 ++--- .../xpack/security/authc/saml/SamlRealm.java | 7 ++++--- .../security/authc/saml/SamlRequestHandler.java | 8 +++----- .../security/authc/support/DnRoleMapper.java | 4 ++-- .../support/RoleMappingFileBootstrapCheck.java | 3 ++- .../security/transport/filter/IPFilter.java | 6 +++--- .../authc/saml/SamlAuthenticatorTests.java | 13 ++----------- .../saml/SamlLogoutRequestHandlerTests.java | 9 --------- .../org/elasticsearch/xpack/watcher/Watcher.java | 2 +- .../input/transform/TransformInputTests.java | 6 +++--- .../transform/chain/ChainTransformTests.java | 6 ++---- .../xpack/watcher/watch/WatchTests.java | 2 +- 33 files changed, 78 insertions(+), 122 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/StartupSelfGeneratedLicenseTask.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/StartupSelfGeneratedLicenseTask.java index c2d53bd0716..49ee35c2779 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/StartupSelfGeneratedLicenseTask.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/StartupSelfGeneratedLicenseTask.java @@ -6,6 +6,7 @@ package org.elasticsearch.license; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.Version; @@ -14,7 +15,6 @@ import org.elasticsearch.cluster.ClusterStateUpdateTask; import org.elasticsearch.cluster.metadata.MetaData; import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.Nullable; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.xpack.core.XPackPlugin; @@ -22,6 +22,7 @@ import java.time.Clock; import java.util.UUID; public class StartupSelfGeneratedLicenseTask extends ClusterStateUpdateTask { + private static final Logger logger = LogManager.getLogger(StartupSelfGeneratedLicenseTask.class); /** * Max number of nodes licensed by generated trial license @@ -31,13 +32,11 @@ public class StartupSelfGeneratedLicenseTask extends ClusterStateUpdateTask { private final Settings settings; private final Clock clock; private final ClusterService clusterService; - private final Logger logger; public StartupSelfGeneratedLicenseTask(Settings settings, Clock clock, ClusterService clusterService) { this.settings = settings; this.clock = clock; this.clusterService = clusterService; - this.logger = Loggers.getLogger(getClass(), settings); } @Override diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java index 99788ac1de4..c737ab75d81 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityContext.java @@ -6,8 +6,8 @@ package org.elasticsearch.xpack.core.security; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.Version; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.concurrent.ThreadContext.StoredContext; @@ -23,8 +23,8 @@ import java.util.function.Consumer; * A lightweight utility that can find the current user and authentication information for the local thread. */ public class SecurityContext { + private final Logger logger = LogManager.getLogger(SecurityContext.class); - private final Logger logger; private final ThreadContext threadContext; private final UserSettings userSettings; private final String nodeName; @@ -35,9 +35,8 @@ public class SecurityContext { * and {@link UserSettings#getAuthentication()} will always return null. */ public SecurityContext(Settings settings, ThreadContext threadContext) { - this.logger = Loggers.getLogger(getClass(), settings); this.threadContext = threadContext; - this.userSettings = new UserSettings(settings, threadContext); + this.userSettings = new UserSettings(threadContext); this.nodeName = Node.NODE_NAME_SETTING.get(settings); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/UserSettings.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/UserSettings.java index 7f22f90351e..c7f22e8742e 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/UserSettings.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/UserSettings.java @@ -6,8 +6,7 @@ package org.elasticsearch.xpack.core.security; import org.apache.logging.log4j.Logger; -import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.xpack.core.security.authc.Authentication; import org.elasticsearch.xpack.core.security.user.User; @@ -15,15 +14,14 @@ import org.elasticsearch.xpack.core.security.user.User; import java.io.IOException; public final class UserSettings { - private final Logger logger; + private final Logger logger = LogManager.getLogger(UserSettings.class); + private final ThreadContext threadContext; - UserSettings(Settings settings, ThreadContext threadContext) { - this.logger = Loggers.getLogger(getClass(), settings); + UserSettings(ThreadContext threadContext) { this.threadContext = threadContext; } - /** * Returns the current user information, or null if the current request has no authentication info. */ diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Realm.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Realm.java index bc8869d5d83..5ccd8bec1a5 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Realm.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Realm.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.core.security.authc; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.license.XPackLicenseState; @@ -25,7 +26,7 @@ import java.util.Map; */ public abstract class Realm implements Comparable { - protected final Logger logger; + protected final Logger logger = LogManager.getLogger(getClass()); protected final String type; public String getType() { @@ -37,7 +38,6 @@ public abstract class Realm implements Comparable { public Realm(String type, RealmConfig config) { this.type = type; this.config = config; - this.logger = config.logger(getClass()); } /** diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/RealmConfig.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/RealmConfig.java index 865d0117b81..759f938491e 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/RealmConfig.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/RealmConfig.java @@ -5,8 +5,6 @@ */ package org.elasticsearch.xpack.core.security.authc; -import org.apache.logging.log4j.Logger; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; @@ -59,10 +57,6 @@ public class RealmConfig { return globalSettings; } - public Logger logger(Class clazz) { - return Loggers.getLogger(clazz, globalSettings); - } - public Environment env() { return env; } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java index e0dc36b4117..dbb359bb70f 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapper.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.core.security.authz.accesscontrol; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.lucene.index.DirectoryReader; import org.apache.lucene.index.LeafReaderContext; import org.apache.lucene.search.BooleanQuery; @@ -30,14 +31,12 @@ import org.elasticsearch.ElasticsearchParseException; import org.elasticsearch.ExceptionsHelper; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.logging.LoggerMessageFormat; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.lucene.search.Queries; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.xcontent.LoggingDeprecationHandler; import org.elasticsearch.common.xcontent.NamedXContentRegistry; import org.elasticsearch.common.xcontent.XContentFactory; import org.elasticsearch.common.xcontent.XContentParser; -import org.elasticsearch.index.IndexSettings; import org.elasticsearch.index.cache.bitset.BitsetFilterCache; import org.elasticsearch.index.engine.EngineException; import org.elasticsearch.index.query.BoolQueryBuilder; @@ -89,19 +88,18 @@ import static org.apache.lucene.search.BooleanClause.Occur.SHOULD; * instance. */ public class SecurityIndexSearcherWrapper extends IndexSearcherWrapper { + private static final Logger logger = LogManager.getLogger(SecurityIndexSearcherWrapper.class); private final Function queryShardContextProvider; private final BitsetFilterCache bitsetFilterCache; private final XPackLicenseState licenseState; private final ThreadContext threadContext; - private final Logger logger; private final ScriptService scriptService; - public SecurityIndexSearcherWrapper(IndexSettings indexSettings, Function queryShardContextProvider, + public SecurityIndexSearcherWrapper(Function queryShardContextProvider, BitsetFilterCache bitsetFilterCache, ThreadContext threadContext, XPackLicenseState licenseState, ScriptService scriptService) { this.scriptService = scriptService; - this.logger = Loggers.getLogger(getClass(), indexSettings.getSettings()); this.queryShardContextProvider = queryShardContextProvider; this.bitsetFilterCache = bitsetFilterCache; this.threadContext = threadContext; diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfig.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfig.java index 201965b4188..37b3334cd0f 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfig.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfig.java @@ -30,12 +30,10 @@ import java.util.Objects; public final class RestrictedTrustConfig extends TrustConfig { private static final String RESTRICTIONS_KEY_SUBJECT_NAME = "trust.subject_name"; - private final Settings settings; private final String groupConfigPath; private final TrustConfig delegate; - RestrictedTrustConfig(Settings settings, String groupConfigPath, TrustConfig delegate) { - this.settings = settings; + RestrictedTrustConfig(String groupConfigPath, TrustConfig delegate) { this.groupConfigPath = Objects.requireNonNull(groupConfigPath); this.delegate = Objects.requireNonNull(delegate); } @@ -45,7 +43,7 @@ public final class RestrictedTrustConfig extends TrustConfig { try { final X509ExtendedTrustManager delegateTrustManager = delegate.createTrustManager(environment); final CertificateTrustRestrictions trustGroupConfig = readTrustGroup(resolveGroupConfigPath(environment)); - return new RestrictedTrustManager(settings, delegateTrustManager, trustGroupConfig); + return new RestrictedTrustManager(delegateTrustManager, trustGroupConfig); } catch (IOException e) { throw new ElasticsearchException("failed to initialize TrustManager for {}", e, toString()); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManager.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManager.java index 8a82694785a..f457ce8f752 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManager.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManager.java @@ -6,9 +6,8 @@ package org.elasticsearch.xpack.core.ssl; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; -import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; import javax.net.ssl.SSLEngine; import javax.net.ssl.X509ExtendedTrustManager; @@ -35,15 +34,14 @@ import java.util.stream.Collectors; * The underlying certificate validation is delegated to another TrustManager. */ public final class RestrictedTrustManager extends X509ExtendedTrustManager { - + private static final Logger logger = LogManager.getLogger(RestrictedTrustManager.class); private static final String CN_OID = "2.5.4.3"; private static final int SAN_CODE_OTHERNAME = 0; - private final Logger logger; + private final X509ExtendedTrustManager delegate; private final CertificateTrustRestrictions trustRestrictions; - public RestrictedTrustManager(Settings settings, X509ExtendedTrustManager delegate, CertificateTrustRestrictions restrictions) { - this.logger = Loggers.getLogger(getClass(), settings); + public RestrictedTrustManager(X509ExtendedTrustManager delegate, CertificateTrustRestrictions restrictions) { this.delegate = delegate; this.trustRestrictions = restrictions; logger.debug("Configured with trust restrictions: [{}]", restrictions); diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfiguration.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfiguration.java index 48dba65a3a6..9054d664eec 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfiguration.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ssl/SSLConfiguration.java @@ -206,7 +206,7 @@ public final class SSLConfiguration { private static TrustConfig createTrustConfig(Settings settings, KeyConfig keyConfig, SSLConfiguration global) { final TrustConfig trustConfig = createCertChainTrustConfig(settings, keyConfig, global); return SETTINGS_PARSER.trustRestrictionsPath.get(settings) - .map(path -> (TrustConfig) new RestrictedTrustConfig(settings, path, trustConfig)) + .map(path -> (TrustConfig) new RestrictedTrustConfig(path, trustConfig)) .orElse(trustConfig); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/TransformRegistry.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/TransformRegistry.java index 4d729c10c7d..0365b310583 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/TransformRegistry.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/TransformRegistry.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.core.watcher.transform; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.xpack.core.watcher.transform.chain.ChainTransform; import org.elasticsearch.xpack.core.watcher.transform.chain.ChainTransformFactory; @@ -20,9 +19,9 @@ public class TransformRegistry { private final Map factories; - public TransformRegistry(Settings settings, Map factories) { + public TransformRegistry(Map factories) { Map map = new HashMap<>(factories); - map.put(ChainTransform.TYPE, new ChainTransformFactory(settings, this)); + map.put(ChainTransform.TYPE, new ChainTransformFactory(this)); this.factories = Collections.unmodifiableMap(map); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/chain/ChainTransformFactory.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/chain/ChainTransformFactory.java index 403f1d02909..97047abede4 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/chain/ChainTransformFactory.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/transform/chain/ChainTransformFactory.java @@ -5,8 +5,7 @@ */ package org.elasticsearch.xpack.core.watcher.transform.chain; -import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.xpack.core.watcher.transform.ExecutableTransform; import org.elasticsearch.xpack.core.watcher.transform.Transform; @@ -20,8 +19,8 @@ public final class ChainTransformFactory extends TransformFactory queryShardContext, + SecurityIndexSearcherWrapper wrapper = new SecurityIndexSearcherWrapper(s -> queryShardContext, bitsetFilterCache, threadContext, licenseState, scriptService) { @Override diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java index 207c9d22198..06838ac6ffa 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexSearcherWrapperUnitTests.java @@ -152,7 +152,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { public void testDefaultMetaFields() throws Exception { securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService) { + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService) { @Override protected IndicesAccessControl getIndicesAccessControl() { IndicesAccessControl.IndexAccessControl indexAccessControl = new IndicesAccessControl.IndexAccessControl(true, @@ -182,14 +182,14 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { public void testWrapReaderWhenFeatureDisabled() throws Exception { when(licenseState.isDocumentAndFieldLevelSecurityAllowed()).thenReturn(false); securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService); DirectoryReader reader = securityIndexSearcherWrapper.wrap(esIn); assertThat(reader, sameInstance(esIn)); } public void testWrapSearcherWhenFeatureDisabled() throws Exception { securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService); IndexSearcher indexSearcher = new IndexSearcher(esIn); IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher); assertThat(result, sameInstance(indexSearcher)); @@ -228,7 +228,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { DirectoryReader directoryReader = DocumentSubsetReader.wrap(esIn, bitsetFilterCache, new MatchAllDocsQuery()); IndexSearcher indexSearcher = new IndexSearcher(directoryReader); securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService); IndexSearcher result = securityIndexSearcherWrapper.wrap(indexSearcher); assertThat(result, not(sameInstance(indexSearcher))); assertThat(result.getSimilarity(), sameInstance(indexSearcher.getSimilarity())); @@ -237,7 +237,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { public void testIntersectScorerAndRoleBits() throws Exception { securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService); final Directory directory = newDirectory(); IndexWriter iw = new IndexWriter( directory, @@ -326,7 +326,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { public void testFieldPermissionsWithFieldExceptions() throws Exception { securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, null); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, null); String[] grantedFields = new String[]{}; String[] deniedFields; Set expected = new HashSet<>(META_FIELDS); @@ -427,7 +427,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { User user = new User("_username", new String[]{"role1", "role2"}, "_full_name", "_email", Collections.singletonMap("key", "value"), true); securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService) { + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService) { @Override protected User getUser() { @@ -475,7 +475,7 @@ public class SecurityIndexSearcherWrapperUnitTests extends ESTestCase { public void testSkipTemplating() throws Exception { securityIndexSearcherWrapper = - new SecurityIndexSearcherWrapper(indexSettings, null, null, threadContext, licenseState, scriptService); + new SecurityIndexSearcherWrapper(null, null, threadContext, licenseState, scriptService); XContentBuilder builder = jsonBuilder(); String querySource = Strings.toString(new TermQueryBuilder("field", "value").toXContent(builder, ToXContent.EMPTY_PARAMS)); String result = securityIndexSearcherWrapper.evaluateTemplate(querySource); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfigTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfigTests.java index 2e39ebe8452..4f7f28850d6 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfigTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustConfigTests.java @@ -69,7 +69,7 @@ public class RestrictedTrustConfigTests extends ESTestCase { } }; - final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(settings, groupConfigPath.toString(), delegate); + final RestrictedTrustConfig restrictedTrustConfig = new RestrictedTrustConfig(groupConfigPath.toString(), delegate); List filesToMonitor = restrictedTrustConfig.filesToMonitor(environment); List expectedPathList = new ArrayList<>(otherFiles); expectedPathList.add(groupConfigPath); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java index 24dc2d9847a..32f75f56da2 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/RestrictedTrustManagerTests.java @@ -6,8 +6,7 @@ package org.elasticsearch.xpack.core.ssl; import org.apache.logging.log4j.Logger; -import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.test.ESTestCase; import org.hamcrest.Description; import org.hamcrest.TypeSafeMatcher; @@ -50,7 +49,7 @@ public class RestrictedTrustManagerTests extends ESTestCase { @BeforeClass public static void ensureSupportedLocale() throws Exception { - Logger logger = Loggers.getLogger(RestrictedTrustManagerTests.class); + Logger logger = LogManager.getLogger(RestrictedTrustManagerTests.class); if (isUnusableLocale()) { // See: https://github.com/elastic/elasticsearch/issues/33081 logger.warn("Attempting to run RestrictedTrustManagerTests tests in an unusable locale in a FIPS JVM. Certificate expiration " + @@ -129,7 +128,7 @@ public class RestrictedTrustManagerTests extends ESTestCase { trustedNames.add("node" + node + ".cluster" + trustedCluster + ".elasticsearch"); } final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(trustedNames); - final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions); + final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions); assertSingleClusterIsTrusted(trustedCluster, trustManager, trustedNames); } @@ -137,7 +136,7 @@ public class RestrictedTrustManagerTests extends ESTestCase { final int trustedCluster = randomIntBetween(1, numberOfClusters); final List trustedNames = Collections.singletonList("*.cluster" + trustedCluster + ".elasticsearch"); final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(trustedNames); - final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions); + final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions); assertSingleClusterIsTrusted(trustedCluster, trustManager, trustedNames); } @@ -147,7 +146,7 @@ public class RestrictedTrustManagerTests extends ESTestCase { final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions( trustedNames ); - final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions); + final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions); for (int cluster = 1; cluster <= numberOfClusters; cluster++) { for (int node = 1; node <= numberOfNodes; node++) { if (node == trustedNode) { @@ -161,7 +160,7 @@ public class RestrictedTrustManagerTests extends ESTestCase { public void testThatDelegateTrustManagerIsRespected() throws Exception { final CertificateTrustRestrictions restrictions = new CertificateTrustRestrictions(Collections.singletonList("*.elasticsearch")); - final RestrictedTrustManager trustManager = new RestrictedTrustManager(Settings.EMPTY, baseTrustManager, restrictions); + final RestrictedTrustManager trustManager = new RestrictedTrustManager(baseTrustManager, restrictions); for (String cert : certificates.keySet()) { if (cert.endsWith("/ca")) { assertTrusted(trustManager, cert); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 42a2ad767d3..76b1a87f682 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -658,7 +658,7 @@ public class Security extends Plugin implements ActionPlugin, IngestPlugin, Netw assert getLicenseState() != null; if (XPackSettings.DLS_FLS_ENABLED.get(settings)) { module.setSearcherWrapper(indexService -> - new SecurityIndexSearcherWrapper(indexService.getIndexSettings(), + new SecurityIndexSearcherWrapper( shardId -> indexService.newQueryShardContext(shardId.id(), // we pass a null index reader, which is legal and will disable rewrite optimizations // based on index statistics, which is probably safer... diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java index 78670dd99f6..ccc26bfc899 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java @@ -6,11 +6,11 @@ package org.elasticsearch.xpack.security.authc; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.bulk.BulkItemResponse; import org.elasticsearch.client.Client; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.common.util.concurrent.AbstractRunnable; @@ -35,15 +35,14 @@ import static org.elasticsearch.xpack.core.ClientHelper.executeAsyncWithOrigin; * Responsible for cleaning the invalidated tokens from the invalidated tokens index. */ final class ExpiredTokenRemover extends AbstractRunnable { + private static final Logger logger = LogManager.getLogger(ExpiredTokenRemover.class); private final Client client; private final AtomicBoolean inProgress = new AtomicBoolean(false); - private final Logger logger; private final TimeValue timeout; ExpiredTokenRemover(Settings settings, Client client) { this.client = client; - this.logger = Loggers.getLogger(getClass(), settings); this.timeout = TokenService.DELETE_TIMEOUT.get(settings); } diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java index 15a6c2c41da..faece90a89b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.authc.file; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; @@ -42,8 +43,7 @@ import static java.util.Collections.emptyMap; import static java.util.Collections.unmodifiableMap; public class FileUserPasswdStore { - - private final Logger logger; + private static final Logger logger = LogManager.getLogger(FileUserPasswdStore.class); private final Path file; private final Settings settings; @@ -55,7 +55,6 @@ public class FileUserPasswdStore { } FileUserPasswdStore(RealmConfig config, ResourceWatcherService watcherService, Runnable listener) { - logger = config.logger(FileUserPasswdStore.class); file = resolveFile(config.env()); settings = config.globalSettings(); users = parseFileLenient(file, logger, settings); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java index e17d8c5c7ec..e79621964e7 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java @@ -6,6 +6,7 @@ package org.elasticsearch.xpack.security.authc.file; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; @@ -39,11 +40,10 @@ import static java.util.Collections.unmodifiableMap; import static org.elasticsearch.common.Strings.collectionToCommaDelimitedString; public class FileUserRolesStore { + private static final Logger logger = LogManager.getLogger(FileUserRolesStore.class); private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*"); - private final Logger logger; - private final Path file; private final CopyOnWriteArrayList listeners; private volatile Map userRoles; @@ -53,7 +53,6 @@ public class FileUserRolesStore { } FileUserRolesStore(RealmConfig config, ResourceWatcherService watcherService, Runnable listener) { - logger = config.logger(FileUserRolesStore.class); file = resolveFile(config.env()); userRoles = parseFileLenient(file, logger); listeners = new CopyOnWriteArrayList<>(Collections.singletonList(listener)); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java index d062e458895..78f8c68f124 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/SessionFactory.java @@ -11,6 +11,7 @@ import com.unboundid.ldap.sdk.LDAPURL; import com.unboundid.ldap.sdk.ServerSet; import com.unboundid.util.ssl.HostNameSSLSocketVerifier; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.action.ActionListener; import org.elasticsearch.common.Strings; import org.elasticsearch.common.logging.DeprecationLogger; @@ -62,7 +63,7 @@ public abstract class SessionFactory { protected SessionFactory(RealmConfig config, SSLService sslService, ThreadPool threadPool) { this.config = config; - this.logger = config.logger(getClass()); + this.logger = LogManager.getLogger(getClass()); final Settings settings = config.settings(); TimeValue searchTimeout = settings.getAsTime(SessionFactorySettings.TIMEOUT_LDAP_SETTING, SessionFactorySettings.TIMEOUT_DEFAULT); if (searchTimeout.millis() < 1000L) { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java index c780055edd5..015cb1f8b18 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticator.java @@ -19,7 +19,6 @@ import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.opensaml.core.xml.XMLObject; import org.opensaml.saml.saml2.core.Assertion; import org.opensaml.saml.saml2.core.Attribute; @@ -52,12 +51,11 @@ class SamlAuthenticator extends SamlRequestHandler { private static final String RESPONSE_TAG_NAME = "Response"; - SamlAuthenticator(RealmConfig realmConfig, - Clock clock, + SamlAuthenticator(Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) { - super(realmConfig, clock, idp, sp, maxSkew); + super(clock, idp, sp, maxSkew); } /** diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandler.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandler.java index 3e827952f45..9bd8527e373 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandler.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandler.java @@ -23,7 +23,6 @@ import org.elasticsearch.common.Strings; import org.elasticsearch.common.unit.TimeValue; import org.elasticsearch.core.internal.io.Streams; import org.elasticsearch.rest.RestUtils; -import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.opensaml.saml.common.SAMLObject; import org.opensaml.saml.saml2.core.EncryptedID; import org.opensaml.saml.saml2.core.LogoutRequest; @@ -42,8 +41,8 @@ public class SamlLogoutRequestHandler extends SamlRequestHandler { private static final String REQUEST_TAG_NAME = "LogoutRequest"; - SamlLogoutRequestHandler(RealmConfig realmConfig, Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) { - super(realmConfig, clock, idp, sp, maxSkew); + SamlLogoutRequestHandler(Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) { + super(clock, idp, sp, maxSkew); } /** diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java index 4a9db7c5d61..36ad208df2b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRealm.java @@ -15,6 +15,7 @@ import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.impl.client.HttpClientBuilder; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.ExceptionsHelper; @@ -134,6 +135,7 @@ import static org.elasticsearch.xpack.core.security.authc.saml.SamlRealmSettings * are still cool and no chance to opt out */ public final class SamlRealm extends Realm implements Releasable { + private static final Logger logger = LogManager.getLogger(SamlRealm.class); public static final String USER_METADATA_NAMEID_VALUE = "saml_" + SamlAttributes.NAMEID_SYNTHENTIC_ATTRIBUTE; public static final String USER_METADATA_NAMEID_FORMAT = USER_METADATA_NAMEID_VALUE + "_format"; @@ -178,7 +180,6 @@ public final class SamlRealm extends Realm implements Releasable { */ public static SamlRealm create(RealmConfig config, SSLService sslService, ResourceWatcherService watcherService, UserRoleMapper roleMapper) throws Exception { - final Logger logger = config.logger(SamlRealm.class); SamlUtils.initialize(logger); if (TokenService.isTokenServiceEnabled(config.globalSettings()) == false) { @@ -196,9 +197,9 @@ public final class SamlRealm extends Realm implements Releasable { final Clock clock = Clock.systemUTC(); final IdpConfiguration idpConfiguration = getIdpConfiguration(config, metadataResolver, idpDescriptor); final TimeValue maxSkew = CLOCK_SKEW.get(config.settings()); - final SamlAuthenticator authenticator = new SamlAuthenticator(config, clock, idpConfiguration, serviceProvider, maxSkew); + final SamlAuthenticator authenticator = new SamlAuthenticator(clock, idpConfiguration, serviceProvider, maxSkew); final SamlLogoutRequestHandler logoutHandler = - new SamlLogoutRequestHandler(config, clock, idpConfiguration, serviceProvider, maxSkew); + new SamlLogoutRequestHandler(clock, idpConfiguration, serviceProvider, maxSkew); final SamlRealm realm = new SamlRealm(config, roleMapper, authenticator, logoutHandler, idpDescriptor, serviceProvider); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRequestHandler.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRequestHandler.java index 0f48c996a77..b7b91fe3f03 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRequestHandler.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/saml/SamlRequestHandler.java @@ -6,14 +6,13 @@ package org.elasticsearch.xpack.security.authc.saml; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.CheckedFunction; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.Strings; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.elasticsearch.xpack.security.support.RestorableContextClassLoader; import org.joda.time.DateTime; import org.opensaml.core.xml.XMLObject; @@ -82,7 +81,7 @@ public class SamlRequestHandler { } }); - protected final Logger logger; + protected final Logger logger = LogManager.getLogger(getClass()); @Nullable protected final Decrypter decrypter; @@ -93,8 +92,7 @@ public class SamlRequestHandler { private final TimeValue maxSkew; private final UnmarshallerFactory unmarshallerFactory; - public SamlRequestHandler(RealmConfig realmConfig, Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) { - this.logger = Loggers.getLogger(getClass(), realmConfig.globalSettings()); + public SamlRequestHandler(Clock clock, IdpConfiguration idp, SpConfiguration sp, TimeValue maxSkew) { this.clock = clock; this.idp = idp; this.sp = sp; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java index 9ff4cd9be82..8a02977d55c 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java @@ -20,6 +20,7 @@ import java.util.concurrent.CopyOnWriteArrayList; import com.unboundid.ldap.sdk.DN; import com.unboundid.ldap.sdk.LDAPException; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.message.ParameterizedMessage; import org.apache.logging.log4j.util.Supplier; import org.elasticsearch.ElasticsearchException; @@ -43,8 +44,8 @@ import static org.elasticsearch.xpack.security.authc.ldap.support.LdapUtils.rela * This class loads and monitors the file defining the mappings of DNs to internal ES Roles. */ public class DnRoleMapper implements UserRoleMapper { + private static final Logger logger = LogManager.getLogger(DnRoleMapper.class); - protected final Logger logger; protected final RealmConfig config; private final Path file; @@ -54,7 +55,6 @@ public class DnRoleMapper implements UserRoleMapper { public DnRoleMapper(RealmConfig config, ResourceWatcherService watcherService) { this.config = config; - this.logger = config.logger(getClass()); useUnmappedGroupsAsRoles = DnRoleMapperSettings.USE_UNMAPPED_GROUPS_AS_ROLES_SETTING.get(config.settings()); file = resolveFile(config.settings(), config.env()); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java index c4193c19219..81b0dc6ea48 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RoleMappingFileBootstrapCheck.java @@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.authc.support; import java.nio.file.Path; +import org.apache.logging.log4j.LogManager; import org.elasticsearch.bootstrap.BootstrapCheck; import org.elasticsearch.bootstrap.BootstrapContext; import org.elasticsearch.xpack.core.security.authc.RealmConfig; @@ -28,7 +29,7 @@ public class RoleMappingFileBootstrapCheck implements BootstrapCheck { @Override public BootstrapCheckResult check(BootstrapContext context) { try { - DnRoleMapper.parseFile(path, realmConfig.logger(getClass()), realmConfig.type(), realmConfig.name(), true); + DnRoleMapper.parseFile(path, LogManager.getLogger(getClass()), realmConfig.type(), realmConfig.name(), true); return BootstrapCheckResult.success(); } catch (Exception e) { return BootstrapCheckResult.failure(e.getMessage()); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java index 860d6bb69b6..10172ff95e8 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java @@ -8,9 +8,9 @@ package org.elasticsearch.xpack.security.transport.filter; import io.netty.handler.ipfilter.IpFilterRuleType; import org.apache.logging.log4j.Logger; +import org.apache.logging.log4j.LogManager; import org.apache.lucene.util.SetOnce; import org.elasticsearch.common.collect.MapBuilder; -import org.elasticsearch.common.logging.Loggers; import org.elasticsearch.common.settings.ClusterSettings; import org.elasticsearch.common.settings.Setting; import org.elasticsearch.common.settings.Setting.Property; @@ -96,11 +96,12 @@ public class IPFilter { } }; + private static final Logger logger = LogManager.getLogger(IPFilter.class); + private final AuditTrailService auditTrail; private final XPackLicenseState licenseState; private final boolean alwaysAllowBoundAddresses; - private final Logger logger; private volatile Map rules = Collections.emptyMap(); private volatile boolean isIpFilterEnabled; private volatile boolean isHttpFilterEnabled; @@ -117,7 +118,6 @@ public class IPFilter { public IPFilter(final Settings settings, AuditTrailService auditTrail, ClusterSettings clusterSettings, XPackLicenseState licenseState) { - this.logger = Loggers.getLogger(getClass(), settings); this.auditTrail = auditTrail; this.licenseState = licenseState; this.alwaysAllowBoundAddresses = ALLOW_BOUND_ADDRESSES_SETTING.get(settings); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java index 5a7015a4e8d..7ae41de900e 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlAuthenticatorTests.java @@ -17,13 +17,8 @@ import org.elasticsearch.common.CheckedConsumer; import org.elasticsearch.common.Strings; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.env.Environment; -import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.xpack.core.watcher.watch.ClockMock; -import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.hamcrest.Matchers; import org.junit.AfterClass; import org.junit.Before; @@ -183,10 +178,8 @@ public class SamlAuthenticatorTests extends SamlTestCase { this.requestId = randomId(); } - private SamlAuthenticator buildAuthenticator(Supplier> credentials, List reqAuthnCtxClassRef) throws - Exception { - final Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build(); - final Settings realmSettings = Settings.EMPTY; + private SamlAuthenticator buildAuthenticator(Supplier> credentials, List reqAuthnCtxClassRef) + throws Exception { final IdpConfiguration idp = new IdpConfiguration(IDP_ENTITY_ID, credentials); final SigningConfiguration signingConfiguration = new SigningConfiguration(Collections.singleton("*"), @@ -195,9 +188,7 @@ public class SamlAuthenticatorTests extends SamlTestCase { .map((cred) -> (X509Credential) cred).collect(Collectors.toList()); final SpConfiguration sp = new SpConfiguration(SP_ENTITY_ID, SP_ACS_URL, null, signingConfiguration, spEncryptionCredentials, reqAuthnCtxClassRef); - final Environment env = TestEnvironment.newEnvironment(globalSettings); return new SamlAuthenticator( - new RealmConfig("saml_test", realmSettings, globalSettings, env, new ThreadContext(globalSettings)), clock, idp, sp, diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandlerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandlerTests.java index 5d39d90a76c..542bbbbdf3d 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandlerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlLogoutRequestHandlerTests.java @@ -15,13 +15,8 @@ import java.util.Arrays; import java.util.Collections; import org.elasticsearch.ElasticsearchSecurityException; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.unit.TimeValue; -import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.set.Sets; -import org.elasticsearch.env.Environment; -import org.elasticsearch.env.TestEnvironment; -import org.elasticsearch.xpack.core.security.authc.RealmConfig; import org.joda.time.DateTime; import org.junit.AfterClass; import org.junit.Before; @@ -206,17 +201,13 @@ public class SamlLogoutRequestHandlerTests extends SamlTestCase { } private SamlLogoutRequestHandler buildHandler() throws Exception { - final Settings globalSettings = Settings.builder().put("path.home", createTempDir()).build(); - final Settings realmSettings = Settings.EMPTY; final IdpConfiguration idp = new IdpConfiguration(IDP_ENTITY_ID, () -> Collections.singletonList(credential)); final X509Credential spCredential = (X509Credential) buildOpenSamlCredential(readRandomKeyPair()).get(0); final SigningConfiguration signingConfiguration = new SigningConfiguration(Collections.singleton("*"), spCredential); final SpConfiguration sp = new SpConfiguration("https://sp.test/", "https://sp.test/saml/asc", LOGOUT_URL, signingConfiguration, Arrays.asList(spCredential), Collections.emptyList()); - final Environment env = TestEnvironment.newEnvironment(globalSettings); return new SamlLogoutRequestHandler( - new RealmConfig("saml_test", realmSettings, globalSettings, env, new ThreadContext(globalSettings)), clock, idp, sp, diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java index 32d492b78a7..ab001876348 100644 --- a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java +++ b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/Watcher.java @@ -315,7 +315,7 @@ public class Watcher extends Plugin implements ActionPlugin, ScriptPlugin, Reloa final Map transformFactories = new HashMap<>(); transformFactories.put(ScriptTransform.TYPE, new ScriptTransformFactory(settings, scriptService)); transformFactories.put(SearchTransform.TYPE, new SearchTransformFactory(settings, client, xContentRegistry, scriptService)); - final TransformRegistry transformRegistry = new TransformRegistry(settings, Collections.unmodifiableMap(transformFactories)); + final TransformRegistry transformRegistry = new TransformRegistry(Collections.unmodifiableMap(transformFactories)); // actions final Map actionFactoryMap = new HashMap<>(); diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/transform/TransformInputTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/transform/TransformInputTests.java index ce39046bfaf..a3d4d68d4c1 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/transform/TransformInputTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/transform/TransformInputTests.java @@ -73,7 +73,7 @@ public class TransformInputTests extends ESTestCase { public void testParserValid() throws Exception { Map transformFactories = Collections.singletonMap("script", new ScriptTransformFactory(Settings.EMPTY, scriptService)); - TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories); + TransformRegistry registry = new TransformRegistry(transformFactories); TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry); // { "script" : { "lang" : "mockscript", "source" : "1" } } @@ -97,7 +97,7 @@ public class TransformInputTests extends ESTestCase { Map transformFactories = Collections.singletonMap("script", new ScriptTransformFactory(Settings.EMPTY, scriptService)); - TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories); + TransformRegistry registry = new TransformRegistry(transformFactories); TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry); XContentParser parser = createParser(jsonBuilder); @@ -116,7 +116,7 @@ public class TransformInputTests extends ESTestCase { public void testTransformInputToXContentIsSameAsParsing() throws Exception { Map transformFactories = Collections.singletonMap("script", new ScriptTransformFactory(Settings.EMPTY, scriptService)); - TransformRegistry registry = new TransformRegistry(Settings.EMPTY, transformFactories); + TransformRegistry registry = new TransformRegistry(transformFactories); TransformInputFactory factory = new TransformInputFactory(Settings.EMPTY, registry); XContentBuilder jsonBuilder = jsonBuilder().startObject().startObject("script") diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java index f3493c9c354..edf05fac338 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/transform/chain/ChainTransformTests.java @@ -8,7 +8,6 @@ package org.elasticsearch.xpack.watcher.transform.chain; import org.apache.logging.log4j.Logger; import org.elasticsearch.common.bytes.BytesReference; import org.elasticsearch.common.logging.Loggers; -import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.xcontent.XContentBuilder; import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.json.JsonXContent; @@ -113,10 +112,9 @@ public class ChainTransformTests extends ESTestCase { } public void testParser() throws Exception { - TransformRegistry registry = new TransformRegistry(Settings.EMPTY, - singletonMap("named", new NamedExecutableTransform.Factory(logger))); + TransformRegistry registry = new TransformRegistry(singletonMap("named", new NamedExecutableTransform.Factory(logger))); - ChainTransformFactory transformParser = new ChainTransformFactory(Settings.EMPTY, registry); + ChainTransformFactory transformParser = new ChainTransformFactory(registry); XContentBuilder builder = jsonBuilder().startArray() .startObject().startObject("named").field("name", "name1").endObject().endObject() diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java index 2e8190da42f..fff07cfa010 100644 --- a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java +++ b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/watch/WatchTests.java @@ -570,7 +570,7 @@ public class WatchTests extends ESTestCase { Map factories = new HashMap<>(); factories.put(ScriptTransform.TYPE, new ScriptTransformFactory(settings, scriptService)); factories.put(SearchTransform.TYPE, new SearchTransformFactory(settings, client, xContentRegistry(), scriptService)); - return new TransformRegistry(Settings.EMPTY, unmodifiableMap(factories)); + return new TransformRegistry(unmodifiableMap(factories)); } private List randomActions() {