From 6c7a9af7bff86b65217986b20ea6bf565c417c53 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Tue, 19 Jul 2016 13:41:19 -0700 Subject: [PATCH] Internal: Remove use of AuditTrail interface in place of AuditTrailService We currently have a number of actions and components which try to write to the audit trail. But they do so by expecting a bound AuditTrail object. In reality, this should always be AuditTrailService, except when security is disabled. This change removes the use of the AuditTrail interface for that purpose, and instead makes the AuditTrailService allow an empty list of trails, so that it is always bound when running on a node. Original commit: elastic/x-pack-elasticsearch@9559dbd6c1973526affb8dc69303ababdeb8f7d4 --- .../xpack/security/Security.java | 13 ++- .../action/filter/SecurityActionFilter.java | 3 +- .../xpack/security/audit/AuditTrail.java | 82 ------------------- .../authc/InternalAuthenticationService.java | 3 +- .../authz/InternalAuthorizationService.java | 3 +- .../security/transport/filter/IPFilter.java | 3 +- .../xpack/security/SecurityTests.java | 5 +- .../filter/SecurityActionFilterTests.java | 30 +++---- .../InternalAuthenticationServiceTests.java | 39 +++++---- .../InternalAuthorizationServiceTests.java | 30 +++---- .../DefaultIndicesResolverTests.java | 21 ++--- .../transport/filter/IPFilterTests.java | 5 +- .../IPFilterNetty3UpstreamHandlerTests.java | 5 +- 13 files changed, 82 insertions(+), 160 deletions(-) diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java index fa032f0de52..b2697c9bb06 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -198,15 +198,11 @@ public class Security implements ActionPlugin, IngestPlugin { modules.add(new AuthenticationModule(settings)); modules.add(new AuthorizationModule(settings)); - if (enabled == false || auditingEnabled(settings) == false) { - modules.add(b -> { - b.bind(AuditTrailService.class).toProvider(Providers.of(null)); - b.bind(AuditTrail.class).toInstance(AuditTrail.NOOP); - }); - } if (enabled == false) { modules.add(b -> { b.bind(CryptoService.class).toProvider(Providers.of(null)); + b.bind(AuditTrailService.class) + .toInstance(new AuditTrailService(settings, Collections.emptyList(), securityLicenseState)); }); modules.add(new SecurityModule(settings)); modules.add(new SecurityTransportModule(settings)); @@ -280,13 +276,14 @@ public class Security implements ActionPlugin, IngestPlugin { components.add(realms); // audit trails construction + Set auditTrails = new LinkedHashSet<>(); if (AUDIT_ENABLED_SETTING.get(settings)) { List outputs = AUDIT_OUTPUTS_SETTING.get(settings); if (outputs.isEmpty()) { throw new IllegalArgumentException("Audit logging is enabled but there are zero output types in " + AUDIT_ENABLED_SETTING.getKey()); } - Set auditTrails = new LinkedHashSet<>(); + for (String output : outputs) { switch (output) { case LoggingAuditTrail.NAME: @@ -301,8 +298,8 @@ public class Security implements ActionPlugin, IngestPlugin { throw new IllegalArgumentException("Unknown audit trail output [" + output + "]"); } } - components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState)); } + components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState)); return components; } diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java index 0b562dd2a69..ad7c4e12559 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java @@ -22,6 +22,7 @@ import org.elasticsearch.license.plugin.core.LicenseUtils; import org.elasticsearch.xpack.security.Security; import org.elasticsearch.xpack.security.SecurityContext; import org.elasticsearch.xpack.security.action.SecurityActionMapper; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.user.SystemUser; import org.elasticsearch.xpack.security.user.User; @@ -60,7 +61,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil @Inject public SecurityActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService, - CryptoService cryptoService, AuditTrail auditTrail, SecurityLicenseState licenseState, + CryptoService cryptoService, AuditTrailService auditTrail, SecurityLicenseState licenseState, SecurityActionMapper actionMapper, Set requestInterceptors, ThreadPool threadPool, SecurityContext securityContext) { super(settings); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java index 07f196cbbf9..e6af432f949 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java @@ -18,88 +18,6 @@ import java.net.InetAddress; */ public interface AuditTrail { - AuditTrail NOOP = new AuditTrail() { - - static final String NAME = "noop"; - - @Override - public String name() { - return NAME; - } - - @Override - public void anonymousAccessDenied(String action, TransportMessage message) { - } - - @Override - public void anonymousAccessDenied(RestRequest request) { - } - - @Override - public void authenticationFailed(RestRequest request) { - } - - @Override - public void authenticationFailed(String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(AuthenticationToken token, String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(AuthenticationToken token, RestRequest request) { - } - - @Override - public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage message) { - } - - @Override - public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) { - } - - @Override - public void accessGranted(User user, String action, TransportMessage message) { - } - - @Override - public void accessDenied(User user, String action, TransportMessage message) { - } - - @Override - public void tamperedRequest(RestRequest request) { - } - - @Override - public void tamperedRequest(String action, TransportMessage message) { - } - - @Override - public void tamperedRequest(User user, String action, TransportMessage request) { - } - - @Override - public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { - } - - @Override - public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) { - } - - @Override - public void runAsGranted(User user, String action, TransportMessage message) { - } - - @Override - public void runAsDenied(User user, String action, TransportMessage message) { - } - - @Override - public void runAsDenied(User user, RestRequest request) { - } - }; - String name(); void anonymousAccessDenied(String action, TransportMessage message); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java index 56f53c7bf70..13bc0ca86f5 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java @@ -17,6 +17,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.rest.RestController; import org.elasticsearch.node.Node; import org.elasticsearch.rest.RestRequest; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.User; @@ -53,7 +54,7 @@ public class InternalAuthenticationService extends AbstractComponent implements private final boolean runAsEnabled; @Inject - public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, CryptoService cryptoService, + public InternalAuthenticationService(Settings settings, Realms realms, AuditTrailService auditTrail, CryptoService cryptoService, AuthenticationFailureHandler failureHandler, ThreadPool threadPool) { super(settings); this.nodeName = Node.NODE_NAME_SETTING.get(settings); diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java index 6a21e03b042..0e350fc565a 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java @@ -27,6 +27,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.common.util.set.Sets; import org.elasticsearch.search.action.SearchTransportService; import org.elasticsearch.xpack.security.SecurityTemplateService; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.user.AnonymousUser; import org.elasticsearch.xpack.security.user.SystemUser; @@ -80,7 +81,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A @Inject public InternalAuthorizationService(Settings settings, RolesStore rolesStore, ClusterService clusterService, - AuditTrail auditTrail, AuthenticationFailureHandler authcFailureHandler, + AuditTrailService auditTrail, AuthenticationFailureHandler authcFailureHandler, ThreadPool threadPool, IndexNameExpressionResolver nameExpressionResolver) { super(settings); this.rolesStore = rolesStore; diff --git a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java index ed0a27caf44..98d977dea9c 100644 --- a/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java +++ b/elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java @@ -19,6 +19,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import java.net.InetAddress; import java.util.ArrayList; @@ -105,7 +106,7 @@ public class IPFilter { private final SetOnce> profileBoundAddress = new SetOnce<>(); @Inject - public IPFilter(final Settings settings, AuditTrail auditTrail, ClusterSettings clusterSettings, + public IPFilter(final Settings settings, AuditTrailService auditTrail, ClusterSettings clusterSettings, SecurityLicenseState licenseState) { this.logger = Loggers.getLogger(getClass(), settings); this.auditTrail = auditTrail; diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index ce39eaa4ca3..b840e48295a 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -9,7 +9,6 @@ import java.io.IOException; import java.util.Arrays; import java.util.Collection; import java.util.Collections; -import java.util.List; import java.util.Map; import org.elasticsearch.common.settings.Settings; @@ -17,10 +16,10 @@ import org.elasticsearch.env.Environment; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.extensions.XPackExtension; -import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail; import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail; +import org.elasticsearch.xpack.security.authc.AuthenticationService; import org.elasticsearch.xpack.security.authc.Realm; import org.elasticsearch.xpack.security.authc.Realms; import org.elasticsearch.xpack.security.authc.file.FileRealm; @@ -91,7 +90,7 @@ public class SecurityTests extends ESTestCase { public void testDisabledByDefault() throws Exception { Collection components = createComponents(Settings.EMPTY); - assertNull(findComponent(AuditTrailService.class, components)); + assertNull(findComponent(AuthenticationService.class, components)); } public void testIndexAuditTrail() throws Exception { diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java index 8794175d772..33cd4df3a1e 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.security.action.filter; +import java.util.HashSet; + import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.ActionRequest; @@ -12,24 +14,22 @@ import org.elasticsearch.action.search.SearchScrollRequest; import org.elasticsearch.action.support.ActionFilterChain; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; -import org.elasticsearch.xpack.security.SecurityContext; -import org.elasticsearch.xpack.security.action.SecurityActionMapper; -import org.elasticsearch.xpack.security.authc.Authentication; -import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.audit.AuditTrail; -import org.elasticsearch.xpack.security.authc.AuthenticationService; -import org.elasticsearch.xpack.security.authz.AuthorizationService; -import org.elasticsearch.xpack.security.crypto.CryptoService; -import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.tasks.Task; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.security.SecurityContext; +import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.action.SecurityActionMapper; +import org.elasticsearch.xpack.security.audit.AuditTrailService; +import org.elasticsearch.xpack.security.authc.Authentication; +import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; +import org.elasticsearch.xpack.security.authc.AuthenticationService; +import org.elasticsearch.xpack.security.authz.AuthorizationService; +import org.elasticsearch.xpack.security.crypto.CryptoService; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; import org.junit.Before; -import java.util.HashSet; - import static org.hamcrest.Matchers.equalTo; import static org.mockito.Matchers.eq; import static org.mockito.Matchers.isA; @@ -49,7 +49,7 @@ public class SecurityActionFilterTests extends ESTestCase { private AuthenticationService authcService; private AuthorizationService authzService; private CryptoService cryptoService; - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private SecurityLicenseState securityLicenseState; private SecurityActionFilter filter; @@ -58,7 +58,7 @@ public class SecurityActionFilterTests extends ESTestCase { authcService = mock(AuthenticationService.class); authzService = mock(AuthorizationService.class); cryptoService = mock(CryptoService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); securityLicenseState = mock(SecurityLicenseState.class); when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true); when(securityLicenseState.statsAndHealthEnabled()).thenReturn(true); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java index 42a7610decc..dbca9ce2b91 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java @@ -5,6 +5,10 @@ */ package org.elasticsearch.xpack.security.authc; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; + import org.elasticsearch.ElasticsearchException; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.common.io.stream.BytesStreamOutput; @@ -12,33 +16,28 @@ import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.env.Environment; -import org.elasticsearch.rest.RestController; import org.elasticsearch.rest.RestRequest; -import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator; -import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.audit.AuditTrail; -import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; -import org.elasticsearch.xpack.security.authc.support.SecuredString; -import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; -import org.elasticsearch.xpack.security.crypto.CryptoService; -import org.elasticsearch.xpack.security.SecurityLicenseState; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.rest.FakeRestRequest; import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.transport.TransportMessage; +import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType; +import org.elasticsearch.xpack.security.audit.AuditTrailService; +import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; +import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator; +import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm; +import org.elasticsearch.xpack.security.authc.support.SecuredString; +import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken; +import org.elasticsearch.xpack.security.crypto.CryptoService; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; import org.junit.After; import org.junit.Before; -import java.io.IOException; -import java.util.Arrays; -import java.util.Collections; - -import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException; +import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError; import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; @@ -68,7 +67,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { Realms realms; Realm firstRealm; Realm secondRealm; - AuditTrail auditTrail; + AuditTrailService auditTrail; AuthenticationToken token; CryptoService cryptoService; ThreadPool threadPool; @@ -105,7 +104,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase { realms.start(); cryptoService = mock(CryptoService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); threadPool = mock(ThreadPool.class); threadContext = new ThreadContext(Settings.EMPTY); when(threadPool.getThreadContext()).thenReturn(threadContext); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java index 60a673249b2..d546218ecd8 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java @@ -5,6 +5,9 @@ */ package org.elasticsearch.xpack.security.authz; +import java.util.ArrayList; +import java.util.List; + import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.Version; import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction; @@ -45,24 +48,23 @@ import org.elasticsearch.action.termvectors.TermVectorsAction; import org.elasticsearch.action.termvectors.TermVectorsRequest; import org.elasticsearch.action.update.UpdateAction; import org.elasticsearch.action.update.UpdateRequest; -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData; +import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.collect.Tuple; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.util.concurrent.ThreadContext; import org.elasticsearch.search.action.SearchTransportService; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.transport.TransportRequest; import org.elasticsearch.xpack.security.SecurityTemplateService; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.Authentication; import org.elasticsearch.xpack.security.authc.Authentication.RealmRef; -import org.elasticsearch.xpack.security.user.AnonymousUser; -import org.elasticsearch.xpack.security.user.SystemUser; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; -import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.permission.Role; import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; @@ -70,15 +72,13 @@ import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; import org.elasticsearch.xpack.security.authz.store.RolesStore; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.ThreadPool; -import org.elasticsearch.transport.TransportRequest; +import org.elasticsearch.xpack.security.user.AnonymousUser; +import org.elasticsearch.xpack.security.user.SystemUser; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.After; import org.junit.Before; -import java.util.ArrayList; -import java.util.List; - import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException; import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException; import static org.hamcrest.Matchers.containsInAnyOrder; @@ -94,7 +94,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions; import static org.mockito.Mockito.when; public class InternalAuthorizationServiceTests extends ESTestCase { - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private RolesStore rolesStore; private ClusterService clusterService; private InternalAuthorizationService internalAuthorizationService; @@ -105,7 +105,7 @@ public class InternalAuthorizationServiceTests extends ESTestCase { public void setup() { rolesStore = mock(RolesStore.class); clusterService = mock(ClusterService.class); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); threadContext = new ThreadContext(Settings.EMPTY); threadPool = mock(ThreadPool.class); when(threadPool.getThreadContext()).thenReturn(threadContext); diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java index 82df1025e0c..011aff9ebb6 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java @@ -5,6 +5,8 @@ */ package org.elasticsearch.xpack.security.authz.indicesresolver; +import java.util.Set; + import org.elasticsearch.Version; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction; import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest; @@ -20,19 +22,19 @@ import org.elasticsearch.action.search.SearchAction; import org.elasticsearch.action.search.SearchRequest; import org.elasticsearch.action.support.IndicesOptions; import org.elasticsearch.client.Requests; -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.cluster.ClusterState; import org.elasticsearch.cluster.metadata.AliasAction; import org.elasticsearch.cluster.metadata.AliasMetaData; import org.elasticsearch.cluster.metadata.IndexMetaData; +import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.metadata.MetaData; +import org.elasticsearch.cluster.service.ClusterService; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.index.IndexNotFoundException; +import org.elasticsearch.test.ESTestCase; +import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.xpack.security.SecurityTemplateService; -import org.elasticsearch.xpack.security.user.User; -import org.elasticsearch.xpack.security.user.XPackUser; -import org.elasticsearch.xpack.security.audit.AuditTrail; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler; import org.elasticsearch.xpack.security.authz.InternalAuthorizationService; import org.elasticsearch.xpack.security.authz.permission.Role; @@ -40,12 +42,10 @@ import org.elasticsearch.xpack.security.authz.permission.SuperuserRole; import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege; import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege; import org.elasticsearch.xpack.security.authz.store.RolesStore; -import org.elasticsearch.test.ESTestCase; -import org.elasticsearch.threadpool.ThreadPool; +import org.elasticsearch.xpack.security.user.User; +import org.elasticsearch.xpack.security.user.XPackUser; import org.junit.Before; -import java.util.Set; - import static org.hamcrest.Matchers.arrayContaining; import static org.hamcrest.Matchers.arrayContainingInAnyOrder; import static org.hamcrest.Matchers.equalTo; @@ -102,7 +102,8 @@ public class DefaultIndicesResolverTests extends ESTestCase { when(state.metaData()).thenReturn(metaData); InternalAuthorizationService authzService = new InternalAuthorizationService(settings, rolesStore, clusterService, - mock(AuditTrail.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), indexNameExpressionResolver); + mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), + indexNameExpressionResolver); defaultIndicesResolver = new DefaultIndicesAndAliasesResolver(authzService, indexNameExpressionResolver); } diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java index dc06a12ce4e..fadac74c3eb 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java @@ -20,6 +20,7 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.junit.annotations.Network; import org.elasticsearch.transport.Transport; import org.elasticsearch.transport.TransportSettings; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.junit.Before; import org.mockito.ArgumentCaptor; @@ -45,7 +46,7 @@ import static org.mockito.Mockito.when; public class IPFilterTests extends ESTestCase { private IPFilter ipFilter; private SecurityLicenseState licenseState; - private AuditTrail auditTrail; + private AuditTrailService auditTrail; private Transport transport; private HttpServerTransport httpTransport; private ClusterSettings clusterSettings; @@ -54,7 +55,7 @@ public class IPFilterTests extends ESTestCase { public void init() { licenseState = mock(SecurityLicenseState.class); when(licenseState.ipFilteringEnabled()).thenReturn(true); - auditTrail = mock(AuditTrail.class); + auditTrail = mock(AuditTrailService.class); clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList( IPFilter.HTTP_FILTER_ALLOW_SETTING, IPFilter.HTTP_FILTER_DENY_SETTING, diff --git a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java index f80346abfa5..db81a953475 100644 --- a/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java +++ b/elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java @@ -15,6 +15,7 @@ import org.elasticsearch.common.transport.TransportAddress; import org.elasticsearch.http.HttpServerTransport; import org.elasticsearch.xpack.security.audit.AuditTrail; import org.elasticsearch.xpack.security.SecurityLicenseState; +import org.elasticsearch.xpack.security.audit.AuditTrailService; import org.elasticsearch.xpack.security.transport.filter.IPFilter; import org.elasticsearch.test.ESTestCase; import org.elasticsearch.transport.Transport; @@ -34,6 +35,7 @@ import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketAddress; import java.util.Arrays; +import java.util.Collections; import java.util.HashSet; @@ -67,7 +69,8 @@ public class IPFilterNetty3UpstreamHandlerTests extends ESTestCase { TransportSettings.TRANSPORT_PROFILES_SETTING))); SecurityLicenseState licenseState = mock(SecurityLicenseState.class); when(licenseState.ipFilteringEnabled()).thenReturn(true); - IPFilter ipFilter = new IPFilter(settings, AuditTrail.NOOP, clusterSettings, licenseState); + AuditTrailService auditTrailService = new AuditTrailService(settings, Collections.emptyList(), licenseState); + IPFilter ipFilter = new IPFilter(settings, auditTrailService, clusterSettings, licenseState); ipFilter.setBoundTransportAddress(transport.boundAddress(), transport.profileBoundAddresses()); if (isHttpEnabled) { HttpServerTransport httpTransport = mock(HttpServerTransport.class);