Internal: Remove use of AuditTrail interface in place of

AuditTrailService

We currently have a number of actions and components which try to write
to the audit trail. But they do so by expecting a bound AuditTrail
object. In reality, this should always be AuditTrailService, except when
security is disabled. This change removes the use of the AuditTrail
interface for that purpose, and instead makes the AuditTrailService
allow an empty list of trails, so that it is always bound when running
on a node.

Original commit: elastic/x-pack-elasticsearch@9559dbd6c1

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -198,15 +198,11 @@ public class Security implements ActionPlugin, IngestPlugin {
 
         modules.add(new AuthenticationModule(settings));
         modules.add(new AuthorizationModule(settings));
-        if (enabled == false || auditingEnabled(settings) == false) {
-            modules.add(b -> {
-                b.bind(AuditTrailService.class).toProvider(Providers.of(null));
-                b.bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
-            });
-        }
         if (enabled == false) {
             modules.add(b -> {
                 b.bind(CryptoService.class).toProvider(Providers.of(null));
+                b.bind(AuditTrailService.class)
+                    .toInstance(new AuditTrailService(settings, Collections.emptyList(), securityLicenseState));
             });
             modules.add(new SecurityModule(settings));
             modules.add(new SecurityTransportModule(settings));
@@ -280,13 +276,14 @@ public class Security implements ActionPlugin, IngestPlugin {
         components.add(realms);
 
         // audit trails construction
+        Set<AuditTrail> auditTrails = new LinkedHashSet<>();
         if (AUDIT_ENABLED_SETTING.get(settings)) {
             List<String> outputs = AUDIT_OUTPUTS_SETTING.get(settings);
             if (outputs.isEmpty()) {
                 throw new IllegalArgumentException("Audit logging is enabled but there are zero output types in "
                     + AUDIT_ENABLED_SETTING.getKey());
             }
-            Set<AuditTrail> auditTrails = new LinkedHashSet<>();
+
             for (String output : outputs) {
                 switch (output) {
                     case LoggingAuditTrail.NAME:
@@ -301,8 +298,8 @@ public class Security implements ActionPlugin, IngestPlugin {
                         throw new IllegalArgumentException("Unknown audit trail output [" + output + "]");
                 }
             }
-            components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState));
         }
+        components.add(new AuditTrailService(settings, auditTrails.stream().collect(Collectors.toList()), securityLicenseState));
 
         return components;
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java

@@ -22,6 +22,7 @@ import org.elasticsearch.license.plugin.core.LicenseUtils;
 import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.xpack.security.SecurityContext;
 import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Authentication;
 import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.xpack.security.user.User;
@@ -60,7 +61,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
 
     @Inject
     public SecurityActionFilter(Settings settings, AuthenticationService authcService, AuthorizationService authzService,
-                                CryptoService cryptoService, AuditTrail auditTrail, SecurityLicenseState licenseState,
+                                CryptoService cryptoService, AuditTrailService auditTrail, SecurityLicenseState licenseState,
                                 SecurityActionMapper actionMapper, Set<RequestInterceptor> requestInterceptors, ThreadPool threadPool,
                                 SecurityContext securityContext) {
         super(settings);

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrail.java

@@ -18,88 +18,6 @@ import java.net.InetAddress;
  */
 public interface AuditTrail {
 
-    AuditTrail NOOP = new AuditTrail() {
-
-        static final String NAME = "noop";
-
-        @Override
-        public String name() {
-            return NAME;
-        }
-
-        @Override
-        public void anonymousAccessDenied(String action, TransportMessage message) {
-        }
-
-        @Override
-        public void anonymousAccessDenied(RestRequest request) {
-        }
-
-        @Override
-        public void authenticationFailed(RestRequest request) {
-        }
-
-        @Override
-        public void authenticationFailed(String action, TransportMessage message) {
-        }
-
-        @Override
-        public void authenticationFailed(AuthenticationToken token, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void authenticationFailed(AuthenticationToken token, RestRequest request) {
-        }
-
-        @Override
-        public void authenticationFailed(String realm, AuthenticationToken token, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void authenticationFailed(String realm, AuthenticationToken token, RestRequest request) {
-        }
-
-        @Override
-        public void accessGranted(User user, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void accessDenied(User user, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void tamperedRequest(RestRequest request) {
-        }
-
-        @Override
-        public void tamperedRequest(String action, TransportMessage message) {
-        }
-
-        @Override
-        public void tamperedRequest(User user, String action, TransportMessage request) {
-        }
-
-        @Override
-        public void connectionGranted(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
-        }
-
-        @Override
-        public void connectionDenied(InetAddress inetAddress, String profile, SecurityIpFilterRule rule) {
-        }
-
-        @Override
-        public void runAsGranted(User user, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void runAsDenied(User user, String action, TransportMessage message) {
-        }
-
-        @Override
-        public void runAsDenied(User user, RestRequest request) {
-        }
-    };
-
     String name();
 
     void anonymousAccessDenied(String action, TransportMessage message);

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationService.java

@@ -17,6 +17,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestController;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.rest.RestRequest;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
 import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.xpack.security.user.User;
@@ -53,7 +54,7 @@ public class InternalAuthenticationService extends AbstractComponent implements
     private final boolean runAsEnabled;
 
     @Inject
-    public InternalAuthenticationService(Settings settings, Realms realms, AuditTrail auditTrail, CryptoService cryptoService,
+    public InternalAuthenticationService(Settings settings, Realms realms, AuditTrailService auditTrail, CryptoService cryptoService,
                                          AuthenticationFailureHandler failureHandler, ThreadPool threadPool) {
         super(settings);
         this.nodeName = Node.NODE_NAME_SETTING.get(settings);

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationService.java

@@ -27,6 +27,7 @@ import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.search.action.SearchTransportService;
 import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Authentication;
 import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.xpack.security.user.SystemUser;
@@ -80,7 +81,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A
 
     @Inject
     public InternalAuthorizationService(Settings settings, RolesStore rolesStore, ClusterService clusterService,
-                                        AuditTrail auditTrail, AuthenticationFailureHandler authcFailureHandler,
+                                        AuditTrailService auditTrail, AuthenticationFailureHandler authcFailureHandler,
                                         ThreadPool threadPool, IndexNameExpressionResolver nameExpressionResolver) {
         super(settings);
         this.rolesStore = rolesStore;

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java

@@ -19,6 +19,7 @@ import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.xpack.security.audit.AuditTrail;
 import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.transport.TransportSettings;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 
 import java.net.InetAddress;
 import java.util.ArrayList;
@@ -105,7 +106,7 @@ public class IPFilter {
     private final SetOnce<Map<String, BoundTransportAddress>> profileBoundAddress = new SetOnce<>();
 
     @Inject
-    public IPFilter(final Settings settings, AuditTrail auditTrail, ClusterSettings clusterSettings,
+    public IPFilter(final Settings settings, AuditTrailService auditTrail, ClusterSettings clusterSettings,
                     SecurityLicenseState licenseState) {
         this.logger = Loggers.getLogger(getClass(), settings);
         this.auditTrail = auditTrail;

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java

@@ -9,7 +9,6 @@ import java.io.IOException;
 import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
-import java.util.List;
 import java.util.Map;
 
 import org.elasticsearch.common.settings.Settings;
@@ -17,10 +16,10 @@ import org.elasticsearch.env.Environment;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.xpack.extensions.XPackExtension;
-import org.elasticsearch.xpack.security.audit.AuditTrail;
 import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
 import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
 import org.elasticsearch.xpack.security.authc.Realm;
 import org.elasticsearch.xpack.security.authc.Realms;
 import org.elasticsearch.xpack.security.authc.file.FileRealm;
@@ -91,7 +90,7 @@ public class SecurityTests extends ESTestCase {
 
     public void testDisabledByDefault() throws Exception {
         Collection<Object> components = createComponents(Settings.EMPTY);
-        assertNull(findComponent(AuditTrailService.class, components));
+        assertNull(findComponent(AuthenticationService.class, components));
     }
 
     public void testIndexAuditTrail() throws Exception {

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java

@@ -5,6 +5,8 @@
  */
 package org.elasticsearch.xpack.security.action.filter;
 
+import java.util.HashSet;
+
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.ActionRequest;
@@ -12,24 +14,22 @@ import org.elasticsearch.action.search.SearchScrollRequest;
 import org.elasticsearch.action.support.ActionFilterChain;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.xpack.security.SecurityContext;
-import org.elasticsearch.xpack.security.action.SecurityActionMapper;
-import org.elasticsearch.xpack.security.authc.Authentication;
-import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
-import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.xpack.security.audit.AuditTrail;
-import org.elasticsearch.xpack.security.authc.AuthenticationService;
-import org.elasticsearch.xpack.security.authz.AuthorizationService;
-import org.elasticsearch.xpack.security.crypto.CryptoService;
-import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.tasks.Task;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
+import org.elasticsearch.xpack.security.SecurityContext;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.action.SecurityActionMapper;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
+import org.elasticsearch.xpack.security.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authz.AuthorizationService;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.junit.Before;
 
-import java.util.HashSet;
-
 import static org.hamcrest.Matchers.equalTo;
 import static org.mockito.Matchers.eq;
 import static org.mockito.Matchers.isA;
@@ -49,7 +49,7 @@ public class SecurityActionFilterTests extends ESTestCase {
     private AuthenticationService authcService;
     private AuthorizationService authzService;
     private CryptoService cryptoService;
-    private AuditTrail auditTrail;
+    private AuditTrailService auditTrail;
     private SecurityLicenseState securityLicenseState;
     private SecurityActionFilter filter;
 
@@ -58,7 +58,7 @@ public class SecurityActionFilterTests extends ESTestCase {
         authcService = mock(AuthenticationService.class);
         authzService = mock(AuthorizationService.class);
         cryptoService = mock(CryptoService.class);
-        auditTrail = mock(AuditTrail.class);
+        auditTrail = mock(AuditTrailService.class);
         securityLicenseState = mock(SecurityLicenseState.class);
         when(securityLicenseState.authenticationAndAuthorizationEnabled()).thenReturn(true);
         when(securityLicenseState.statsAndHealthEnabled()).thenReturn(true);

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authc/InternalAuthenticationServiceTests.java

@@ -5,6 +5,10 @@
  */
 package org.elasticsearch.xpack.security.authc;
 
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
@@ -12,33 +16,28 @@ import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.rest.RestController;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
-import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator;
-import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
-import org.elasticsearch.xpack.security.user.AnonymousUser;
-import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.xpack.security.audit.AuditTrail;
-import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
-import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
-import org.elasticsearch.xpack.security.crypto.CryptoService;
-import org.elasticsearch.xpack.security.SecurityLicenseState;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.rest.FakeRestRequest;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportMessage;
+import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.SecurityLicenseState.EnabledRealmType;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
+import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService.Authenticator;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.junit.After;
 import org.junit.Before;
 
-import java.io.IOException;
-import java.util.Arrays;
-import java.util.Collections;
-
-import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
+import static org.elasticsearch.xpack.security.support.Exceptions.authenticationError;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -68,7 +67,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
     Realms realms;
     Realm firstRealm;
     Realm secondRealm;
-    AuditTrail auditTrail;
+    AuditTrailService auditTrail;
     AuthenticationToken token;
     CryptoService cryptoService;
     ThreadPool threadPool;
@@ -105,7 +104,7 @@ public class InternalAuthenticationServiceTests extends ESTestCase {
         realms.start();
         cryptoService = mock(CryptoService.class);
 
-        auditTrail = mock(AuditTrail.class);
+        auditTrail = mock(AuditTrailService.class);
         threadPool = mock(ThreadPool.class);
         threadContext = new ThreadContext(Settings.EMPTY);
         when(threadPool.getThreadContext()).thenReturn(threadContext);

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/InternalAuthorizationServiceTests.java

@@ -5,6 +5,9 @@
  */
 package org.elasticsearch.xpack.security.authz;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.Version;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthAction;
@@ -45,24 +48,23 @@ import org.elasticsearch.action.termvectors.TermVectorsAction;
 import org.elasticsearch.action.termvectors.TermVectorsRequest;
 import org.elasticsearch.action.update.UpdateAction;
 import org.elasticsearch.action.update.UpdateRequest;
-import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
-import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.metadata.AliasMetaData;
 import org.elasticsearch.cluster.metadata.IndexMetaData;
+import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.cluster.metadata.MetaData;
+import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.search.action.SearchTransportService;
+import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.threadpool.ThreadPool;
+import org.elasticsearch.transport.TransportRequest;
 import org.elasticsearch.xpack.security.SecurityTemplateService;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Authentication;
 import org.elasticsearch.xpack.security.authc.Authentication.RealmRef;
-import org.elasticsearch.xpack.security.user.AnonymousUser;
-import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.xpack.security.user.XPackUser;
-import org.elasticsearch.xpack.security.audit.AuditTrail;
 import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
 import org.elasticsearch.xpack.security.authz.permission.Role;
 import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
@@ -70,15 +72,13 @@ import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
 import org.elasticsearch.xpack.security.authz.privilege.GeneralPrivilege;
 import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
 import org.elasticsearch.xpack.security.authz.store.RolesStore;
-import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
-import org.elasticsearch.threadpool.ThreadPool;
+import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.transport.TransportRequest;
+import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.user.XPackUser;
 import org.junit.After;
 import org.junit.Before;
 
-import java.util.ArrayList;
-import java.util.List;
-
 import static org.elasticsearch.test.SecurityTestsUtils.assertAuthenticationException;
 import static org.elasticsearch.test.SecurityTestsUtils.assertAuthorizationException;
 import static org.hamcrest.Matchers.containsInAnyOrder;
@@ -94,7 +94,7 @@ import static org.mockito.Mockito.verifyNoMoreInteractions;
 import static org.mockito.Mockito.when;
 
 public class InternalAuthorizationServiceTests extends ESTestCase {
-    private AuditTrail auditTrail;
+    private AuditTrailService auditTrail;
     private RolesStore rolesStore;
     private ClusterService clusterService;
     private InternalAuthorizationService internalAuthorizationService;
@@ -105,7 +105,7 @@ public class InternalAuthorizationServiceTests extends ESTestCase {
     public void setup() {
         rolesStore = mock(RolesStore.class);
         clusterService = mock(ClusterService.class);
-        auditTrail = mock(AuditTrail.class);
+        auditTrail = mock(AuditTrailService.class);
         threadContext = new ThreadContext(Settings.EMPTY);
         threadPool = mock(ThreadPool.class);
         when(threadPool.getThreadContext()).thenReturn(threadContext);

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/authz/indicesresolver/DefaultIndicesResolverTests.java

@@ -5,6 +5,8 @@
  */
 package org.elasticsearch.xpack.security.authz.indicesresolver;
 
+import java.util.Set;
+
 import org.elasticsearch.Version;
 import org.elasticsearch.action.admin.indices.alias.IndicesAliasesAction;
 import org.elasticsearch.action.admin.indices.alias.IndicesAliasesRequest;
@@ -20,19 +22,19 @@ import org.elasticsearch.action.search.SearchAction;
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.client.Requests;
-import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
-import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.metadata.AliasAction;
 import org.elasticsearch.cluster.metadata.AliasMetaData;
 import org.elasticsearch.cluster.metadata.IndexMetaData;
+import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.cluster.metadata.MetaData;
+import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.IndexNotFoundException;
+import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.xpack.security.SecurityTemplateService;
-import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
-import org.elasticsearch.xpack.security.user.XPackUser;
-import org.elasticsearch.xpack.security.audit.AuditTrail;
 import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
 import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
 import org.elasticsearch.xpack.security.authz.permission.Role;
@@ -40,12 +42,10 @@ import org.elasticsearch.xpack.security.authz.permission.SuperuserRole;
 import org.elasticsearch.xpack.security.authz.privilege.ClusterPrivilege;
 import org.elasticsearch.xpack.security.authz.privilege.IndexPrivilege;
 import org.elasticsearch.xpack.security.authz.store.RolesStore;
-import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.threadpool.ThreadPool;
+import org.elasticsearch.xpack.security.user.XPackUser;
 import org.junit.Before;
 
-import java.util.Set;
-
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.arrayContainingInAnyOrder;
 import static org.hamcrest.Matchers.equalTo;
@@ -102,7 +102,8 @@ public class DefaultIndicesResolverTests extends ESTestCase {
         when(state.metaData()).thenReturn(metaData);
 
         InternalAuthorizationService authzService = new InternalAuthorizationService(settings, rolesStore, clusterService,
-                mock(AuditTrail.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class), indexNameExpressionResolver);
+            mock(AuditTrailService.class), new DefaultAuthenticationFailureHandler(), mock(ThreadPool.class),
+            indexNameExpressionResolver);
         defaultIndicesResolver = new DefaultIndicesAndAliasesResolver(authzService, indexNameExpressionResolver);
     }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/filter/IPFilterTests.java

@@ -20,6 +20,7 @@ import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.junit.annotations.Network;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportSettings;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.junit.Before;
 import org.mockito.ArgumentCaptor;
 
@@ -45,7 +46,7 @@ import static org.mockito.Mockito.when;
 public class IPFilterTests extends ESTestCase {
     private IPFilter ipFilter;
     private SecurityLicenseState licenseState;
-    private AuditTrail auditTrail;
+    private AuditTrailService auditTrail;
     private Transport transport;
     private HttpServerTransport httpTransport;
     private ClusterSettings clusterSettings;
@@ -54,7 +55,7 @@ public class IPFilterTests extends ESTestCase {
     public void init() {
         licenseState = mock(SecurityLicenseState.class);
         when(licenseState.ipFilteringEnabled()).thenReturn(true);
-        auditTrail = mock(AuditTrail.class);
+        auditTrail = mock(AuditTrailService.class);
         clusterSettings = new ClusterSettings(Settings.EMPTY, new HashSet<>(Arrays.asList(
                 IPFilter.HTTP_FILTER_ALLOW_SETTING,
                 IPFilter.HTTP_FILTER_DENY_SETTING,

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/transport/netty3/IPFilterNetty3UpstreamHandlerTests.java

@@ -15,6 +15,7 @@ import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.xpack.security.audit.AuditTrail;
 import org.elasticsearch.xpack.security.SecurityLicenseState;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.transport.Transport;
@@ -34,6 +35,7 @@ import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.HashSet;
 
 
@@ -67,7 +69,8 @@ public class IPFilterNetty3UpstreamHandlerTests extends ESTestCase {
                 TransportSettings.TRANSPORT_PROFILES_SETTING)));
         SecurityLicenseState licenseState = mock(SecurityLicenseState.class);
         when(licenseState.ipFilteringEnabled()).thenReturn(true);
-        IPFilter ipFilter = new IPFilter(settings, AuditTrail.NOOP, clusterSettings, licenseState);
+        AuditTrailService auditTrailService = new AuditTrailService(settings, Collections.emptyList(), licenseState);
+        IPFilter ipFilter = new IPFilter(settings, auditTrailService, clusterSettings, licenseState);
         ipFilter.setBoundTransportAddress(transport.boundAddress(), transport.profileBoundAddresses());
         if (isHttpEnabled) {
             HttpServerTransport httpTransport = mock(HttpServerTransport.class);