diff --git a/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java b/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java index 8bb2ac020b0..c62e9c85552 100644 --- a/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java +++ b/shield/src/main/java/org/elasticsearch/shield/action/ShieldActionFilter.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.action; -import com.google.common.base.Predicate; import org.elasticsearch.action.ActionListener; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionResponse; @@ -29,7 +28,10 @@ import org.elasticsearch.shield.license.LicenseEventsNotifier; import org.elasticsearch.shield.license.LicenseService; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Exceptions.authorizationError; @@ -79,7 +81,7 @@ public class ShieldActionFilter extends AbstractComponent implements ActionFilte A functional requirement - when the license of shield is disabled (invalid/expires), shield will continue to operate normally, except all read operations will be blocked. */ - if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.apply(action)) { + if (!licenseEnabled && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) { logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" + "operations are blocked on shield license expiration. All data operations (read and write) continue to work. \n" + "If you have a new license, please update it. Otherwise, please reach out to your support contact.", action); diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java index d5c62d15673..32fb8257333 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java @@ -400,7 +400,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl public void accessGranted(User user, String action, TransportMessage message) { if (!principalIsAuditor(user.principal())) { // special treatment for internal system actions - only log if explicitly told to - if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) { + if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) { if (events.contains(SYSTEM_ACCESS_GRANTED)) { try { enqueue(message("access_granted", action, user.principal(), null, indices(message), message), "access_granted"); diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java index 651f7c6f0ce..960fe68e0e6 100644 --- a/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java +++ b/shield/src/main/java/org/elasticsearch/shield/audit/logfile/LoggingAuditTrail.java @@ -168,7 +168,7 @@ public class LoggingAuditTrail implements AuditTrail { String indices = indicesString(message); // special treatment for internal system actions - only log on trace - if (user.isSystem() && Privilege.SYSTEM.predicate().apply(action)) { + if (user.isSystem() && Privilege.SYSTEM.predicate().test(action)) { if (logger.isTraceEnabled()) { if (indices != null) { logger.trace("{}[transport] [access_granted]\t{}, principal=[{}], action=[{}], indices=[{}], request=[{}]", prefix, originAttributes(message, transport), user.principal(), action, indices, message.getClass().getSimpleName()); diff --git a/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java b/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java index 70afbc82dcf..cfd59c3110a 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java +++ b/shield/src/main/java/org/elasticsearch/shield/authc/ldap/support/SessionFactory.java @@ -19,7 +19,6 @@ import org.elasticsearch.shield.authc.support.SecuredString; import java.util.regex.Pattern; -import static com.google.common.base.Predicates.contains; import static com.google.common.collect.Iterables.all; import static java.util.Arrays.asList; @@ -129,8 +128,8 @@ public abstract class SessionFactory { return true; } - boolean allSecure = all(asList(ldapUrls), contains(STARTS_WITH_LDAPS)); - boolean allClear = all(asList(ldapUrls), contains(STARTS_WITH_LDAP)); + boolean allSecure = all(asList(ldapUrls), s -> STARTS_WITH_LDAPS.matcher(s).find()); + boolean allClear = all(asList(ldapUrls), s -> STARTS_WITH_LDAP.matcher(s).find()); if (!allSecure && !allClear) { //No mixing is allowed because we use the same socketfactory diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java index 98375705f50..b4d61efcf33 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/InternalAuthorizationService.java @@ -5,8 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; -import com.google.common.base.Predicates; import com.google.common.collect.Sets; import org.elasticsearch.ElasticsearchSecurityException; import org.elasticsearch.action.CompositeIndicesRequest; @@ -33,7 +31,12 @@ import org.elasticsearch.shield.authz.indicesresolver.IndicesAndAliasesResolver; import org.elasticsearch.shield.authz.store.RolesStore; import org.elasticsearch.transport.TransportRequest; -import java.util.*; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Exceptions.authorizationError; @@ -80,12 +83,12 @@ public class InternalAuthorizationService extends AbstractComponent implements A } List indicesAndAliases = new ArrayList<>(); - Predicate predicate = Predicates.or(predicates); + Predicate predicate = predicates.stream().reduce(s -> false, (p1, p2) -> p1.or(p2)); MetaData metaData = clusterService.state().metaData(); // TODO: can this be done smarter? I think there are usually more indices/aliases in the cluster then indices defined a roles? for (Map.Entry entry : metaData.getAliasAndIndexLookup().entrySet()) { String aliasOrIndex = entry.getKey(); - if (predicate.apply(aliasOrIndex)) { + if (predicate.test(aliasOrIndex)) { indicesAndAliases.add(aliasOrIndex); } } @@ -115,7 +118,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A // first, we'll check if the action is a cluster action. If it is, we'll only check it // against the cluster permissions - if (Privilege.Cluster.ACTION_MATCHER.apply(action)) { + if (Privilege.Cluster.ACTION_MATCHER.test(action)) { Permission.Cluster cluster = permission.cluster(); if (cluster != null && cluster.check(action)) { request.putInContext(INDICES_PERMISSIONS_KEY, IndicesAccessControl.ALLOW_ALL); @@ -126,7 +129,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A } // ok... this is not a cluster action, let's verify it's an indices action - if (!Privilege.Index.ACTION_MATCHER.apply(action)) { + if (!Privilege.Index.ACTION_MATCHER.test(action)) { throw denial(user, action, request); } @@ -164,7 +167,7 @@ public class InternalAuthorizationService extends AbstractComponent implements A } //if we are creating an index we need to authorize potential aliases created at the same time - if (Privilege.Index.CREATE_INDEX_MATCHER.apply(action)) { + if (Privilege.Index.CREATE_INDEX_MATCHER.test(action)) { assert request instanceof CreateIndexRequest; Set aliases = ((CreateIndexRequest) request).aliases(); if (!aliases.isEmpty()) { diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java index 1a5ee65261a..32bdadbb47e 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/Permission.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; @@ -22,7 +21,17 @@ import org.elasticsearch.shield.authz.accesscontrol.IndicesAccessControl; import org.elasticsearch.shield.support.AutomatonPredicate; import org.elasticsearch.shield.support.Automatons; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Iterator; +import java.util.List; +import java.util.Map; +import java.util.Set; +import java.util.SortedMap; +import java.util.function.Predicate; /** * Represents a permission in the system. There are 3 types of permissions: @@ -209,7 +218,7 @@ public interface Permission { } public boolean check(String action) { - return predicate.apply(action); + return predicate.test(action); } @Override @@ -279,7 +288,7 @@ public interface Permission { public Predicate load(String action) throws Exception { List indices = new ArrayList<>(); for (Group group : groups) { - if (group.actionMatcher.apply(action)) { + if (group.actionMatcher.test(action)) { indices.addAll(Arrays.asList(group.indices)); } } @@ -532,12 +541,12 @@ public interface Permission { } public boolean indexNameMatch(String index) { - return indexNameMatcher.apply(index); + return indexNameMatcher.test(index); } public boolean check(String action, String index) { assert index != null; - return actionMatcher.apply(action) && indexNameMatcher.apply(index); + return actionMatcher.test(action) && indexNameMatcher.test(index); } } } diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java b/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java index d74182b0c6a..abcb33072f5 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/Privilege.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import com.google.common.cache.CacheBuilder; import com.google.common.cache.CacheLoader; import com.google.common.cache.LoadingCache; @@ -28,6 +27,7 @@ import org.elasticsearch.shield.support.Automatons; import java.util.Locale; import java.util.Set; import java.util.concurrent.CopyOnWriteArraySet; +import java.util.function.Predicate; import static org.elasticsearch.shield.support.Automatons.patterns; @@ -206,7 +206,7 @@ public abstract class Privilege

> { public static void addCustom(String name, String... actionPatterns) { for (String pattern : actionPatterns) { - if (!Index.ACTION_MATCHER.apply(pattern)) { + if (!Index.ACTION_MATCHER.test(pattern)) { throw new IllegalArgumentException("cannot register custom index privilege [" + name + "]. index action must follow the 'indices:*' format"); } } @@ -252,7 +252,7 @@ public abstract class Privilege

> { private static Index resolve(String name) { name = name.toLowerCase(Locale.ROOT); - if (ACTION_MATCHER.apply(name)) { + if (ACTION_MATCHER.test(name)) { return action(name); } for (Index index : values) { @@ -314,7 +314,7 @@ public abstract class Privilege

> { public static void addCustom(String name, String... actionPatterns) { for (String pattern : actionPatterns) { - if (!Cluster.ACTION_MATCHER.apply(pattern)) { + if (!Cluster.ACTION_MATCHER.test(pattern)) { throw new IllegalArgumentException("cannot register custom cluster privilege [" + name + "]. cluster aciton must follow the 'cluster:*' format"); } } @@ -350,7 +350,7 @@ public abstract class Privilege

> { private static Cluster resolve(String name) { name = name.toLowerCase(Locale.ROOT); - if (ACTION_MATCHER.apply(name)) { + if (ACTION_MATCHER.test(name)) { return action(name); } for (Cluster cluster : values) { diff --git a/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java b/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java index d8ac4bd1690..bdec97abb4a 100644 --- a/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java +++ b/shield/src/main/java/org/elasticsearch/shield/authz/SystemRole.java @@ -5,7 +5,7 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; +import java.util.function.Predicate; /** * @@ -22,6 +22,6 @@ public class SystemRole { } public boolean check(String action) { - return PREDICATE.apply(action); + return PREDICATE.test(action); } } diff --git a/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java b/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java index 26377ccba07..a8a8b0fa655 100644 --- a/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java +++ b/shield/src/main/java/org/elasticsearch/shield/support/AutomatonPredicate.java @@ -5,10 +5,11 @@ */ package org.elasticsearch.shield.support; -import com.google.common.base.Predicate; import dk.brics.automaton.Automaton; import dk.brics.automaton.RunAutomaton; +import java.util.function.Predicate; + /** * */ @@ -25,7 +26,7 @@ public class AutomatonPredicate implements Predicate { } @Override - public boolean apply(String input) { + public boolean test(String input) { return automaton.run(input); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java index ffb5bd4807f..3c45025076a 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailEnabledTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse; import org.elasticsearch.action.admin.indices.template.get.GetIndexTemplatesResponse; import org.elasticsearch.action.exists.ExistsResponse; @@ -19,7 +18,7 @@ import org.joda.time.DateTime; import org.joda.time.DateTimeZone; import org.junit.Test; -import static org.hamcrest.Matchers.*; +import static org.hamcrest.Matchers.is; @ClusterScope(scope = Scope.TEST, randomDynamicTemplates = false) public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { @@ -69,16 +68,13 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { void awaitIndexCreation() throws Exception { final String indexName = IndexNameResolver.resolve(IndexAuditTrail.INDEX_NAME_PREFIX, DateTime.now(DateTimeZone.UTC), rollover); - boolean success = awaitBusy(new Predicate() { - @Override - public boolean apply(Void o) { - try { - ExistsResponse response = - client().prepareExists(indexName).execute().actionGet(); - return response.exists(); - } catch (Exception e) { - return false; - } + boolean success = awaitBusy(() -> { + try { + ExistsResponse response = + client().prepareExists(indexName).execute().actionGet(); + return response.exists(); + } catch (Exception e) { + return false; } }); @@ -88,19 +84,16 @@ public class IndexAuditTrailEnabledTests extends ShieldIntegTestCase { } void awaitIndexTemplateCreation() throws InterruptedException { - boolean found = awaitBusy(new Predicate() { - @Override - public boolean apply(Void aVoid) { - GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); - if (response.getIndexTemplates().size() > 0) { - for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) { - if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) { - return true; - } + boolean found = awaitBusy(() -> { + GetIndexTemplatesResponse response = client().admin().indices().prepareGetTemplates(IndexAuditTrail.INDEX_TEMPLATE_NAME).execute().actionGet(); + if (response.getIndexTemplates().size() > 0) { + for (IndexTemplateMetaData indexTemplateMetaData : response.getIndexTemplates()) { + if (IndexAuditTrail.INDEX_TEMPLATE_NAME.equals(indexTemplateMetaData.name())) { + return true; } } - return false; } + return false; }); if (!found) { diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java index 62079f6dbd3..7918a6045d3 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/IndexAuditTrailTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.IndicesRequest; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.action.admin.indices.settings.get.GetSettingsResponse; @@ -54,7 +53,10 @@ import java.util.List; import java.util.Locale; import java.util.Map; -import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.*; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.DAILY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.HOURLY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.MONTHLY; +import static org.elasticsearch.shield.audit.index.IndexNameResolver.Rollover.WEEKLY; import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE; import static org.elasticsearch.test.InternalTestCluster.clusterName; import static org.hamcrest.Matchers.contains; @@ -62,7 +64,11 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.is; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; -import static org.mockito.Mockito.*; +import static org.mockito.Mockito.any; +import static org.mockito.Mockito.doThrow; +import static org.mockito.Mockito.eq; +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.when; /** * @@ -704,16 +710,13 @@ public class IndexAuditTrailTests extends ShieldIntegTestCase { } private void awaitIndexCreation(final String indexName) throws InterruptedException { - boolean found = awaitBusy(new Predicate() { - @Override - public boolean apply(Void o) { - try { - ExistsResponse response = - getClient().prepareExists(indexName).execute().actionGet(); - return response.exists(); - } catch (Exception e) { - return false; - } + boolean found = awaitBusy(() -> { + try { + ExistsResponse response = + getClient().prepareExists(indexName).execute().actionGet(); + return response.exists(); + } catch (Exception e) { + return false; } }); assertThat("[" + indexName + "] does not exist!", found, is(true)); diff --git a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java index f95febbc1b3..3e831367216 100644 --- a/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/audit/index/RemoteIndexAuditTrailStartingTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.audit.index; -import com.google.common.base.Predicate; import org.elasticsearch.action.admin.cluster.node.info.NodeInfo; import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse; import org.elasticsearch.common.settings.Settings; @@ -127,12 +126,7 @@ public class RemoteIndexAuditTrailStartingTests extends ShieldIntegTestCase { public void testThatRemoteAuditInstancesAreStarted() throws Exception { Iterable auditTrails = remoteCluster.getInstances(IndexAuditTrail.class); for (final IndexAuditTrail auditTrail : auditTrails) { - awaitBusy(new Predicate() { - @Override - public boolean apply(Void aVoid) { - return auditTrail.state() == IndexAuditTrail.State.STARTED; - } - }, 2L, TimeUnit.SECONDS); + awaitBusy(() -> auditTrail.state() == IndexAuditTrail.State.STARTED, 2L, TimeUnit.SECONDS); assertThat(auditTrail.state(), is(IndexAuditTrail.State.STARTED)); } } diff --git a/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java b/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java index e10264eda7f..6995af27d65 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authz/PermissionTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import org.elasticsearch.action.get.GetAction; import org.elasticsearch.test.ESTestCase; import org.junit.Before; @@ -14,9 +13,16 @@ import org.junit.Test; import java.util.Arrays; import java.util.Collections; import java.util.Iterator; +import java.util.function.Predicate; -import static org.elasticsearch.shield.authz.Privilege.Index.*; -import static org.hamcrest.Matchers.*; +import static org.elasticsearch.shield.authz.Privilege.Index.Cluster; +import static org.elasticsearch.shield.authz.Privilege.Index.MONITOR; +import static org.elasticsearch.shield.authz.Privilege.Index.READ; +import static org.elasticsearch.shield.authz.Privilege.Index.SEARCH; +import static org.elasticsearch.shield.authz.Privilege.Index.union; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; /** * @@ -72,11 +78,11 @@ public class PermissionTests extends ESTestCase { // "baz_*foo", "/fool.*bar/" private void testAllowedIndicesMatcher(Predicate indicesMatcher) { - assertThat(indicesMatcher.apply("foobar"), is(false)); - assertThat(indicesMatcher.apply("fool"), is(false)); - assertThat(indicesMatcher.apply("fool2bar"), is(true)); - assertThat(indicesMatcher.apply("baz_foo"), is(true)); - assertThat(indicesMatcher.apply("barbapapa"), is(false)); + assertThat(indicesMatcher.test("foobar"), is(false)); + assertThat(indicesMatcher.test("fool"), is(false)); + assertThat(indicesMatcher.test("fool2bar"), is(true)); + assertThat(indicesMatcher.test("baz_foo"), is(true)); + assertThat(indicesMatcher.test("barbapapa"), is(false)); } diff --git a/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java b/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java index 1a103ae1bdf..fb2091afb6c 100644 --- a/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java +++ b/shield/src/test/java/org/elasticsearch/shield/authz/PrivilegeTests.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.shield.authz; -import com.google.common.base.Predicate; import org.elasticsearch.action.get.GetAction; import org.elasticsearch.action.get.MultiGetAction; import org.elasticsearch.action.search.MultiSearchAction; @@ -18,7 +17,11 @@ import org.junit.Rule; import org.junit.Test; import org.junit.rules.ExpectedException; -import static org.hamcrest.Matchers.*; +import java.util.function.Predicate; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; /** * @@ -48,10 +51,10 @@ public class PrivilegeTests extends ESTestCase { @Test public void testSubActionPattern() throws Exception { AutomatonPredicate predicate = new AutomatonPredicate(Automatons.patterns("foo" + Privilege.SUB_ACTION_SUFFIX_PATTERN)); - assertThat(predicate.apply("foo[n][nodes]"), is(true)); - assertThat(predicate.apply("foo[n]"), is(true)); - assertThat(predicate.apply("bar[n][nodes]"), is(false)); - assertThat(predicate.apply("[n][nodes]"), is(false)); + assertThat(predicate.test("foo[n][nodes]"), is(true)); + assertThat(predicate.test("foo[n]"), is(true)); + assertThat(predicate.test("bar[n][nodes]"), is(false)); + assertThat(predicate.test("[n][nodes]"), is(false)); } @Test @@ -81,17 +84,17 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name name = new Privilege.Name("indices:admin/template/delete"); Privilege.Cluster cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/delete"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/delete"), is(true)); name = new Privilege.Name("indices:admin/template/get"); cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/get"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/get"), is(true)); name = new Privilege.Name("indices:admin/template/put"); cluster = Privilege.Cluster.get(name); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("indices:admin/template/put"), is(true)); + assertThat(cluster.predicate().test("indices:admin/template/put"), is(true)); } @Test @@ -106,8 +109,8 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name actionName = new Privilege.Name("cluster:admin/snapshot/delete"); Privilege.Cluster cluster = Privilege.Cluster.get(actionName); assertThat(cluster, notNullValue()); - assertThat(cluster.predicate().apply("cluster:admin/snapshot/delete"), is(true)); - assertThat(cluster.predicate().apply("cluster:admin/snapshot/dele"), is(false)); + assertThat(cluster.predicate().test("cluster:admin/snapshot/delete"), is(true)); + assertThat(cluster.predicate().test("cluster:admin/snapshot/dele"), is(false)); } @Test @@ -117,14 +120,14 @@ public class PrivilegeTests extends ESTestCase { for (Privilege.Cluster cluster : Privilege.Cluster.values()) { if ("foo".equals(cluster.name.toString())) { found = true; - assertThat(cluster.predicate().apply("cluster:bar"), is(true)); + assertThat(cluster.predicate().test("cluster:bar"), is(true)); } } assertThat(found, is(true)); Privilege.Cluster cluster = Privilege.Cluster.get(new Privilege.Name("foo")); assertThat(cluster, notNullValue()); assertThat(cluster.name().toString(), is("foo")); - assertThat(cluster.predicate().apply("cluster:bar"), is(true)); + assertThat(cluster.predicate().test("cluster:bar"), is(true)); } @Test(expected = IllegalArgumentException.class) @@ -142,8 +145,8 @@ public class PrivilegeTests extends ESTestCase { Privilege.Name actionName = new Privilege.Name("indices:admin/mapping/delete"); Privilege.Index index = Privilege.Index.get(actionName); assertThat(index, notNullValue()); - assertThat(index.predicate().apply("indices:admin/mapping/delete"), is(true)); - assertThat(index.predicate().apply("indices:admin/mapping/dele"), is(false)); + assertThat(index.predicate().test("indices:admin/mapping/delete"), is(true)); + assertThat(index.predicate().test("indices:admin/mapping/dele"), is(false)); } @Test @@ -204,14 +207,14 @@ public class PrivilegeTests extends ESTestCase { for (Privilege.Index index : Privilege.Index.values()) { if ("foo".equals(index.name.toString())) { found = true; - assertThat(index.predicate().apply("indices:bar"), is(true)); + assertThat(index.predicate().test("indices:bar"), is(true)); } } assertThat(found, is(true)); Privilege.Index index = Privilege.Index.get(new Privilege.Name("foo")); assertThat(index, notNullValue()); assertThat(index.name().toString(), is("foo")); - assertThat(index.predicate().apply("indices:bar"), is(true)); + assertThat(index.predicate().test("indices:bar"), is(true)); } @Test(expected = IllegalArgumentException.class) @@ -227,42 +230,42 @@ public class PrivilegeTests extends ESTestCase { @Test public void testSystem() throws Exception { Predicate predicate = Privilege.SYSTEM.predicate(); - assertThat(predicate.apply("indices:monitor/whatever"), is(true)); - assertThat(predicate.apply("cluster:monitor/whatever"), is(true)); - assertThat(predicate.apply("cluster:admin/snapshot/status[nodes]"), is(false)); - assertThat(predicate.apply("internal:whatever"), is(true)); - assertThat(predicate.apply("indices:whatever"), is(false)); - assertThat(predicate.apply("cluster:whatever"), is(false)); - assertThat(predicate.apply("cluster:admin/snapshot/status"), is(false)); - assertThat(predicate.apply("whatever"), is(false)); - assertThat(predicate.apply("cluster:admin/reroute"), is(true)); - assertThat(predicate.apply("cluster:admin/whatever"), is(false)); - assertThat(predicate.apply("indices:admin/mapping/put"), is(true)); - assertThat(predicate.apply("indices:admin/mapping/whatever"), is(false)); + assertThat(predicate.test("indices:monitor/whatever"), is(true)); + assertThat(predicate.test("cluster:monitor/whatever"), is(true)); + assertThat(predicate.test("cluster:admin/snapshot/status[nodes]"), is(false)); + assertThat(predicate.test("internal:whatever"), is(true)); + assertThat(predicate.test("indices:whatever"), is(false)); + assertThat(predicate.test("cluster:whatever"), is(false)); + assertThat(predicate.test("cluster:admin/snapshot/status"), is(false)); + assertThat(predicate.test("whatever"), is(false)); + assertThat(predicate.test("cluster:admin/reroute"), is(true)); + assertThat(predicate.test("cluster:admin/whatever"), is(false)); + assertThat(predicate.test("indices:admin/mapping/put"), is(true)); + assertThat(predicate.test("indices:admin/mapping/whatever"), is(false)); } @Test public void testSearchPrivilege() throws Exception { Predicate predicate = Privilege.Index.SEARCH.predicate(); - assertThat(predicate.apply(SearchAction.NAME), is(true)); - assertThat(predicate.apply(SearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(MultiSearchAction.NAME), is(true)); - assertThat(predicate.apply(MultiSearchAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(SuggestAction.NAME), is(true)); - assertThat(predicate.apply(SuggestAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(SearchAction.NAME), is(true)); + assertThat(predicate.test(SearchAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(MultiSearchAction.NAME), is(true)); + assertThat(predicate.test(MultiSearchAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(SuggestAction.NAME), is(true)); + assertThat(predicate.test(SuggestAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(GetAction.NAME), is(false)); - assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(false)); - assertThat(predicate.apply(MultiGetAction.NAME), is(false)); - assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(false)); + assertThat(predicate.test(GetAction.NAME), is(false)); + assertThat(predicate.test(GetAction.NAME + "/whatever"), is(false)); + assertThat(predicate.test(MultiGetAction.NAME), is(false)); + assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(false)); } @Test public void testGetPrivilege() throws Exception { Predicate predicate = Privilege.Index.GET.predicate(); - assertThat(predicate.apply(GetAction.NAME), is(true)); - assertThat(predicate.apply(GetAction.NAME + "/whatever"), is(true)); - assertThat(predicate.apply(MultiGetAction.NAME), is(true)); - assertThat(predicate.apply(MultiGetAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(GetAction.NAME), is(true)); + assertThat(predicate.test(GetAction.NAME + "/whatever"), is(true)); + assertThat(predicate.test(MultiGetAction.NAME), is(true)); + assertThat(predicate.test(MultiGetAction.NAME + "/whatever"), is(true)); } }