security: remove use of shield in files and directory names

This commit removes as much of the use of shield as possible in the source code.

See elastic/elasticsearch#2383

Original commit: elastic/x-pack-elasticsearch@00009cc06e

elasticsearch/qa/audit-tests/src/test/java/org/elasticsearch/xpack/security/audit/IndexAuditIT.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.audit;
+package org.elasticsearch.xpack.security.audit;
 
 import com.carrotsearch.hppc.cursors.ObjectCursor;
 import org.elasticsearch.action.admin.indices.template.delete.DeleteIndexTemplateResponse;
@@ -14,10 +14,10 @@ import org.elasticsearch.cluster.metadata.IndexTemplateMetaData;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -35,7 +35,7 @@ public class IndexAuditIT extends ESIntegTestCase {
     private static final String USER = "test_user";
     private static final String PASS = "changeme";
 
-    public void testShieldIndexAuditTrailWorking() throws Exception {
+    public void testIndexAuditTrailWorking() throws Exception {
         HttpResponse response = httpClient().path("/")
                 .addHeader("Authorization", UsernamePasswordToken.basicAuthHeaderValue(USER, new SecuredString(PASS.toCharArray())))
                 .execute();
@@ -48,7 +48,7 @@ public class IndexAuditIT extends ESIntegTestCase {
                 ClusterState state = client().admin().cluster().prepareState().get().getState();
                 lastClusterState.set(state);
                 for (ObjectCursor<String> cursor : state.getMetaData().getIndices().keys()) {
-                    if (cursor.value.startsWith(".shield_audit_log")) {
+                    if (cursor.value.startsWith(".security_audit_log")) {
                         logger.info("found audit index [{}]", cursor.value);
                         indexExists.set(true);
                         break;
@@ -60,11 +60,11 @@ public class IndexAuditIT extends ESIntegTestCase {
                 }
             }
 
-            ensureYellow(".shield_audit_log*");
+            ensureYellow(".security_audit_log*");
             ClusterState state = client().admin().cluster().prepareState().get().getState();
             lastClusterState.set(state);
             client().admin().indices().prepareRefresh().get();
-            return client().prepareSearch(".shield_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
+            return client().prepareSearch(".security_audit_log*").setQuery(QueryBuilders.matchQuery("principal", USER))
                     .get().getHits().totalHits() > 0;
         }, 10L, TimeUnit.SECONDS);
 
@@ -73,7 +73,7 @@ public class IndexAuditIT extends ESIntegTestCase {
         }
         assertThat(found, is(true));
 
-        SearchResponse searchResponse = client().prepareSearch(".shield_audit_log*").setQuery(
+        SearchResponse searchResponse = client().prepareSearch(".security_audit_log*").setQuery(
                 QueryBuilders.matchQuery("principal", USER)).get();
         assertThat(searchResponse.getHits().getHits().length, greaterThan(0));
         assertThat((String) searchResponse.getHits().getAt(0).sourceAsMap().get("principal"), is(USER));

elasticsearch/qa/core-rest-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java

@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends ESRestTestCase {
 

elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyManualExecutionIT.java

@@ -57,7 +57,7 @@ public class GroovyManualExecutionIT extends AbstractWatcherIntegrationTestCase
     }
   
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
     

elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/GroovyScriptConditionIT.java

@@ -41,7 +41,7 @@ public class GroovyScriptConditionIT extends AbstractWatcherIntegrationTestCase
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 

elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/HistoryTemplateTransformMappingsIT.java

@@ -41,8 +41,8 @@ public class HistoryTemplateTransformMappingsIT extends AbstractWatcherIntegrati
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
-        return false; // remove shield noise from this test
+        return false; // remove security noise from this test
     }
 
     public void testTransformFields() throws Exception {

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/HipChatServiceIT.java

@@ -48,7 +48,7 @@ public class HipChatServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/NoMasterNodeIT.java

@@ -72,7 +72,7 @@ public class NoMasterNodeIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/PagerDutyServiceIT.java

@@ -50,7 +50,7 @@ public class PagerDutyServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SecurityCachePermissionIT.java

@@ -6,7 +6,6 @@
 package org.elasticsearch.messy.tests;
 
 import org.elasticsearch.Version;
-import org.elasticsearch.action.index.IndexRequest;
 import org.elasticsearch.action.search.SearchPhaseExecutionException;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.common.bytes.BytesArray;
@@ -17,9 +16,9 @@ import org.elasticsearch.script.ScriptService;
 import org.elasticsearch.script.Template;
 import org.elasticsearch.script.mustache.MustachePlugin;
 import org.elasticsearch.script.mustache.MustacheScriptEngineService;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.test.ShieldIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
-import org.elasticsearch.test.ShieldSettingsSource;
+import org.elasticsearch.test.SecuritySettingsSource;
 import org.junit.Before;
 import org.junit.BeforeClass;
 
@@ -27,12 +26,12 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
-@ShieldIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
+@SecurityIntegTestCase.AwaitsFix(bugUrl = "clean up test to not use mustache templates, otherwise needs many resources here")
-public class ShieldCachePermissionIT extends ShieldIntegTestCase {
+public class SecurityCachePermissionIT extends SecurityIntegTestCase {
     static final String READ_ONE_IDX_USER = "read_user";
     
     @Override
@@ -46,7 +45,7 @@ public class ShieldCachePermissionIT extends ShieldIntegTestCase {
     @Override
     public String configUsers() {
         return super.configUsers()
-                + READ_ONE_IDX_USER + ":" + ShieldSettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
+                + READ_ONE_IDX_USER + ":" + SecuritySettingsSource.DEFAULT_PASSWORD_HASHED + "\n";
     }
 
     @Override

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SlackServiceIT.java

@@ -47,7 +47,7 @@ public class SlackServiceIT extends AbstractWatcherIntegrationTestCase {
     }
 
     @Override
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return false;
     }
 

elasticsearch/qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/package-info.java

@@ -20,12 +20,4 @@
  * </ul>
  */
 
-// renames that took place:
-//  renamed:    x-pack/watcher/src/test/java/org/elasticsearch/watcher/input/search/SearchInputTests.java -> 
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchInputTests.java
-//  renamed:    x-pack/watcher/src/test/java/org/elasticsearch/watcher/transform/search/SearchTransformTests.java ->
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/SearchTransformTests.java
-//  renamed:    x-pack/shield/src/test/java/org/elasticsearch/integration/ShieldCachePermissionTests.java -> 
-//              qa/messy-test-xpack-with-mustache/src/test/java/org/elasticsearch/messy/tests/ShieldCachePermissionTests.java
-
 package org.elasticsearch.messy.tests;

elasticsearch/qa/reindex-tests-with-security/roles.yml

@@ -8,7 +8,7 @@ admin:
     - '*'
 
 # Search and write on both source and destination indices. It should work if you could just search on the source and
-# write to the destination but that isn't how shield works.
+# write to the destination but that isn't how security works.
 minimal:
   indices:
     - names: source

elasticsearch/qa/reindex-tests-with-security/src/test/java/org/elasticsearch/xpack/security/RestIT.java

@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends ESRestTestCase {
     private static final String USER = "test_admin";
@@ -32,7 +32,7 @@ public class RestIT extends ESRestTestCase {
     }
 
     /**
-     * All tests run as a an administrative user but use <code>es-shield-runas-user</code> to become a less privileged user.
+     * All tests run as a an administrative user but use <code>es-security-runas-user</code> to become a less privileged user.
      */
     @Override
     protected Settings restClientSettings() {

elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/10_reindex.yaml

@@ -32,7 +32,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       reindex:
         refresh: true
         body:
@@ -65,7 +65,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       reindex:
         refresh: true
         body:
@@ -98,7 +98,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       reindex:
         body:
@@ -120,7 +120,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       reindex:
         body:
@@ -147,7 +147,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       reindex:
         refresh: true
@@ -194,7 +194,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       reindex:
         refresh: true
         body:
@@ -237,7 +237,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       reindex:
         refresh: true
         body:
@@ -287,7 +287,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       reindex:
         body:
           source:
@@ -308,7 +308,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       reindex:
         body:
           source:

elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/20_update_by_query.yaml

@@ -41,7 +41,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       update_by_query:
         refresh: true
         index: source
@@ -72,7 +72,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       update_by_query:
         refresh: true
         index: source
@@ -103,7 +103,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       update_by_query:
         index: source
@@ -121,7 +121,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       update_by_query:
         index: source
@@ -145,7 +145,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       update_by_query:
         refresh: true
         index: source
@@ -191,7 +191,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       update_by_query:
         index: source
         body:

elasticsearch/qa/reindex-tests-with-security/src/test/resources/rest-api-spec/test/30_delete_by_query.yaml

@@ -37,7 +37,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: powerful_user}
+      headers: {es-security-runas-user: powerful_user}
       delete_by_query:
         refresh: true
         index: source
@@ -64,7 +64,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: minimal_user}
+      headers: {es-security-runas-user: minimal_user}
       delete_by_query:
         refresh: true
         index: source
@@ -91,7 +91,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: readonly_user}
+      headers: {es-security-runas-user: readonly_user}
       catch: forbidden
       delete_by_query:
         refresh: true
@@ -118,7 +118,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: dest_only_user}
+      headers: {es-security-runas-user: dest_only_user}
       catch: forbidden
       delete_by_query:
         refresh: true
@@ -151,7 +151,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_docs_user}
+      headers: {es-security-runas-user: can_not_see_hidden_docs_user}
       delete_by_query:
         refresh: true
         index: source
@@ -212,7 +212,7 @@
       indices.refresh: {}
 
   - do:
-      headers: {es-shield-runas-user: can_not_see_hidden_fields_user}
+      headers: {es-security-runas-user: can_not_see_hidden_fields_user}
       delete_by_query:
         refresh: true
         index: source

elasticsearch/qa/security-client-tests/src/test/java/org/elasticsearch/xpack/security/qa/SecurityTransportClientIT.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.qa;
+package org.elasticsearch.xpack.security.qa;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
@@ -13,8 +13,8 @@ import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 
@@ -23,14 +23,14 @@ import java.util.Collections;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
 
 /**
- * Integration tests that test a transport client with Shield being loaded that connect to an external cluster
+ * Integration tests that test a transport client with security being loaded that connect to an external cluster
  */
-public class ShieldTransportClientIT extends ESIntegTestCase {
+public class SecurityTransportClientIT extends ESIntegTestCase {
     static final String ADMIN_USER_PW = "test_user:changeme";
     static final String TRANSPORT_USER_PW = "transport:changeme";
 

elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/ExampleRealmExtension.java

@@ -8,7 +8,7 @@ package org.elasticsearch.example;
 import org.elasticsearch.example.realm.CustomAuthenticationFailureHandler;
 import org.elasticsearch.example.realm.CustomRealm;
 import org.elasticsearch.example.realm.CustomRealmFactory;
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
 import org.elasticsearch.xpack.extensions.XPackExtension;
 
 import java.security.AccessController;

elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomAuthenticationFailureHandler.java

@@ -8,8 +8,8 @@ package org.elasticsearch.example.realm;
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.shield.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler;
+import org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler;
 import org.elasticsearch.transport.TransportMessage;
 
 public class CustomAuthenticationFailureHandler extends DefaultAuthenticationFailureHandler {

elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealm.java

@@ -6,12 +6,12 @@
 package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.shield.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
-import org.elasticsearch.shield.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 
 public class CustomRealm extends Realm<UsernamePasswordToken> {
 

elasticsearch/qa/security-example-realm/src/main/java/org/elasticsearch/example/realm/CustomRealmFactory.java

@@ -7,8 +7,8 @@ package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.rest.RestController;
-import org.elasticsearch.shield.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realm;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
 
 public class CustomRealmFactory extends Realm.Factory<CustomRealm> {
 

elasticsearch/qa/security-example-realm/src/test/java/org/elasticsearch/example/realm/CustomRealmTests.java

@@ -6,10 +6,10 @@
 package org.elasticsearch.example.realm;
 
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.shield.authc.RealmConfig;
+import org.elasticsearch.xpack.security.authc.RealmConfig;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.Matchers.equalTo;

elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/integration-tests.xml

@@ -1,114 +0,0 @@
-<?xml version="1.0"?>
-<!--
-  ~ ELASTICSEARCH CONFIDENTIAL
-  ~ __________________
-  ~
-  ~  [2014] Elasticsearch Incorporated. All Rights Reserved.
-  ~
-  ~ NOTICE:  All information contained herein is, and remains
-  ~ the property of Elasticsearch Incorporated and its suppliers,
-  ~ if any.  The intellectual and technical concepts contained
-  ~ herein are proprietary to Elasticsearch Incorporated
-  ~ and its suppliers and may be covered by U.S. and Foreign Patents,
-  ~ patents in process, and are protected by trade secret or copyright law.
-  ~ Dissemination of this information or reproduction of this material
-  ~ is strictly forbidden unless prior written permission is obtained
-  ~ from Elasticsearch Incorporated.
-  -->
-
-<project name="smoke-test-watcher-and-shield"
-         xmlns:ac="antlib:net.sf.antcontrib">
-
-  <import file="${elasticsearch.integ.antfile.default}"/>
-
-  <!-- redefined to work with auth -->
-  <macrodef name="waitfor-elasticsearch">
-      <attribute name="port"/>
-      <attribute name="timeoutproperty"/>
-    <sequential>
-      <echo>Waiting for elasticsearch to become available on port @{port}...</echo>
-      <waitfor maxwait="30" maxwaitunit="second"
-               checkevery="500" checkeveryunit="millisecond"
-               timeoutproperty="@{timeoutproperty}">
-        <socket server="127.0.0.1" port="@{port}"/>
-      </waitfor>
-    </sequential>
-  </macrodef>
-
-  <target name="start-external-cluster-with-found-license-and-shield" depends="setup-workspace">
-    <ac:for list="${xplugins.list}" param="xplugin.name">
-      <sequential>
-        <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
-          <condition>
-            <not>
-              <available file="${integ.deps}/plugins/@{xplugin.name}-${elasticsearch.version}.zip" />
-            </not>
-          </condition>
-        </fail>
-      </sequential>
-    </ac:for>
-
-    <ac:for param="file">
-      <path>
-        <fileset dir="${integ.deps}/plugins"/>
-      </path>
-      <sequential>
-        <local name="plugin.name"/>
-        <convert-plugin-name file="@{file}" outputproperty="plugin.name"/>
-        <install-plugin name="${plugin.name}" file="@{file}"/>
-      </sequential>
-    </ac:for>
-
-    <local name="home"/>
-    <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
-
-    <echo>Adding roles.yml with watcher roles</echo>
-    <copy file="watcher-with-shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
-
-    <echo>Adding shield users...</echo>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="test_admin"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="admin"/>
-      </nested>
-    </run-script>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="watcher_manager"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="watcher_manager"/>
-      </nested>
-    </run-script>
-    <run-script script="${home}/bin/x-pack/esusers">
-      <nested>
-        <arg value="useradd"/>
-        <arg value="powerless_user"/>
-        <arg value="-p"/>
-        <arg value="changeme"/>
-        <arg value="-r"/>
-        <arg value="crapy_role"/>
-      </nested>
-    </run-script>
-
-    <startup-elasticsearch>
-      <!-- Useful for when debugging -->
-      <!--<additional-args>-->
-        <!--<arg value="-Des.http.cors.enabled=true"/>-->
-        <!--<arg value="-Des.http.cors.allow-origin=*"/>-->
-      <!--</additional-args>-->
-    </startup-elasticsearch>
-
-    <echo>Checking we can connect with basic auth on port ${integ.http.port}...</echo>
-    <local name="temp.file"/>
-    <tempfile property="temp.file" destdir="${java.io.tmpdir}"/>
-    <get src="http://127.0.0.1:${integ.http.port}" dest="${temp.file}" 
-         username="test_admin" password="changeme" verbose="true" retries="10"/>
-  </target>
-</project>

elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/MarvelClusterInfoIT.java

@@ -1,95 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import org.elasticsearch.Version;
-import org.elasticsearch.action.get.GetResponse;
-import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.index.IndexNotFoundException;
-import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.test.ESIntegTestCase;
-import org.elasticsearch.xpack.XPackPlugin;
-import org.elasticsearch.shield.Shield;
-import org.hamcrest.Matcher;
-
-import java.util.Collection;
-import java.util.Collections;
-import java.util.Map;
-import java.util.concurrent.TimeUnit;
-
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.nullValue;
-
-public class MarvelClusterInfoIT extends ESIntegTestCase {
-
-    static final String ADMIN_USER_PW = "test_admin:changeme";
-
-    @Override
-    protected Settings externalClusterClientSettings() {
-        return Settings.builder()
-                .put(Shield.USER_SETTING.getKey(), ADMIN_USER_PW)
-                .build();
-    }
-
-    @Override
-    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
-        return Collections.singletonList(XPackPlugin.class);
-    }
-
-    public void testMarvelClusterInfoCollectorWorks() throws Exception {
-        final String clusterUUID = client().admin().cluster().prepareState().setMetaData(true).get().getState().metaData().clusterUUID();
-        assertTrue(Strings.hasText(clusterUUID));
-        awaitIndexExists(".monitoring-es-data");
-        ensureYellow(".monitoring-es-data");
-        awaitMarvelDocsCount(equalTo(1L), "cluster_info");
-        GetResponse response = client().prepareGet(".monitoring-es-data", "cluster_info", clusterUUID).get();
-        assertTrue(".monitoring-es-data" + " document does not exist", response.isExists());
-        Map<String, Object> source = response.getSource();
-        assertThat((String) source.get("cluster_name"), equalTo(cluster().getClusterName()));
-        assertThat((String) source.get("version"), equalTo(Version.CURRENT.toString()));
-
-        Object licenseObj = source.get("license");
-        assertThat(licenseObj, nullValue());
-    }
-
-    protected void awaitMarvelDocsCount(Matcher<Long> matcher, String... types) throws Exception {
-        flush();
-        refresh();
-        assertBusy(new Runnable() {
-            @Override
-            public void run() {
-                assertMarvelDocsCount(matcher, types);
-            }
-        }, 30, TimeUnit.SECONDS);
-    }
-
-    protected void assertMarvelDocsCount(Matcher<Long> matcher, String... types) {
-        try {
-            long count = client().prepareSearch(".monitoring-es-data").setSize(0)
-                    .setTypes(types).get().getHits().totalHits();
-            logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
-            assertThat(count, matcher);
-        } catch (IndexNotFoundException e) {
-            assertThat(0L, matcher);
-        }
-    }
-
-    protected void awaitIndexExists(final String... indices) throws Exception {
-        assertBusy(new Runnable() {
-            @Override
-            public void run() {
-                assertIndicesExists(indices);
-            }
-        }, 30, TimeUnit.SECONDS);
-    }
-
-    protected void assertIndicesExists(String... indices) {
-        logger.trace("checking if index exists [{}]", Strings.arrayToCommaDelimitedString(indices));
-        assertThat(client().admin().indices().prepareExists(indices).get().isExists(), is(true));
-    }
-}

elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldIT.java

@@ -1,98 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import com.carrotsearch.randomizedtesting.annotations.Name;
-import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-import org.elasticsearch.client.support.Headers;
-import org.elasticsearch.common.network.NetworkAddress;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Shield;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
-import org.elasticsearch.test.rest.ESRestTestCase;
-import org.elasticsearch.test.rest.RestTestCandidate;
-import org.elasticsearch.test.rest.parser.RestTestParseException;
-import org.elasticsearch.xpack.XPackPlugin;
-import org.junit.After;
-import org.junit.Before;
-
-import java.io.IOException;
-import java.net.InetSocketAddress;
-import java.net.URI;
-import java.util.Collection;
-import java.util.Collections;
-
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
-
-public class WatcherWithShieldIT extends ESRestTestCase {
-
-    private final static String TEST_ADMIN_USERNAME = "test_admin";
-    private final static String TEST_ADMIN_PASSWORD = "changeme";
-
-    public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
-        super(testCandidate);
-    }
-
-    @ParametersFactory
-    public static Iterable<Object[]> parameters() throws IOException, RestTestParseException {
-        return ESRestTestCase.createParameters(0, 1);
-    }
-
-    @Before
-    public void startWatcher() throws Exception {
-        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
-            InetSocketAddress address = cluster().httpAddresses()[0];
-            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_start", null, null));
-            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
-            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
-            client.execute(request);
-        }
-    }
-
-    @After
-    public void stopWatcher() throws Exception {
-        try(CloseableHttpClient client = HttpClients.createMinimal(new BasicHttpClientConnectionManager())) {
-            InetSocketAddress address = cluster().httpAddresses()[0];
-            HttpPut request = new HttpPut(new URI("http", null, NetworkAddress.format(address.getAddress()), address.getPort(), "/_xpack/watcher/_stop", null, null));
-            String token = basicAuthHeaderValue(TEST_ADMIN_USERNAME, new SecuredString(TEST_ADMIN_PASSWORD.toCharArray()));
-            request.addHeader(UsernamePasswordToken.BASIC_AUTH_HEADER, token);
-            client.execute(request);
-        }
-    }
-
-    @Override
-    protected Settings restClientSettings() {
-        String[] credentials = getCredentials();
-        String token = basicAuthHeaderValue(credentials[0], new SecuredString(credentials[1].toCharArray()));
-        return Settings.builder()
-                .put(Headers.PREFIX + ".Authorization", token)
-                .build();
-    }
-
-    @Override
-    protected Settings externalClusterClientSettings() {
-        return Settings.builder()
-                .put(Shield.USER_SETTING.getKey(), TEST_ADMIN_USERNAME + ":" + TEST_ADMIN_PASSWORD)
-                .build();
-    }
-
-    protected String[] getCredentials() {
-        return new String[]{"watcher_manager", "changeme"};
-    }
-
-    @Override
-    protected Collection<Class<? extends Plugin>> transportClientPlugins() {
-        return Collections.<Class<? extends Plugin>>singleton(XPackPlugin.class);
-    }
-
-}
-

elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/src/test/java/org/elasticsearch/smoketest/WatcherWithShieldInsufficientRoleIT.java

@@ -1,36 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.smoketest;
-
-import com.carrotsearch.randomizedtesting.annotations.Name;
-import org.elasticsearch.test.rest.RestTestCandidate;
-
-import java.io.IOException;
-
-import static org.hamcrest.Matchers.anyOf;
-import static org.hamcrest.Matchers.containsString;
-
-public class WatcherWithShieldInsufficientRoleIT extends WatcherWithShieldIT {
-    public WatcherWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
-        super(testCandidate);
-    }
-
-    public void test() throws IOException {
-        try {
-            super.test();
-            fail();
-        } catch(AssertionError ae) {
-            assertThat(ae.getMessage(), anyOf(containsString("action [cluster:monitor/watcher/"), containsString("action [cluster:admin/watcher/")));
-            assertThat(ae.getMessage(), containsString("returned [403 Forbidden]"));
-            assertThat(ae.getMessage(), containsString("is unauthorized for user [powerless_user]"));
-        }
-    }
-
-    @Override
-    protected String[] getCredentials() {
-        return new String[]{"powerless_user", "changeme"};
-    }
-}

elasticsearch/qa/smoke-test-found-license-with-shield-and-watcher/watcher-with-shield-roles.yml

@@ -1,20 +0,0 @@
-admin:
-  cluster: all
-  indices:
-    '*': all
-
-watcher_manager:
-  cluster: manage
-  indices:
-    '.watcher-history-*': all
-
-watcher_monitor:
-  cluster: monitor
-  indices:
-    '.watcher-history-*': read
-
-crapy_role:
-  cluster:
-    - cluster:monitor/nodes/info
-    - cluster:monitor/health
-    - cluster:monitor/nodes/liveness

elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityIT.java

@@ -8,37 +8,23 @@ package org.elasticsearch.smoketest;
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 
-import org.apache.http.client.methods.HttpPut;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClients;
-import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
-//import org.elasticsearch.client.support.Headers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.plugins.Plugin;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-//import org.elasticsearch.shield.ShieldPlugin;
-import org.elasticsearch.shield.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
-import org.junit.After;
-import org.junit.Before;
 
 import java.io.IOException;
-import java.net.URI;
-import java.net.URL;
-import java.util.Collection;
-import java.util.Collections;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class GraphWithShieldIT extends ESRestTestCase {
+public class GraphWithSecurityIT extends ESRestTestCase {
 
     private final static String TEST_ADMIN_USERNAME = "test_admin";
     private final static String TEST_ADMIN_PASSWORD = "changeme";
 
-    public GraphWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public GraphWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 

elasticsearch/qa/smoke-test-graph-with-security/src/test/java/org/elasticsearch/smoketest/GraphWithSecurityInsufficientRoleIT.java

@@ -7,15 +7,14 @@ package org.elasticsearch.smoketest;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import org.elasticsearch.test.rest.RestTestCandidate;
-import org.junit.Test;
 
 import java.io.IOException;
 
 import static org.hamcrest.Matchers.containsString;
 
-public class GraphWithShieldInsufficientRoleIT extends GraphWithShieldIT {
+public class GraphWithSecurityInsufficientRoleIT extends GraphWithSecurityIT {
 
-    public GraphWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public GraphWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 

elasticsearch/qa/smoke-test-monitoring-with-security/insufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityInsufficientRoleIT.java

@@ -9,19 +9,19 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.containsString;
 
-public class MonitoringWithShieldInsufficientRoleIT extends ESRestTestCase {
+public class MonitoringWithSecurityInsufficientRoleIT extends ESRestTestCase {
 
-    public MonitoringWithShieldInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public MonitoringWithSecurityInsufficientRoleIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 

elasticsearch/qa/smoke-test-monitoring-with-security/sufficient-rights/src/test/java/org/elasticsearch/smoketest/MonitoringWithSecurityIT.java

@@ -9,18 +9,18 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class MonitoringWithShieldIT extends ESRestTestCase {
+public class MonitoringWithSecurityIT extends ESRestTestCase {
 
-    public MonitoringWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public MonitoringWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 

elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java

@@ -12,8 +12,8 @@ import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.junit.After;
@@ -37,14 +37,14 @@ import static org.hamcrest.Matchers.greaterThanOrEqualTo;
 
 /**
  * This test checks that a Monitoring's HTTP exporter correctly exports to a monitoring cluster
- * protected by Shield with HTTPS/SSL.
+ * protected by security with HTTPS/SSL.
  *
- * It sets up a cluster with Monitoring and Shield configured with SSL. Once started,
+ * It sets up a cluster with Monitoring and Security configured with SSL. Once started,
  * an HTTP exporter is activated and it exports data locally over HTTPS/SSL. The test
  * then uses a transport client to check that the data have been correctly received and
  * indexed in the cluster.
  */
-public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
+public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase {
 
     private static final String USER = "test_user";
     private static final String PASS = "changeme";
@@ -61,7 +61,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
     protected Settings externalClusterClientSettings() {
         return Settings.builder()
                 .put(Security.USER_SETTING.getKey(), USER + ":" + PASS)
-                .put(ShieldNettyTransport.SSL_SETTING.getKey(), true)
+                .put(SecurityNettyTransport.SSL_SETTING.getKey(), true)
                 .put("xpack.security.ssl.keystore.path", clientKeyStore)
                 .put("xpack.security.ssl.keystore.password", KEYSTORE_PASS)
                 .build();
@@ -133,7 +133,7 @@ public class SmokeTestMonitoringWithShieldIT extends ESIntegTestCase {
     @BeforeClass
     public static void loadKeyStore() {
         try {
-            clientKeyStore = PathUtils.get(SmokeTestMonitoringWithShieldIT.class.getResource("/test-client.jks").toURI());
+            clientKeyStore = PathUtils.get(SmokeTestMonitoringWithSecurityIT.class.getResource("/test-client.jks").toURI());
         } catch (URISyntaxException e) {
             throw new ElasticsearchException("exception while reading the store", e);
         }

elasticsearch/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsSslIT.java

@@ -11,7 +11,7 @@ import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.client.RestClient;
@@ -24,7 +24,7 @@ import java.net.URISyntaxException;
 import java.nio.file.Files;
 import java.nio.file.Path;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class SmokeTestPluginsSslIT extends ESRestTestCase {
 

elasticsearch/qa/smoke-test-plugins/src/test/java/org/elasticsearch/smoketest/SmokeTestPluginsIT.java

@@ -9,14 +9,14 @@ import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class SmokeTestPluginsIT extends ESRestTestCase {
 

elasticsearch/qa/smoke-test-watcher-with-security/src/test/java/org/elasticsearch/smoketest/WatcherWithSecurityIT.java

@@ -17,22 +17,22 @@ import org.apache.http.impl.client.HttpClients;
 import org.apache.http.impl.conn.BasicHttpClientConnectionManager;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 import org.junit.After;
 import org.junit.Before;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
-public class WatcherWithShieldIT extends ESRestTestCase {
+public class WatcherWithSecurityIT extends ESRestTestCase {
 
     private final static String TEST_ADMIN_USERNAME = "test_admin";
     private final static String TEST_ADMIN_PASSWORD = "changeme";
 
-    public WatcherWithShieldIT(@Name("yaml") RestTestCandidate testCandidate) {
+    public WatcherWithSecurityIT(@Name("yaml") RestTestCandidate testCandidate) {
         super(testCandidate);
     }
 

elasticsearch/qa/smoke-test-watcher-with-security/src/test/resources/rest-api-spec/test/watcher/watcher_and_security/10_insufficient_privs.yaml

@@ -1,7 +1,7 @@
 ---
-"Test watcher is protected by shield":
+"Test watcher is protected by security":
   - do:
-    headers: { es-shield-runas-user: powerless_user }
+    headers: { es-security-runas-user: powerless_user }
     catch: forbidden
     xpack.watcher.stats: {}
   # there seems to be a bug in the yaml parser we use, where a single element list

elasticsearch/qa/tribe-node-tests-with-security/integration-tests.xml

@@ -16,14 +16,14 @@
   ~ from Elasticsearch Incorporated.
   -->
 
-<project name="smoke-test-tribe-node-with-shield"
+<project name="smoke-test-tribe-node-with-security"
          xmlns:ac="antlib:net.sf.antcontrib">
 
     <taskdef name="xhttp" classname="org.elasticsearch.ant.HttpTask" classpath="${test_classpath}" />
     <typedef name="xhttp" classname="org.elasticsearch.ant.HttpCondition" classpath="${test_classpath}"/>
 
     <import file="${elasticsearch.integ.antfile.default}"/>
-    <import file="${elasticsearch.tools.directory}/ant/shield-overrides.xml"/>
+    <import file="${elasticsearch.tools.directory}/ant/security-overrides.xml"/>
 
     <property name="tribe_node.pidfile" location="${integ.scratch}/tribe-node.pid"/>
     <available property="tribe_node.pidfile.exists" file="${tribe_node.pidfile}"/>
@@ -47,7 +47,7 @@
         </sequential>
     </macrodef>
 
-    <target name="start-tribe-node-and-2-clusters-with-shield" depends="setup-workspace">
+    <target name="start-tribe-node-and-2-clusters-with-security" depends="setup-workspace">
         <ac:for list="${xplugins.list}" param="xplugin.name">
             <sequential>
                 <fail message="Expected @{xplugin.name}-${version}.zip as a dependency, but could not be found in ${integ.deps}/plugins}">
@@ -75,9 +75,9 @@
         <property name="home" location="${integ.scratch}/elasticsearch-${elasticsearch.version}"/>
 
         <echo>Adding roles.yml</echo>
-        <copy file="shield-roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
+        <copy file="roles.yml" tofile="${home}/config/x-pack/roles.yml" overwrite="true"/>
 
-        <echo>Adding shield users...</echo>
+        <echo>Adding security users...</echo>
         <run-script script="${home}/bin/x-pack/esusers">
             <nested>
                 <arg value="useradd"/>

elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/RestIT.java

@@ -3,20 +3,20 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.annotations.Name;
 import com.carrotsearch.randomizedtesting.annotations.ParametersFactory;
 import org.elasticsearch.client.support.Headers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.ESRestTestCase;
 import org.elasticsearch.test.rest.RestTestCandidate;
 import org.elasticsearch.test.rest.parser.RestTestParseException;
 
 import java.io.IOException;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 
 public class RestIT extends TribeRestTestCase {
 

elasticsearch/qa/tribe-node-tests-with-security/src/test/java/org/elasticsearch/xpack.security/TribeRestTestCase.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import com.carrotsearch.randomizedtesting.RandomizedTest;
 import com.carrotsearch.randomizedtesting.annotations.TestGroup;

elasticsearch/x-pack/build.gradle

@@ -24,7 +24,7 @@ dependencies {
   compile project(':x-plugins:elasticsearch:license:base')
   testCompile project(':x-plugins:elasticsearch:license:licensor')
 
-  // shield deps
+  // security deps
   compile 'dk.brics.automaton:automaton:1.11-8'
   compile 'com.unboundid:unboundid-ldapsdk:2.3.8'
   compile 'org.bouncycastle:bcprov-jdk15on:1.54'
@@ -33,7 +33,7 @@ dependencies {
 
   // watcher deps
   compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239'
-  compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and shield tests for jimfs
+  compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and security tests for jimfs
   compile 'com.sun.mail:javax.mail:1.5.3'
   // HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have
   // to be conditionalized for java 8/9, we pull in the classes directly
@@ -57,7 +57,7 @@ dependencies {
 
 // we keep the source directories in the original structure of split plugins,
 // in order to facilitate backports to 2.x.  TODO: remove after 5.0 release
-for (String module : ['', 'license-plugin/', 'shield/', 'watcher/', 'marvel/', 'graph/']) {
+for (String module : ['', 'license-plugin/', 'security/', 'watcher/', 'marvel/', 'graph/']) {
   sourceSets {
     main {
       java.srcDir("${module}src/main/java")
@@ -116,10 +116,10 @@ bundlePlugin {
   from('bin/x-pack') {
     into 'bin'
   }
-  from('shield/bin/x-pack') {
+  from('security/bin/x-pack') {
     into 'bin'
   }
-  from('shield/config/x-pack') {
+  from('security/config/x-pack') {
     into 'config'
   }
   from('watcher/bin/x-pack') {

elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java

@@ -22,7 +22,7 @@ import org.elasticsearch.script.NativeScriptFactory;
 import org.elasticsearch.script.Script;
 import org.elasticsearch.script.ScriptModule;
 import org.elasticsearch.script.ScriptService.ScriptType;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESSingleNodeTestCase;
 import org.elasticsearch.xpack.watcher.Watcher;
 import org.elasticsearch.xpack.XPackPlugin;
@@ -127,7 +127,7 @@ public class GraphTests extends ESSingleNodeTestCase {
     
     @Override
     public Settings nodeSettings()  {
-        // Disable Shield otherwise authentication failures happen creating indices. 
+        // Disable security otherwise authentication failures happen creating indices.
         Builder newSettings = Settings.builder();
         newSettings.put(XPackPlugin.featureEnabledSetting(Security.NAME), false);
         newSettings.put(XPackPlugin.featureEnabledSetting(Monitoring.NAME), false);

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java

@@ -25,7 +25,7 @@ import org.elasticsearch.license.plugin.core.LicensesMetaData;
 import org.elasticsearch.license.plugin.core.LicensesStatus;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.InternalTestCluster;
 import org.elasticsearch.xpack.watcher.Watcher;

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/LicensesTransportTests.java

@@ -22,7 +22,7 @@ import org.elasticsearch.license.plugin.core.LicensesStatus;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESSingleNodeTestCase;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.elasticsearch.xpack.watcher.Watcher;

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/xpack/TribeTransportTestCase.java

@@ -23,7 +23,7 @@ import org.elasticsearch.discovery.zen.ping.unicast.UnicastZenPing;
 import org.elasticsearch.marvel.Monitoring;
 import org.elasticsearch.node.Node;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.ESIntegTestCase.Scope;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStateCollector.java

@@ -17,7 +17,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 import java.util.Collection;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/cluster/ClusterStatsCollector.java

@@ -20,7 +20,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 import java.util.Collection;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexRecoveryCollector.java

@@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.ArrayList;
 import java.util.Arrays;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndexStatsCollector.java

@@ -19,8 +19,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.ArrayList;
 import java.util.Arrays;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollector.java

@@ -17,8 +17,8 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
 
 import java.util.Arrays;
 import java.util.Collection;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollector.java

@@ -21,7 +21,7 @@ import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.agent.collector.AbstractCollector;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.Collection;
 import java.util.Collections;

elasticsearch/x-pack/marvel/src/main/java/org/elasticsearch/marvel/support/init/proxy/MonitoringClientProxy.java

@@ -6,7 +6,7 @@
 package org.elasticsearch.marvel.support.init.proxy;
 
 import org.elasticsearch.client.Client;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.xpack.common.init.proxy.ClientProxy;
 
 public class MonitoringClientProxy extends ClientProxy {

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/AbstractCollectorTestCase.java

@@ -26,7 +26,7 @@ import org.elasticsearch.license.plugin.core.LicensesManagerService;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.xpack.XPackPlugin;

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/indices/IndicesStatsCollectorTests.java

@@ -45,7 +45,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
         waitForNoBlocksOnNode(node);
 
         try {
-            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
+            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
         } catch (IndexNotFoundException e) {
             fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
         }
@@ -56,7 +56,7 @@ public class IndicesStatsCollectorTests extends AbstractCollectorTestCase {
         waitForNoBlocksOnNode(node);
 
         try {
-            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(shieldEnabled ? 0 : 1));
+            assertThat(newIndicesStatsCollector(node).doCollect(), hasSize(securityEnabled ? 0 : 1));
         } catch (IndexNotFoundException e) {
             fail("IndexNotFoundException has been thrown but it should have been swallowed by the collector");
         }

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/agent/collector/node/NodeStatsCollectorTests.java

@@ -16,7 +16,7 @@ import org.elasticsearch.marvel.MonitoredSystem;
 import org.elasticsearch.marvel.agent.collector.AbstractCollectorTestCase;
 import org.elasticsearch.marvel.agent.exporter.MonitoringDoc;
 import org.elasticsearch.marvel.MonitoringLicensee;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 
 import java.util.Collection;

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/cleaner/local/LocalIndicesCleanerTests.java

@@ -50,7 +50,7 @@ public class LocalIndicesCleanerTests extends AbstractIndicesCleanerTestCase {
             try {
                 assertThat(client().admin().indices().prepareGetSettings().get().getIndexToSettings().size(), equalTo(count));
             } catch (IndexNotFoundException e) {
-                if (shieldEnabled) {
+                if (securityEnabled) {
                     assertThat(0, equalTo(count));
                 } else {
                     throw e;

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelInternalClientTests.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.marvel.shield;
+package org.elasticsearch.marvel.security;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.action.ActionRequestBuilder;
@@ -13,7 +13,7 @@ import org.elasticsearch.index.IndexNotFoundException;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
 import org.elasticsearch.rest.RestStatus;
-import org.elasticsearch.shield.InternalClient;
+import org.elasticsearch.xpack.security.InternalClient;
 
 import java.util.ArrayList;
 

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/security/MarvelSettingsFilterTests.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.marvel.shield;
+package org.elasticsearch.marvel.security;
 
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
@@ -13,7 +13,7 @@ import org.elasticsearch.common.xcontent.json.JsonXContent;
 import org.elasticsearch.http.HttpServerTransport;
 import org.elasticsearch.marvel.MonitoringSettings;
 import org.elasticsearch.marvel.test.MarvelIntegTestCase;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
 import org.elasticsearch.test.rest.client.http.HttpRequestBuilder;
 import org.elasticsearch.test.rest.client.http.HttpResponse;
 import org.hamcrest.Matchers;
@@ -23,8 +23,8 @@ import java.io.IOException;
 import java.util.Map;
 
 import static org.elasticsearch.common.xcontent.support.XContentMapValues.extractValue;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.BASIC_AUTH_HEADER;
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.CoreMatchers.nullValue;
 
 public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
@@ -89,9 +89,9 @@ public class MarvelSettingsFilterTests extends MarvelIntegTestCase {
         if (body != null) {
             requestBuilder.body(body);
         }
-        if (shieldEnabled) {
+        if (securityEnabled) {
             requestBuilder.addHeader(BASIC_AUTH_HEADER,
-                    basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
+                    basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
         }
         return requestBuilder.execute();
     }

elasticsearch/x-pack/marvel/src/test/java/org/elasticsearch/marvel/test/MarvelIntegTestCase.java

@@ -25,12 +25,12 @@ import org.elasticsearch.marvel.agent.resolver.MonitoringIndexNameResolver;
 import org.elasticsearch.marvel.agent.resolver.ResolversRegistry;
 import org.elasticsearch.marvel.client.MonitoringClient;
 import org.elasticsearch.plugins.Plugin;
-import org.elasticsearch.shield.Security;
+import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.shield.authc.file.FileRealm;
+import org.elasticsearch.xpack.security.authc.file.FileRealm;
-import org.elasticsearch.shield.authc.support.Hasher;
+import org.elasticsearch.xpack.security.authc.support.Hasher;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.TestCluster;
 import org.elasticsearch.test.store.MockFSIndexStore;
@@ -60,7 +60,7 @@ import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 
-import static org.elasticsearch.shield.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
+import static org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertAcked;
 import static org.hamcrest.Matchers.allOf;
 import static org.hamcrest.Matchers.greaterThan;
@@ -77,10 +77,10 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     /**
      * Enables individual tests to control the behavior.
      * <p>
-     * Control this by overriding {@link #enableShield()}, which defaults to enabling it randomly.
+     * Control this by overriding {@link #enableSecurity()}, which defaults to enabling it randomly.
      */
     // SCARY: This needs to be static or lots of tests randomly fail, but it's not used statically!
-    protected static Boolean shieldEnabled;
+    protected static Boolean securityEnabled;
     /**
      * Enables individual tests to control the behavior.
      * <p>
@@ -90,14 +90,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
 
     @Override
     protected TestCluster buildTestCluster(Scope scope, long seed) throws IOException {
-        if (shieldEnabled == null) {
+        if (securityEnabled == null) {
-            shieldEnabled = enableShield();
+            securityEnabled = enableSecurity();
         }
         if (watcherEnabled == null) {
             watcherEnabled = enableWatcher();
         }
 
-        logger.debug("--> shield {}", shieldEnabled ? "enabled" : "disabled");
+        logger.debug("--> security {}", securityEnabled ? "enabled" : "disabled");
         logger.debug("--> watcher {}", watcherEnabled ? "enabled" : "disabled");
 
         return super.buildTestCluster(scope, seed);
@@ -111,14 +111,14 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 // we do this by default in core, but for monitoring this isn't needed and only adds noise.
                 .put("index.store.mock.check_index_on_close", false);
 
-        ShieldSettings.apply(shieldEnabled, builder);
+        SecuritySettings.apply(securityEnabled, builder);
 
         return builder.build();
     }
 
     @Override
     protected Settings transportClientSettings() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             return Settings.builder()
                     .put(super.transportClientSettings())
                     .put("client.transport.sniff", false)
@@ -133,8 +133,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     @Override
     protected Collection<Class<? extends Plugin>> getMockPlugins() {
         Set<Class<? extends Plugin>> plugins = new HashSet<>(super.getMockPlugins());
-        plugins.remove(MockTransportService.TestPlugin.class); // shield has its own transport service
+        plugins.remove(MockTransportService.TestPlugin.class); // security has its own transport service
-        plugins.remove(AssertingLocalTransport.TestPlugin.class); // shield has its own transport
+        plugins.remove(AssertingLocalTransport.TestPlugin.class); // security has its own transport
         plugins.add(MockFSIndexStore.TestPlugin.class);
         return plugins;
     }
@@ -151,16 +151,16 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
 
     @Override
     protected Function<Client,Client> getClientWrapper() {
-        if (shieldEnabled == false) {
+        if (securityEnabled == false) {
             return Function.identity();
         }
         Map<String, String> headers = Collections.singletonMap("Authorization",
-                basicAuthHeaderValue(ShieldSettings.TEST_USERNAME, new SecuredString(ShieldSettings.TEST_PASSWORD.toCharArray())));
+                basicAuthHeaderValue(SecuritySettings.TEST_USERNAME, new SecuredString(SecuritySettings.TEST_PASSWORD.toCharArray())));
         return client -> (client instanceof NodeClient) ? client.filterWithHeader(headers) : client;
     }
 
     protected MonitoringClient monitoringClient() {
-        Client client = shieldEnabled ? internalCluster().transportClient() : client();
+        Client client = securityEnabled ? internalCluster().transportClient() : client();
         return randomBoolean() ? new XPackClient(client).monitoring() : new MonitoringClient(client);
     }
 
@@ -184,7 +184,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     /**
      * Override and return {@code false} to force running without Security.
      */
-    protected boolean enableShield() {
+    protected boolean enableSecurity() {
         return randomBoolean();
     }
 
@@ -231,11 +231,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void deleteMarvelIndices() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
             } catch (IndexNotFoundException e) {
-                // if shield couldn't resolve any marvel index, it'll throw index not found exception.
+                // if security couldn't resolve any marvel index, it'll throw index not found exception.
             }
         } else {
             assertAcked(client().admin().indices().prepareDelete(MONITORING_INDICES_PREFIX + "*"));
@@ -247,11 +247,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void ensureMarvelIndicesYellow() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 ensureYellow(".monitoring-es-*");
             } catch (IndexNotFoundException e) {
-                // might happen with shield...
+                // might happen with security...
             }
         } else {
             ensureYellow(".monitoring-es-*");
@@ -266,7 +266,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
             logger.trace("--> searched for [{}] documents, found [{}]", Strings.arrayToCommaDelimitedString(types), count);
             assertThat(count, matcher);
         } catch (IndexNotFoundException e) {
-            if (shieldEnabled) {
+            if (securityEnabled) {
                 assertThat(0L, matcher);
             } else {
                 throw e;
@@ -312,8 +312,8 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 try {
                     assertIndicesExists(index);
                 } catch (IndexNotFoundException e) {
-                    if (shieldEnabled) {
+                    if (securityEnabled) {
-                        // with shield we might get that if wildcards were resolved to no indices
+                        // with security we might get that if wildcards were resolved to no indices
                         fail("IndexNotFoundException when checking for existence of index [" + index + "]");
                     } else {
                         throw e;
@@ -336,11 +336,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedRefresh() {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 refresh();
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             refresh();
@@ -348,11 +348,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedFlush(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 flush(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             flush(indices);
@@ -360,11 +360,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedFlushAndRefresh(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 flushAndRefresh(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             flushAndRefresh(indices);
@@ -372,11 +372,11 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
     }
 
     protected void securedEnsureGreen(String... indices) {
-        if (shieldEnabled) {
+        if (securityEnabled) {
             try {
                 ensureGreen(indices);
             } catch (IndexNotFoundException e) {
-                // with shield we might get that if wildcards were resolved to no indices
+                // with security we might get that if wildcards were resolved to no indices
             }
         } else {
             ensureGreen(indices);
@@ -477,9 +477,9 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
         }
     }
 
-    /** Shield related settings */
+    /** security related settings */
 
-    public static class ShieldSettings {
+    public static class SecuritySettings {
 
         public static final String TEST_USERNAME = "test";
         public static final String TEST_PASSWORD = "changeme";
@@ -528,7 +528,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                 return;
             }
             try {
-                Path folder = createTempDir().resolve("marvel_shield");
+                Path folder = createTempDir().resolve("marvel_security");
                 Files.createDirectories(folder);
 
                 builder.put("xpack.security.enabled", true)
@@ -541,7 +541,7 @@ public abstract class MarvelIntegTestCase extends ESIntegTestCase {
                         .put("xpack.security.authc.sign_user_header", false)
                         .put("xpack.security.audit.enabled", auditLogsEnabled);
             } catch (IOException ex) {
-                throw new RuntimeException("failed to build settings for shield", ex);
+                throw new RuntimeException("failed to build settings for security", ex);
             }
         }
 

elasticsearch/x-pack/security/TESTING.asciidoc

@@ -3,29 +3,29 @@
 
 [partintro]
 
-Elasticsearch and Shield use jUnit for testing, they also use randomness
+Elasticsearch and X-Pack use jUnit for testing, they also use randomness
 in the tests, that can be set using a seed, please refer to the
 Elasticsearch TESTING.asciidoc cheatsheet to know all about it.
 
 Tests are executed with network transport and unicast discovery, as this is
-the configuration that's secured by shield.
+the configuration that's secured by X-Pack.
 
 == Testing the REST layer
 
-The available integration tests are specific for Shield functionalities
+The available integration tests are specific for Security functionalities
 and make use of the java API to communicate with the elasticsearch nodes,
 using the internal binary transport (port 9300 by default).
-Shield is also tested using the REST tests provided by Elasticsearch core,
+Security is also tested using the REST tests provided by Elasticsearch core,
-just by running those same tests against a cluster with Shield installed.
+just by running those same tests against a cluster with X-Pack installed.
 
 The REST tests are run automatically during the integration test phase
-(`mvn verify`). Some tests are blacklisted as they are known to fail against 
+(`gradle integTest`). Some tests are blacklisted as they are known to fail against
-shield due to different behaviours introduced by the security plugin.
+X-Pack due to different behaviours introduced by the security plugin.
 
 ---------------------------------------------------------------------------
-mvn verify
+gradle integTest
 ---------------------------------------------------------------------------
 
-`ShieldRestIT` is the executable test class that runs all the
+`XPackRestIT` is the executable test class that runs all the
 yaml suites available within the `rest-api-spec` folder.
 

elasticsearch/x-pack/security/bin/x-pack/syskeygen

@@ -72,7 +72,7 @@ fi
 
 export HOSTNAME=`hostname -s`
 
-# include shield jars in classpath
+# include x-pack jars in classpath
 ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
 
 # don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
@@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
 fi
 
 cd "$ES_HOME" > /dev/null
-"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.shield.crypto.tool.SystemKeyTool $properties "{args[@]}"
+"$JAVA" $ES_JAVA_OPTS -Des.path.home="$ES_HOME" -cp "$ES_CLASSPATH" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool $properties "{args[@]}"
 status=$?
 cd - > /dev/null
 exit $status

elasticsearch/x-pack/security/bin/x-pack/syskeygen.bat

@@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
 rem you may not use this file except in compliance with the Elastic License.
 
 PUSHD "%~dp0"
-CALL "%~dp0.in.bat" org.elasticsearch.shield.crypto.tool.SystemKeyTool %*
+CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.crypto.tool.SystemKeyTool %*
 POPD

elasticsearch/x-pack/security/bin/x-pack/users

@@ -72,7 +72,7 @@ fi
 
 export HOSTNAME=`hostname -s`
 
-# include shield jars in classpath
+# include x-pack jars in classpath
 ES_CLASSPATH="$ES_CLASSPATH:$ES_HOME/plugins/x-pack/*"
 
 # don't let JAVA_TOOL_OPTIONS slip in (e.g. crazy agents in ubuntu)
@@ -96,7 +96,7 @@ if [ -e "$CONF_DIR" ]; then
 fi
 
 cd "$ES_HOME" > /dev/null
-"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.shield.authc.file.tool.UsersTool "${args[@]}"
+"$JAVA" $ES_JAVA_OPTS -cp "$ES_CLASSPATH" -Des.path.home="$ES_HOME" org.elasticsearch.xpack.security.authc.file.tool.UsersTool "${args[@]}"
 status=$?
 cd - > /dev/null
 exit $status

elasticsearch/x-pack/security/bin/x-pack/users.bat

@@ -5,5 +5,5 @@ rem or more contributor license agreements. Licensed under the Elastic License;
 rem you may not use this file except in compliance with the Elastic License.
 
 PUSHD "%~dp0"
-CALL "%~dp0.in.bat" org.elasticsearch.shield.authc.file.tool.UsersTool %*
+CALL "%~dp0.in.bat" org.elasticsearch.xpack.security.authc.file.tool.UsersTool %*
 POPD

elasticsearch/x-pack/security/config/x-pack/logging.yml

@@ -1,8 +1,8 @@
 logger:
-  shield.audit.logfile: INFO, access_log
+  security.audit.logfile: INFO, access_log
 
 additivity:
-  shield.audit.logfile: false
+  security.audit.logfile: false
 
 appender:
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/InternalClient.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.Action;
@@ -15,8 +15,8 @@ import org.elasticsearch.client.Client;
 import org.elasticsearch.client.FilterClient;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
-import org.elasticsearch.shield.user.XPackUser;
+import org.elasticsearch.xpack.security.user.XPackUser;
 
 import java.io.IOException;
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.action.ActionModule;
 import org.elasticsearch.common.Booleans;
@@ -20,68 +20,68 @@ import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.index.IndexModule;
-import org.elasticsearch.shield.action.ShieldActionModule;
+import org.elasticsearch.xpack.security.action.SecurityActionModule;
-import org.elasticsearch.shield.action.filter.ShieldActionFilter;
+import org.elasticsearch.xpack.security.action.filter.SecurityActionFilter;
-import org.elasticsearch.shield.action.realm.ClearRealmCacheAction;
+import org.elasticsearch.xpack.security.action.realm.ClearRealmCacheAction;
-import org.elasticsearch.shield.action.realm.TransportClearRealmCacheAction;
+import org.elasticsearch.xpack.security.action.realm.TransportClearRealmCacheAction;
-import org.elasticsearch.shield.action.role.ClearRolesCacheAction;
+import org.elasticsearch.xpack.security.action.role.ClearRolesCacheAction;
-import org.elasticsearch.shield.action.role.DeleteRoleAction;
+import org.elasticsearch.xpack.security.action.role.DeleteRoleAction;
-import org.elasticsearch.shield.action.role.GetRolesAction;
+import org.elasticsearch.xpack.security.action.role.GetRolesAction;
-import org.elasticsearch.shield.action.role.PutRoleAction;
+import org.elasticsearch.xpack.security.action.role.PutRoleAction;
-import org.elasticsearch.shield.action.role.TransportClearRolesCacheAction;
+import org.elasticsearch.xpack.security.action.role.TransportClearRolesCacheAction;
-import org.elasticsearch.shield.action.role.TransportDeleteRoleAction;
+import org.elasticsearch.xpack.security.action.role.TransportDeleteRoleAction;
-import org.elasticsearch.shield.action.role.TransportGetRolesAction;
+import org.elasticsearch.xpack.security.action.role.TransportGetRolesAction;
-import org.elasticsearch.shield.action.role.TransportPutRoleAction;
+import org.elasticsearch.xpack.security.action.role.TransportPutRoleAction;
-import org.elasticsearch.shield.action.user.AuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
-import org.elasticsearch.shield.action.user.ChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
-import org.elasticsearch.shield.action.user.DeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.DeleteUserAction;
-import org.elasticsearch.shield.action.user.GetUsersAction;
+import org.elasticsearch.xpack.security.action.user.GetUsersAction;
-import org.elasticsearch.shield.action.user.PutUserAction;
+import org.elasticsearch.xpack.security.action.user.PutUserAction;
-import org.elasticsearch.shield.action.user.TransportAuthenticateAction;
+import org.elasticsearch.xpack.security.action.user.TransportAuthenticateAction;
-import org.elasticsearch.shield.action.user.TransportChangePasswordAction;
+import org.elasticsearch.xpack.security.action.user.TransportChangePasswordAction;
-import org.elasticsearch.shield.action.user.TransportDeleteUserAction;
+import org.elasticsearch.xpack.security.action.user.TransportDeleteUserAction;
-import org.elasticsearch.shield.action.user.TransportGetUsersAction;
+import org.elasticsearch.xpack.security.action.user.TransportGetUsersAction;
-import org.elasticsearch.shield.action.user.TransportPutUserAction;
+import org.elasticsearch.xpack.security.action.user.TransportPutUserAction;
-import org.elasticsearch.shield.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.audit.index.IndexNameResolver;
+import org.elasticsearch.xpack.security.audit.index.IndexNameResolver;
-import org.elasticsearch.shield.audit.logfile.LoggingAuditTrail;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
-import org.elasticsearch.shield.authc.AuthenticationModule;
+import org.elasticsearch.xpack.security.authc.AuthenticationModule;
-import org.elasticsearch.shield.authc.InternalAuthenticationService;
+import org.elasticsearch.xpack.security.authc.InternalAuthenticationService;
-import org.elasticsearch.shield.authc.Realms;
+import org.elasticsearch.xpack.security.authc.Realms;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authc.ldap.support.SessionFactory;
+import org.elasticsearch.xpack.security.authc.ldap.support.SessionFactory;
-import org.elasticsearch.shield.authc.support.SecuredString;
+import org.elasticsearch.xpack.security.authc.support.SecuredString;
-import org.elasticsearch.shield.authc.support.UsernamePasswordToken;
+import org.elasticsearch.xpack.security.authc.support.UsernamePasswordToken;
-import org.elasticsearch.shield.authz.AuthorizationModule;
+import org.elasticsearch.xpack.security.authz.AuthorizationModule;
-import org.elasticsearch.shield.authz.InternalAuthorizationService;
+import org.elasticsearch.xpack.security.authz.InternalAuthorizationService;
-import org.elasticsearch.shield.authz.accesscontrol.OptOutQueryCache;
+import org.elasticsearch.xpack.security.authz.accesscontrol.OptOutQueryCache;
-import org.elasticsearch.shield.authz.accesscontrol.ShieldIndexSearcherWrapper;
+import org.elasticsearch.xpack.security.authz.accesscontrol.SecurityIndexSearcherWrapper;
-import org.elasticsearch.shield.authz.store.FileRolesStore;
+import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
-import org.elasticsearch.shield.crypto.CryptoModule;
+import org.elasticsearch.xpack.security.crypto.CryptoModule;
-import org.elasticsearch.shield.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
-import org.elasticsearch.shield.rest.ShieldRestModule;
+import org.elasticsearch.xpack.security.rest.SecurityRestModule;
-import org.elasticsearch.shield.rest.action.RestAuthenticateAction;
+import org.elasticsearch.xpack.security.rest.action.RestAuthenticateAction;
-import org.elasticsearch.shield.rest.action.realm.RestClearRealmCacheAction;
+import org.elasticsearch.xpack.security.rest.action.realm.RestClearRealmCacheAction;
-import org.elasticsearch.shield.rest.action.role.RestClearRolesCacheAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestClearRolesCacheAction;
-import org.elasticsearch.shield.rest.action.role.RestDeleteRoleAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestDeleteRoleAction;
-import org.elasticsearch.shield.rest.action.role.RestGetRolesAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestGetRolesAction;
-import org.elasticsearch.shield.rest.action.role.RestPutRoleAction;
+import org.elasticsearch.xpack.security.rest.action.role.RestPutRoleAction;
-import org.elasticsearch.shield.rest.action.user.RestChangePasswordAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestChangePasswordAction;
-import org.elasticsearch.shield.rest.action.user.RestDeleteUserAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestDeleteUserAction;
-import org.elasticsearch.shield.rest.action.user.RestGetUsersAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestGetUsersAction;
-import org.elasticsearch.shield.rest.action.user.RestPutUserAction;
+import org.elasticsearch.xpack.security.rest.action.user.RestPutUserAction;
-import org.elasticsearch.shield.ssl.SSLConfiguration;
+import org.elasticsearch.xpack.security.ssl.SSLConfiguration;
-import org.elasticsearch.shield.ssl.SSLModule;
+import org.elasticsearch.xpack.security.ssl.SSLModule;
-import org.elasticsearch.shield.support.OptionalSettings;
+import org.elasticsearch.xpack.security.support.OptionalSettings;
-import org.elasticsearch.shield.transport.ShieldClientTransportService;
+import org.elasticsearch.xpack.security.transport.SecurityClientTransportService;
-import org.elasticsearch.shield.transport.ShieldServerTransportService;
+import org.elasticsearch.xpack.security.transport.SecurityServerTransportService;
-import org.elasticsearch.shield.transport.ShieldTransportModule;
+import org.elasticsearch.xpack.security.transport.SecurityTransportModule;
-import org.elasticsearch.shield.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
-import org.elasticsearch.shield.transport.netty.ShieldNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
-import org.elasticsearch.shield.transport.netty.ShieldNettyTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
-import org.elasticsearch.shield.user.AnonymousUser;
+import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.xpack.XPackPlugin;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
@@ -104,7 +104,6 @@ public class Security {
 
     public static final String NAME = "security";
     public static final String DLS_FLS_FEATURE = "security.dls_fls";
-    public static final String OPT_OUT_QUERY_CACHE = "opt_out_cache";
     public static final Setting<Optional<String>> USER_SETTING = OptionalSettings.createString(setting("user"), Property.NodeScope);
 
     private final Settings settings;
@@ -129,7 +128,7 @@ public class Security {
                 return modules;
             }
             modules.add(new SecurityModule(settings, securityLicenseState));
-            modules.add(new ShieldTransportModule(settings));
+            modules.add(new SecurityTransportModule(settings));
             modules.add(new SSLModule(settings));
             return modules;
         }
@@ -148,9 +147,9 @@ public class Security {
         modules.add(new CryptoModule(settings));
         modules.add(new AuthorizationModule(settings));
         modules.add(new AuditTrailModule(settings));
-        modules.add(new ShieldRestModule(settings));
+        modules.add(new SecurityRestModule(settings));
-        modules.add(new ShieldActionModule(settings));
+        modules.add(new SecurityActionModule(settings));
-        modules.add(new ShieldTransportModule(settings));
+        modules.add(new SecurityTransportModule(settings));
         modules.add(new SSLModule(settings));
         return modules;
     }
@@ -181,7 +180,7 @@ public class Security {
         settingsBuilder.put(NetworkModule.TRANSPORT_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.TRANSPORT_SERVICE_TYPE_KEY, Security.NAME);
         settingsBuilder.put(NetworkModule.HTTP_TYPE_SETTING.getKey(), Security.NAME);
-        ShieldNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
+        SecurityNettyHttpServerTransport.overrideSettings(settingsBuilder, settings);
         addUserSettings(settingsBuilder);
         addTribeSettings(settingsBuilder);
         return settingsBuilder.build();
@@ -197,7 +196,7 @@ public class Security {
         SSLConfiguration.Global.addSettings(settingsList);
 
         // transport settings
-        ShieldNettyTransport.addSettings(settingsList);
+        SecurityNettyTransport.addSettings(settingsList);
 
         if (transportClientMode) {
             return settingsList;
@@ -222,7 +221,7 @@ public class Security {
         InternalAuthorizationService.addSettings(settingsList);
 
         // HTTP settings
-        ShieldNettyHttpServerTransport.addSettings(settingsList);
+        SecurityNettyHttpServerTransport.addSettings(settingsList);
 
         // encryption settings
         InternalCryptoService.addSettings(settingsList);
@@ -260,13 +259,13 @@ public class Security {
 
         assert securityLicenseState != null;
         if (flsDlsEnabled(settings)) {
-            module.setSearcherWrapper((indexService) -> new ShieldIndexSearcherWrapper(indexService.getIndexSettings(),
+            module.setSearcherWrapper((indexService) -> new SecurityIndexSearcherWrapper(indexService.getIndexSettings(),
                     indexService.newQueryShardContext(), indexService.mapperService(),
                     indexService.cache().bitsetFilterCache(), indexService.getIndexServices().getThreadPool().getThreadContext(),
                     securityLicenseState));
         }
         if (transportClientMode == false) {
-            /*  We need to forcefully overwrite the query cache implementation to use Shield's opt out query cache implementation.
+            /*  We need to forcefully overwrite the query cache implementation to use security's opt out query cache implementation.
              *  This impl. disabled the query cache if field level security is used for a particular request. If we wouldn't do
              *  forcefully overwrite the query cache implementation then we leave the system vulnerable to leakages of data to
              *  unauthorized users. */
@@ -280,10 +279,10 @@ public class Security {
         }
         // registering the security filter only for nodes
         if (transportClientMode == false) {
-            module.registerFilter(ShieldActionFilter.class);
+            module.registerFilter(SecurityActionFilter.class);
         }
 
-        // registering all shield actions
+        // registering all security actions
         module.registerAction(ClearRealmCacheAction.INSTANCE, TransportClearRealmCacheAction.class);
         module.registerAction(ClearRolesCacheAction.INSTANCE, TransportClearRolesCacheAction.class);
         module.registerAction(GetUsersAction.INSTANCE, TransportGetUsersAction.class);
@@ -300,15 +299,15 @@ public class Security {
 
         if (transportClientMode) {
             if (enabled) {
-                module.registerTransport(Security.NAME, ShieldNettyTransport.class);
+                module.registerTransport(Security.NAME, SecurityNettyTransport.class);
-                module.registerTransportService(Security.NAME, ShieldClientTransportService.class);
+                module.registerTransportService(Security.NAME, SecurityClientTransportService.class);
             }
             return;
         }
 
         if (enabled) {
-            module.registerTransport(Security.NAME, ShieldNettyTransport.class);
+            module.registerTransport(Security.NAME, SecurityNettyTransport.class);
-            module.registerTransportService(Security.NAME, ShieldServerTransportService.class);
+            module.registerTransportService(Security.NAME, SecurityServerTransportService.class);
             module.registerRestHandler(RestAuthenticateAction.class);
             module.registerRestHandler(RestClearRealmCacheAction.class);
             module.registerRestHandler(RestClearRolesCacheAction.class);
@@ -319,7 +318,7 @@ public class Security {
             module.registerRestHandler(RestPutRoleAction.class);
             module.registerRestHandler(RestDeleteRoleAction.class);
             module.registerRestHandler(RestChangePasswordAction.class);
-            module.registerHttpTransport(Security.NAME, ShieldNettyHttpServerTransport.class);
+            module.registerHttpTransport(Security.NAME, SecurityNettyHttpServerTransport.class);
         }
     }
 
@@ -344,12 +343,12 @@ public class Security {
 
     /**
      * If the current node is a tribe node, we inject additional settings on each tribe client. We do this to make sure
-     * that every tribe cluster has shield installed and is enabled. We do that by:
+     * that every tribe cluster has x-pack installed and security is enabled. We do that by:
      *
-     *    - making it mandatory on the tribe client (this means that the tribe node will fail at startup if shield is
+     *    - making it mandatory on the tribe client (this means that the tribe node will fail at startup if x-pack is
      *      not loaded on any tribe due to missing mandatory plugin)
      *
-     *    - forcibly enabling it (that means it's not possible to disable shield on the tribe clients)
+     *    - forcibly enabling it (that means it's not possible to disable security on the tribe clients)
      */
     private void addTribeSettings(Settings.Builder settingsBuilder) {
         Map<String, Settings> tribesSettings = settings.getGroups("tribe", true);
@@ -366,7 +365,7 @@ public class Security {
             // otherwise (arrays don't get merged)
             String[] existingMandatoryPlugins = tribeSettings.getValue().getAsArray("plugin.mandatory", null);
             if (existingMandatoryPlugins == null) {
-                //shield is mandatory on every tribe if installed and enabled on the tribe node
+                //x-pack is mandatory on every tribe if installed and enabled on the tribe node
                 settingsBuilder.putArray(tribePrefix + "plugin.mandatory", XPackPlugin.NAME);
             } else {
                 if (Arrays.binarySearch(existingMandatoryPlugins, XPackPlugin.NAME) < 0) {
@@ -383,11 +382,11 @@ public class Security {
                             + settings.get(tribeEnabledSetting) + "]");
                 }
             } else {
-                //shield must be enabled on every tribe if it's enabled on the tribe node
+                //x-pack security must be enabled on every tribe if it's enabled on the tribe node
                 settingsBuilder.put(tribeEnabledSetting, true);
             }
 
-            // we passed all the checks now we need to copy in all of the shield settings
+            // we passed all the checks now we need to copy in all of the x-pack security settings
             for (Map.Entry<String, String> entry : settingsMap.entrySet()) {
                 String key = entry.getKey();
                 if (key.startsWith("xpack.security.")) {
@@ -433,7 +432,7 @@ public class Security {
         final String auditIndex = indexAuditingEnabled ? "," + IndexAuditTrail.INDEX_NAME_PREFIX + "*" : "";
         String errorMessage = LoggerMessageFormat.format("the [action.auto_create_index] setting value [{}] is too" +
                 " restrictive. disable [action.auto_create_index] or set it to " +
-                "[{}{}]", (Object) value, ShieldTemplateService.SECURITY_INDEX_NAME, auditIndex);
+                "[{}{}]", (Object) value, SecurityTemplateService.SECURITY_INDEX_NAME, auditIndex);
         if (Booleans.isExplicitFalse(value)) {
             throw new IllegalArgumentException(errorMessage);
         }
@@ -444,7 +443,7 @@ public class Security {
 
         String[] matches = Strings.commaDelimitedListToStringArray(value);
         List<String> indices = new ArrayList<>();
-        indices.add(ShieldTemplateService.SECURITY_INDEX_NAME);
+        indices.add(SecurityTemplateService.SECURITY_INDEX_NAME);
         if (indexAuditingEnabled) {
             DateTime now = new DateTime(DateTimeZone.UTC);
             // just use daily rollover
@@ -487,7 +486,7 @@ public class Security {
             logger.warn("the [action.auto_create_index] setting is configured to be restrictive [{}]. " +
                     " for the next 6 months audit indices are allowed to be created, but please make sure" +
                     " that any future history indices after 6 months with the pattern " +
-                    "[.shield_audit_log*] are allowed to be created", value);
+                    "[.security_audit_log*] are allowed to be created", value);
         }
     }
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityContext.java

@@ -3,14 +3,14 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.shield.authc.Authentication;
+import org.elasticsearch.xpack.security.authc.Authentication;
-import org.elasticsearch.shield.authc.AuthenticationService;
+import org.elasticsearch.xpack.security.authc.AuthenticationService;
-import org.elasticsearch.shield.user.User;
+import org.elasticsearch.xpack.security.user.User;
 import org.elasticsearch.threadpool.ThreadPool;
 
 import java.io.IOException;

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.inject.Inject;
@@ -13,9 +13,9 @@ import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.io.stream.Writeable;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentBuilder;
-import org.elasticsearch.shield.authc.Realm;
+import org.elasticsearch.xpack.security.authc.Realm;
-import org.elasticsearch.shield.authc.Realms;
+import org.elasticsearch.xpack.security.authc.Realms;
-import org.elasticsearch.shield.authc.esnative.ReservedRealm;
+import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 import org.elasticsearch.xpack.XPackFeatureSet;
 
 import java.io.IOException;

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicenseState.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.license.core.License.OperationMode;
 import org.elasticsearch.license.plugin.core.LicenseState;
@@ -11,7 +11,7 @@ import org.elasticsearch.license.plugin.core.Licensee.Status;
 
 
 /**
- * This class serves to decouple shield code that needs to check the license state from the {@link SecurityLicensee} as the
+ * This class serves to decouple security code that needs to check the license state from the {@link SecurityLicensee} as the
  * tight coupling causes issues with guice injection and circular dependencies
  */
 public class SecurityLicenseState {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLicensee.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.Strings;
@@ -20,19 +20,19 @@ import org.elasticsearch.license.plugin.core.LicenseeRegistry;
 public class SecurityLicensee extends AbstractLicenseeComponent<SecurityLicensee> implements Licensee {
 
     private final boolean isTribeNode;
-    private final SecurityLicenseState shieldLicenseState;
+    private final SecurityLicenseState securityLicenseState;
 
     @Inject
-    public SecurityLicensee(Settings settings, LicenseeRegistry clientService, SecurityLicenseState shieldLicenseState) {
+    public SecurityLicensee(Settings settings, LicenseeRegistry clientService, SecurityLicenseState securityLicenseState) {
         super(settings, Security.NAME, clientService);
-        this.shieldLicenseState = shieldLicenseState;
+        this.securityLicenseState = securityLicenseState;
         this.isTribeNode = settings.getGroups("tribe", true).isEmpty() == false;
     }
 
     @Override
     public void onChange(Status status) {
         super.onChange(status);
-        shieldLicenseState.updateStatus(status);
+        securityLicenseState.updateStatus(status);
     }
 
     @Override

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.cluster.ClusterChangedEvent;
 import org.elasticsearch.cluster.service.ClusterService;
@@ -14,10 +14,10 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.inject.Provider;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
-import org.elasticsearch.shield.audit.AuditTrailModule;
+import org.elasticsearch.xpack.security.audit.AuditTrailModule;
-import org.elasticsearch.shield.audit.index.IndexAuditTrail;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail;
-import org.elasticsearch.shield.authc.esnative.NativeUsersStore;
+import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
-import org.elasticsearch.shield.authz.store.NativeRolesStore;
+import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
 import org.elasticsearch.threadpool.ThreadPool;
 
 /**
@@ -31,7 +31,7 @@ import org.elasticsearch.threadpool.ThreadPool;
  * successful. This lifecycle service allows for this to happen by listening for {@link ClusterChangedEvent} and checking
  * if the services can start. Additionally, the service also provides hooks for stop and close functionality.
  */
-public class ShieldLifecycleService extends AbstractComponent implements ClusterStateListener {
+public class SecurityLifecycleService extends AbstractComponent implements ClusterStateListener {
 
     private final Settings settings;
     private final ThreadPool threadPool;
@@ -40,9 +40,9 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
     private final NativeRolesStore nativeRolesStore;
 
     @Inject
-    public ShieldLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
+    public SecurityLifecycleService(Settings settings, ClusterService clusterService, ThreadPool threadPool,
-                                  IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
+                                    IndexAuditTrail indexAuditTrail, NativeUsersStore nativeUserStore,
-                                  NativeRolesStore nativeRolesStore, Provider<InternalClient> clientProvider) {
+                                    NativeRolesStore nativeRolesStore, Provider<InternalClient> clientProvider) {
         super(settings);
         this.settings = settings;
         this.threadPool = threadPool;
@@ -54,7 +54,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
         clusterService.add(this);
         clusterService.add(nativeUserStore);
         clusterService.add(nativeRolesStore);
-        clusterService.add(new ShieldTemplateService(settings, clusterService, clientProvider, threadPool));
+        clusterService.add(new SecurityTemplateService(settings, clusterService, clientProvider, threadPool));
         clusterService.addLifecycleListener(new LifecycleListener() {
 
             @Override
@@ -78,7 +78,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                     @Override
                     public void onFailure(Throwable throwable) {
                         logger.error("failed to start native user store service", throwable);
-                        assert false : "shield lifecycle services startup failed";
+                        assert false : "security lifecycle services startup failed";
                     }
 
                     @Override
@@ -97,7 +97,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                     @Override
                     public void onFailure(Throwable throwable) {
                         logger.error("failed to start native roles store services", throwable);
-                        assert false : "shield lifecycle services startup failed";
+                        assert false : "security lifecycle services startup failed";
                     }
 
                     @Override
@@ -119,7 +119,7 @@ public class ShieldLifecycleService extends AbstractComponent implements Cluster
                         @Override
                         public void onFailure(Throwable throwable) {
                             logger.error("failed to start index audit trail services", throwable);
-                            assert false : "shield lifecycle services startup failed";
+                            assert false : "security lifecycle services startup failed";
                         }
 
                         @Override

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityModule.java

@@ -3,17 +3,17 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.shield.support.AbstractShieldModule;
+import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 import org.elasticsearch.xpack.XPackPlugin;
 
 /**
  *
  */
-public class SecurityModule extends AbstractShieldModule {
+public class SecurityModule extends AbstractSecurityModule {
 
     private final SecurityLicenseState securityLicenseState;
 
@@ -36,10 +36,10 @@ public class SecurityModule extends AbstractShieldModule {
 
         XPackPlugin.bindFeatureSet(binder(), SecurityFeatureSet.class);
 
-        if (shieldEnabled) {
+        if (securityEnabled) {
             bind(SecurityContext.Secure.class).asEagerSingleton();
             bind(SecurityContext.class).to(SecurityContext.Secure.class);
-            bind(ShieldLifecycleService.class).asEagerSingleton();
+            bind(SecurityLifecycleService.class).asEagerSingleton();
             bind(InternalClient.Secure.class).asEagerSingleton();
             bind(InternalClient.class).to(InternalClient.Secure.class);
         } else {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield;
+package org.elasticsearch.xpack.security;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
@@ -28,10 +28,10 @@ import java.io.InputStream;
 import java.util.concurrent.atomic.AtomicBoolean;
 
 /**
- * ShieldTemplateService is responsible for adding the template needed for the
+ * SecurityTemplateService is responsible for adding the template needed for the
  * {@code .security} administrative index.
  */
-public class ShieldTemplateService extends AbstractComponent implements ClusterStateListener {
+public class SecurityTemplateService extends AbstractComponent implements ClusterStateListener {
 
     public static final String SECURITY_INDEX_NAME = ".security";
     public static final String SECURITY_TEMPLATE_NAME = "security-index-template";
@@ -40,31 +40,31 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
     private final Provider<InternalClient> clientProvider;
     private final AtomicBoolean templateCreationPending = new AtomicBoolean(false);
 
-    public ShieldTemplateService(Settings settings, ClusterService clusterService,
+    public SecurityTemplateService(Settings settings, ClusterService clusterService,
-            Provider<InternalClient> clientProvider, ThreadPool threadPool) {
+                                   Provider<InternalClient> clientProvider, ThreadPool threadPool) {
         super(settings);
         this.threadPool = threadPool;
         this.clientProvider = clientProvider;
         clusterService.add(this);
     }
 
-    private void createShieldTemplate() {
+    private void createSecurityTemplate() {
         final Client client = clientProvider.get();
         try (InputStream is = getClass().getResourceAsStream("/" + SECURITY_TEMPLATE_NAME + ".json")) {
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             Streams.copy(is, out);
             final byte[] template = out.toByteArray();
-            logger.debug("putting the shield index template");
+            logger.debug("putting the security index template");
             PutIndexTemplateRequest putTemplateRequest = client.admin().indices()
                     .preparePutTemplate(SECURITY_TEMPLATE_NAME).setSource(template).request();
             PutIndexTemplateResponse templateResponse = client.admin().indices().putTemplate(putTemplateRequest).get();
             if (templateResponse.isAcknowledged() == false) {
-                throw new ElasticsearchException("adding template for shield admin index was not acknowledged");
+                throw new ElasticsearchException("adding template for security index was not acknowledged");
             }
         } catch (Exception e) {
-            logger.error("failed to create shield admin index template [{}]",
+            logger.error("failed to create security index template [{}]",
                     e, SECURITY_INDEX_NAME);
-            throw new IllegalStateException("failed to create shield admin index template [" +
+            throw new IllegalStateException("failed to create security index template [" +
                     SECURITY_INDEX_NAME + "]", e);
         }
     }
@@ -72,15 +72,15 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
     @Override
     public void clusterChanged(ClusterChangedEvent event) {
         if (event.state().blocks().hasGlobalBlock(GatewayService.STATE_NOT_RECOVERED_BLOCK)) {
-            // wait until the gateway has recovered from disk, otherwise we think may not have .shield-audit-
+            // wait until the gateway has recovered from disk, otherwise we think may not have .security-audit-
             // but they may not have been restored from the cluster state on disk
             logger.debug("template service waiting until state has been recovered");
             return;
         }
         
-        IndexRoutingTable shieldIndexRouting = event.state().routingTable().index(SECURITY_INDEX_NAME);
+        IndexRoutingTable securityIndexRouting = event.state().routingTable().index(SECURITY_INDEX_NAME);
 
-        if (shieldIndexRouting == null) {
+        if (securityIndexRouting == null) {
             if (event.localNodeMaster()) {
                 ClusterState state = event.state();
                 // TODO for the future need to add some checking in the event the template needs to be updated...
@@ -91,14 +91,14 @@ public class ShieldTemplateService extends AbstractComponent implements ClusterS
                     threadPool.generic().execute(new AbstractRunnable() {
                         @Override
                         public void onFailure(Throwable t) {
-                            logger.warn("failed to create shield admin template", t);
+                            logger.warn("failed to create security index template", t);
                             templateCreationPending.set(false);
                         }
 
                         @Override
                         protected void doRun() throws Exception {
                             if (createTemplate) {
-                                createShieldTemplate();
+                                createSecurityTemplate();
                             }
                             templateCreationPending.set(false);
                         }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/SecurityActionMapper.java

@@ -3,7 +3,7 @@
  * or more contributor license agreements. Licensed under the Elastic License;
  * you may not use this file except in compliance with the Elastic License.
  */
-package org.elasticsearch.shield.action;
+package org.elasticsearch.xpack.security.action;
 
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeAction;
 import org.elasticsearch.action.admin.indices.analyze.AnalyzeRequest;
@@ -12,18 +12,18 @@ import org.elasticsearch.action.search.ClearScrollRequest;
 import org.elasticsearch.transport.TransportRequest;
 
 /**
- * This class analyzes an incoming request and its action name, and returns the shield action name for it.
+ * This class analyzes an incoming request and its action name, and returns the security action name for it.
  * In many cases the action name is the same as the original one used in es core, but in some exceptional cases it might need
  * to be converted. For instance a clear_scroll that targets all opened scrolls gets converted to a different action that requires
  * cluster privileges instead of the default indices privileges, still valid for clear scrolls that target specific scroll ids.
  */
-public class ShieldActionMapper {
+public class SecurityActionMapper {
 
     static final String CLUSTER_PERMISSION_SCROLL_CLEAR_ALL_NAME = "cluster:admin/indices/scroll/clear_all";
     static final String CLUSTER_PERMISSION_ANALYZE = "cluster:admin/analyze";
 
     /**
-     * Returns the shield specific action name given the incoming action name and request
+     * Returns the security specific action name given the incoming action name and request
      */
     public String action(String action, TransportRequest request) {
         switch (action) {