honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Split license allowed checks into two types (#58704) (#58797) 

The checks on the license state have a singular method, isAllowed, that
returns whether the given feature is allowed by the current license.
However, there are two classes of usages, one which intends to actually
use a feature, and another that intends to return in telemetry whether
the feature is allowed. When feature usage tracking is added, the latter
case should not count as a "usage", so this commit reworks the calls to
isAllowed into 2 methods, checkFeature, which will (eventually) both
check whether a feature is allowed, and keep track of the last usage
time, and isAllowed, which simply determines whether the feature is
allowed.

Note that I considered having a boolean flag on the current method, but
wanted the additional clarity that a different method name provides,
versus a boolean flag which is more easily copied without realizing what
the flag means since it is nameless in call sites.
This commit is contained in:
Ryan Ernst 2020-07-01 07:11:05 -07:00 committed by GitHub
parent f7dc09340b
commit c23613e05a
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
116 changed files with 494 additions and 468 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
x-pack/plugin/analytics/src/main/java/org/elasticsearch/xpack/analytics/AnalyticsPlugin.java
View File

@ -179,7 +179,7 @@ public class AnalyticsPlugin extends Plugin implements SearchPlugin, ActionPlugi
private static <T> ContextParser<String, T> checkLicense(ContextParser<String, T> realParser) { private static <T> ContextParser<String, T> checkLicense(ContextParser<String, T> realParser) {
return (parser, name) -> { return (parser, name) -> {
if (getLicenseState().isAllowed(XPackLicenseState.Feature.ANALYTICS) == false) { if (getLicenseState().checkFeature(XPackLicenseState.Feature.ANALYTICS) == false) {
throw LicenseUtils.newComplianceException(XPackField.ANALYTICS); throw LicenseUtils.newComplianceException(XPackField.ANALYTICS);
} }
return realParser.parse(parser, name); return realParser.parse(parser, name);

2
x-pack/plugin/ccr/src/main/java/org/elasticsearch/xpack/ccr/CcrLicenseChecker.java
View File

@ -72,7 +72,7 @@ public class CcrLicenseChecker {
* Constructs a CCR license checker with the default rule based on the license state for checking if CCR is allowed. * Constructs a CCR license checker with the default rule based on the license state for checking if CCR is allowed.
*/ */
CcrLicenseChecker() { CcrLicenseChecker() {
this(() -> XPackPlugin.getSharedLicenseState().isAllowed(XPackLicenseState.Feature.CCR), this(() -> XPackPlugin.getSharedLicenseState().checkFeature(XPackLicenseState.Feature.CCR),
XPackPlugin.getSharedLicenseState()::isSecurityEnabled); XPackPlugin.getSharedLicenseState()::isSecurityEnabled);
} }

28
x-pack/plugin/ccr/src/test/java/org/elasticsearch/xpack/monitoring/collector/ccr/StatsCollectorTests.java
View File

@ -46,14 +46,14 @@ public class StatsCollectorTests extends BaseCollectorTestCase {
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(false);
when(licenseState.isAllowed(XPackLicenseState.Feature.CCR)).thenReturn(ccrAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.CCR)).thenReturn(ccrAllowed);
final StatsCollector collector = createCollector(settings, clusterService, licenseState, client); final StatsCollector collector = createCollector(settings, clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
} }
@ -61,8 +61,8 @@ public class StatsCollectorTests extends BaseCollectorTestCase {
// regardless of CCR being enabled // regardless of CCR being enabled
final Settings settings = randomFrom(ccrEnabledSettings(), ccrDisabledSettings()); final Settings settings = randomFrom(ccrEnabledSettings(), ccrDisabledSettings());
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean());
when(licenseState.isAllowed(XPackLicenseState.Feature.CCR)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.CCR)).thenReturn(randomBoolean());
// this controls the blockage // this controls the blockage
final boolean isElectedMaster = false; final boolean isElectedMaster = false;
@ -75,8 +75,8 @@ public class StatsCollectorTests extends BaseCollectorTestCase {
// this is controls the blockage // this is controls the blockage
final Settings settings = ccrDisabledSettings(); final Settings settings = ccrDisabledSettings();
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean());
when(licenseState.isAllowed(XPackLicenseState.Feature.CCR)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.CCR)).thenReturn(randomBoolean());
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -86,16 +86,16 @@ public class StatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfCCRIsNotAllowed() { public void testShouldCollectReturnsFalseIfCCRIsNotAllowed() {
final Settings settings = randomFrom(ccrEnabledSettings(), ccrDisabledSettings()); final Settings settings = randomFrom(ccrEnabledSettings(), ccrDisabledSettings());
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean());
// this is controls the blockage // this is controls the blockage
when(licenseState.isAllowed(XPackLicenseState.Feature.CCR)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.CCR)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -104,22 +104,22 @@ public class StatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
final Settings settings = ccrEnabledSettings(); final Settings settings = ccrEnabledSettings();
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(true);
when(licenseState.isAllowed(XPackLicenseState.Feature.CCR)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.CCR)).thenReturn(true);
final boolean isElectedMaster = true; final boolean isElectedMaster = true;
final StatsCollector collector = createCollector(settings, clusterService, licenseState, client); final StatsCollector collector = createCollector(settings, clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(true)); assertThat(collector.shouldCollect(isElectedMaster), is(true));
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {

17
x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java
View File

@ -411,7 +411,6 @@ public class XPackLicenseState {
private XPackLicenseState(List<LicenseStateListener> listeners, boolean isSecurityEnabled, boolean isSecurityExplicitlyEnabled, private XPackLicenseState(List<LicenseStateListener> listeners, boolean isSecurityEnabled, boolean isSecurityExplicitlyEnabled,
Status status) { Status status) {
this.listeners = listeners; this.listeners = listeners;
this.isSecurityEnabled = isSecurityEnabled; this.isSecurityEnabled = isSecurityEnabled;
this.isSecurityExplicitlyEnabled = isSecurityExplicitlyEnabled; this.isSecurityExplicitlyEnabled = isSecurityExplicitlyEnabled;
@ -475,6 +474,19 @@ public class XPackLicenseState {
return checkAgainstStatus(status -> status.active); return checkAgainstStatus(status -> status.active);
} }
/**
* Checks whether the given feature is allowed, tracking the last usage time.
*/
public boolean checkFeature(Feature feature) {
// TODO: usage tracking is not yet implemented
return isAllowed(feature);
}
/**
* Checks whether the given feature is allowed by the current license.
* <p>
* This method should only be used when serializing whether a feature is allowed for telemetry.
*/
public boolean isAllowed(Feature feature) { public boolean isAllowed(Feature feature) {
return isAllowedByLicense(feature.minimumOperationMode, feature.needsActive); return isAllowedByLicense(feature.minimumOperationMode, feature.needsActive);
} }
@ -551,7 +563,8 @@ public class XPackLicenseState {
* is needed for multiple interactions with the license state. * is needed for multiple interactions with the license state.
*/ */
public XPackLicenseState copyCurrentLicenseState() { public XPackLicenseState copyCurrentLicenseState() {
return executeAgainstStatus(status -> new XPackLicenseState(listeners, isSecurityEnabled, isSecurityExplicitlyEnabled, status)); return executeAgainstStatus(status ->
new XPackLicenseState(listeners, isSecurityEnabled, isSecurityExplicitlyEnabled, status));
} }
/** /**

2
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexReaderWrapper.java
View File

@ -63,7 +63,7 @@ public class SecurityIndexReaderWrapper implements CheckedFunction<DirectoryRead
@Override @Override
public DirectoryReader apply(final DirectoryReader reader) { public DirectoryReader apply(final DirectoryReader reader) {
if (licenseState.isSecurityEnabled() == false || if (licenseState.isSecurityEnabled() == false ||
licenseState.isAllowed(Feature.SECURITY_DLS_FLS) == false) { licenseState.checkFeature(Feature.SECURITY_DLS_FLS) == false) {
return reader; return reader;
} }

2
x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/watcher/actions/throttler/ActionThrottler.java
View File

@ -38,7 +38,7 @@ public class ActionThrottler implements Throttler {
@Override @Override
public Result throttle(String actionId, WatchExecutionContext ctx) { public Result throttle(String actionId, WatchExecutionContext ctx) {
if (licenseState.isAllowed(XPackLicenseState.Feature.WATCHER) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.WATCHER) == false) {
return Result.throttle(LICENSE, "watcher license does not allow action execution"); return Result.throttle(LICENSE, "watcher license does not allow action execution");
} }
if (periodThrottler != null) { if (periodThrottler != null) {

8
x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicenseRegistrationTests.java
View File

@ -23,7 +23,7 @@ import static org.mockito.Mockito.when;
public class LicenseRegistrationTests extends AbstractLicenseServiceTestCase { public class LicenseRegistrationTests extends AbstractLicenseServiceTestCase {
public void testSelfGeneratedTrialLicense() throws Exception { public void testSelfGeneratedTrialLicense() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(null, licenseState, Settings.EMPTY, "trial"); setInitialState(null, licenseState, Settings.EMPTY, "trial");
when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true); when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true);
licenseService.start(); licenseService.start();
@ -42,7 +42,7 @@ public class LicenseRegistrationTests extends AbstractLicenseServiceTestCase {
} }
public void testSelfGeneratedBasicLicense() throws Exception { public void testSelfGeneratedBasicLicense() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(null, licenseState, Settings.EMPTY, "basic"); setInitialState(null, licenseState, Settings.EMPTY, "basic");
when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true); when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true);
licenseService.start(); licenseService.start();
@ -74,7 +74,7 @@ public class LicenseRegistrationTests extends AbstractLicenseServiceTestCase {
.maxNodes(5); .maxNodes(5);
License license = TestUtils.generateSignedLicense(builder); License license = TestUtils.generateSignedLicense(builder);
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(license, licenseState, Settings.EMPTY); setInitialState(license, licenseState, Settings.EMPTY);
when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true); when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true);
licenseService.start(); licenseService.start();
@ -106,7 +106,7 @@ public class LicenseRegistrationTests extends AbstractLicenseServiceTestCase {
.expiryDate(dateMath("now-2h", now)); .expiryDate(dateMath("now-2h", now));
License license = SelfGeneratedLicense.create(builder, License.VERSION_CURRENT); License license = SelfGeneratedLicense.create(builder, License.VERSION_CURRENT);
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(license, licenseState, Settings.EMPTY); setInitialState(license, licenseState, Settings.EMPTY);
when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true); when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(true);
licenseService.start(); licenseService.start();

8
x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicensesAcknowledgementTests.java
View File

@ -22,7 +22,7 @@ import static org.mockito.Mockito.verify;
public class LicensesAcknowledgementTests extends AbstractLicenseServiceTestCase { public class LicensesAcknowledgementTests extends AbstractLicenseServiceTestCase {
public void testAcknowledgment() throws Exception { public void testAcknowledgment() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(TestUtils.generateSignedLicense("gold", timeValueHours(2)), licenseState, Settings.EMPTY); setInitialState(TestUtils.generateSignedLicense("gold", timeValueHours(2)), licenseState, Settings.EMPTY);
licenseService.start(); licenseService.start();
// try installing a signed license // try installing a signed license
@ -42,7 +42,7 @@ public class LicensesAcknowledgementTests extends AbstractLicenseServiceTestCase
} }
public void testRejectUpgradeToProductionWithoutTLS() throws Exception { public void testRejectUpgradeToProductionWithoutTLS() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.EMPTY); setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.EMPTY);
licenseService.start(); licenseService.start();
// try installing a signed license // try installing a signed license
@ -55,7 +55,7 @@ public class LicensesAcknowledgementTests extends AbstractLicenseServiceTestCase
} }
public void testUpgradeToProductionWithoutTLSAndSecurityDisabled() throws Exception { public void testUpgradeToProductionWithoutTLSAndSecurityDisabled() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.builder() setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.builder()
.put("xpack.security.enabled", false).build()); .put("xpack.security.enabled", false).build());
licenseService.start(); licenseService.start();
@ -74,7 +74,7 @@ public class LicensesAcknowledgementTests extends AbstractLicenseServiceTestCase
} }
public void testUpgradeToProductionWithTLSAndSecurity() throws Exception { public void testUpgradeToProductionWithTLSAndSecurity() throws Exception {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.builder() setInitialState(TestUtils.generateSignedLicense("trial", timeValueHours(2)), licenseState, Settings.builder()
.put("xpack.security.enabled", true) .put("xpack.security.enabled", true)
.put("xpack.security.transport.ssl.enabled", true).build()); .put("xpack.security.transport.ssl.enabled", true).build());

4
x-pack/plugin/core/src/test/java/org/elasticsearch/license/TestUtils.java
View File

@ -392,6 +392,10 @@ public class TestUtils {
} }
} }
public static XPackLicenseState newTestLicenseState() {
return new XPackLicenseState(Settings.EMPTY);
}
public static void putLicense(Metadata.Builder builder, License license) { public static void putLicense(Metadata.Builder builder, License license) {
builder.putCustom(LicensesMetadata.TYPE, new LicensesMetadata(license, null)); builder.putCustom(LicensesMetadata.TYPE, new LicensesMetadata(license, null));
} }

388
x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java
View File

@ -33,7 +33,7 @@ public class XPackLicenseStateTests extends ESTestCase {
/** Creates a license state with the given license type and active state, and checks the given method returns expected. */ /** Creates a license state with the given license type and active state, and checks the given method returns expected. */
void assertAllowed(OperationMode mode, boolean active, Predicate<XPackLicenseState> predicate, boolean expected) { void assertAllowed(OperationMode mode, boolean active, Predicate<XPackLicenseState> predicate, boolean expected) {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(mode, active, null); licenseState.update(mode, active, null);
assertEquals(expected, predicate.test(licenseState)); assertEquals(expected, predicate.test(licenseState));
} }
@ -76,41 +76,41 @@ public class XPackLicenseStateTests extends ESTestCase {
} }
public void testSecurityDefaults() { public void testSecurityDefaults() {
XPackLicenseState licenseState = Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build();
new XPackLicenseState(Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); XPackLicenseState licenseState = new XPackLicenseState(settings);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(true));
licenseState = new XPackLicenseState(Settings.EMPTY); licenseState = TestUtils.newTestLicenseState();
assertSecurityNotAllowed(licenseState); assertSecurityNotAllowed(licenseState);
} }
public void testTransportSslDoesNotAutomaticallyEnableSecurityOnTrialLicense() { public void testTransportSslDoesNotAutomaticallyEnableSecurityOnTrialLicense() {
Settings settings = Settings.builder().put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true).build();
final XPackLicenseState licenseState; final XPackLicenseState licenseState;
licenseState = licenseState = new XPackLicenseState(settings);
new XPackLicenseState(Settings.builder().put(XPackSettings.TRANSPORT_SSL_ENABLED.getKey(), true).build());
assertSecurityNotAllowed(licenseState); assertSecurityNotAllowed(licenseState);
} }
public void testSecurityBasicWithoutExplicitSecurityEnabled() { public void testSecurityBasicWithoutExplicitSecurityEnabled() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(BASIC, true, null); licenseState.update(BASIC, true, null);
assertThat(licenseState.isSecurityEnabled(), is(false)); assertThat(licenseState.isSecurityEnabled(), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SECURITY), is(true));
assertThat(licenseState.isSecurityEnabled(), is(false)); assertThat(licenseState.isSecurityEnabled(), is(false));
} }
@ -120,139 +120,145 @@ public class XPackLicenseStateTests extends ESTestCase {
licenseState.update(BASIC, true, null); licenseState.update(BASIC, true, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SECURITY), is(true));
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
} }
public void testSecurityDefaultBasicExpired() { public void testSecurityDefaultBasicExpired() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(BASIC, false, null); licenseState.update(BASIC, false, null);
assertThat(licenseState.isSecurityEnabled(), is(false)); assertThat(licenseState.isSecurityEnabled(), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testSecurityEnabledBasicExpired() { public void testSecurityEnabledBasicExpired() {
XPackLicenseState licenseState = new XPackLicenseState( Settings settings = Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build();
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build()); XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(BASIC, false, null); licenseState.update(BASIC, false, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testSecurityStandard() { public void testSecurityStandard() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(STANDARD, true, null); licenseState.update(STANDARD, true, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
} }
public void testSecurityStandardExpired() { public void testSecurityStandardExpired() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(STANDARD, false, null); licenseState.update(STANDARD, false, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
} }
public void testSecurityGold() { public void testSecurityGold() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(GOLD, true, null); licenseState.update(GOLD, true, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testSecurityGoldExpired() { public void testSecurityGoldExpired() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(GOLD, false, null); licenseState.update(GOLD, false, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testSecurityPlatinum() { public void testSecurityPlatinum() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(PLATINUM, true, null); licenseState.update(PLATINUM, true, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testSecurityPlatinumExpired() { public void testSecurityPlatinumExpired() {
XPackLicenseState licenseState = new XPackLicenseState(randomFrom(Settings.EMPTY, Settings settings = randomFrom(Settings.EMPTY,
Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build())); Settings.builder().put(XPackSettings.SECURITY_ENABLED.getKey(), true).build());
XPackLicenseState licenseState = new XPackLicenseState(settings);
licenseState.update(PLATINUM, false, null); licenseState.update(PLATINUM, false, null);
assertThat(licenseState.isSecurityEnabled(), is(true)); assertThat(licenseState.isSecurityEnabled(), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_IP_FILTERING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_IP_FILTERING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_AUDITING), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_AUDITING), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_DLS_FLS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_DLS_FLS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false)); assertThat(licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS), is(false));
assertThat(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE), is(true));
assertThat(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE), is(true)); assertThat(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE), is(true));
} }
public void testNewTrialDefaultsSecurityOff() { public void testNewTrialDefaultsSecurityOff() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(TRIAL, true, VersionUtils.randomVersionBetween(random(), Version.V_6_3_0, Version.CURRENT)); licenseState.update(TRIAL, true, VersionUtils.randomVersionBetween(random(), Version.V_6_3_0, Version.CURRENT));
assertThat(licenseState.isSecurityEnabled(), is(false)); assertThat(licenseState.isSecurityEnabled(), is(false));
@ -304,172 +310,172 @@ public class XPackLicenseStateTests extends ESTestCase {
} }
public void testMonitoringAllowed() { public void testMonitoringAllowed() {
assertAllowed(randomMode(), true, s -> s.isAllowed(Feature.MONITORING), true); assertAllowed(randomMode(), true, s -> s.checkFeature(Feature.MONITORING), true);
assertAllowed(randomMode(), false, s -> s.isAllowed(Feature.MONITORING), false); assertAllowed(randomMode(), false, s -> s.checkFeature(Feature.MONITORING), false);
} }
public void testMonitoringUpdateRetention() { public void testMonitoringUpdateRetention() {
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), true); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), true);
assertAllowed(GOLD, true, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), true); assertAllowed(GOLD, true, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), true);
assertAllowed(PLATINUM, true, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), true); assertAllowed(PLATINUM, true, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), true);
assertAllowed(TRIAL, true, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), true); assertAllowed(TRIAL, true, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), true);
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), false); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), false);
assertAllowed(MISSING, false, s -> s.isAllowed(Feature.MONITORING_UPDATE_RETENTION), false); assertAllowed(MISSING, false, s -> s.checkFeature(Feature.MONITORING_UPDATE_RETENTION), false);
} }
public void testWatcherPlatinumGoldTrialStandard() throws Exception { public void testWatcherPlatinumGoldTrialStandard() throws Exception {
assertAllowed(TRIAL, true, s -> s.isAllowed(Feature.WATCHER), true); assertAllowed(TRIAL, true, s -> s.checkFeature(Feature.WATCHER), true);
assertAllowed(GOLD, true, s -> s.isAllowed(Feature.WATCHER), true); assertAllowed(GOLD, true, s -> s.checkFeature(Feature.WATCHER), true);
assertAllowed(PLATINUM, true, s -> s.isAllowed(Feature.WATCHER), true); assertAllowed(PLATINUM, true, s -> s.checkFeature(Feature.WATCHER), true);
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.WATCHER), true); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.WATCHER), true);
} }
public void testWatcherBasicLicense() throws Exception { public void testWatcherBasicLicense() throws Exception {
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.WATCHER), false);
} }
public void testWatcherInactive() { public void testWatcherInactive() {
assertAllowed(BASIC, false, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(BASIC, false, s -> s.checkFeature(Feature.WATCHER), false);
} }
public void testWatcherInactivePlatinumGoldTrial() throws Exception { public void testWatcherInactivePlatinumGoldTrial() throws Exception {
assertAllowed(TRIAL, false, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(TRIAL, false, s -> s.checkFeature(Feature.WATCHER), false);
assertAllowed(GOLD, false, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(GOLD, false, s -> s.checkFeature(Feature.WATCHER), false);
assertAllowed(PLATINUM, false, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(PLATINUM, false, s -> s.checkFeature(Feature.WATCHER), false);
assertAllowed(STANDARD, false, s -> s.isAllowed(Feature.WATCHER), false); assertAllowed(STANDARD, false, s -> s.checkFeature(Feature.WATCHER), false);
} }
public void testGraphPlatinumTrial() throws Exception { public void testGraphPlatinumTrial() throws Exception {
assertAllowed(TRIAL, true, s -> s.isAllowed(Feature.GRAPH), true); assertAllowed(TRIAL, true, s -> s.checkFeature(Feature.GRAPH), true);
assertAllowed(PLATINUM, true, s -> s.isAllowed(Feature.GRAPH), true); assertAllowed(PLATINUM, true, s -> s.checkFeature(Feature.GRAPH), true);
} }
public void testGraphBasic() throws Exception { public void testGraphBasic() throws Exception {
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.GRAPH), false); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.GRAPH), false);
} }
public void testGraphStandard() throws Exception { public void testGraphStandard() throws Exception {
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.GRAPH), false); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.GRAPH), false);
} }
public void testGraphInactiveBasic() { public void testGraphInactiveBasic() {
assertAllowed(BASIC, false, s -> s.isAllowed(Feature.GRAPH), false); assertAllowed(BASIC, false, s -> s.checkFeature(Feature.GRAPH), false);
} }
public void testGraphInactivePlatinumTrial() throws Exception { public void testGraphInactivePlatinumTrial() throws Exception {
assertAllowed(TRIAL, false, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(TRIAL, false, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
assertAllowed(PLATINUM, false, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(PLATINUM, false, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
} }
public void testMachineLearningPlatinumTrial() throws Exception { public void testMachineLearningPlatinumTrial() throws Exception {
assertAllowed(TRIAL, true, s -> s.isAllowed(Feature.MACHINE_LEARNING), true); assertAllowed(TRIAL, true, s -> s.checkFeature(Feature.MACHINE_LEARNING), true);
assertAllowed(PLATINUM, true, s -> s.isAllowed(Feature.MACHINE_LEARNING), true); assertAllowed(PLATINUM, true, s -> s.checkFeature(Feature.MACHINE_LEARNING), true);
} }
public void testMachineLearningBasic() throws Exception { public void testMachineLearningBasic() throws Exception {
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
} }
public void testMachineLearningStandard() throws Exception { public void testMachineLearningStandard() throws Exception {
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
} }
public void testMachineLearningInactiveBasic() { public void testMachineLearningInactiveBasic() {
assertAllowed(BASIC, false, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(BASIC, false, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
} }
public void testMachineLearningInactivePlatinumTrial() throws Exception { public void testMachineLearningInactivePlatinumTrial() throws Exception {
assertAllowed(TRIAL, false, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(TRIAL, false, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
assertAllowed(PLATINUM, false, s -> s.isAllowed(Feature.MACHINE_LEARNING), false); assertAllowed(PLATINUM, false, s -> s.checkFeature(Feature.MACHINE_LEARNING), false);
} }
public void testLogstashPlatinumGoldTrialStandard() throws Exception { public void testLogstashPlatinumGoldTrialStandard() throws Exception {
assertAllowed(TRIAL, true, s -> s.isAllowed(Feature.LOGSTASH), true); assertAllowed(TRIAL, true, s -> s.checkFeature(Feature.LOGSTASH), true);
assertAllowed(GOLD, true, s -> s.isAllowed(Feature.LOGSTASH), true); assertAllowed(GOLD, true, s -> s.checkFeature(Feature.LOGSTASH), true);
assertAllowed(PLATINUM, true, s -> s.isAllowed(Feature.LOGSTASH), true); assertAllowed(PLATINUM, true, s -> s.checkFeature(Feature.LOGSTASH), true);
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.LOGSTASH), true); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.LOGSTASH), true);
} }
public void testLogstashBasicLicense() throws Exception { public void testLogstashBasicLicense() throws Exception {
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.LOGSTASH), false);
} }
public void testLogstashInactive() { public void testLogstashInactive() {
assertAllowed(BASIC, false, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(BASIC, false, s -> s.checkFeature(Feature.LOGSTASH), false);
assertAllowed(TRIAL, false, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(TRIAL, false, s -> s.checkFeature(Feature.LOGSTASH), false);
assertAllowed(GOLD, false, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(GOLD, false, s -> s.checkFeature(Feature.LOGSTASH), false);
assertAllowed(PLATINUM, false, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(PLATINUM, false, s -> s.checkFeature(Feature.LOGSTASH), false);
assertAllowed(STANDARD, false, s -> s.isAllowed(Feature.LOGSTASH), false); assertAllowed(STANDARD, false, s -> s.checkFeature(Feature.LOGSTASH), false);
} }
public void testSqlDefaults() { public void testSqlDefaults() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(true));
} }
public void testSqlBasic() { public void testSqlBasic() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(BASIC, true, null); licenseState.update(BASIC, true, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlBasicExpired() { public void testSqlBasicExpired() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(BASIC, false, null); licenseState.update(BASIC, false, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(false));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlStandard() { public void testSqlStandard() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(STANDARD, true, null); licenseState.update(STANDARD, true, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlStandardExpired() { public void testSqlStandardExpired() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(STANDARD, false, null); licenseState.update(STANDARD, false, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(false));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlGold() { public void testSqlGold() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(GOLD, true, null); licenseState.update(GOLD, true, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlGoldExpired() { public void testSqlGoldExpired() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(GOLD, false, null); licenseState.update(GOLD, false, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(false));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlPlatinum() { public void testSqlPlatinum() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(PLATINUM, true, null); licenseState.update(PLATINUM, true, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(true));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(true)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(true));
} }
public void testSqlPlatinumExpired() { public void testSqlPlatinumExpired() {
XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); XPackLicenseState licenseState = TestUtils.newTestLicenseState();
licenseState.update(PLATINUM, false, null); licenseState.update(PLATINUM, false, null);
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.SQL), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.SQL), is(false));
assertThat(licenseState.isAllowed(XPackLicenseState.Feature.JDBC), is(false)); assertThat(licenseState.checkFeature(XPackLicenseState.Feature.JDBC), is(false));
} }
public void testSqlAckAnyToTrialOrPlatinum() { public void testSqlAckAnyToTrialOrPlatinum() {
@ -481,64 +487,64 @@ public class XPackLicenseStateTests extends ESTestCase {
} }
public void testCcrDefaults() { public void testCcrDefaults() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
assertTrue(state.isAllowed(XPackLicenseState.Feature.CCR)); assertTrue(state.checkFeature(XPackLicenseState.Feature.CCR));
} }
public void testCcrBasic() { public void testCcrBasic() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(BASIC, true, null); state.update(BASIC, true, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrBasicExpired() { public void testCcrBasicExpired() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(BASIC, false, null); state.update(BASIC, false, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrStandard() { public void testCcrStandard() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(STANDARD, true, null); state.update(STANDARD, true, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrStandardExpired() { public void testCcrStandardExpired() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(STANDARD, false, null); state.update(STANDARD, false, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrGold() { public void testCcrGold() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(GOLD, true, null); state.update(GOLD, true, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrGoldExpired() { public void testCcrGoldExpired() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(GOLD, false, null); state.update(GOLD, false, null);
assertThat(state.isAllowed(XPackLicenseState.Feature.CCR), is(false)); assertThat(state.checkFeature(XPackLicenseState.Feature.CCR), is(false));
} }
public void testCcrPlatinum() { public void testCcrPlatinum() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(PLATINUM, true, null); state.update(PLATINUM, true, null);
assertTrue(state.isAllowed(XPackLicenseState.Feature.CCR)); assertTrue(state.checkFeature(XPackLicenseState.Feature.CCR));
} }
public void testCcrPlatinumExpired() { public void testCcrPlatinumExpired() {
final XPackLicenseState state = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState state = TestUtils.newTestLicenseState();
state.update(PLATINUM, false, null); state.update(PLATINUM, false, null);
assertFalse(state.isAllowed(XPackLicenseState.Feature.CCR)); assertFalse(state.checkFeature(XPackLicenseState.Feature.CCR));
} }
public void testCcrAckAnyToTrialOrPlatinum() { public void testCcrAckAnyToTrialOrPlatinum() {
@ -550,14 +556,14 @@ public class XPackLicenseStateTests extends ESTestCase {
} }
public void testTransformBasic() throws Exception { public void testTransformBasic() throws Exception {
assertAllowed(BASIC, true, s -> s.isAllowed(Feature.TRANSFORM), true); assertAllowed(BASIC, true, s -> s.checkFeature(Feature.TRANSFORM), true);
} }
public void testTransformStandard() throws Exception { public void testTransformStandard() throws Exception {
assertAllowed(STANDARD, true, s -> s.isAllowed(Feature.TRANSFORM), true); assertAllowed(STANDARD, true, s -> s.checkFeature(Feature.TRANSFORM), true);
} }
public void testTransformInactiveBasic() { public void testTransformInactiveBasic() {
assertAllowed(BASIC, false, s -> s.isAllowed(Feature.TRANSFORM), false); assertAllowed(BASIC, false, s -> s.checkFeature(Feature.TRANSFORM), false);
} }
} }

4
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexReaderWrapperIntegrationTests.java
View File

@ -96,7 +96,7 @@ public class SecurityIndexReaderWrapperIntegrationTests extends AbstractBuilderT
DocumentSubsetBitsetCache bitsetCache = new DocumentSubsetBitsetCache(Settings.EMPTY, Executors.newSingleThreadExecutor()); DocumentSubsetBitsetCache bitsetCache = new DocumentSubsetBitsetCache(Settings.EMPTY, Executors.newSingleThreadExecutor());
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
Directory directory = newDirectory(); Directory directory = newDirectory();
IndexWriter iw = new IndexWriter( IndexWriter iw = new IndexWriter(
@ -229,7 +229,7 @@ public class SecurityIndexReaderWrapperIntegrationTests extends AbstractBuilderT
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
SecurityIndexReaderWrapper wrapper = new SecurityIndexReaderWrapper(s -> queryShardContext, SecurityIndexReaderWrapper wrapper = new SecurityIndexReaderWrapper(s -> queryShardContext,
bitsetCache, securityContext, licenseState, scriptService) { bitsetCache, securityContext, licenseState, scriptService) {

4
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authz/accesscontrol/SecurityIndexReaderWrapperUnitTests.java
View File

@ -66,7 +66,7 @@ public class SecurityIndexReaderWrapperUnitTests extends ESTestCase {
ShardId shardId = new ShardId(index, 0); ShardId shardId = new ShardId(index, 0);
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
securityContext = new SecurityContext(Settings.EMPTY, new ThreadContext(Settings.EMPTY)); securityContext = new SecurityContext(Settings.EMPTY, new ThreadContext(Settings.EMPTY));
IndexShard indexShard = mock(IndexShard.class); IndexShard indexShard = mock(IndexShard.class);
when(indexShard.shardId()).thenReturn(shardId); when(indexShard.shardId()).thenReturn(shardId);
@ -115,7 +115,7 @@ public class SecurityIndexReaderWrapperUnitTests extends ESTestCase {
} }
public void testWrapReaderWhenFeatureDisabled() throws Exception { public void testWrapReaderWhenFeatureDisabled() throws Exception {
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(false);
securityIndexReaderWrapper = securityIndexReaderWrapper =
new SecurityIndexReaderWrapper(null, null, securityContext, licenseState, scriptService); new SecurityIndexReaderWrapper(null, null, securityContext, licenseState, scriptService);
DirectoryReader reader = securityIndexReaderWrapper.apply(esIn); DirectoryReader reader = securityIndexReaderWrapper.apply(esIn);

12
x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/watcher/actions/throttler/WatchThrottlerTests.java
View File

@ -25,7 +25,7 @@ public class WatchThrottlerTests extends ESTestCase {
Throttler.Result expectedResult = Throttler.Result.throttle(Throttler.Type.ACK, "_reason"); Throttler.Result expectedResult = Throttler.Result.throttle(Throttler.Type.ACK, "_reason");
when(ackThrottler.throttle("_action", ctx)).thenReturn(expectedResult); when(ackThrottler.throttle("_action", ctx)).thenReturn(expectedResult);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(true); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(true);
ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -40,7 +40,7 @@ public class WatchThrottlerTests extends ESTestCase {
when(periodThrottler.throttle("_action", ctx)).thenReturn(expectedResult); when(periodThrottler.throttle("_action", ctx)).thenReturn(expectedResult);
when(ackThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO); when(ackThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(true); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(true);
ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -56,7 +56,7 @@ public class WatchThrottlerTests extends ESTestCase {
Throttler.Result ackResult = Throttler.Result.throttle(Throttler.Type.ACK, "_reason_ack"); Throttler.Result ackResult = Throttler.Result.throttle(Throttler.Type.ACK, "_reason_ack");
when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult); when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(true); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(true);
ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -71,7 +71,7 @@ public class WatchThrottlerTests extends ESTestCase {
when(periodThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO); when(periodThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO);
when(ackThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO); when(ackThrottler.throttle("_action", ctx)).thenReturn(Throttler.Result.NO);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(true); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(true);
ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(periodThrottler, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -84,7 +84,7 @@ public class WatchThrottlerTests extends ESTestCase {
Throttler.Result ackResult = mock(Throttler.Result.class); Throttler.Result ackResult = mock(Throttler.Result.class);
when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult); when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(true); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(true);
ActionThrottler throttler = new ActionThrottler(null, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(null, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());
@ -97,7 +97,7 @@ public class WatchThrottlerTests extends ESTestCase {
Throttler.Result ackResult = mock(Throttler.Result.class); Throttler.Result ackResult = mock(Throttler.Result.class);
when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult); when(ackThrottler.throttle("_action", ctx)).thenReturn(ackResult);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.WATCHER)).thenReturn(false); when(licenseState.checkFeature(Feature.WATCHER)).thenReturn(false);
ActionThrottler throttler = new ActionThrottler(null, ackThrottler, licenseState); ActionThrottler throttler = new ActionThrottler(null, ackThrottler, licenseState);
Throttler.Result result = throttler.throttle("_action", ctx); Throttler.Result result = throttler.throttle("_action", ctx);
assertThat(result, notNullValue()); assertThat(result, notNullValue());

2
x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/TransportDeprecationInfoAction.java
View File

@ -86,7 +86,7 @@ public class TransportDeprecationInfoAction extends TransportMasterNodeReadActio
@Override @Override
protected final void masterOperation(final DeprecationInfoAction.Request request, ClusterState state, protected final void masterOperation(final DeprecationInfoAction.Request request, ClusterState state,
final ActionListener<DeprecationInfoAction.Response> listener) { final ActionListener<DeprecationInfoAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.DEPRECATION)) { if (licenseState.checkFeature(XPackLicenseState.Feature.DEPRECATION)) {
NodesDeprecationCheckRequest nodeDepReq = new NodesDeprecationCheckRequest("_all"); NodesDeprecationCheckRequest nodeDepReq = new NodesDeprecationCheckRequest("_all");
ClientHelper.executeAsyncWithOrigin(client, ClientHelper.DEPRECATION_ORIGIN, ClientHelper.executeAsyncWithOrigin(client, ClientHelper.DEPRECATION_ORIGIN,

22
x-pack/plugin/enrich/src/test/java/org/elasticsearch/xpack/monitoring/collector/enrich/EnrichStatsCollectorTests.java
View File

@ -43,20 +43,20 @@ public class EnrichStatsCollectorTests extends BaseCollectorTestCase {
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(false);
when(licenseState.isAllowed(XPackLicenseState.Feature.ENRICH)).thenReturn(enrichAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.ENRICH)).thenReturn(enrichAllowed);
final EnrichStatsCollector collector = createCollector(clusterService, licenseState, client); final EnrichStatsCollector collector = createCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfNotMaster() { public void testShouldCollectReturnsFalseIfNotMaster() {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(randomBoolean());
when(licenseState.isAllowed(XPackLicenseState.Feature.ENRICH)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.ENRICH)).thenReturn(randomBoolean());
// this controls the blockage // this controls the blockage
final boolean isElectedMaster = false; final boolean isElectedMaster = false;
@ -67,9 +67,9 @@ public class EnrichStatsCollectorTests extends BaseCollectorTestCase {
public void testShouldCollectReturnsFalseIfEnrichIsNotAllowed() { public void testShouldCollectReturnsFalseIfEnrichIsNotAllowed() {
boolean isMonitoringAllowed = randomBoolean(); boolean isMonitoringAllowed = randomBoolean();
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(isMonitoringAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(isMonitoringAllowed);
// this is controls the blockage // this is controls the blockage
when(licenseState.isAllowed(XPackLicenseState.Feature.ENRICH)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.ENRICH)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -78,20 +78,20 @@ public class EnrichStatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING)).thenReturn(true);
when(licenseState.isAllowed(XPackLicenseState.Feature.ENRICH)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.ENRICH)).thenReturn(true);
final boolean isElectedMaster = true; final boolean isElectedMaster = true;
final EnrichStatsCollector collector = createCollector(clusterService, licenseState, client); final EnrichStatsCollector collector = createCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(true)); assertThat(collector.shouldCollect(isElectedMaster), is(true));
verify(licenseState).isAllowed(XPackLicenseState.Feature.MONITORING); verify(licenseState).checkFeature(XPackLicenseState.Feature.MONITORING);
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {

2
x-pack/plugin/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java
View File

@ -92,7 +92,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
@Override @Override
protected void doExecute(Task task, GraphExploreRequest request, ActionListener<GraphExploreResponse> listener) { protected void doExecute(Task task, GraphExploreRequest request, ActionListener<GraphExploreResponse> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.GRAPH)) { if (licenseState.checkFeature(XPackLicenseState.Feature.GRAPH)) {
new AsyncGraphAction(request, listener).start(); new AsyncGraphAction(request, listener).start();
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.GRAPH)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.GRAPH));

2
x-pack/plugin/ml/src/internalClusterTest/java/org/elasticsearch/license/MachineLearningLicensingIT.java
View File

@ -781,7 +781,7 @@ public class MachineLearningLicensingIT extends BaseMlIntegTestCase {
private static void assertMLAllowed(boolean expected) { private static void assertMLAllowed(boolean expected) {
for (XPackLicenseState licenseState : internalCluster().getInstances(XPackLicenseState.class)) { for (XPackLicenseState licenseState : internalCluster().getInstances(XPackLicenseState.class)) {
assertEquals(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING), expected); assertEquals(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING), expected);
} }
} }

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/InvalidLicenseEnforcer.java
View File

@ -48,7 +48,7 @@ public class InvalidLicenseEnforcer implements LicenseStateListener {
@Override @Override
public void licenseStateChanged() { public void licenseStateChanged() {
assert licenseStateListenerRegistered; assert licenseStateListenerRegistered;
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING) == false) {
// if the license has expired, close jobs and datafeeds // if the license has expired, close jobs and datafeeds
threadPool.generic().execute(new AbstractRunnable() { threadPool.generic().execute(new AbstractRunnable() {
@Override @Override

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportExplainDataFrameAnalyticsAction.java
View File

@ -69,7 +69,7 @@ public class TransportExplainDataFrameAnalyticsAction
protected void doExecute(Task task, protected void doExecute(Task task,
PutDataFrameAnalyticsAction.Request request, PutDataFrameAnalyticsAction.Request request,
ActionListener<ExplainDataFrameAnalyticsAction.Response> listener) { ActionListener<ExplainDataFrameAnalyticsAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING) == false) {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));
return; return;
} }

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportInternalInferModelAction.java
View File

@ -73,7 +73,7 @@ public class TransportInternalInferModelAction extends HandledTransportAction<Re
listener::onFailure listener::onFailure
); );
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
responseBuilder.setLicensed(true); responseBuilder.setLicensed(true);
this.modelLoadingService.getModelForPipeline(request.getModelId(), getModelListener); this.modelLoadingService.getModelForPipeline(request.getModelId(), getModelListener);
} else { } else {

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportOpenJobAction.java
View File

@ -216,7 +216,7 @@ public class TransportOpenJobAction extends TransportMasterNodeAction<OpenJobAct
} }
OpenJobAction.JobParams jobParams = request.getJobParams(); OpenJobAction.JobParams jobParams = request.getJobParams();
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
// Clear job finished time once the job is started and respond // Clear job finished time once the job is started and respond
ActionListener<NodeAcknowledgedResponse> clearJobFinishTime = ActionListener.wrap( ActionListener<NodeAcknowledgedResponse> clearJobFinishTime = ActionListener.wrap(

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportPutDataFrameAnalyticsAction.java
View File

@ -229,7 +229,7 @@ public class TransportPutDataFrameAnalyticsAction
@Override @Override
protected void doExecute(Task task, PutDataFrameAnalyticsAction.Request request, protected void doExecute(Task task, PutDataFrameAnalyticsAction.Request request,
ActionListener<PutDataFrameAnalyticsAction.Response> listener) { ActionListener<PutDataFrameAnalyticsAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
super.doExecute(task, request, listener); super.doExecute(task, request, listener);
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportPutDatafeedAction.java
View File

@ -265,7 +265,7 @@ public class TransportPutDatafeedAction extends TransportMasterNodeAction<PutDat
@Override @Override
protected void doExecute(Task task, PutDatafeedAction.Request request, ActionListener<PutDatafeedAction.Response> listener) { protected void doExecute(Task task, PutDatafeedAction.Request request, ActionListener<PutDatafeedAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
super.doExecute(task, request, listener); super.doExecute(task, request, listener);
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportPutJobAction.java
View File

@ -68,7 +68,7 @@ public class TransportPutJobAction extends TransportMasterNodeAction<PutJobActio
@Override @Override
protected void doExecute(Task task, PutJobAction.Request request, ActionListener<PutJobAction.Response> listener) { protected void doExecute(Task task, PutJobAction.Request request, ActionListener<PutJobAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
super.doExecute(task, request, listener); super.doExecute(task, request, listener);
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportPutTrainedModelAction.java
View File

@ -220,7 +220,7 @@ public class TransportPutTrainedModelAction extends TransportMasterNodeAction<Re
@Override @Override
protected void doExecute(Task task, Request request, ActionListener<Response> listener) { protected void doExecute(Task task, Request request, ActionListener<Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
super.doExecute(task, request, listener); super.doExecute(task, request, listener);
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDataFrameAnalyticsAction.java
View File

@ -157,7 +157,7 @@ public class TransportStartDataFrameAnalyticsAction
@Override @Override
protected void masterOperation(StartDataFrameAnalyticsAction.Request request, ClusterState state, protected void masterOperation(StartDataFrameAnalyticsAction.Request request, ClusterState state,
ActionListener<NodeAcknowledgedResponse> listener) { ActionListener<NodeAcknowledgedResponse> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING) == false) {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));
return; return;
} }

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDatafeedAction.java
View File

@ -155,7 +155,7 @@ public class TransportStartDatafeedAction extends TransportMasterNodeAction<Star
protected void masterOperation(StartDatafeedAction.Request request, ClusterState state, protected void masterOperation(StartDatafeedAction.Request request, ClusterState state,
ActionListener<NodeAcknowledgedResponse> listener) { ActionListener<NodeAcknowledgedResponse> listener) {
StartDatafeedAction.DatafeedParams params = request.getParams(); StartDatafeedAction.DatafeedParams params = request.getParams();
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING) == false) {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));
return; return;
} }

2
x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportUpdateDataFrameAnalyticsAction.java
View File

@ -89,7 +89,7 @@ public class TransportUpdateDataFrameAnalyticsAction
@Override @Override
protected void doExecute(Task task, UpdateDataFrameAnalyticsAction.Request request, protected void doExecute(Task task, UpdateDataFrameAnalyticsAction.Request request,
ActionListener<PutDataFrameAnalyticsAction.Response> listener) { ActionListener<PutDataFrameAnalyticsAction.Response> listener) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)) { if (licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)) {
super.doExecute(task, request, listener); super.doExecute(task, request, listener);
} else { } else {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.MACHINE_LEARNING));

2
x-pack/plugin/ml/src/test/java/org/elasticsearch/xpack/ml/MachineLearningFeatureSetTests.java
View File

@ -338,7 +338,7 @@ public class MachineLearningFeatureSetTests extends ESTestCase {
} }
public void testUsageWithOrphanedTask() throws Exception { public void testUsageWithOrphanedTask() throws Exception {
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true);
Settings.Builder settings = Settings.builder().put(commonSettings); Settings.Builder settings = Settings.builder().put(commonSettings);
settings.put("xpack.ml.enabled", true); settings.put("xpack.ml.enabled", true);

2
x-pack/plugin/ml/src/test/java/org/elasticsearch/xpack/ml/action/TransportGetTrainedModelsStatsActionTests.java
View File

@ -94,7 +94,7 @@ public class TransportGetTrainedModelsStatsActionTests extends ESTestCase {
public Map<String, Processor.Factory> getProcessors(Processor.Parameters parameters) { public Map<String, Processor.Factory> getProcessors(Processor.Parameters parameters) {
Map<String, Processor.Factory> factoryMap = new HashMap<>(); Map<String, Processor.Factory> factoryMap = new HashMap<>();
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true);
factoryMap.put(InferenceProcessor.TYPE, factoryMap.put(InferenceProcessor.TYPE,
new InferenceProcessor.Factory(parameters.client, new InferenceProcessor.Factory(parameters.client,
parameters.ingestService.getClusterService(), parameters.ingestService.getClusterService(),

2
x-pack/plugin/ml/src/test/java/org/elasticsearch/xpack/ml/inference/ingest/InferenceProcessorFactoryTests.java
View File

@ -71,7 +71,7 @@ public class InferenceProcessorFactoryTests extends ESTestCase {
ClusterApplierService.CLUSTER_SERVICE_SLOW_TASK_LOGGING_THRESHOLD_SETTING))); ClusterApplierService.CLUSTER_SERVICE_SLOW_TASK_LOGGING_THRESHOLD_SETTING)));
clusterService = new ClusterService(settings, clusterSettings, tp); clusterService = new ClusterService(settings, clusterSettings, tp);
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true);
} }
public void testNumInferenceProcessors() throws Exception { public void testNumInferenceProcessors() throws Exception {

4
x-pack/plugin/monitoring/src/internalClusterTest/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterIT.java
View File

@ -34,7 +34,7 @@ import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.common.xcontent.json.JsonXContent; import org.elasticsearch.common.xcontent.json.JsonXContent;
import org.elasticsearch.env.Environment; import org.elasticsearch.env.Environment;
import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.env.TestEnvironment;
import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.license.TestUtils;
import org.elasticsearch.plugins.PluginsService; import org.elasticsearch.plugins.PluginsService;
import org.elasticsearch.rest.RestUtils; import org.elasticsearch.rest.RestUtils;
import org.elasticsearch.test.ESIntegTestCase; import org.elasticsearch.test.ESIntegTestCase;
@ -649,7 +649,7 @@ public class HttpExporterIT extends MonitoringIntegTestCase {
private HttpExporter createHttpExporter(final Settings settings) { private HttpExporter createHttpExporter(final Settings settings) {
final Exporter.Config config = final Exporter.Config config =
new Exporter.Config("_http", "http", settings, clusterService(), new XPackLicenseState(Settings.EMPTY)); new Exporter.Config("_http", "http", settings, clusterService(), TestUtils.newTestLicenseState());
return new HttpExporter(config, new SSLService(settings, environment), new ThreadContext(settings)); return new HttpExporter(config, new SSLService(settings, environment), new ThreadContext(settings));
} }

6
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/cleaner/CleanerService.java
View File

@ -91,7 +91,7 @@ public class CleanerService extends AbstractLifecycleComponent {
*/ */
public TimeValue getRetention() { public TimeValue getRetention() {
// we only care about their value if they are allowed to set it // we only care about their value if they are allowed to set it
if (licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION) && globalRetention != null) { if (licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION) && globalRetention != null) {
return globalRetention; return globalRetention;
} }
else { else {
@ -109,7 +109,7 @@ public class CleanerService extends AbstractLifecycleComponent {
*/ */
public void setGlobalRetention(TimeValue globalRetention) { public void setGlobalRetention(TimeValue globalRetention) {
// notify the user that their setting will be ignored until they get the right license // notify the user that their setting will be ignored until they get the right license
if (licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION) == false) { if (licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION) == false) {
logger.warn("[{}] setting will be ignored until an appropriate license is applied", MonitoringField.HISTORY_DURATION.getKey()); logger.warn("[{}] setting will be ignored until an appropriate license is applied", MonitoringField.HISTORY_DURATION.getKey());
} }
@ -166,7 +166,7 @@ public class CleanerService extends AbstractLifecycleComponent {
@Override @Override
protected void doRunInLifecycle() throws Exception { protected void doRunInLifecycle() throws Exception {
if (licenseState.isAllowed(Feature.MONITORING) == false) { if (licenseState.checkFeature(Feature.MONITORING) == false) {
logger.debug("cleaning service is disabled due to invalid license"); logger.debug("cleaning service is disabled due to invalid license");
return; return;
} }

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/Collector.java
View File

@ -73,7 +73,7 @@ public abstract class Collector {
* @param isElectedMaster true if the current local node is the elected master node * @param isElectedMaster true if the current local node is the elected master node
*/ */
protected boolean shouldCollect(final boolean isElectedMaster) { protected boolean shouldCollect(final boolean isElectedMaster) {
if (licenseState.isAllowed(XPackLicenseState.Feature.MONITORING) == false) { if (licenseState.checkFeature(XPackLicenseState.Feature.MONITORING) == false) {
logger.trace("collector [{}] can not collect data due to invalid license", name()); logger.trace("collector [{}] can not collect data due to invalid license", name());
return false; return false;
} }

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/ccr/StatsCollector.java
View File

@ -65,7 +65,7 @@ public final class StatsCollector extends Collector {
return isElectedMaster return isElectedMaster
&& super.shouldCollect(isElectedMaster) && super.shouldCollect(isElectedMaster)
&& XPackSettings.CCR_ENABLED_SETTING.get(settings) && XPackSettings.CCR_ENABLED_SETTING.get(settings)
&& licenseState.isAllowed(XPackLicenseState.Feature.CCR); && licenseState.checkFeature(XPackLicenseState.Feature.CCR);
} }

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/enrich/EnrichStatsCollector.java
View File

@ -48,7 +48,7 @@ public final class EnrichStatsCollector extends Collector {
protected boolean shouldCollect(final boolean isElectedMaster) { protected boolean shouldCollect(final boolean isElectedMaster) {
return isElectedMaster return isElectedMaster
&& super.shouldCollect(isElectedMaster) && super.shouldCollect(isElectedMaster)
&& licenseState.isAllowed(XPackLicenseState.Feature.ENRICH); && licenseState.checkFeature(XPackLicenseState.Feature.ENRICH);
} }
@Override @Override

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/collector/ml/JobStatsCollector.java
View File

@ -64,7 +64,7 @@ public class JobStatsCollector extends Collector {
return isElectedMaster return isElectedMaster
&& super.shouldCollect(isElectedMaster) && super.shouldCollect(isElectedMaster)
&& XPackSettings.MACHINE_LEARNING_ENABLED.get(settings) && XPackSettings.MACHINE_LEARNING_ENABLED.get(settings)
&& licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING); && licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING);
} }
@Override @Override

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/ClusterAlertHttpResource.java
View File

@ -82,7 +82,7 @@ public class ClusterAlertHttpResource extends PublishableHttpResource {
@Override @Override
protected void doCheck(final RestClient client, final ActionListener<Boolean> listener) { protected void doCheck(final RestClient client, final ActionListener<Boolean> listener) {
// if we should be adding, then we need to check for existence // if we should be adding, then we need to check for existence
if (isWatchDefined() && licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)) { if (isWatchDefined() && licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)) {
final CheckedFunction<Response, Boolean, IOException> watchChecker = final CheckedFunction<Response, Boolean, IOException> watchChecker =
(response) -> shouldReplaceClusterAlert(response, XContentType.JSON.xContent(), LAST_UPDATED_VERSION); (response) -> shouldReplaceClusterAlert(response, XContentType.JSON.xContent(), LAST_UPDATED_VERSION);

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporter.java
View File

@ -924,7 +924,7 @@ public class HttpExporter extends Exporter {
@Override @Override
public void openBulk(final ActionListener<ExportBulk> listener) { public void openBulk(final ActionListener<ExportBulk> listener) {
final boolean canUseClusterAlerts = config.licenseState().isAllowed(Feature.MONITORING_CLUSTER_ALERTS); final boolean canUseClusterAlerts = config.licenseState().checkFeature(Feature.MONITORING_CLUSTER_ALERTS);
// if this changes between updates, then we need to add OR remove the watches // if this changes between updates, then we need to add OR remove the watches
if (clusterAlertsAllowed.compareAndSet(!canUseClusterAlerts, canUseClusterAlerts)) { if (clusterAlertsAllowed.compareAndSet(!canUseClusterAlerts, canUseClusterAlerts)) {

2
x-pack/plugin/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporter.java
View File

@ -460,7 +460,7 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
final AtomicInteger pendingResponses) { final AtomicInteger pendingResponses) {
final XPackClient xpackClient = new XPackClient(client); final XPackClient xpackClient = new XPackClient(client);
final WatcherClient watcher = xpackClient.watcher(); final WatcherClient watcher = xpackClient.watcher();
final boolean canAddWatches = licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS); final boolean canAddWatches = licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS);
for (final String watchId : ClusterAlertsUtil.WATCH_IDS) { for (final String watchId : ClusterAlertsUtil.WATCH_IDS) {
final String uniqueWatchId = ClusterAlertsUtil.createUniqueWatchId(clusterService, watchId); final String uniqueWatchId = ClusterAlertsUtil.createUniqueWatchId(clusterService, watchId);

22
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/cleaner/CleanerServiceTests.java
View File

@ -66,32 +66,32 @@ public class CleanerServiceTests extends ESTestCase {
TimeValue expected = TimeValue.timeValueHours(25); TimeValue expected = TimeValue.timeValueHours(25);
Settings settings = Settings.builder().put(MonitoringField.HISTORY_DURATION.getKey(), expected.getStringRep()).build(); Settings settings = Settings.builder().put(MonitoringField.HISTORY_DURATION.getKey(), expected.getStringRep()).build();
when(licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true);
assertEquals(expected, new CleanerService(settings, clusterSettings, threadPool, licenseState).getRetention()); assertEquals(expected, new CleanerService(settings, clusterSettings, threadPool, licenseState).getRetention());
verify(licenseState).isAllowed(Feature.MONITORING_UPDATE_RETENTION); verify(licenseState).checkFeature(Feature.MONITORING_UPDATE_RETENTION);
} }
public void testGetRetentionDefaultValueWithNoSettings() { public void testGetRetentionDefaultValueWithNoSettings() {
when(licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true);
assertEquals(MonitoringField.HISTORY_DURATION.get(Settings.EMPTY), assertEquals(MonitoringField.HISTORY_DURATION.get(Settings.EMPTY),
new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState).getRetention()); new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState).getRetention());
verify(licenseState).isAllowed(Feature.MONITORING_UPDATE_RETENTION); verify(licenseState).checkFeature(Feature.MONITORING_UPDATE_RETENTION);
} }
public void testGetRetentionDefaultValueWithSettingsButUpdatesNotAllowed() { public void testGetRetentionDefaultValueWithSettingsButUpdatesNotAllowed() {
TimeValue notExpected = TimeValue.timeValueHours(25); TimeValue notExpected = TimeValue.timeValueHours(25);
Settings settings = Settings.builder().put(MonitoringField.HISTORY_DURATION.getKey(), notExpected.getStringRep()).build(); Settings settings = Settings.builder().put(MonitoringField.HISTORY_DURATION.getKey(), notExpected.getStringRep()).build();
when(licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(false);
assertEquals(MonitoringField.HISTORY_DURATION.get(Settings.EMPTY), assertEquals(MonitoringField.HISTORY_DURATION.get(Settings.EMPTY),
new CleanerService(settings, clusterSettings, threadPool, licenseState).getRetention()); new CleanerService(settings, clusterSettings, threadPool, licenseState).getRetention());
verify(licenseState).isAllowed(Feature.MONITORING_UPDATE_RETENTION); verify(licenseState).checkFeature(Feature.MONITORING_UPDATE_RETENTION);
} }
public void testSetGlobalRetention() { public void testSetGlobalRetention() {
@ -99,7 +99,7 @@ public class CleanerServiceTests extends ESTestCase {
// only thing calling this method and it will use the settings object to validate the time value // only thing calling this method and it will use the settings object to validate the time value
TimeValue expected = TimeValue.timeValueHours(2); TimeValue expected = TimeValue.timeValueHours(2);
when(licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(true);
CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState); CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState);
@ -107,7 +107,7 @@ public class CleanerServiceTests extends ESTestCase {
assertEquals(expected, service.getRetention()); assertEquals(expected, service.getRetention());
verify(licenseState, times(2)).isAllowed(Feature.MONITORING_UPDATE_RETENTION); // once by set, once by get verify(licenseState, times(2)).checkFeature(Feature.MONITORING_UPDATE_RETENTION); // once by set, once by get
} }
public void testSetGlobalRetentionAppliesEvenIfLicenseDisallows() { public void testSetGlobalRetentionAppliesEvenIfLicenseDisallows() {
@ -116,7 +116,7 @@ public class CleanerServiceTests extends ESTestCase {
TimeValue expected = TimeValue.timeValueHours(2); TimeValue expected = TimeValue.timeValueHours(2);
// required to be true on the second call for it to see it take effect // required to be true on the second call for it to see it take effect
when(licenseState.isAllowed(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(false).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING_UPDATE_RETENTION)).thenReturn(false).thenReturn(true);
CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState); CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, threadPool, licenseState);
@ -126,7 +126,7 @@ public class CleanerServiceTests extends ESTestCase {
// uses allow=true // uses allow=true
assertEquals(expected, service.getRetention()); assertEquals(expected, service.getRetention());
verify(licenseState, times(2)).isAllowed(Feature.MONITORING_UPDATE_RETENTION); verify(licenseState, times(2)).checkFeature(Feature.MONITORING_UPDATE_RETENTION);
} }
public void testNextExecutionDelay() { public void testNextExecutionDelay() {
@ -158,7 +158,7 @@ public class CleanerServiceTests extends ESTestCase {
logger.debug("--> creates a cleaner service that cleans every second"); logger.debug("--> creates a cleaner service that cleans every second");
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, licenseState, threadPool, CleanerService service = new CleanerService(Settings.EMPTY, clusterSettings, licenseState, threadPool,
new TestExecutionScheduler(1_000)); new TestExecutionScheduler(1_000));

10
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexRecoveryCollectorTests.java
View File

@ -51,7 +51,7 @@ public class IndexRecoveryCollectorTests extends BaseCollectorTestCase {
public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() { public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() {
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -59,23 +59,23 @@ public class IndexRecoveryCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfNotMaster() { public void testShouldCollectReturnsFalseIfNotMaster() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final IndexRecoveryCollector collector = new IndexRecoveryCollector(clusterService, licenseState, client); final IndexRecoveryCollector collector = new IndexRecoveryCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(false), is(false)); assertThat(collector.shouldCollect(false), is(false));
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final IndexRecoveryCollector collector = new IndexRecoveryCollector(clusterService, licenseState, client); final IndexRecoveryCollector collector = new IndexRecoveryCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(true), is(true)); assertThat(collector.shouldCollect(true), is(true));
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {

10
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/indices/IndexStatsCollectorTests.java
View File

@ -46,7 +46,7 @@ public class IndexStatsCollectorTests extends BaseCollectorTestCase {
public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() { public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() {
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -54,23 +54,23 @@ public class IndexStatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfNotMaster() { public void testShouldCollectReturnsFalseIfNotMaster() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final IndexStatsCollector collector = new IndexStatsCollector(clusterService, licenseState, client); final IndexStatsCollector collector = new IndexStatsCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(false), is(false)); assertThat(collector.shouldCollect(false), is(false));
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final IndexStatsCollector collector = new IndexStatsCollector(clusterService, licenseState, client); final IndexStatsCollector collector = new IndexStatsCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(true), is(true)); assertThat(collector.shouldCollect(true), is(true));
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {

28
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/ml/JobStatsCollectorTests.java
View File

@ -49,14 +49,14 @@ public class JobStatsCollectorTests extends BaseCollectorTestCase {
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(false);
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(mlAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(mlAllowed);
final JobStatsCollector collector = new JobStatsCollector(settings, clusterService, licenseState, client); final JobStatsCollector collector = new JobStatsCollector(settings, clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
@ -64,8 +64,8 @@ public class JobStatsCollectorTests extends BaseCollectorTestCase {
// regardless of ML being enabled // regardless of ML being enabled
final Settings settings = randomFrom(mlEnabledSettings(), mlDisabledSettings()); final Settings settings = randomFrom(mlEnabledSettings(), mlDisabledSettings());
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(randomBoolean());
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(randomBoolean());
// this controls the blockage // this controls the blockage
final boolean isElectedMaster = false; final boolean isElectedMaster = false;
@ -78,8 +78,8 @@ public class JobStatsCollectorTests extends BaseCollectorTestCase {
// this is controls the blockage // this is controls the blockage
final Settings settings = mlDisabledSettings(); final Settings settings = mlDisabledSettings();
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(randomBoolean());
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(randomBoolean());
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -89,16 +89,16 @@ public class JobStatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfMLIsNotAllowed() { public void testShouldCollectReturnsFalseIfMLIsNotAllowed() {
final Settings settings = randomFrom(mlEnabledSettings(), mlDisabledSettings()); final Settings settings = randomFrom(mlEnabledSettings(), mlDisabledSettings());
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(randomBoolean()); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(randomBoolean());
// this is controls the blockage // this is controls the blockage
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -107,22 +107,22 @@ public class JobStatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
final Settings settings = mlEnabledSettings(); final Settings settings = mlEnabledSettings();
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
when(licenseState.isAllowed(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MACHINE_LEARNING)).thenReturn(true);
final boolean isElectedMaster = true; final boolean isElectedMaster = true;
final JobStatsCollector collector = new JobStatsCollector(settings, clusterService, licenseState, client); final JobStatsCollector collector = new JobStatsCollector(settings, clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(true)); assertThat(collector.shouldCollect(isElectedMaster), is(true));
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {

12
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/node/NodeStatsCollectorTests.java
View File

@ -39,7 +39,7 @@ public class NodeStatsCollectorTests extends BaseCollectorTestCase {
public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() { public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() {
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -47,22 +47,22 @@ public class NodeStatsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final boolean isElectedMaster = true; final boolean isElectedMaster = true;
final NodeStatsCollector collector = new NodeStatsCollector(clusterService, licenseState, client); final NodeStatsCollector collector = new NodeStatsCollector(clusterService, licenseState, client);
assertThat(collector.shouldCollect(isElectedMaster), is(true)); assertThat(collector.shouldCollect(isElectedMaster), is(true));
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
public void testDoCollectWithFailures() throws Exception { public void testDoCollectWithFailures() throws Exception {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final TimeValue timeout = TimeValue.parseTimeValue(randomPositiveTimeValue(), NodeStatsCollectorTests.class.getName()); final TimeValue timeout = TimeValue.parseTimeValue(randomPositiveTimeValue(), NodeStatsCollectorTests.class.getName());
withCollectionTimeout(NodeStatsCollector.NODE_STATS_TIMEOUT, timeout); withCollectionTimeout(NodeStatsCollector.NODE_STATS_TIMEOUT, timeout);
@ -85,7 +85,7 @@ public class NodeStatsCollectorTests extends BaseCollectorTestCase {
} }
public void testDoCollect() throws Exception { public void testDoCollect() throws Exception {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
final TimeValue timeout = TimeValue.timeValueSeconds(randomIntBetween(1, 120)); final TimeValue timeout = TimeValue.timeValueSeconds(randomIntBetween(1, 120));
withCollectionTimeout(NodeStatsCollector.NODE_STATS_TIMEOUT, timeout); withCollectionTimeout(NodeStatsCollector.NODE_STATS_TIMEOUT, timeout);

10
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/shards/ShardsCollectorTests.java
View File

@ -44,7 +44,7 @@ public class ShardsCollectorTests extends BaseCollectorTestCase {
public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() { public void testShouldCollectReturnsFalseIfMonitoringNotAllowed() {
// this controls the blockage // this controls the blockage
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(false); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(false);
final boolean isElectedMaster = randomBoolean(); final boolean isElectedMaster = randomBoolean();
whenLocalNodeElectedMaster(isElectedMaster); whenLocalNodeElectedMaster(isElectedMaster);
@ -52,12 +52,12 @@ public class ShardsCollectorTests extends BaseCollectorTestCase {
assertThat(collector.shouldCollect(isElectedMaster), is(false)); assertThat(collector.shouldCollect(isElectedMaster), is(false));
if (isElectedMaster) { if (isElectedMaster) {
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
} }
public void testShouldCollectReturnsFalseIfNotMaster() { public void testShouldCollectReturnsFalseIfNotMaster() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
// this controls the blockage // this controls the blockage
whenLocalNodeElectedMaster(false); whenLocalNodeElectedMaster(false);
@ -67,13 +67,13 @@ public class ShardsCollectorTests extends BaseCollectorTestCase {
} }
public void testShouldCollectReturnsTrue() { public void testShouldCollectReturnsTrue() {
when(licenseState.isAllowed(Feature.MONITORING)).thenReturn(true); when(licenseState.checkFeature(Feature.MONITORING)).thenReturn(true);
whenLocalNodeElectedMaster(true); whenLocalNodeElectedMaster(true);
final ShardsCollector collector = new ShardsCollector(clusterService, licenseState); final ShardsCollector collector = new ShardsCollector(clusterService, licenseState);
assertThat(collector.shouldCollect(true), is(true)); assertThat(collector.shouldCollect(true), is(true));
verify(licenseState).isAllowed(Feature.MONITORING); verify(licenseState).checkFeature(Feature.MONITORING);
} }
public void testDoCollectWhenNoClusterState() throws Exception { public void testDoCollectWhenNoClusterState() throws Exception {

14
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/ClusterAlertHttpResourceTests.java
View File

@ -60,7 +60,7 @@ public class ClusterAlertHttpResourceTests extends AbstractPublishableHttpResour
} }
public void testDoCheckGetWatchExists() throws IOException { public void testDoCheckGetWatchExists() throws IOException {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true);
final HttpEntity entity = entityForClusterAlert(true, minimumVersion); final HttpEntity entity = entityForClusterAlert(true, minimumVersion);
@ -68,7 +68,7 @@ public class ClusterAlertHttpResourceTests extends AbstractPublishableHttpResour
} }
public void testDoCheckGetWatchDoesNotExist() throws IOException { public void testDoCheckGetWatchDoesNotExist() throws IOException {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true);
if (randomBoolean()) { if (randomBoolean()) {
// it does not exist because it's literally not there // it does not exist because it's literally not there
@ -82,7 +82,7 @@ public class ClusterAlertHttpResourceTests extends AbstractPublishableHttpResour
} }
public void testDoCheckWithExceptionGetWatchError() throws IOException { public void testDoCheckWithExceptionGetWatchError() throws IOException {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(true);
if (randomBoolean()) { if (randomBoolean()) {
// error because of a server error // error because of a server error
@ -100,7 +100,7 @@ public class ClusterAlertHttpResourceTests extends AbstractPublishableHttpResour
final boolean clusterAlertsAllowed = randomBoolean(); final boolean clusterAlertsAllowed = randomBoolean();
// should not matter // should not matter
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(clusterAlertsAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(clusterAlertsAllowed);
assertCheckAsDeleteExists(noWatchResource, "/_watcher/watch", watchId); assertCheckAsDeleteExists(noWatchResource, "/_watcher/watch", watchId);
} }
@ -110,19 +110,19 @@ public class ClusterAlertHttpResourceTests extends AbstractPublishableHttpResour
final boolean clusterAlertsAllowed = randomBoolean(); final boolean clusterAlertsAllowed = randomBoolean();
// should not matter // should not matter
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(clusterAlertsAllowed); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(clusterAlertsAllowed);
assertCheckAsDeleteWithException(noWatchResource, "/_watcher/watch", watchId); assertCheckAsDeleteWithException(noWatchResource, "/_watcher/watch", watchId);
} }
public void testDoCheckAsDeleteWatchExists() throws IOException { public void testDoCheckAsDeleteWatchExists() throws IOException {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(false);
assertCheckAsDeleteExists(resource, "/_watcher/watch", watchId); assertCheckAsDeleteExists(resource, "/_watcher/watch", watchId);
} }
public void testDoCheckWithExceptionAsDeleteWatchError() throws IOException { public void testDoCheckWithExceptionAsDeleteWatchError() throws IOException {
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(false);
assertCheckAsDeleteWithException(resource, "/_watcher/watch", watchId); assertCheckAsDeleteWithException(resource, "/_watcher/watch", watchId);
} }

2
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/http/HttpExporterResourceTests.java
View File

@ -735,7 +735,7 @@ public class HttpExporterResourceTests extends AbstractPublishableHttpResourceTe
when(state.metadata()).thenReturn(metadata); when(state.metadata()).thenReturn(metadata);
when(metadata.clusterUUID()).thenReturn("the_clusters_uuid"); when(metadata.clusterUUID()).thenReturn("the_clusters_uuid");
when(licenseState.isAllowed(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(validLicense); when(licenseState.checkFeature(XPackLicenseState.Feature.MONITORING_CLUSTER_ALERTS)).thenReturn(validLicense);
final HttpEntity entity = final HttpEntity entity =
new StringEntity("{\"features\":{\"watcher\":{\"enabled\":true,\"available\":true}}}", ContentType.APPLICATION_JSON); new StringEntity("{\"features\":{\"watcher\":{\"enabled\":true,\"available\":true}}}", ContentType.APPLICATION_JSON);

3
x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/exporter/local/LocalExporterIntegTestCase.java
View File

@ -6,6 +6,7 @@
package org.elasticsearch.xpack.monitoring.exporter.local; package org.elasticsearch.xpack.monitoring.exporter.local;
import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.license.TestUtils;
import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.threadpool.TestThreadPool; import org.elasticsearch.threadpool.TestThreadPool;
import org.elasticsearch.threadpool.ThreadPool; import org.elasticsearch.threadpool.ThreadPool;
@ -69,7 +70,7 @@ public abstract class LocalExporterIntegTestCase extends MonitoringIntegTestCase
*/ */
protected LocalExporter createLocalExporter() { protected LocalExporter createLocalExporter() {
final Settings settings = localExporterSettings(); final Settings settings = localExporterSettings();
final XPackLicenseState licenseState = new XPackLicenseState(Settings.EMPTY); final XPackLicenseState licenseState = TestUtils.newTestLicenseState();
final Exporter.Config config = new Exporter.Config(exporterName, "local", settings, clusterService(), licenseState); final Exporter.Config config = new Exporter.Config(exporterName, "local", settings, clusterService(), licenseState);
final CleanerService cleanerService = final CleanerService cleanerService =
new CleanerService(settings, clusterService().getClusterSettings(), THREADPOOL, licenseState); new CleanerService(settings, clusterService().getClusterSettings(), THREADPOOL, licenseState);

2
x-pack/plugin/rollup/src/main/java/org/elasticsearch/xpack/rollup/action/TransportPutRollupJobAction.java
View File

@ -96,7 +96,7 @@ public class TransportPutRollupJobAction extends TransportMasterNodeAction<PutRo
protected void masterOperation(PutRollupJobAction.Request request, ClusterState clusterState, protected void masterOperation(PutRollupJobAction.Request request, ClusterState clusterState,
ActionListener<AcknowledgedResponse> listener) { ActionListener<AcknowledgedResponse> listener) {
if (!licenseState.isAllowed(XPackLicenseState.Feature.ROLLUP)) { if (!licenseState.checkFeature(XPackLicenseState.Feature.ROLLUP)) {
listener.onFailure(LicenseUtils.newComplianceException(XPackField.ROLLUP)); listener.onFailure(LicenseUtils.newComplianceException(XPackField.ROLLUP));
return; return;
} }

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
View File

@ -1040,7 +1040,7 @@ public class Security extends Plugin implements SystemIndexPlugin, IngestPlugin,
if (enabled) { if (enabled) {
return index -> { return index -> {
XPackLicenseState licenseState = getLicenseState(); XPackLicenseState licenseState = getLicenseState();
if (licenseState.isSecurityEnabled() == false || licenseState.isAllowed(Feature.SECURITY_DLS_FLS) == false) { if (licenseState.isSecurityEnabled() == false || licenseState.checkFeature(Feature.SECURITY_DLS_FLS) == false) {
return MapperPlugin.NOOP_FIELD_PREDICATE; return MapperPlugin.NOOP_FIELD_PREDICATE;
} }
IndicesAccessControl indicesAccessControl = threadContext.get().getTransient( IndicesAccessControl indicesAccessControl = threadContext.get().getTransient(

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java
View File

@ -73,7 +73,7 @@ public class SecurityActionFilter implements ActionFilter {
A functional requirement - when the license of security is disabled (invalid/expires), security will continue A functional requirement - when the license of security is disabled (invalid/expires), security will continue
to operate normally, except all read operations will be blocked. to operate normally, except all read operations will be blocked.
*/ */
if (licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH) == false && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) { if (licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH) == false && LICENSE_EXPIRATION_ACTION_MATCHER.test(action)) {
logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" + logger.error("blocking [{}] operation due to expired license. Cluster health, cluster stats and indices stats \n" +
"operations are blocked on license expiration. All data operations (read and write) continue to work. \n" + "operations are blocked on license expiration. All data operations (read and write) continue to work. \n" +
"If you have a new license, please update it. Otherwise, please reach out to your support contact.", action); "If you have a new license, please update it. Otherwise, please reach out to your support contact.", action);

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java
View File

@ -33,7 +33,7 @@ public class AuditTrailService {
public AuditTrail get() { public AuditTrail get() {
if (compositeAuditTrail.isEmpty() == false && if (compositeAuditTrail.isEmpty() == false &&
licenseState.isSecurityEnabled() && licenseState.isAllowed(Feature.SECURITY_AUDITING)) { licenseState.isSecurityEnabled() && licenseState.checkFeature(Feature.SECURITY_AUDITING)) {
return compositeAuditTrail; return compositeAuditTrail;
} else { } else {
return NOOP_AUDIT_TRAIL; return NOOP_AUDIT_TRAIL;

4
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java
View File

@ -580,12 +580,12 @@ public class ApiKeyService {
private boolean isEnabled() { private boolean isEnabled() {
return enabled && licenseState.isSecurityEnabled() && return enabled && licenseState.isSecurityEnabled() &&
licenseState.isAllowed(XPackLicenseState.Feature.SECURITY_API_KEY_SERVICE); licenseState.checkFeature(XPackLicenseState.Feature.SECURITY_API_KEY_SERVICE);
} }
public void ensureEnabled() { public void ensureEnabled() {
if (licenseState.isSecurityEnabled() == false || if (licenseState.isSecurityEnabled() == false ||
licenseState.isAllowed(XPackLicenseState.Feature.SECURITY_API_KEY_SERVICE) == false) { licenseState.checkFeature(XPackLicenseState.Feature.SECURITY_API_KEY_SERVICE) == false) {
throw LicenseUtils.newComplianceException("api keys"); throw LicenseUtils.newComplianceException("api keys");
} }
if (enabled == false) { if (enabled == false) {

10
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/Realms.java
View File

@ -119,7 +119,7 @@ public class Realms implements Iterable<Realm> {
} }
// If all realms are allowed, then nothing is unlicensed // If all realms are allowed, then nothing is unlicensed
if (licenseStateSnapshot.isAllowed(Feature.SECURITY_ALL_REALMS)) { if (licenseStateSnapshot.checkFeature(Feature.SECURITY_ALL_REALMS)) {
return Collections.emptyList(); return Collections.emptyList();
} }
@ -143,9 +143,9 @@ public class Realms implements Iterable<Realm> {
if (licenseStateSnapshot.isSecurityEnabled() == false) { if (licenseStateSnapshot.isSecurityEnabled() == false) {
return Collections.emptyList(); return Collections.emptyList();
} }
if (licenseStateSnapshot.isAllowed(Feature.SECURITY_ALL_REALMS)) { if (licenseStateSnapshot.checkFeature(Feature.SECURITY_ALL_REALMS)) {
return realms; return realms;
} else if (licenseStateSnapshot.isAllowed(Feature.SECURITY_STANDARD_REALMS)) { } else if (licenseStateSnapshot.checkFeature(Feature.SECURITY_STANDARD_REALMS)) {
return standardRealmsOnly; return standardRealmsOnly;
} else { } else {
// native realms are basic licensed, and always allowed, even for an expired license // native realms are basic licensed, and always allowed, even for an expired license
@ -337,9 +337,9 @@ public class Realms implements Iterable<Realm> {
} }
public static boolean isRealmTypeAvailable(XPackLicenseState licenseState, String type) { public static boolean isRealmTypeAvailable(XPackLicenseState licenseState, String type) {
if (licenseState.isAllowed(Feature.SECURITY_ALL_REALMS)) { if (licenseState.checkFeature(Feature.SECURITY_ALL_REALMS)) {
return true; return true;
} else if (licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS)) { } else if (licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS)) {
return InternalRealms.isStandardRealm(type) || ReservedRealm.TYPE.equals(type); return InternalRealms.isStandardRealm(type) || ReservedRealm.TYPE.equals(type);
} else { } else {
return FileRealmSettings.TYPE.equals(type) || NativeRealmSettings.TYPE.equals(type); return FileRealmSettings.TYPE.equals(type) || NativeRealmSettings.TYPE.equals(type);

4
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java
View File

@ -1568,12 +1568,12 @@ public final class TokenService {
private boolean isEnabled() { private boolean isEnabled() {
return enabled && licenseState.isSecurityEnabled() && return enabled && licenseState.isSecurityEnabled() &&
licenseState.isAllowed(XPackLicenseState.Feature.SECURITY_TOKEN_SERVICE); licenseState.checkFeature(XPackLicenseState.Feature.SECURITY_TOKEN_SERVICE);
} }
private void ensureEnabled() { private void ensureEnabled() {
if (licenseState.isSecurityEnabled() == false || if (licenseState.isSecurityEnabled() == false ||
licenseState.isAllowed(XPackLicenseState.Feature.SECURITY_TOKEN_SERVICE) == false) { licenseState.checkFeature(XPackLicenseState.Feature.SECURITY_TOKEN_SERVICE) == false) {
throw LicenseUtils.newComplianceException("security tokens"); throw LicenseUtils.newComplianceException("security tokens");
} }
if (enabled == false) { if (enabled == false) {

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DelegatedAuthorizationSupport.java
View File

@ -81,7 +81,7 @@ public class DelegatedAuthorizationSupport {
* with a meaningful diagnostic message. * with a meaningful diagnostic message.
*/ */
public void resolve(String username, ActionListener<AuthenticationResult> resultListener) { public void resolve(String username, ActionListener<AuthenticationResult> resultListener) {
boolean authzOk = licenseState.isSecurityEnabled() && licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM); boolean authzOk = licenseState.isSecurityEnabled() && licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM);
if (authzOk == false) { if (authzOk == false) {
resultListener.onResponse(AuthenticationResult.unsuccessful( resultListener.onResponse(AuthenticationResult.unsuccessful(
DelegatedAuthorizationSettings.AUTHZ_REALMS_SUFFIX + " are not permitted", DelegatedAuthorizationSettings.AUTHZ_REALMS_SUFFIX + " are not permitted",

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
View File

@ -367,7 +367,7 @@ public class AuthorizationService {
private AuthorizationEngine getAuthorizationEngineForUser(final User user) { private AuthorizationEngine getAuthorizationEngineForUser(final User user) {
if (rbacEngine != authorizationEngine && licenseState.isSecurityEnabled() && if (rbacEngine != authorizationEngine && licenseState.isSecurityEnabled() &&
licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)) { licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)) {
if (ClientReservedRealm.isReserved(user.principal(), settings) || isInternalUser(user)) { if (ClientReservedRealm.isReserved(user.principal(), settings) || isInternalUser(user)) {
return rbacEngine; return rbacEngine;
} else { } else {

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/interceptor/BulkShardRequestInterceptor.java
View File

@ -41,7 +41,7 @@ public class BulkShardRequestInterceptor implements RequestInterceptor {
@Override @Override
public void intercept(RequestInfo requestInfo, AuthorizationEngine authzEngine, AuthorizationInfo authorizationInfo, public void intercept(RequestInfo requestInfo, AuthorizationEngine authzEngine, AuthorizationInfo authorizationInfo,
ActionListener<Void> listener) { ActionListener<Void> listener) {
boolean shouldIntercept = licenseState.isSecurityEnabled() && licenseState.isAllowed(Feature.SECURITY_DLS_FLS); boolean shouldIntercept = licenseState.isSecurityEnabled() && licenseState.checkFeature(Feature.SECURITY_DLS_FLS);
if (requestInfo.getRequest() instanceof BulkShardRequest && shouldIntercept) { if (requestInfo.getRequest() instanceof BulkShardRequest && shouldIntercept) {
IndicesAccessControl indicesAccessControl = threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); IndicesAccessControl indicesAccessControl = threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY);

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/interceptor/FieldAndDocumentLevelSecurityRequestInterceptor.java
View File

@ -39,7 +39,7 @@ abstract class FieldAndDocumentLevelSecurityRequestInterceptor implements Reques
ActionListener<Void> listener) { ActionListener<Void> listener) {
if (requestInfo.getRequest() instanceof IndicesRequest) { if (requestInfo.getRequest() instanceof IndicesRequest) {
IndicesRequest indicesRequest = (IndicesRequest) requestInfo.getRequest(); IndicesRequest indicesRequest = (IndicesRequest) requestInfo.getRequest();
boolean shouldIntercept = licenseState.isSecurityEnabled() && licenseState.isAllowed(Feature.SECURITY_DLS_FLS); boolean shouldIntercept = licenseState.isSecurityEnabled() && licenseState.checkFeature(Feature.SECURITY_DLS_FLS);
if (supports(indicesRequest) && shouldIntercept) { if (supports(indicesRequest) && shouldIntercept) {
final IndicesAccessControl indicesAccessControl = final IndicesAccessControl indicesAccessControl =
threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY);

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptor.java
View File

@ -52,7 +52,7 @@ public final class IndicesAliasesRequestInterceptor implements RequestIntercepto
final XPackLicenseState frozenLicenseState = licenseState.copyCurrentLicenseState(); final XPackLicenseState frozenLicenseState = licenseState.copyCurrentLicenseState();
final AuditTrail auditTrail = auditTrailService.get(); final AuditTrail auditTrail = auditTrailService.get();
if (frozenLicenseState.isSecurityEnabled()) { if (frozenLicenseState.isSecurityEnabled()) {
if (frozenLicenseState.isAllowed(Feature.SECURITY_DLS_FLS)) { if (frozenLicenseState.checkFeature(Feature.SECURITY_DLS_FLS)) {
IndicesAccessControl indicesAccessControl = IndicesAccessControl indicesAccessControl =
threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY);
for (IndicesAliasesRequest.AliasActions aliasAction : request.getAliasActions()) { for (IndicesAliasesRequest.AliasActions aliasAction : request.getAliasActions()) {

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptor.java
View File

@ -48,7 +48,7 @@ public final class ResizeRequestInterceptor implements RequestInterceptor {
final XPackLicenseState frozenLicenseState = licenseState.copyCurrentLicenseState(); final XPackLicenseState frozenLicenseState = licenseState.copyCurrentLicenseState();
final AuditTrail auditTrail = auditTrailService.get(); final AuditTrail auditTrail = auditTrailService.get();
if (frozenLicenseState.isSecurityEnabled()) { if (frozenLicenseState.isSecurityEnabled()) {
if (frozenLicenseState.isAllowed(Feature.SECURITY_DLS_FLS)) { if (frozenLicenseState.checkFeature(Feature.SECURITY_DLS_FLS)) {
IndicesAccessControl indicesAccessControl = IndicesAccessControl indicesAccessControl =
threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY); threadContext.getTransient(AuthorizationServiceField.INDICES_PERMISSIONS_KEY);
IndicesAccessControl.IndexAccessControl indexAccessControl = IndicesAccessControl.IndexAccessControl indexAccessControl =

4
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java
View File

@ -166,7 +166,7 @@ public class CompositeRolesStore {
rolesRetrievalResult.getMissingRoles())); rolesRetrievalResult.getMissingRoles()));
} }
final Set<RoleDescriptor> effectiveDescriptors; final Set<RoleDescriptor> effectiveDescriptors;
if (licenseState.isAllowed(Feature.SECURITY_DLS_FLS)) { if (licenseState.checkFeature(Feature.SECURITY_DLS_FLS)) {
effectiveDescriptors = rolesRetrievalResult.getRoleDescriptors(); effectiveDescriptors = rolesRetrievalResult.getRoleDescriptors();
} else { } else {
effectiveDescriptors = rolesRetrievalResult.getRoleDescriptors().stream() effectiveDescriptors = rolesRetrievalResult.getRoleDescriptors().stream()
@ -321,7 +321,7 @@ public class CompositeRolesStore {
private void loadRoleDescriptorsAsync(Set<String> roleNames, ActionListener<RolesRetrievalResult> listener) { private void loadRoleDescriptorsAsync(Set<String> roleNames, ActionListener<RolesRetrievalResult> listener) {
final RolesRetrievalResult rolesResult = new RolesRetrievalResult(); final RolesRetrievalResult rolesResult = new RolesRetrievalResult();
final List<BiConsumer<Set<String>, ActionListener<RoleRetrievalResult>>> asyncRoleProviders = final List<BiConsumer<Set<String>, ActionListener<RoleRetrievalResult>>> asyncRoleProviders =
licenseState.isAllowed(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS) ? allRoleProviders : builtInRoleProviders; licenseState.checkFeature(Feature.SECURITY_CUSTOM_ROLE_PROVIDERS) ? allRoleProviders : builtInRoleProviders;
final ActionListener<RoleRetrievalResult> descriptorsListener = final ActionListener<RoleRetrievalResult> descriptorsListener =
ContextPreservingActionListener.wrapPreservingContext(ActionListener.wrap(ignore -> { ContextPreservingActionListener.wrapPreservingContext(ActionListener.wrap(ignore -> {

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java
View File

@ -176,7 +176,7 @@ public class FileRolesStore implements BiConsumer<Set<String>, ActionListener<Ro
if (Files.exists(path)) { if (Files.exists(path)) {
try { try {
List<String> roleSegments = roleSegments(path); List<String> roleSegments = roleSegments(path);
final boolean flsDlsLicensed = licenseState.isAllowed(Feature.SECURITY_DLS_FLS); final boolean flsDlsLicensed = licenseState.checkFeature(Feature.SECURITY_DLS_FLS);
for (String segment : roleSegments) { for (String segment : roleSegments) {
RoleDescriptor descriptor = parseRoleDescriptor(segment, path, logger, resolvePermission, settings, xContentRegistry); RoleDescriptor descriptor = parseRoleDescriptor(segment, path, logger, resolvePermission, settings, xContentRegistry);
if (descriptor != null) { if (descriptor != null) {

4
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java
View File

@ -201,7 +201,7 @@ public class NativeRolesStore implements BiConsumer<Set<String>, ActionListener<
} }
public void putRole(final PutRoleRequest request, final RoleDescriptor role, final ActionListener<Boolean> listener) { public void putRole(final PutRoleRequest request, final RoleDescriptor role, final ActionListener<Boolean> listener) {
if (licenseState.isAllowed(Feature.SECURITY_DLS_FLS)) { if (licenseState.checkFeature(Feature.SECURITY_DLS_FLS)) {
innerPutRole(request, role, listener); innerPutRole(request, role, listener);
} else if (role.isUsingDocumentOrFieldLevelSecurity()) { } else if (role.isUsingDocumentOrFieldLevelSecurity()) {
listener.onFailure(LicenseUtils.newComplianceException("field and document level security")); listener.onFailure(LicenseUtils.newComplianceException("field and document level security"));
@ -382,7 +382,7 @@ public class NativeRolesStore implements BiConsumer<Set<String>, ActionListener<
// we pass true as last parameter because we do not want to reject permissions if the field permissions // we pass true as last parameter because we do not want to reject permissions if the field permissions
// are given in 2.x syntax // are given in 2.x syntax
RoleDescriptor roleDescriptor = RoleDescriptor.parse(name, sourceBytes, true, XContentType.JSON); RoleDescriptor roleDescriptor = RoleDescriptor.parse(name, sourceBytes, true, XContentType.JSON);
if (licenseState.isAllowed(Feature.SECURITY_DLS_FLS)) { if (licenseState.checkFeature(Feature.SECURITY_DLS_FLS)) {
return roleDescriptor; return roleDescriptor;
} else { } else {
final boolean dlsEnabled = final boolean dlsEnabled =

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/RestDelegatePkiAuthenticationAction.java
View File

@ -55,7 +55,7 @@ public final class RestDelegatePkiAuthenticationAction extends SecurityBaseRestH
Exception failedFeature = super.checkFeatureAvailable(request); Exception failedFeature = super.checkFeatureAvailable(request);
if (failedFeature != null) { if (failedFeature != null) {
return failedFeature; return failedFeature;
} else if (licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS)) { } else if (licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS)) {
return null; return null;
} else { } else {
logger.info("The '{}' realm is not available under the current license", PkiRealmSettings.TYPE); logger.info("The '{}' realm is not available under the current license", PkiRealmSettings.TYPE);

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/SecurityBaseRestHandler.java
View File

@ -68,7 +68,7 @@ public abstract class SecurityBaseRestHandler extends BaseRestHandler {
protected Exception checkFeatureAvailable(RestRequest request) { protected Exception checkFeatureAvailable(RestRequest request) {
if (XPackSettings.SECURITY_ENABLED.get(settings) == false) { if (XPackSettings.SECURITY_ENABLED.get(settings) == false) {
return new IllegalStateException("Security is not enabled but a security rest handler is registered"); return new IllegalStateException("Security is not enabled but a security rest handler is registered");
} else if (licenseState.isAllowed(XPackLicenseState.Feature.SECURITY) == false) { } else if (licenseState.checkFeature(XPackLicenseState.Feature.SECURITY) == false) {
return LicenseUtils.newComplianceException(XPackField.SECURITY); return LicenseUtils.newComplianceException(XPackField.SECURITY);
} else if (licenseState.isSecurityEnabled() == false) { } else if (licenseState.isSecurityEnabled() == false) {
return new ElasticsearchException("Security must be explicitly enabled when using a [" + return new ElasticsearchException("Security must be explicitly enabled when using a [" +

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/apikey/ApiKeyBaseRestHandler.java
View File

@ -30,7 +30,7 @@ abstract class ApiKeyBaseRestHandler extends SecurityBaseRestHandler {
Exception failedFeature = super.checkFeatureAvailable(request); Exception failedFeature = super.checkFeatureAvailable(request);
if (failedFeature != null) { if (failedFeature != null) {
return failedFeature; return failedFeature;
} else if (licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)) { } else if (licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)) {
return null; return null;
} else { } else {
logger.info("API Keys are not available under the current [{}] license", licenseState.getOperationMode().description()); logger.info("API Keys are not available under the current [{}] license", licenseState.getOperationMode().description());

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/oauth2/TokenBaseRestHandler.java
View File

@ -31,7 +31,7 @@ abstract class TokenBaseRestHandler extends SecurityBaseRestHandler {
Exception failedFeature = super.checkFeatureAvailable(request); Exception failedFeature = super.checkFeatureAvailable(request);
if (failedFeature != null) { if (failedFeature != null) {
return failedFeature; return failedFeature;
} else if (licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)) { } else if (licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)) {
return null; return null;
} else { } else {
logger.info("Security tokens are not available under the current [{}] license", licenseState.getOperationMode().description()); logger.info("Security tokens are not available under the current [{}] license", licenseState.getOperationMode().description());

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/SecurityStatusChangeListener.java
View File

@ -35,7 +35,7 @@ public class SecurityStatusChangeListener implements LicenseStateListener {
*/ */
@Override @Override
public synchronized void licenseStateChanged() { public synchronized void licenseStateChanged() {
final boolean newState = licenseState.isAllowed(XPackLicenseState.Feature.SECURITY) && licenseState.isSecurityEnabled(); final boolean newState = licenseState.checkFeature(XPackLicenseState.Feature.SECURITY) && licenseState.isSecurityEnabled();
// old state might be null (undefined) so do Object comparison // old state might be null (undefined) so do Object comparison
if (Objects.equals(newState, securityEnabled) == false) { if (Objects.equals(newState, securityEnabled) == false) {
logger.info("Active license is now [{}]; Security is {}", licenseState.getOperationMode(), newState ? "enabled" : "disabled"); logger.info("Active license is now [{}]; Security is {}", licenseState.getOperationMode(), newState ? "enabled" : "disabled");

2
x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java
View File

@ -201,7 +201,7 @@ public class IPFilter {
public boolean accept(String profile, InetSocketAddress peerAddress) { public boolean accept(String profile, InetSocketAddress peerAddress) {
if (licenseState.isSecurityEnabled() == false || if (licenseState.isSecurityEnabled() == false ||
licenseState.isAllowed(Feature.SECURITY_IP_FILTERING) == false) { licenseState.checkFeature(Feature.SECURITY_IP_FILTERING) == false) {
return true; return true;
} }

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilterTests.java
View File

@ -67,7 +67,7 @@ public class SecurityActionFilterTests extends ESTestCase {
authzService = mock(AuthorizationService.class); authzService = mock(AuthorizationService.class);
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_STATS_AND_HEALTH)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_STATS_AND_HEALTH)).thenReturn(true);
ThreadPool threadPool = mock(ThreadPool.class); ThreadPool threadPool = mock(ThreadPool.class);
threadContext = new ThreadContext(Settings.EMPTY); threadContext = new ThreadContext(Settings.EMPTY);
when(threadPool.getThreadContext()).thenReturn(threadContext); when(threadPool.getThreadContext()).thenReturn(threadContext);

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/oidc/TransportOpenIdConnectLogoutActionTests.java
View File

@ -179,7 +179,7 @@ public class TransportOpenIdConnectLogoutActionTests extends OpenIdConnectTestCa
final XPackLicenseState licenseState = mock(XPackLicenseState.class); final XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
tokenService = new TokenService(settings, Clock.systemUTC(), client, licenseState, new SecurityContext(settings, threadContext), tokenService = new TokenService(settings, Clock.systemUTC(), client, licenseState, new SecurityContext(settings, threadContext),
securityIndex, securityIndex, clusterService); securityIndex, securityIndex, clusterService);

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlInvalidateSessionActionTests.java
View File

@ -206,7 +206,7 @@ public class TransportSamlInvalidateSessionActionTests extends SamlTestCase {
final XPackLicenseState licenseState = mock(XPackLicenseState.class); final XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
final ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool); final ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool);
final SecurityContext securityContext = new SecurityContext(settings, threadContext); final SecurityContext securityContext = new SecurityContext(settings, threadContext);

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/saml/TransportSamlLogoutActionTests.java
View File

@ -209,7 +209,7 @@ public class TransportSamlLogoutActionTests extends SamlTestCase {
final XPackLicenseState licenseState = mock(XPackLicenseState.class); final XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
final ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool); final ClusterService clusterService = ClusterServiceUtils.createClusterService(threadPool);
final SecurityContext securityContext = new SecurityContext(settings, threadContext); final SecurityContext securityContext = new SecurityContext(settings, threadContext);
tokenService = new TokenService(settings, Clock.systemUTC(), client, licenseState, securityContext, securityIndex, securityIndex, tokenService = new TokenService(settings, Clock.systemUTC(), client, licenseState, securityContext, securityIndex, securityIndex,

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/token/TransportCreateTokenActionTests.java
View File

@ -170,7 +170,7 @@ public class TransportCreateTokenActionTests extends ESTestCase {
this.license = mock(XPackLicenseState.class); this.license = mock(XPackLicenseState.class);
when(license.isSecurityEnabled()).thenReturn(true); when(license.isSecurityEnabled()).thenReturn(true);
when(license.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(license.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
} }
@After @After

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/token/TransportInvalidateTokenActionTests.java
View File

@ -75,7 +75,7 @@ public class TransportInvalidateTokenActionTests extends ESTestCase {
this.clusterService = ClusterServiceUtils.createClusterService(threadPool); this.clusterService = ClusterServiceUtils.createClusterService(threadPool);
this.license = mock(XPackLicenseState.class); this.license = mock(XPackLicenseState.class);
when(license.isSecurityEnabled()).thenReturn(true); when(license.isSecurityEnabled()).thenReturn(true);
when(license.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(license.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
} }
public void testInvalidateTokensWhenIndexUnavailable() throws Exception { public void testInvalidateTokensWhenIndexUnavailable() throws Exception {

28
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailServiceTests.java
View File

@ -52,7 +52,7 @@ public class AuditTrailServiceTests extends ESTestCase {
service = new AuditTrailService(auditTrails, licenseState); service = new AuditTrailService(auditTrails, licenseState);
isAuditingAllowed = randomBoolean(); isAuditingAllowed = randomBoolean();
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(isAuditingAllowed); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(isAuditingAllowed);
token = mock(AuthenticationToken.class); token = mock(AuthenticationToken.class);
request = mock(TransportRequest.class); request = mock(TransportRequest.class);
restRequest = mock(RestRequest.class); restRequest = mock(RestRequest.class);
@ -61,7 +61,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailed() throws Exception { public void testAuthenticationFailed() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, token, "_action", request); service.get().authenticationFailed(requestId, token, "_action", request);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, token, "_action", request); verify(auditTrail).authenticationFailed(requestId, token, "_action", request);
@ -74,7 +74,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailedNoToken() throws Exception { public void testAuthenticationFailedNoToken() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, "_action", request); service.get().authenticationFailed(requestId, "_action", request);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, "_action", request); verify(auditTrail).authenticationFailed(requestId, "_action", request);
@ -87,7 +87,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailedRestNoToken() throws Exception { public void testAuthenticationFailedRestNoToken() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, restRequest); service.get().authenticationFailed(requestId, restRequest);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, restRequest); verify(auditTrail).authenticationFailed(requestId, restRequest);
@ -100,7 +100,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailedRest() throws Exception { public void testAuthenticationFailedRest() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, token, restRequest); service.get().authenticationFailed(requestId, token, restRequest);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, token, restRequest); verify(auditTrail).authenticationFailed(requestId, token, restRequest);
@ -113,7 +113,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailedRealm() throws Exception { public void testAuthenticationFailedRealm() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, "_realm", token, "_action", request); service.get().authenticationFailed(requestId, "_realm", token, "_action", request);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, "_realm", token, "_action", request); verify(auditTrail).authenticationFailed(requestId, "_realm", token, "_action", request);
@ -126,7 +126,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAuthenticationFailedRestRealm() throws Exception { public void testAuthenticationFailedRestRealm() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationFailed(requestId, "_realm", token, restRequest); service.get().authenticationFailed(requestId, "_realm", token, restRequest);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationFailed(requestId, "_realm", token, restRequest); verify(auditTrail).authenticationFailed(requestId, "_realm", token, restRequest);
@ -139,7 +139,7 @@ public class AuditTrailServiceTests extends ESTestCase {
public void testAnonymousAccess() throws Exception { public void testAnonymousAccess() throws Exception {
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().anonymousAccessDenied(requestId, "_action", request); service.get().anonymousAccessDenied(requestId, "_action", request);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).anonymousAccessDenied(requestId, "_action", request); verify(auditTrail).anonymousAccessDenied(requestId, "_action", request);
@ -156,7 +156,7 @@ public class AuditTrailServiceTests extends ESTestCase {
() -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) }); () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) });
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().accessGranted(requestId, authentication, "_action", request, authzInfo); service.get().accessGranted(requestId, authentication, "_action", request, authzInfo);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).accessGranted(requestId, authentication, "_action", request, authzInfo); verify(auditTrail).accessGranted(requestId, authentication, "_action", request, authzInfo);
@ -173,7 +173,7 @@ public class AuditTrailServiceTests extends ESTestCase {
() -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) }); () -> Collections.singletonMap(PRINCIPAL_ROLES_FIELD_NAME, new String[] { randomAlphaOfLengthBetween(1, 6) });
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().accessDenied(requestId, authentication, "_action", request, authzInfo); service.get().accessDenied(requestId, authentication, "_action", request, authzInfo);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).accessDenied(requestId, authentication, "_action", request, authzInfo); verify(auditTrail).accessDenied(requestId, authentication, "_action", request, authzInfo);
@ -187,7 +187,7 @@ public class AuditTrailServiceTests extends ESTestCase {
InetAddress inetAddress = InetAddress.getLoopbackAddress(); InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = randomBoolean() ? SecurityIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL; SecurityIpFilterRule rule = randomBoolean() ? SecurityIpFilterRule.ACCEPT_ALL : IPFilter.DEFAULT_PROFILE_ACCEPT_ALL;
service.get().connectionGranted(inetAddress, "client", rule); service.get().connectionGranted(inetAddress, "client", rule);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).connectionGranted(inetAddress, "client", rule); verify(auditTrail).connectionGranted(inetAddress, "client", rule);
@ -201,7 +201,7 @@ public class AuditTrailServiceTests extends ESTestCase {
InetAddress inetAddress = InetAddress.getLoopbackAddress(); InetAddress inetAddress = InetAddress.getLoopbackAddress();
SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all"); SecurityIpFilterRule rule = new SecurityIpFilterRule(false, "_all");
service.get().connectionDenied(inetAddress, "client", rule); service.get().connectionDenied(inetAddress, "client", rule);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).connectionDenied(inetAddress, "client", rule); verify(auditTrail).connectionDenied(inetAddress, "client", rule);
@ -216,7 +216,7 @@ public class AuditTrailServiceTests extends ESTestCase {
String realm = "_realm"; String realm = "_realm";
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationSuccess(requestId, realm, user, restRequest); service.get().authenticationSuccess(requestId, realm, user, restRequest);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationSuccess(requestId, realm, user, restRequest); verify(auditTrail).authenticationSuccess(requestId, realm, user, restRequest);
@ -231,7 +231,7 @@ public class AuditTrailServiceTests extends ESTestCase {
String realm = "_realm"; String realm = "_realm";
final String requestId = randomAlphaOfLengthBetween(6, 12); final String requestId = randomAlphaOfLengthBetween(6, 12);
service.get().authenticationSuccess(requestId, realm, user, "_action", request); service.get().authenticationSuccess(requestId, realm, user, "_action", request);
verify(licenseState).isAllowed(Feature.SECURITY_AUDITING); verify(licenseState).checkFeature(Feature.SECURITY_AUDITING);
if (isAuditingAllowed) { if (isAuditingAllowed) {
for (AuditTrail auditTrail : auditTrails) { for (AuditTrail auditTrail : auditTrails) {
verify(auditTrail).authenticationSuccess(requestId, realm, user, "_action", request); verify(auditTrail).authenticationSuccess(requestId, realm, user, "_action", request);

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ApiKeyServiceTests.java
View File

@ -100,7 +100,7 @@ public class ApiKeyServiceTests extends ESTestCase {
public void setupMocks() { public void setupMocks() {
this.licenseState = mock(XPackLicenseState.class); this.licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true);
this.client = mock(Client.class); this.client = mock(Client.class);
this.securityIndex = SecurityMocks.mockSecurityIndexManager(); this.securityIndex = SecurityMocks.mockSecurityIndexManager();
@ -169,7 +169,7 @@ public class ApiKeyServiceTests extends ESTestCase {
mockKeyDocument(service, id, key, new User(randomAlphaOfLength(6), randomAlphaOfLength(12))); mockKeyDocument(service, id, key, new User(randomAlphaOfLength(6), randomAlphaOfLength(12)));
when(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(false);
final AuthenticationResult auth = tryAuthenticate(service, id, key); final AuthenticationResult auth = tryAuthenticate(service, id, key);
assertThat(auth.getStatus(), is(AuthenticationResult.Status.CONTINUE)); assertThat(auth.getStatus(), is(AuthenticationResult.Status.CONTINUE));
assertThat(auth.getUser(), nullValue()); assertThat(auth.getUser(), nullValue());

8
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/AuthenticationServiceTests.java
View File

@ -189,12 +189,12 @@ public class AuthenticationServiceTests extends ESTestCase {
.put(XPackSettings.API_KEY_SERVICE_ENABLED_SETTING.getKey(), true) .put(XPackSettings.API_KEY_SERVICE_ENABLED_SETTING.getKey(), true)
.build(); .build();
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS)).thenReturn(true);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
ReservedRealm reservedRealm = mock(ReservedRealm.class); ReservedRealm reservedRealm = mock(ReservedRealm.class);
when(reservedRealm.type()).thenReturn("reserved"); when(reservedRealm.type()).thenReturn("reserved");
when(reservedRealm.name()).thenReturn("reserved_realm"); when(reservedRealm.name()).thenReturn("reserved_realm");

12
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/RealmsTests.java
View File

@ -82,18 +82,18 @@ public class RealmsTests extends ESTestCase {
} }
private void allowAllRealms() { private void allowAllRealms() {
when(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS)).thenReturn(true);
} }
private void allowOnlyStandardRealms() { private void allowOnlyStandardRealms() {
when(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS)).thenReturn(false);
when(licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS)).thenReturn(true);
} }
private void allowOnlyNativeRealms() { private void allowOnlyNativeRealms() {
when(licenseState.isAllowed(Feature.SECURITY_ALL_REALMS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_ALL_REALMS)).thenReturn(false);
when(licenseState.isAllowed(Feature.SECURITY_STANDARD_REALMS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_STANDARD_REALMS)).thenReturn(false);
} }
public void testWithSettings() throws Exception { public void testWithSettings() throws Exception {

6
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/TokenServiceTests.java
View File

@ -144,7 +144,7 @@ public class TokenServiceTests extends ESTestCase {
// License state (enabled by default) // License state (enabled by default)
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
// version 7.2 was an "inflection" point in the Token Service development (access_tokens as UUIDS, multiple concurrent refreshes, // version 7.2 was an "inflection" point in the Token Service development (access_tokens as UUIDS, multiple concurrent refreshes,
// tokens docs on a separate index), let's test the TokenService works in a mixed cluster with nodes with versions prior to these // tokens docs on a separate index), let's test the TokenService works in a mixed cluster with nodes with versions prior to these
@ -755,7 +755,7 @@ public class TokenServiceTests extends ESTestCase {
} }
public void testCannotValidateTokenIfLicenseDoesNotAllowTokens() throws Exception { public void testCannotValidateTokenIfLicenseDoesNotAllowTokens() throws Exception {
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(true);
TokenService tokenService = createTokenService(tokenServiceEnabledSettings, Clock.systemUTC()); TokenService tokenService = createTokenService(tokenServiceEnabledSettings, Clock.systemUTC());
Authentication authentication = new Authentication(new User("joe", "admin"), new RealmRef("native_realm", "native", "node1"), null); Authentication authentication = new Authentication(new User("joe", "admin"), new RealmRef("native_realm", "native", "node1"), null);
final String userTokenId = UUIDs.randomBase64UUID(); final String userTokenId = UUIDs.randomBase64UUID();
@ -768,7 +768,7 @@ public class TokenServiceTests extends ESTestCase {
storeTokenHeader(threadContext, tokenService.prependVersionAndEncodeAccessToken(token.getVersion(), accessToken)); storeTokenHeader(threadContext, tokenService.prependVersionAndEncodeAccessToken(token.getVersion(), accessToken));
PlainActionFuture<UserToken> authFuture = new PlainActionFuture<>(); PlainActionFuture<UserToken> authFuture = new PlainActionFuture<>();
when(licenseState.isAllowed(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_TOKEN_SERVICE)).thenReturn(false);
tokenService.getAndValidateToken(threadContext, authFuture); tokenService.getAndValidateToken(threadContext, authFuture);
UserToken authToken = authFuture.actionGet(); UserToken authToken = authFuture.actionGet();
assertThat(authToken, Matchers.nullValue()); assertThat(authToken, Matchers.nullValue());

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/kerberos/KerberosRealmTestCase.java
View File

@ -85,7 +85,7 @@ public abstract class KerberosRealmTestCase extends ESTestCase {
writeKeyTab(dir.resolve("key.keytab"), "asa").toString(), 100, "10m", true, randomBoolean()); writeKeyTab(dir.resolve("key.keytab"), "asa").toString(), 100, "10m", true, randomBoolean());
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true);
} }
@After @After

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ldap/LdapRealmTests.java
View File

@ -108,7 +108,7 @@ public class LdapRealmTests extends LdapTestCase {
sslService = new SSLService(defaultGlobalSettings, TestEnvironment.newEnvironment(defaultGlobalSettings)); sslService = new SSLService(defaultGlobalSettings, TestEnvironment.newEnvironment(defaultGlobalSettings));
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true);
} }
@After @After

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/oidc/OpenIdConnectRealmTests.java
View File

@ -382,7 +382,7 @@ public class OpenIdConnectRealmTests extends OpenIdConnectTestCase {
private void initializeRealms(Realm... realms) { private void initializeRealms(Realm... realms) {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true);
final List<Realm> realmList = Arrays.asList(realms); final List<Realm> realmList = Arrays.asList(realms);
for (Realm realm : realms) { for (Realm realm : realms) {

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiRealmTests.java
View File

@ -76,7 +76,7 @@ public class PkiRealmTests extends ESTestCase {
.build(); .build();
licenseState = mock(XPackLicenseState.class); licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true);
} }
public void testTokenSupport() throws Exception { public void testTokenSupport() throws Exception {

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/saml/SamlRealmTests.java
View File

@ -298,7 +298,7 @@ public class SamlRealmTests extends SamlTestCase {
private void initializeRealms(Realm... realms) { private void initializeRealms(Realm... realms) {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(true);
final List<Realm> realmList = Arrays.asList(realms); final List<Realm> realmList = Arrays.asList(realms);
for (Realm realm : realms) { for (Realm realm : realms) {

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/support/DelegatedAuthorizationSupportTests.java
View File

@ -190,7 +190,7 @@ public class DelegatedAuthorizationSupportTests extends ESTestCase {
private XPackLicenseState getLicenseState(boolean authzRealmsAllowed) { private XPackLicenseState getLicenseState(boolean authzRealmsAllowed) {
final XPackLicenseState license = mock(XPackLicenseState.class); final XPackLicenseState license = mock(XPackLicenseState.class);
when(license.isSecurityEnabled()).thenReturn(true); when(license.isSecurityEnabled()).thenReturn(true);
when(license.isAllowed(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(authzRealmsAllowed); when(license.checkFeature(Feature.SECURITY_AUTHORIZATION_REALM)).thenReturn(authzRealmsAllowed);
return license; return license;
} }
} }

26
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java
View File

@ -205,7 +205,7 @@ public class AuthorizationServiceTests extends ESTestCase {
auditTrail = mock(AuditTrail.class); auditTrail = mock(AuditTrail.class);
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState); auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState);
threadContext = new ThreadContext(settings); threadContext = new ThreadContext(settings);
threadPool = mock(ThreadPool.class); threadPool = mock(ThreadPool.class);
@ -1457,7 +1457,7 @@ public class AuthorizationServiceTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
authorizationService = new AuthorizationService(Settings.EMPTY, rolesStore, clusterService, authorizationService = new AuthorizationService(Settings.EMPTY, rolesStore, clusterService,
auditTrailService, new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool, auditTrailService, new DefaultAuthenticationFailureHandler(Collections.emptyMap()), threadPool,
new AnonymousUser(Settings.EMPTY), engine, Collections.emptySet(), licenseState, new IndexNameExpressionResolver()); new AnonymousUser(Settings.EMPTY), engine, Collections.emptySet(), licenseState, new IndexNameExpressionResolver());
@ -1465,61 +1465,61 @@ public class AuthorizationServiceTests extends ESTestCase {
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(new User("test user", "a_all")); authentication = createAuthentication(new User("test user", "a_all"));
assertEquals(engine, authorizationService.getAuthorizationEngine(authentication)); assertEquals(engine, authorizationService.getAuthorizationEngine(authentication));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(new User("runas", new String[]{"runas_role"}, new User("runner", "runner_role"))); authentication = createAuthentication(new User("runas", new String[]{"runas_role"}, new User("runner", "runner_role")));
assertEquals(engine, authorizationService.getAuthorizationEngine(authentication)); assertEquals(engine, authorizationService.getAuthorizationEngine(authentication));
assertEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication)); assertEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(new User("runas", new String[]{"runas_role"}, new ElasticUser(true))); authentication = createAuthentication(new User("runas", new String[]{"runas_role"}, new ElasticUser(true)));
assertEquals(engine, authorizationService.getAuthorizationEngine(authentication)); assertEquals(engine, authorizationService.getAuthorizationEngine(authentication));
assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication)); assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(new User("elastic", new String[]{"superuser"}, new User("runner", "runner_role"))); authentication = createAuthentication(new User("elastic", new String[]{"superuser"}, new User("runner", "runner_role")));
assertNotEquals(engine, authorizationService.getAuthorizationEngine(authentication)); assertNotEquals(engine, authorizationService.getAuthorizationEngine(authentication));
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication)); assertEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(new User("kibana", new String[]{"kibana_system"}, new ElasticUser(true))); authentication = createAuthentication(new User("kibana", new String[]{"kibana_system"}, new ElasticUser(true)));
assertNotEquals(engine, authorizationService.getAuthorizationEngine(authentication)); assertNotEquals(engine, authorizationService.getAuthorizationEngine(authentication));
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication)); assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(true);
try (ThreadContext.StoredContext ignore = threadContext.stashContext()) { try (ThreadContext.StoredContext ignore = threadContext.stashContext()) {
authentication = createAuthentication(randomFrom(XPackUser.INSTANCE, XPackSecurityUser.INSTANCE, authentication = createAuthentication(randomFrom(XPackUser.INSTANCE, XPackSecurityUser.INSTANCE,
new ElasticUser(true), new KibanaUser(true))); new ElasticUser(true), new KibanaUser(true)));
assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication)); assertNotEquals(engine, authorizationService.getRunAsAuthorizationEngine(authentication));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
when(licenseState.isAllowed(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_AUTHORIZATION_ENGINE)).thenReturn(false);
assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class)); assertThat(authorizationService.getRunAsAuthorizationEngine(authentication), instanceOf(RBACEngine.class));
} }

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java
View File

@ -97,7 +97,7 @@ public class SecuritySearchOperationListenerTests extends ESTestCase {
testSearchContext.scrollContext().scroll = new Scroll(TimeValue.timeValueSeconds(2L)); testSearchContext.scrollContext().scroll = new Scroll(TimeValue.timeValueSeconds(2L));
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
ThreadContext threadContext = new ThreadContext(Settings.EMPTY); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext); final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
AuditTrail auditTrail = mock(AuditTrail.class); AuditTrail auditTrail = mock(AuditTrail.class);
@ -186,7 +186,7 @@ public class SecuritySearchOperationListenerTests extends ESTestCase {
TransportRequest request = Empty.INSTANCE; TransportRequest request = Empty.INSTANCE;
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
AuditTrail auditTrail = mock(AuditTrail.class); AuditTrail auditTrail = mock(AuditTrail.class);
AuditTrailService auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState); AuditTrailService auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState);

8
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/IndicesAliasesRequestInterceptorTests.java
View File

@ -47,8 +47,8 @@ public class IndicesAliasesRequestInterceptorTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
ThreadContext threadContext = new ThreadContext(Settings.EMPTY); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState); AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState);
Authentication authentication = new Authentication(new User("john", "role"), new RealmRef(null, null, null), Authentication authentication = new Authentication(new User("john", "role"), new RealmRef(null, null, null),
@ -106,8 +106,8 @@ public class IndicesAliasesRequestInterceptorTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(randomBoolean()); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(randomBoolean());
ThreadContext threadContext = new ThreadContext(Settings.EMPTY); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState); AuditTrailService auditTrailService = new AuditTrailService(Collections.emptyList(), licenseState);
Authentication authentication = new Authentication(new User("john", "role"), new RealmRef(null, null, null), Authentication authentication = new Authentication(new User("john", "role"), new RealmRef(null, null, null),

8
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/interceptor/ResizeRequestInterceptorTests.java
View File

@ -51,8 +51,8 @@ public class ResizeRequestInterceptorTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
ThreadPool threadPool = mock(ThreadPool.class); ThreadPool threadPool = mock(ThreadPool.class);
ThreadContext threadContext = new ThreadContext(Settings.EMPTY); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
when(threadPool.getThreadContext()).thenReturn(threadContext); when(threadPool.getThreadContext()).thenReturn(threadContext);
@ -103,8 +103,8 @@ public class ResizeRequestInterceptorTests extends ESTestCase {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState); when(licenseState.copyCurrentLicenseState()).thenReturn(licenseState);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_AUDITING)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_AUDITING)).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
ThreadPool threadPool = mock(ThreadPool.class); ThreadPool threadPool = mock(ThreadPool.class);
ThreadContext threadContext = new ThreadContext(Settings.EMPTY); ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
when(threadPool.getThreadContext()).thenReturn(threadContext); when(threadPool.getThreadContext()).thenReturn(threadContext);

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java
View File

@ -119,7 +119,7 @@ public class CompositeRolesStoreTests extends ESTestCase {
public void testRolesWhenDlsFlsUnlicensed() throws IOException { public void testRolesWhenDlsFlsUnlicensed() throws IOException {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(false);
RoleDescriptor flsRole = new RoleDescriptor("fls", null, new IndicesPrivileges[] { RoleDescriptor flsRole = new RoleDescriptor("fls", null, new IndicesPrivileges[] {
IndicesPrivileges.builder() IndicesPrivileges.builder()
.grantedFields("*") .grantedFields("*")
@ -190,7 +190,7 @@ public class CompositeRolesStoreTests extends ESTestCase {
public void testRolesWhenDlsFlsLicensed() throws IOException { public void testRolesWhenDlsFlsLicensed() throws IOException {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
RoleDescriptor flsRole = new RoleDescriptor("fls", null, new IndicesPrivileges[] { RoleDescriptor flsRole = new RoleDescriptor("fls", null, new IndicesPrivileges[] {
IndicesPrivileges.builder() IndicesPrivileges.builder()
.grantedFields("*") .grantedFields("*")

23
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java
View File

@ -16,6 +16,7 @@ import org.elasticsearch.env.Environment;
import org.elasticsearch.env.TestEnvironment; import org.elasticsearch.env.TestEnvironment;
import org.elasticsearch.index.query.MatchAllQueryBuilder; import org.elasticsearch.index.query.MatchAllQueryBuilder;
import org.elasticsearch.index.query.QueryBuilder; import org.elasticsearch.index.query.QueryBuilder;
import org.elasticsearch.license.TestUtils;
import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.license.XPackLicenseState.Feature;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -77,7 +78,7 @@ public class FileRolesStoreTests extends ESTestCase {
Path path = getDataPath("roles.yml"); Path path = getDataPath("roles.yml");
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.builder() Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.builder()
.put(XPackSettings.DLS_FLS_ENABLED.getKey(), true) .put(XPackSettings.DLS_FLS_ENABLED.getKey(), true)
.build(), new XPackLicenseState(Settings.EMPTY), xContentRegistry()); .build(), TestUtils.newTestLicenseState(), xContentRegistry());
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(9)); assertThat(roles.size(), is(9));
@ -258,7 +259,7 @@ public class FileRolesStoreTests extends ESTestCase {
events.clear(); events.clear();
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.builder() Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.builder()
.put(XPackSettings.DLS_FLS_ENABLED.getKey(), false) .put(XPackSettings.DLS_FLS_ENABLED.getKey(), false)
.build(), new XPackLicenseState(Settings.EMPTY), xContentRegistry()); .build(), TestUtils.newTestLicenseState(), xContentRegistry());
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(6)); assertThat(roles.size(), is(6));
assertThat(roles.get("role_fields"), nullValue()); assertThat(roles.get("role_fields"), nullValue());
@ -289,7 +290,7 @@ public class FileRolesStoreTests extends ESTestCase {
events.clear(); events.clear();
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(false);
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, licenseState, xContentRegistry()); Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, licenseState, xContentRegistry());
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(9)); assertThat(roles.size(), is(9));
@ -314,7 +315,7 @@ public class FileRolesStoreTests extends ESTestCase {
public void testDefaultRolesFile() throws Exception { public void testDefaultRolesFile() throws Exception {
// TODO we should add the config dir to the resources so we don't copy this stuff around... // TODO we should add the config dir to the resources so we don't copy this stuff around...
Path path = getDataPath("default_roles.yml"); Path path = getDataPath("default_roles.yml");
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, new XPackLicenseState(Settings.EMPTY), Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, TestUtils.newTestLicenseState(),
xContentRegistry()); xContentRegistry());
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(0)); assertThat(roles.size(), is(0));
@ -345,7 +346,7 @@ public class FileRolesStoreTests extends ESTestCase {
FileRolesStore store = new FileRolesStore(settings, env, watcherService, roleSet -> { FileRolesStore store = new FileRolesStore(settings, env, watcherService, roleSet -> {
modifiedRoles.addAll(roleSet); modifiedRoles.addAll(roleSet);
latch.countDown(); latch.countDown();
}, new XPackLicenseState(Settings.EMPTY), xContentRegistry()); }, TestUtils.newTestLicenseState(), xContentRegistry());
Set<RoleDescriptor> descriptors = store.roleDescriptors(Collections.singleton("role1")); Set<RoleDescriptor> descriptors = store.roleDescriptors(Collections.singleton("role1"));
assertThat(descriptors, notNullValue()); assertThat(descriptors, notNullValue());
@ -401,7 +402,7 @@ public class FileRolesStoreTests extends ESTestCase {
if (roleSet.contains("dummy1")) { if (roleSet.contains("dummy1")) {
truncateLatch.countDown(); truncateLatch.countDown();
} }
}, new XPackLicenseState(Settings.EMPTY), xContentRegistry()); }, TestUtils.newTestLicenseState(), xContentRegistry());
final Set<String> allRolesPreTruncate = store.getAllRoleNames(); final Set<String> allRolesPreTruncate = store.getAllRoleNames();
assertTrue(allRolesPreTruncate.contains("role5")); assertTrue(allRolesPreTruncate.contains("role5"));
@ -430,7 +431,7 @@ public class FileRolesStoreTests extends ESTestCase {
if (roleSet.contains("dummy2")) { if (roleSet.contains("dummy2")) {
modifyLatch.countDown(); modifyLatch.countDown();
} }
}, new XPackLicenseState(Settings.EMPTY), xContentRegistry()); }, TestUtils.newTestLicenseState(), xContentRegistry());
try (BufferedWriter writer = Files.newBufferedWriter(tmp, StandardCharsets.UTF_8, StandardOpenOption.TRUNCATE_EXISTING)) { try (BufferedWriter writer = Files.newBufferedWriter(tmp, StandardCharsets.UTF_8, StandardOpenOption.TRUNCATE_EXISTING)) {
writer.append("role5:").append(System.lineSeparator()); writer.append("role5:").append(System.lineSeparator());
@ -458,7 +459,7 @@ public class FileRolesStoreTests extends ESTestCase {
public void testThatEmptyFileDoesNotResultInLoop() throws Exception { public void testThatEmptyFileDoesNotResultInLoop() throws Exception {
Path file = createTempFile(); Path file = createTempFile();
Files.write(file, Collections.singletonList("#"), StandardCharsets.UTF_8); Files.write(file, Collections.singletonList("#"), StandardCharsets.UTF_8);
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(file, logger, Settings.EMPTY, new XPackLicenseState(Settings.EMPTY), Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(file, logger, Settings.EMPTY, TestUtils.newTestLicenseState(),
xContentRegistry()); xContentRegistry());
assertThat(roles.keySet(), is(empty())); assertThat(roles.keySet(), is(empty()));
} }
@ -468,7 +469,7 @@ public class FileRolesStoreTests extends ESTestCase {
Logger logger = CapturingLogger.newCapturingLogger(Level.ERROR, null); Logger logger = CapturingLogger.newCapturingLogger(Level.ERROR, null);
List<String> entries = CapturingLogger.output(logger.getName(), Level.ERROR); List<String> entries = CapturingLogger.output(logger.getName(), Level.ERROR);
entries.clear(); entries.clear();
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, new XPackLicenseState(Settings.EMPTY), Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, TestUtils.newTestLicenseState(),
xContentRegistry()); xContentRegistry());
assertThat(roles.size(), is(1)); assertThat(roles.size(), is(1));
assertThat(roles, hasKey("valid_role")); assertThat(roles, hasKey("valid_role"));
@ -511,7 +512,7 @@ public class FileRolesStoreTests extends ESTestCase {
List<String> events = CapturingLogger.output(logger.getName(), Level.ERROR); List<String> events = CapturingLogger.output(logger.getName(), Level.ERROR);
events.clear(); events.clear();
Path path = getDataPath("reserved_roles.yml"); Path path = getDataPath("reserved_roles.yml");
Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, new XPackLicenseState(Settings.EMPTY), Map<String, RoleDescriptor> roles = FileRolesStore.parseFile(path, logger, Settings.EMPTY, TestUtils.newTestLicenseState(),
xContentRegistry()); xContentRegistry());
assertThat(roles, notNullValue()); assertThat(roles, notNullValue());
assertThat(roles.size(), is(1)); assertThat(roles.size(), is(1));
@ -543,7 +544,7 @@ public class FileRolesStoreTests extends ESTestCase {
.put(XPackSettings.DLS_FLS_ENABLED.getKey(), flsDlsEnabled) .put(XPackSettings.DLS_FLS_ENABLED.getKey(), flsDlsEnabled)
.build(); .build();
Environment env = TestEnvironment.newEnvironment(settings); Environment env = TestEnvironment.newEnvironment(settings);
FileRolesStore store = new FileRolesStore(settings, env, mock(ResourceWatcherService.class), new XPackLicenseState(Settings.EMPTY), FileRolesStore store = new FileRolesStore(settings, env, mock(ResourceWatcherService.class), TestUtils.newTestLicenseState(),
xContentRegistry()); xContentRegistry());
Map<String, Object> usageStats = store.usageStats(); Map<String, Object> usageStats = store.usageStats();

7
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java
View File

@ -35,6 +35,7 @@ import org.elasticsearch.common.xcontent.XContentType;
import org.elasticsearch.index.Index; import org.elasticsearch.index.Index;
import org.elasticsearch.index.query.QueryBuilders; import org.elasticsearch.index.query.QueryBuilders;
import org.elasticsearch.index.shard.ShardId; import org.elasticsearch.index.shard.ShardId;
import org.elasticsearch.license.TestUtils;
import org.elasticsearch.license.XPackLicenseState; import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.license.XPackLicenseState.Feature; import org.elasticsearch.license.XPackLicenseState.Feature;
import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.ESTestCase;
@ -85,7 +86,7 @@ public class NativeRolesStoreTests extends ESTestCase {
byte[] bytes = Files.readAllBytes(path); byte[] bytes = Files.readAllBytes(path);
String roleString = new String(bytes, Charset.defaultCharset()); String roleString = new String(bytes, Charset.defaultCharset());
RoleDescriptor role = NativeRolesStore.transformRole(RoleDescriptor.ROLE_TYPE + "role1", RoleDescriptor role = NativeRolesStore.transformRole(RoleDescriptor.ROLE_TYPE + "role1",
new BytesArray(roleString), logger, new XPackLicenseState(Settings.EMPTY)); new BytesArray(roleString), logger, TestUtils.newTestLicenseState());
assertNotNull(role); assertNotNull(role);
assertNotNull(role.getIndicesPrivileges()); assertNotNull(role.getIndicesPrivileges());
RoleDescriptor.IndicesPrivileges indicesPrivileges = role.getIndicesPrivileges()[0]; RoleDescriptor.IndicesPrivileges indicesPrivileges = role.getIndicesPrivileges()[0];
@ -96,7 +97,7 @@ public class NativeRolesStoreTests extends ESTestCase {
public void testRoleDescriptorWithFlsDlsLicensing() throws IOException { public void testRoleDescriptorWithFlsDlsLicensing() throws IOException {
XPackLicenseState licenseState = mock(XPackLicenseState.class); XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isSecurityEnabled()).thenReturn(true); when(licenseState.isSecurityEnabled()).thenReturn(true);
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(false); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(false);
RoleDescriptor flsRole = new RoleDescriptor("fls", null, RoleDescriptor flsRole = new RoleDescriptor("fls", null,
new IndicesPrivileges[] { IndicesPrivileges.builder().privileges("READ").indices("*") new IndicesPrivileges[] { IndicesPrivileges.builder().privileges("READ").indices("*")
.grantedFields("*") .grantedFields("*")
@ -158,7 +159,7 @@ public class NativeRolesStoreTests extends ESTestCase {
assertNotNull(role); assertNotNull(role);
assertFalse(role.getTransientMetadata().containsKey("unlicensed_features")); assertFalse(role.getTransientMetadata().containsKey("unlicensed_features"));
when(licenseState.isAllowed(Feature.SECURITY_DLS_FLS)).thenReturn(true); when(licenseState.checkFeature(Feature.SECURITY_DLS_FLS)).thenReturn(true);
builder = flsRole.toXContent(XContentBuilder.builder(XContentType.JSON.xContent()), ToXContent.EMPTY_PARAMS); builder = flsRole.toXContent(XContentBuilder.builder(XContentType.JSON.xContent()), ToXContent.EMPTY_PARAMS);
bytes = BytesReference.bytes(builder); bytes = BytesReference.bytes(builder);
role = NativeRolesStore.transformRole(RoleDescriptor.ROLE_TYPE + "fls", bytes, logger, licenseState); role = NativeRolesStore.transformRole(RoleDescriptor.ROLE_TYPE + "fls", bytes, logger, licenseState);

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/SecurityBaseRestHandlerTests.java
View File

@ -30,7 +30,7 @@ public class SecurityBaseRestHandlerTests extends ESTestCase {
final boolean securityDefaultEnabled = randomBoolean(); final boolean securityDefaultEnabled = randomBoolean();
final AtomicBoolean consumerCalled = new AtomicBoolean(false); final AtomicBoolean consumerCalled = new AtomicBoolean(false);
final XPackLicenseState licenseState = mock(XPackLicenseState.class); final XPackLicenseState licenseState = mock(XPackLicenseState.class);
when(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(true); when(licenseState.checkFeature(XPackLicenseState.Feature.SECURITY)).thenReturn(true);
when(licenseState.isSecurityEnabled()).thenReturn(securityDefaultEnabled); when(licenseState.isSecurityEnabled()).thenReturn(securityDefaultEnabled);
when(licenseState.getOperationMode()).thenReturn( when(licenseState.getOperationMode()).thenReturn(
randomFrom(License.OperationMode.BASIC, License.OperationMode.STANDARD, License.OperationMode.GOLD)); randomFrom(License.OperationMode.BASIC, License.OperationMode.STANDARD, License.OperationMode.GOLD));
@ -63,7 +63,7 @@ public class SecurityBaseRestHandlerTests extends ESTestCase {
verifyZeroInteractions(licenseState); verifyZeroInteractions(licenseState);
handler.handleRequest(fakeRestRequest, fakeRestChannel, client); handler.handleRequest(fakeRestRequest, fakeRestChannel, client);
verify(licenseState).isAllowed(XPackLicenseState.Feature.SECURITY); verify(licenseState).checkFeature(XPackLicenseState.Feature.SECURITY);
if (securityDefaultEnabled) { if (securityDefaultEnabled) {
assertTrue(consumerCalled.get()); assertTrue(consumerCalled.get());
assertEquals(0, fakeRestChannel.responses().get()); assertEquals(0, fakeRestChannel.responses().get());

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/apikey/RestCreateApiKeyActionTests.java
View File

@ -54,9 +54,9 @@ public class RestCreateApiKeyActionTests extends ESTestCase {
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString()) .put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString())
.build(); .build();
threadPool = new ThreadPool(settings); threadPool = new ThreadPool(settings);
when(mockLicenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(true); when(mockLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY)).thenReturn(true);
when(mockLicenseState.isSecurityEnabled()).thenReturn(true); when(mockLicenseState.isSecurityEnabled()).thenReturn(true);
when(mockLicenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true); when(mockLicenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true);
} }
@Override @Override

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/apikey/RestGetApiKeyActionTests.java
View File

@ -54,9 +54,9 @@ public class RestGetApiKeyActionTests extends ESTestCase {
settings = Settings.builder().put("path.home", createTempDir().toString()).put("node.name", "test-" + getTestName()) settings = Settings.builder().put("path.home", createTempDir().toString()).put("node.name", "test-" + getTestName())
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString()).build(); .put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString()).build();
threadPool = new ThreadPool(settings); threadPool = new ThreadPool(settings);
when(mockLicenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(true); when(mockLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY)).thenReturn(true);
when(mockLicenseState.isSecurityEnabled()).thenReturn(true); when(mockLicenseState.isSecurityEnabled()).thenReturn(true);
when(mockLicenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true); when(mockLicenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true);
} }
@Override @Override

4
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/apikey/RestInvalidateApiKeyActionTests.java
View File

@ -54,9 +54,9 @@ public class RestInvalidateApiKeyActionTests extends ESTestCase {
.put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString()) .put(Environment.PATH_HOME_SETTING.getKey(), createTempDir().toString())
.build(); .build();
threadPool = new ThreadPool(settings); threadPool = new ThreadPool(settings);
when(mockLicenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(true); when(mockLicenseState.checkFeature(XPackLicenseState.Feature.SECURITY)).thenReturn(true);
when(mockLicenseState.isSecurityEnabled()).thenReturn(true); when(mockLicenseState.isSecurityEnabled()).thenReturn(true);
when(mockLicenseState.isAllowed(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true); when(mockLicenseState.checkFeature(Feature.SECURITY_API_KEY_SERVICE)).thenReturn(true);
} }
@Override @Override

2
x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/user/RestGetUserPrivilegesActionTests.java
View File

@ -42,7 +42,7 @@ public class RestGetUserPrivilegesActionTests extends ESTestCase {
final XPackLicenseState licenseState = mock(XPackLicenseState.class); final XPackLicenseState licenseState = mock(XPackLicenseState.class);
final RestGetUserPrivilegesAction action = final RestGetUserPrivilegesAction action =
new RestGetUserPrivilegesAction(Settings.EMPTY, mock(SecurityContext.class), licenseState); new RestGetUserPrivilegesAction(Settings.EMPTY, mock(SecurityContext.class), licenseState);
when(licenseState.isAllowed(XPackLicenseState.Feature.SECURITY)).thenReturn(false); when(licenseState.checkFeature(XPackLicenseState.Feature.SECURITY)).thenReturn(false);
final FakeRestRequest request = new FakeRestRequest(); final FakeRestRequest request = new FakeRestRequest();
final FakeRestChannel channel = new FakeRestChannel(request, true, 1); final FakeRestChannel channel = new FakeRestChannel(request, true, 1);
action.handleRequest(request, channel, mock(NodeClient.class)); action.handleRequest(request, channel, mock(NodeClient.class));

Some files were not shown because too many files have changed in this diff Show More