From c9421594bf36ee69af915f8984e3f9bc82502fb9 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Mon, 30 Mar 2020 11:42:19 -0700 Subject: [PATCH] Remove allowTrial flag in license checking (#54293) The allowTrial flag is always true, since trial licenses act as though everything is licensed. This commit removes the allowTrial flag in license checking helper methods. --- .../license/RemoteClusterLicenseChecker.java | 2 +- .../license/XPackLicenseState.java | 50 +++++++++---------- .../RemoteClusterLicenseCheckerTests.java | 12 ++--- .../validation/SourceDestValidatorTests.java | 12 ++--- 4 files changed, 37 insertions(+), 39 deletions(-) diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java index b4abf6e88c8..43ba90c9e33 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java @@ -140,7 +140,7 @@ public final class RemoteClusterLicenseChecker { public static boolean isAllowedByLicense(final XPackInfoResponse.LicenseInfo licenseInfo) { final License.OperationMode mode = License.OperationMode.parse(licenseInfo.getMode()); - return XPackLicenseState.isAllowedByOperationMode(mode, License.OperationMode.PLATINUM, true); + return XPackLicenseState.isAllowedByOperationMode(mode, License.OperationMode.PLATINUM); } /** diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java index 32f00dd394c..9b15c4176c3 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/XPackLicenseState.java @@ -405,15 +405,15 @@ public class XPackLicenseState { * @return true if authentication and authorization should be enabled. */ public boolean isAuthAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.BASIC, false, true); + return isAllowedBySecurityAndLicense(OperationMode.BASIC, false); } public boolean isIpFilteringAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.GOLD, false, true); + return isAllowedBySecurityAndLicense(OperationMode.GOLD, false); } public boolean isAuditingAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.GOLD, false, true); + return isAllowedBySecurityAndLicense(OperationMode.GOLD, false); } public boolean isStatsAndHealthAllowed() { @@ -434,33 +434,33 @@ public class XPackLicenseState { * @return {@code true} to enable DLS and FLS. Otherwise {@code false}. */ public boolean isDocumentAndFieldLevelSecurityAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, false, true); + return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, false); } public boolean areAllRealmsAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, false, true); + return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, false); } public boolean areStandardRealmsAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.GOLD, false, true); + return isAllowedBySecurityAndLicense(OperationMode.GOLD, false); } public boolean isCustomRoleProvidersAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true, true); + return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true); } /** * Whether the Elasticsearch {@code TokenService} is allowed */ public boolean isTokenServiceAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.GOLD, false, true); + return isAllowedBySecurityAndLicense(OperationMode.GOLD, false); } /** * Whether the Elasticsearch {@code ApiKeyService} is allowed */ public boolean isApiKeyServiceAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.MISSING, false, true); + return isAllowedBySecurityAndLicense(OperationMode.MISSING, false); } /** @@ -468,7 +468,7 @@ public class XPackLicenseState { * @see org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings */ public boolean isAuthorizationRealmAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true, true); + return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true); } /** @@ -476,7 +476,7 @@ public class XPackLicenseState { * @see org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings */ public boolean isAuthorizationEngineAllowed() { - return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true, true); + return isAllowedBySecurityAndLicense(OperationMode.PLATINUM, true); } public boolean isWatcherAllowed() { @@ -507,7 +507,7 @@ public class XPackLicenseState { * @return {@code true} if the user is allowed to modify the retention. Otherwise {@code false}. */ public boolean isUpdateRetentionAllowed() { - return isAllowedByLicense(OperationMode.STANDARD, false, true); + return isAllowedByLicense(OperationMode.STANDARD, false); } public boolean isGraphAllowed() { @@ -519,7 +519,7 @@ public class XPackLicenseState { } public static boolean isMachineLearningAllowedForOperationMode(final OperationMode operationMode) { - return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM); } public boolean isTransformAllowed() { @@ -532,7 +532,7 @@ public class XPackLicenseState { } public static boolean isFipsAllowedForOperationMode(final OperationMode operationMode) { - return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM); } public boolean isRollupAllowed() { @@ -667,12 +667,12 @@ public class XPackLicenseState { } public static boolean isCcrAllowedForOperationMode(final OperationMode operationMode) { - return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM); } public static boolean isAllowedByOperationMode( - final OperationMode operationMode, final OperationMode minimumMode, final boolean allowTrial) { - if (allowTrial && OperationMode.TRIAL == operationMode) { + final OperationMode operationMode, final OperationMode minimumMode) { + if (OperationMode.TRIAL == operationMode) { return true; } return operationMode.compareTo(minimumMode) >= 0; @@ -691,16 +691,15 @@ public class XPackLicenseState { /** * Test whether a feature is allowed by the status of license and security configuration. - * Note the difference to {@link #isAllowedByLicense(OperationMode, boolean, boolean)} + * Note the difference to {@link #isAllowedByLicense(OperationMode, boolean)} * is this method requires security to be enabled. * * @param minimumMode The minimum license to meet or exceed * @param needActive Whether current license needs to be active. - * @param allowTrial Whether the feature is allowed for trial license * * @return true if feature is allowed, otherwise false */ - private boolean isAllowedBySecurityAndLicense(OperationMode minimumMode, boolean needActive, boolean allowTrial) { + private boolean isAllowedBySecurityAndLicense(OperationMode minimumMode, boolean needActive) { return checkAgainstStatus(status -> { if (false == isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled)) { return false; @@ -709,7 +708,7 @@ public class XPackLicenseState { if (needActive && false == status.active) { return false; } - return isAllowedByOperationMode(status.mode, minimumMode, allowTrial); + return isAllowedByOperationMode(status.mode, minimumMode); }); } @@ -720,27 +719,26 @@ public class XPackLicenseState { * * @param minimumMode The minimum license to meet or exceed * @param needActive Whether current license needs to be active - * @param allowTrial Whether the feature is allowed for trial license * * @return true if feature is allowed, otherwise false */ - public boolean isAllowedByLicense(OperationMode minimumMode, boolean needActive, boolean allowTrial) { + public boolean isAllowedByLicense(OperationMode minimumMode, boolean needActive) { return checkAgainstStatus(status -> { if (needActive && false == status.active) { return false; } - return isAllowedByOperationMode(status.mode, minimumMode, allowTrial); + return isAllowedByOperationMode(status.mode, minimumMode); }); } /** * A convenient method to test whether a feature is by license status. - * @see #isAllowedByLicense(OperationMode, boolean, boolean) + * @see #isAllowedByLicense(OperationMode, boolean) * * @param minimumMode The minimum license to meet or exceed */ public boolean isAllowedByLicense(OperationMode minimumMode) { - return isAllowedByLicense(minimumMode, true, true); + return isAllowedByLicense(minimumMode, true); } } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java index 1381bebedd8..fcbd025c81b 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java @@ -147,7 +147,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final AtomicReference licenseCheck = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -190,7 +190,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final AtomicReference licenseCheck = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -237,7 +237,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final AtomicReference exception = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -278,7 +278,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final List remoteClusterAliases = Collections.singletonList("valid"); licenseChecker.checkRemoteClusterLicenses( @@ -318,7 +318,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final AtomicBoolean listenerInvoked = new AtomicBoolean(); threadPool.getThreadContext().putHeader("key", "value"); @@ -394,7 +394,7 @@ public final class RemoteClusterLicenseCheckerTests extends ESTestCase { final RemoteClusterLicenseChecker licenseChecker = new RemoteClusterLicenseChecker(client, operationMode -> - XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)); final AtomicReference exception = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java index 8b02e55bca2..f688366742f 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java @@ -598,7 +598,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithBasicLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { REMOTE_BASIC + ":" + "SOURCE_1" }, "dest", "node_id", @@ -628,7 +628,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithPlatinumLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -649,7 +649,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithPlatinumLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -671,7 +671,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithTrialLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -695,7 +695,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { REMOTE_BASIC + ":" + "SOURCE_1" }, "dest", "node_id", @@ -722,7 +722,7 @@ public class SourceDestValidatorTests extends ESTestCase { new IndexNameExpressionResolver(), remoteClusterService, new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, - operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM)), new String[] { "non_existing_remote:" + "SOURCE_1" }, "dest", "node_id",