Allow license installation with TLS disabled and single-node discovery (elastic/x-pack-elasticsearch#3427)

This change allows production licenses to be installed when TLS is not enabled and the discovery
type is set to single-node.

Relates elastic/x-pack-elasticsearch#3245

Original commit: elastic/x-pack-elasticsearch@73815a3976

plugin/src/main/java/org/elasticsearch/license/LicenseService.java

@@ -27,6 +27,7 @@ import org.elasticsearch.common.logging.LoggerMessageFormat;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.unit.TimeValue;
+import org.elasticsearch.discovery.DiscoveryModule;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.gateway.GatewayService;
 import org.elasticsearch.watcher.ResourceWatcherService;
@@ -212,11 +213,12 @@ public class LicenseService extends AbstractLifecycleComponent implements Cluste
 
             if (newLicense.isProductionLicense()
                     && XPackSettings.SECURITY_ENABLED.get(settings)
-                    && XPackSettings.TRANSPORT_SSL_ENABLED.get(settings) == false) {
+                    && XPackSettings.TRANSPORT_SSL_ENABLED.get(settings) == false
+                    && "single-node".equals(DiscoveryModule.DISCOVERY_TYPE_SETTING.get(settings)) == false) {
                 // security is on but TLS is not configured we gonna fail the entire request and throw an exception
                 throw new IllegalStateException("Can not upgrade to a production license unless TLS is configured or " +
                         "security is disabled");
-                // TODO we should really validate that all nodes have xpack in stalled and are consistently configured but this
+                // TODO we should really validate that all nodes have xpack installed and are consistently configured but this
                 // should happen on a different level and not in this code
             } else {
                 clusterService.submitStateUpdateTask("register license [" + newLicense.uid() + "]", new

plugin/src/test/java/org/elasticsearch/license/LicenseServiceSingleNodeSecurityTests.java

@@ -0,0 +1,40 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.license;
+
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.common.unit.TimeValue;
+import org.elasticsearch.test.ESIntegTestCase;
+import org.elasticsearch.test.SecurityIntegTestCase;
+
+import static org.hamcrest.CoreMatchers.equalTo;
+
+@ESIntegTestCase.ClusterScope(
+        scope = ESIntegTestCase.Scope.TEST,
+        numDataNodes = 1,
+        numClientNodes = 0,
+        supportsDedicatedMasters = false,
+        autoMinMasterNodes = false)
+public class LicenseServiceSingleNodeSecurityTests extends SecurityIntegTestCase {
+
+    @Override
+    protected Settings nodeSettings(int nodeOrdinal) {
+        return Settings
+                .builder()
+                .put(super.nodeSettings(nodeOrdinal))
+                .put("discovery.type", "single-node")
+                .put("transport.tcp.port", "0")
+                .build();
+    }
+
+    public void testLicenseUpgradeSucceeds() throws Exception {
+        LicensingClient licensingClient = new LicensingClient(client());
+        License prodLicense = TestUtils.generateSignedLicense("platinum", TimeValue.timeValueHours(24));
+        PutLicenseResponse putLicenseResponse = licensingClient.preparePutLicense(prodLicense).get();
+        assertEquals(putLicenseResponse.status(), LicensesStatus.VALID);
+        assertThat(licensingClient.prepareGetLicense().get().license(), equalTo(prodLicense));
+    }
+}