Merge branch 'master' into less_drugs

Original commit: elastic/x-pack-elasticsearch@fde8483759

elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/KeyPairGeneratorTool.java

@@ -10,7 +10,7 @@ import joptsimple.OptionSpec;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.ExitCodes;
 import org.elasticsearch.cli.Terminal;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.PathUtils;
 
@@ -54,9 +54,9 @@ public class KeyPairGeneratorTool extends Command {
         Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
         Path privateKeyPath = parsePath(privateKeyPathOption.value(options));
         if (Files.exists(privateKeyPath)) {
-            throw new UserError(ExitCodes.USAGE, privateKeyPath + " already exists");
+            throw new UserException(ExitCodes.USAGE, privateKeyPath + " already exists");
         } else if (Files.exists(publicKeyPath)) {
-            throw new UserError(ExitCodes.USAGE, publicKeyPath + " already exists");
+            throw new UserException(ExitCodes.USAGE, publicKeyPath + " already exists");
         }
 
         SecureRandom random = new SecureRandom();

elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseGeneratorTool.java

@@ -12,7 +12,7 @@ import joptsimple.OptionSet;
 import joptsimple.OptionSpec;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.ExitCodes;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.cli.Terminal;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.PathUtils;
@@ -62,9 +62,9 @@ public class LicenseGeneratorTool extends Command {
         Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
         Path privateKeyPath = parsePath(privateKeyPathOption.value(options));
         if (Files.exists(privateKeyPath) == false) {
-            throw new UserError(ExitCodes.USAGE, privateKeyPath + " does not exist");
+            throw new UserException(ExitCodes.USAGE, privateKeyPath + " does not exist");
         } else if (Files.exists(publicKeyPath) == false) {
-            throw new UserError(ExitCodes.USAGE, publicKeyPath + " does not exist");
+            throw new UserException(ExitCodes.USAGE, publicKeyPath + " does not exist");
         }
 
         final License licenseSpec;
@@ -73,11 +73,11 @@ public class LicenseGeneratorTool extends Command {
         } else if (options.has(licenseFileOption)) {
             Path licenseSpecPath = parsePath(licenseFileOption.value(options));
             if (Files.exists(licenseSpecPath) == false) {
-                throw new UserError(ExitCodes.USAGE, licenseSpecPath + " does not exist");
+                throw new UserException(ExitCodes.USAGE, licenseSpecPath + " does not exist");
             }
             licenseSpec = License.fromSource(Files.readAllBytes(licenseSpecPath));
         } else {
-            throw new UserError(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
+            throw new UserException(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
         }
 
         // sign

elasticsearch/license/licensor/src/main/java/org/elasticsearch/license/licensor/tools/LicenseVerificationTool.java

@@ -12,7 +12,7 @@ import joptsimple.OptionSet;
 import joptsimple.OptionSpec;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.ExitCodes;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.cli.Terminal;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.PathUtils;
@@ -49,7 +49,7 @@ public class LicenseVerificationTool extends Command {
     protected void execute(Terminal terminal, OptionSet options) throws Exception {
         Path publicKeyPath = parsePath(publicKeyPathOption.value(options));
         if (Files.exists(publicKeyPath) == false) {
-            throw new UserError(ExitCodes.USAGE, publicKeyPath + " does not exist");
+            throw new UserException(ExitCodes.USAGE, publicKeyPath + " does not exist");
         }
 
         final License licenseSpec;
@@ -58,16 +58,16 @@ public class LicenseVerificationTool extends Command {
         } else if (options.has(licenseFileOption)) {
             Path licenseSpecPath = parsePath(licenseFileOption.value(options));
             if (Files.exists(licenseSpecPath) == false) {
-                throw new UserError(ExitCodes.USAGE, licenseSpecPath + " does not exist");
+                throw new UserException(ExitCodes.USAGE, licenseSpecPath + " does not exist");
             }
             licenseSpec = License.fromSource(Files.readAllBytes(licenseSpecPath));
         } else {
-            throw new UserError(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
+            throw new UserException(ExitCodes.USAGE, "Must specify either --license or --licenseFile");
         }
 
         // verify
         if (LicenseVerifier.verifyLicense(licenseSpec, Files.readAllBytes(publicKeyPath)) == false) {
-            throw new UserError(ExitCodes.DATA_ERROR, "Invalid License!");
+            throw new UserException(ExitCodes.DATA_ERROR, "Invalid License!");
         }
         XContentBuilder builder = XContentFactory.contentBuilder(XContentType.JSON);
         builder.startObject();

elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/KeyPairGenerationToolTests.java

@@ -11,9 +11,7 @@ import java.nio.file.Path;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.CommandTestCase;
 import org.elasticsearch.cli.ExitCodes;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
-import org.elasticsearch.cli.Terminal;
-import org.elasticsearch.test.ESTestCase;
 
 import static org.hamcrest.CoreMatchers.containsString;
 
@@ -27,12 +25,12 @@ public class KeyPairGenerationToolTests extends CommandTestCase {
     public void testMissingKeyPaths() throws Exception {
         Path exists = createTempFile("", "existing");
         Path dne = createTempDir().resolve("dne");
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", exists.toString(), "--privateKeyPath", dne.toString());
         });
         assertThat(e.getMessage(), containsString("existing"));
         assertEquals(ExitCodes.USAGE, e.exitCode);
-        e = expectThrows(UserError.class, () -> {
+        e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", dne.toString(), "--privateKeyPath", exists.toString());
         });
         assertThat(e.getMessage(), containsString("existing"));

elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseGenerationToolTests.java

@@ -12,12 +12,9 @@ import java.nio.file.Path;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.CommandTestCase;
 import org.elasticsearch.cli.ExitCodes;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
-import org.elasticsearch.cli.MockTerminal;
-import org.elasticsearch.cli.Terminal;
 import org.elasticsearch.license.core.License;
 import org.elasticsearch.license.licensor.TestUtils;
-import org.elasticsearch.test.ESTestCase;
 import org.junit.Before;
 
 public class LicenseGenerationToolTests extends CommandTestCase {
@@ -38,14 +35,14 @@ public class LicenseGenerationToolTests extends CommandTestCase {
     public void testMissingKeyPaths() throws Exception {
         Path pub = createTempDir().resolve("pub");
         Path pri = createTempDir().resolve("pri");
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pub.toString(), "--privateKeyPath", pri.toString());
         });
         assertTrue(e.getMessage(), e.getMessage().contains("pri does not exist"));
         assertEquals(ExitCodes.USAGE, e.exitCode);
 
         Files.createFile(pri);
-        e = expectThrows(UserError.class, () -> {
+        e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pub.toString(), "--privateKeyPath", pri.toString());
         });
         assertTrue(e.getMessage(), e.getMessage().contains("pub does not exist"));
@@ -53,7 +50,7 @@ public class LicenseGenerationToolTests extends CommandTestCase {
     }
 
     public void testMissingLicenseSpec() throws Exception {
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pubKeyPath.toString(), "--privateKeyPath", priKeyPath.toString());
         });
         assertTrue(e.getMessage(), e.getMessage().contains("Must specify either --license or --licenseFile"));

elasticsearch/license/licensor/src/test/java/org/elasticsearch/license/licensor/tools/LicenseVerificationToolTests.java

@@ -12,7 +12,7 @@ import java.nio.file.Path;
 import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.CommandTestCase;
 import org.elasticsearch.cli.ExitCodes;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.license.core.License;
 import org.elasticsearch.license.licensor.TestUtils;
@@ -36,7 +36,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
 
     public void testMissingKeyPath() throws Exception {
         Path pub = createTempDir().resolve("pub");
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pub.toString());
         });
         assertTrue(e.getMessage(), e.getMessage().contains("pub does not exist"));
@@ -44,7 +44,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
     }
 
     public void testMissingLicenseSpec() throws Exception {
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pubKeyPath.toString());
         });
         assertTrue(e.getMessage(), e.getMessage().contains("Must specify either --license or --licenseFile"));
@@ -56,7 +56,7 @@ public class LicenseVerificationToolTests extends CommandTestCase {
         License tamperedLicense = License.builder()
             .fromLicenseSpec(signedLicense, signedLicense.signature())
             .expiryDate(signedLicense.expiryDate() + randomIntBetween(1, 1000)).build();
-        UserError e = expectThrows(UserError.class, () -> {
+        UserException e = expectThrows(UserException.class, () -> {
             execute("--publicKeyPath", pubKeyPath.toString(),
                     "--license", TestUtils.dumpLicense(tamperedLicense));
         });

elasticsearch/qa/messy-test-watcher-with-groovy/src/test/java/org/elasticsearch/messy/tests/ScriptConditionTests.java

@@ -14,18 +14,18 @@ import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.common.xcontent.XContentFactory;
 import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.script.GeneralScriptException;
+import org.elasticsearch.script.ScriptException;
 import org.elasticsearch.script.ScriptService.ScriptType;
 import org.elasticsearch.search.internal.InternalSearchResponse;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
-import org.elasticsearch.xpack.watcher.condition.Condition;
+import org.elasticsearch.xpack.common.ScriptServiceProxy;
 import org.elasticsearch.xpack.watcher.condition.script.ExecutableScriptCondition;
 import org.elasticsearch.xpack.watcher.condition.script.ScriptCondition;
 import org.elasticsearch.xpack.watcher.condition.script.ScriptConditionFactory;
 import org.elasticsearch.xpack.watcher.execution.WatchExecutionContext;
 import org.elasticsearch.xpack.watcher.support.Script;
-import org.elasticsearch.xpack.common.ScriptServiceProxy;
 import org.elasticsearch.xpack.watcher.watch.Payload;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
@@ -41,12 +41,10 @@ import static org.elasticsearch.xpack.watcher.support.Exceptions.illegalArgument
 import static org.elasticsearch.xpack.watcher.test.WatcherTestUtils.mockExecutionContext;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.notNullValue;
 
-/**
- */
 public class ScriptConditionTests extends ESTestCase {
-    ThreadPool tp = null;
+
+    private ThreadPool tp = null;
     
     @Before
     public void init() {
@@ -54,8 +52,8 @@ public class ScriptConditionTests extends ESTestCase {
     }
 
     @After
-    public void cleanup() {
+    public void cleanup() throws InterruptedException {
-        tp.shutdownNow();
+        terminate(tp);
     }
 
     public void testExecute() throws Exception {
@@ -136,13 +134,8 @@ public class ScriptConditionTests extends ESTestCase {
         XContentParser parser = XContentFactory.xContent(builder.bytes()).createParser(builder.bytes());
         parser.nextToken();
         ScriptCondition scriptCondition = conditionParser.parseCondition("_watch", parser);
-        try {
+        GeneralScriptException exception = expectThrows(GeneralScriptException.class,
-            conditionParser.createExecutable(scriptCondition);
+                () -> conditionParser.createExecutable(scriptCondition));
-            fail("expected a condition validation exception trying to create an executable with a bad or missing script");
-        } catch (GeneralScriptException e) {
-            // TODO add these when the test if fixed
-            // assertThat(e.getMessage(), is("ASDF"));
-        }
     }
 
     public void testScriptConditionParser_badLang() throws Exception {
@@ -153,39 +146,30 @@ public class ScriptConditionTests extends ESTestCase {
         XContentParser parser = XContentFactory.xContent(builder.bytes()).createParser(builder.bytes());
         parser.nextToken();
         ScriptCondition scriptCondition = conditionParser.parseCondition("_watch", parser);
-        try {
+        GeneralScriptException exception = expectThrows(GeneralScriptException.class,
-            conditionParser.createExecutable(scriptCondition);
+                () -> conditionParser.createExecutable(scriptCondition));
-            fail("expected a condition validation exception trying to create an executable with an invalid language");
+        assertThat(exception.getMessage(), containsString("script_lang not supported [not_a_valid_lang]]"));
-        } catch (GeneralScriptException e) {
-            // TODO add these when the test if fixed
-            // assertThat(e.getMessage(), is("ASDF"));
-        }
     }
 
     public void testScriptConditionThrowException() throws Exception {
         ScriptServiceProxy scriptService = getScriptServiceProxy(tp);
         ExecutableScriptCondition condition = new ExecutableScriptCondition(
-                new ScriptCondition(Script.inline("assert false").build()), logger, scriptService);
+                new ScriptCondition(Script.inline("null.foo").build()), logger, scriptService);
         SearchResponse response = new SearchResponse(InternalSearchResponse.empty(), "", 3, 3, 500L, new ShardSearchFailure[0]);
         WatchExecutionContext ctx = mockExecutionContext("_name", new Payload.XContent(response));
-        ScriptCondition.Result result = condition.execute(ctx);
+        ScriptException exception = expectThrows(ScriptException.class, () -> condition.execute(ctx));
-        assertThat(result, notNullValue());
+        assertThat(exception.getMessage(), containsString("Error evaluating null.foo"));
-        assertThat(result.status(), is(Condition.Result.Status.FAILURE));
-        assertThat(result.reason(), notNullValue());
-        assertThat(result.reason(), containsString("Assertion"));
     }
 
-    public void testScriptConditionReturnObject() throws Exception {
+    public void testScriptConditionReturnObjectThrowsException() throws Exception {
         ScriptServiceProxy scriptService = getScriptServiceProxy(tp);
         ExecutableScriptCondition condition = new ExecutableScriptCondition(
                 new ScriptCondition(Script.inline("return new Object()").build()), logger, scriptService);
         SearchResponse response = new SearchResponse(InternalSearchResponse.empty(), "", 3, 3, 500L, new ShardSearchFailure[0]);
         WatchExecutionContext ctx = mockExecutionContext("_name", new Payload.XContent(response));
-        ScriptCondition.Result result = condition.execute(ctx);
+        Exception exception = expectThrows(GeneralScriptException.class, () -> condition.execute(ctx));
-        assertThat(result, notNullValue());
+        assertThat(exception.getMessage(),
-        assertThat(result.status(), is(Condition.Result.Status.FAILURE));
+                containsString("condition [script] must return a boolean value (true|false) but instead returned [_name]"));
-        assertThat(result.reason(), notNullValue());
-        assertThat(result.reason(), containsString("ScriptException"));
     }
 
     public void testScriptConditionAccessCtx() throws Exception {

elasticsearch/x-pack/graph/src/main/java/org/elasticsearch/xpack/graph/action/TransportGraphExploreAction.java

@@ -420,7 +420,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
                 // weakest weights.
                 // A priority queue is used to trim vertices according to the size settings
                 // requested for each field.
-                private final void trimNewAdditions(Hop currentHop, ArrayList<Connection> newConnections, ArrayList<Vertex> newVertices) {
+                private void trimNewAdditions(Hop currentHop, ArrayList<Connection> newConnections, ArrayList<Vertex> newVertices) {
                     Set<Vertex> evictions = new HashSet<>();
                     
                     for (int k = 0; k < currentHop.getNumberVertexRequests(); k++) {
@@ -460,7 +460,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
                 // we can do something server-side here
 
                 // Helper method - compute the total signal of all scores in the search results
-                private final double getExpandTotalSignalStrength(Hop lastHop, Hop currentHop, Sampler sample) {
+                private double getExpandTotalSignalStrength(Hop lastHop, Hop currentHop, Sampler sample) {
                     double totalSignalOutput = 0;
                     for (int j = 0; j < lastHop.getNumberVertexRequests(); j++) {
                         VertexRequest lastVr = lastHop.getVertexRequest(j);
@@ -509,7 +509,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     listener.onFailure(e);
             }
             });
@@ -688,7 +688,7 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
                     }
 
                     // Helper method - Provides a total signal strength for all terms connected to the initial query
-                    private final double getInitialTotalSignalStrength(Hop rootHop, Sampler sample) {
+                    private double getInitialTotalSignalStrength(Hop rootHop, Sampler sample) {
                         double totalSignalStrength = 0;
                         for (int i = 0; i < rootHop.getNumberVertexRequests(); i++) {
                             if (request.useSignificance()) {
@@ -711,13 +711,13 @@ public class TransportGraphExploreAction extends HandledTransportAction<GraphExp
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         listener.onFailure(e);
                     }
                 });
-            } catch (Throwable t) {
+            } catch (Exception e) {
-                logger.error("unable to execute the graph query", t);
+                logger.error("unable to execute the graph query", e);
-                listener.onFailure(t);
+                listener.onFailure(e);
             }
         }
 

elasticsearch/x-pack/graph/src/test/java/org/elasticsearch/xpack/graph/test/GraphTests.java

@@ -270,11 +270,10 @@ public class GraphTests extends ESSingleNodeTestCase {
         try {
             GraphExploreResponse response = grb.get();
             if (response.getShardFailures().length > 0) {
-                throw ((ShardSearchFailure) response.getShardFailures()[0]).getCause();
+                expectedError = response.getShardFailures()[0].getCause();
             }
-        } catch (Throwable rte) {
+        } catch (Exception rte) {
             expectedError = rte;
-
         }
         assertNotNull(expectedError);
         String message = expectedError.toString();

elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/delete/TransportDeleteLicenseAction.java

@@ -59,7 +59,7 @@ public class TransportDeleteLicenseAction extends TransportMasterNodeAction<Dele
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 listener.onFailure(e);
             }
         });

elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/action/put/TransportPutLicenseAction.java

@@ -61,7 +61,7 @@ public class TransportPutLicenseAction extends TransportMasterNodeAction<PutLice
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 listener.onFailure(e);
             }
         });

elasticsearch/x-pack/license-plugin/src/main/java/org/elasticsearch/license/plugin/core/LicensesService.java

@@ -427,8 +427,8 @@ public class LicensesService extends AbstractLifecycleComponent implements Clust
             }
 
             @Override
-            public void onFailure(String source, @Nullable Throwable t) {
+            public void onFailure(String source, @Nullable Exception e) {
-                logger.error("unexpected failure during [{}]", t, source);
+                logger.error("unexpected failure during [{}]", e, source);
             }
 
         });

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/AbstractLicensesIntegrationTestCase.java

@@ -88,8 +88,8 @@ public abstract class AbstractLicensesIntegrationTestCase extends ESIntegTestCas
             }
 
             @Override
-            public void onFailure(String source, @Nullable Throwable t) {
+            public void onFailure(String source, @Nullable Exception e) {
-                logger.error("error on metaData cleanup after test", t);
+                logger.error("error on metaData cleanup after test", e);
             }
         });
         latch.await();

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/TestUtils.java

@@ -146,7 +146,7 @@ public class TestUtils {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 latch.countDown();
             }
         });

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesAcknowledgementTests.java

@@ -157,7 +157,7 @@ public class LicensesAcknowledgementTests extends ESSingleNodeTestCase {
         }
 
         @Override
-        public void onFailure(Throwable throwable) {
+        public void onFailure(Exception throwable) {
             latch.countDown();
         }
     }

elasticsearch/x-pack/license-plugin/src/test/java/org/elasticsearch/license/plugin/core/LicensesManagerServiceTests.java

@@ -174,7 +174,7 @@ public class LicensesManagerServiceTests extends ESSingleNodeTestCase {
             }
 
             @Override
-            public void onFailure(Throwable throwable) {
+            public void onFailure(Exception throwable) {
                 latch.countDown();
             }
         });

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkResponse.java

@@ -84,12 +84,12 @@ public class MonitoringBulkResponse extends ActionResponse {
         }
 
         Error(StreamInput in) throws IOException {
-            this(in.<Throwable>readThrowable());
+            this(in.readException());
         }
 
         @Override
         public void writeTo(StreamOutput out) throws IOException {
-            out.writeThrowable(getCause());
+            out.writeException(getCause());
         }
 
         /**

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkAction.java

@@ -114,8 +114,8 @@ public class TransportMonitoringBulkAction extends HandledTransportAction<Monito
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception e) {
-                    listener.onResponse(new MonitoringBulkResponse(buildTookInMillis(startTimeNanos), new MonitoringBulkResponse.Error(t)));
+                    listener.onResponse(new MonitoringBulkResponse(buildTookInMillis(startTimeNanos), new MonitoringBulkResponse.Error(e)));
                 }
             });
         }

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/AgentService.java

@@ -204,8 +204,8 @@ public class AgentService extends AbstractLifecycleComponent {
                 } catch (InterruptedException e) {
                     logger.trace("interrupted");
                     Thread.currentThread().interrupt();
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    logger.error("background thread had an uncaught exception", t);
+                    logger.error("background thread had an uncaught exception", e);
                 }
             }
             logger.debug("worker shutdown");

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporter.java

@@ -59,9 +59,6 @@ import java.util.Map;
 import java.util.stream.Collectors;
 import java.util.stream.StreamSupport;
 
-/**
- *
- */
 public class HttpExporter extends Exporter {
 
     public static final String TYPE = "http";
@@ -664,9 +661,9 @@ public class HttpExporter extends Exporter {
                     }
                 } catch (InterruptedException e) {
                     // ignore, if closed, good....
-                } catch (Throwable t) {
+                } catch (Exception e) {
                     logger.debug("error in keep alive thread, shutting down (will be restarted after a successful connection has been " +
-                            "made) {}", ExceptionsHelper.detailedMessage(t));
+                            "made) {}", ExceptionsHelper.detailedMessage(e));
                     return;
                 }
             }

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporter.java

@@ -211,8 +211,8 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
             }
 
             @Override
-            public void onFailure(Throwable throwable) {
+            public void onFailure(Exception e) {
-                logger.error("failed to update monitoring index template [{}]", throwable, template);
+                logger.error("failed to update monitoring index template [{}]", e, template);
             }
         });
     }
@@ -296,7 +296,7 @@ public class LocalExporter extends Exporter implements ClusterStateListener, Cle
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 logger.error("failed to delete indices", e);
             }
         });

elasticsearch/x-pack/monitoring/src/main/java/org/elasticsearch/xpack/monitoring/cleaner/CleanerService.java

@@ -179,8 +179,8 @@ public class CleanerService extends AbstractLifecycleComponent {
             for (Listener listener : listeners) {
                 try {
                     listener.onCleanUpIndices(retention);
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    logger.error("listener failed to clean indices", t);
+                    logger.error("listener failed to clean indices", e);
                 }
             }
 
@@ -209,8 +209,8 @@ public class CleanerService extends AbstractLifecycleComponent {
         }
 
         @Override
-        public void onFailure(Throwable t) {
+        public void onFailure(Exception e) {
-            logger.error("failed to clean indices", t);
+            logger.error("failed to clean indices", e);
         }
 
         /**

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/MonitoringBulkTests.java

@@ -81,9 +81,9 @@ public class MonitoringBulkTests extends MonitoringIntegTestCase {
 
             threads[i] = new Thread(new AbstractRunnable() {
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception e) {
-                    logger.error("unexpected error in exporting thread", t);
+                    logger.error("unexpected error in exporting thread", e);
-                    exceptions.add(t);
+                    exceptions.add(e);
                 }
 
                 @Override

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/action/TransportMonitoringBulkActionTests.java

@@ -19,7 +19,7 @@ import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.settings.ClusterSettings;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.util.concurrent.ConcurrentCollections;
 import org.elasticsearch.discovery.DiscoverySettings;
 import org.elasticsearch.test.ESTestCase;
@@ -90,7 +90,8 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
         clusterService =  new ClusterService(Settings.builder().put("cluster.name",
                 TransportMonitoringBulkActionTests.class.getName()).build(),
                 new ClusterSettings(Settings.EMPTY, ClusterSettings.BUILT_IN_CLUSTER_SETTINGS), threadPool);
-        clusterService.setLocalNode(new DiscoveryNode("node", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        clusterService.setLocalNode(new DiscoveryNode("node", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(),
+                Version.CURRENT));
         clusterService.setNodeConnectionsService(new NodeConnectionsService(Settings.EMPTY, null, null) {
             @Override
             public void connectToAddedNodes(ClusterChangedEvent event) {
@@ -152,8 +153,8 @@ public class TransportMonitoringBulkActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(String source, Throwable t) {
+            public void onFailure(String source, Exception e) {
-                fail("unexpected exception: " + t);
+                fail("unexpected exception: " + e);
             }
         });
 

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/ExportersTests.java

@@ -296,9 +296,9 @@ public class ExportersTests extends ESTestCase {
             logger.debug("--> exporting thread [{}] exports {} documents", threadNum, threadDocs);
             threads[i] = new Thread(new AbstractRunnable() {
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception e) {
-                    logger.error("unexpected error in exporting thread", t);
+                    logger.error("unexpected error in exporting thread", e);
-                    exceptions.add(t);
+                    exceptions.add(e);
                 }
 
                 @Override

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/MonitoringDocTests.java

@@ -9,7 +9,7 @@ import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
 import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.test.ESTestCase;
 
 import java.io.IOException;
@@ -130,7 +130,7 @@ public class MonitoringDocTests extends ESTestCase {
             }
         }
         Set<DiscoveryNode.Role> roles = new HashSet<>(randomSubsetOf(Arrays.asList(DiscoveryNode.Role.values())));
-        return new DiscoveryNode(randomAsciiOfLength(5), randomAsciiOfLength(3), randomAsciiOfLength(3), randomAsciiOfLength(3),
+        return new DiscoveryNode(randomAsciiOfLength(5), randomAsciiOfLength(3), LocalTransportAddress.buildUnique(),
-                DummyTransportAddress.INSTANCE, attributes, roles, randomVersion(random()));
+                attributes, roles, randomVersion(random()));
     }
 }

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/http/HttpExporterTests.java

@@ -22,7 +22,7 @@ import org.elasticsearch.cluster.health.ClusterHealthStatus;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.bytes.BytesArray;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentHelper;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
@@ -439,14 +439,14 @@ public class HttpExporterTests extends MonitoringIntegTestCase {
             IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
             doc.setClusterUUID(internalCluster().getClusterName());
             doc.setTimestamp(System.currentTimeMillis());
-            doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+            doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
             doc.setRecoveryResponse(new RecoveryResponse());
             return doc;
         } else {
             ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
             doc.setClusterUUID(internalCluster().getClusterName());
             doc.setTimestamp(System.currentTimeMillis());
-            doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+            doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
             doc.setClusterState(ClusterState.PROTO);
             doc.setStatus(ClusterHealthStatus.GREEN);
             return doc;

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/exporter/local/LocalExporterTests.java

@@ -13,7 +13,7 @@ import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.health.ClusterHealthStatus;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.search.SearchHit;
 import org.elasticsearch.test.ESIntegTestCase.ClusterScope;
 import org.elasticsearch.test.ESIntegTestCase.Scope;
@@ -198,14 +198,14 @@ public class LocalExporterTests extends MonitoringIntegTestCase {
             IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
             doc.setClusterUUID(internalCluster().getClusterName());
             doc.setTimestamp(System.currentTimeMillis());
-            doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+            doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
             doc.setRecoveryResponse(new RecoveryResponse());
             return doc;
         } else {
             ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(MonitoredSystem.ES.getSystem(), Version.CURRENT.toString());
             doc.setClusterUUID(internalCluster().getClusterName());
             doc.setTimestamp(System.currentTimeMillis());
-            doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+            doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
             doc.setClusterState(ClusterState.PROTO);
             doc.setStatus(ClusterHealthStatus.GREEN);
             return doc;

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/DataResolverTests.java

@@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.ToXContent;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringDoc;
@@ -31,7 +31,7 @@ public class DataResolverTests extends MonitoringIndexNameResolverTestCase {
         MonitoringDoc doc = new MonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         return doc;
     }
 

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/TimestampedResolverTests.java

@@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver;
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.ToXContent;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 import org.elasticsearch.xpack.monitoring.MonitoredSystem;
@@ -40,7 +40,7 @@ public class TimestampedResolverTests extends MonitoringIndexNameResolverTestCas
         MonitoringDoc doc = new MonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode(randomAsciiOfLength(5), DummyTransportAddress.INSTANCE,
+        doc.setSourceNode(new DiscoveryNode(randomAsciiOfLength(5), LocalTransportAddress.buildUnique(),
                 emptyMap(), emptySet(), Version.CURRENT));
         return doc;
     }

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkDataResolverTests.java

@@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.bulk;
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.bytes.BytesArray;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.xpack.monitoring.MonitoredSystem;
 import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc;
@@ -39,7 +39,7 @@ public class MonitoringBulkDataResolverTests extends MonitoringIndexNameResolver
 
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         return doc;
     }
 

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/bulk/MonitoringBulkTimestampedResolverTests.java

@@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.bulk;
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.bytes.BytesArray;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.xpack.monitoring.MonitoredSystem;
 import org.elasticsearch.xpack.monitoring.action.MonitoringBulkDoc;
@@ -41,7 +41,7 @@ public class MonitoringBulkTimestampedResolverTests
         }
 
         doc.setClusterUUID(randomAsciiOfLength(5));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         return doc;
     }
 

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterInfoResolverTests.java

@@ -10,7 +10,7 @@ import org.elasticsearch.action.admin.cluster.stats.ClusterStatsResponse;
 import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.license.core.License;
@@ -42,7 +42,7 @@ public class ClusterInfoResolverTests extends MonitoringIndexNameResolverTestCas
             ClusterInfoMonitoringDoc doc = new ClusterInfoMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
             doc.setClusterUUID(randomAsciiOfLength(5));
             doc.setTimestamp(Math.abs(randomLong()));
-            doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+            doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
             doc.setVersion(randomFrom(Version.V_2_0_0, Version.CURRENT).toString());
             doc.setLicense(licenseBuilder.build());
             doc.setClusterName(randomAsciiOfLength(5));

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateNodeResolverTests.java

@@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.cluster;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateNodeMonitoringDoc;
 import org.elasticsearch.xpack.monitoring.agent.exporter.MonitoringTemplateUtils;
@@ -28,7 +28,7 @@ public class ClusterStateNodeResolverTests extends
         ClusterStateNodeMonitoringDoc doc = new ClusterStateNodeMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setNodeId(UUID.randomUUID().toString());
         doc.setStateUUID(UUID.randomUUID().toString());
         return doc;

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStateResolverTests.java

@@ -11,7 +11,6 @@ import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.health.ClusterHealthStatus;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.node.DiscoveryNodes;
-import org.elasticsearch.common.transport.DummyTransportAddress;
 import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.xpack.monitoring.agent.collector.cluster.ClusterStateMonitoringDoc;
@@ -32,7 +31,7 @@ public class ClusterStateResolverTests extends MonitoringIndexNameResolverTestCa
         ClusterStateMonitoringDoc doc = new ClusterStateMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setStatus(randomFrom(ClusterHealthStatus.values()));
 
         DiscoveryNode masterNode = new DiscoveryNode("master", new LocalTransportAddress("master"),

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/cluster/ClusterStatsResolverTests.java

@@ -21,7 +21,7 @@ import org.elasticsearch.cluster.routing.ShardRouting;
 import org.elasticsearch.cluster.routing.UnassignedInfo;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.unit.ByteSizeValue;
 import org.elasticsearch.common.xcontent.XContentType;
@@ -63,7 +63,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
         ClusterStatsMonitoringDoc doc = new ClusterStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setClusterStats(randomClusterStats());
         return doc;
     }
@@ -94,7 +94,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
      */
     private ClusterStatsResponse randomClusterStats() {
         List<ClusterStatsNodeResponse> responses = Collections.singletonList(
-                new ClusterStatsNodeResponse(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE,
+                new ClusterStatsNodeResponse(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(),
                         emptyMap(), emptySet(), Version.CURRENT),
                         ClusterHealthStatus.GREEN, randomNodeInfo(), randomNodeStats(), randomShardStats())
         );
@@ -106,10 +106,10 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
      * @return a random {@link NodeInfo} used to resolve a monitoring document.
      */
     private NodeInfo randomNodeInfo() {
-        BoundTransportAddress transportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
+        BoundTransportAddress transportAddress = new BoundTransportAddress(new TransportAddress[]{LocalTransportAddress.buildUnique()},
-                DummyTransportAddress.INSTANCE);
+                LocalTransportAddress.buildUnique());
         return new NodeInfo(Version.CURRENT, org.elasticsearch.Build.CURRENT,
-                new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT),
+                new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT),
                 Settings.EMPTY, DummyOsInfo.INSTANCE, new ProcessInfo(randomInt(), randomBoolean()), JvmInfo.jvmInfo(),
                 new ThreadPoolInfo(Collections.singletonList(new ThreadPool.Info("test_threadpool", ThreadPool.ThreadPoolType.FIXED, 5))),
                 new TransportInfo(transportAddress, Collections.emptyMap()), new HttpInfo(transportAddress, randomLong()),
@@ -127,7 +127,7 @@ public class ClusterStatsResolverTests extends MonitoringIndexNameResolverTestCa
         };
         Map<Index, List<IndexShardStats>> statsByShard = new HashMap<>();
         statsByShard.put(index, Collections.singletonList(new IndexShardStats(new ShardId(index, 0), randomShardStats())));
-        return new NodeStats(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT), 0,
+        return new NodeStats(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT), 0,
                 new NodeIndicesStats(new CommonStats(), statsByShard), null, null, null, null,
                 new FsInfo(0, null, pathInfo), null, null, null, null, null, null);
     }

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexRecoveryResolverTests.java

@@ -8,7 +8,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.indices;
 import org.elasticsearch.Version;
 import org.elasticsearch.action.admin.indices.recovery.RecoveryResponse;
 import org.elasticsearch.cluster.node.DiscoveryNode;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.index.shard.ShardId;
 import org.elasticsearch.indices.recovery.RecoveryState;
@@ -32,9 +32,9 @@ public class IndexRecoveryResolverTests extends MonitoringIndexNameResolverTestC
         IndexRecoveryMonitoringDoc doc = new IndexRecoveryMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
 
-        DiscoveryNode localNode = new DiscoveryNode("foo", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT);
+        DiscoveryNode localNode = new DiscoveryNode("foo", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT);
         Map<String, java.util.List<RecoveryState>> shardRecoveryStates = new HashMap<>();
         shardRecoveryStates.put("test", Collections.singletonList(new RecoveryState(new ShardId("test", "uuid", 0), true,
                 RecoveryState.Type.STORE, localNode, localNode)));

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndexStatsResolverTests.java

@@ -12,7 +12,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.routing.ShardRouting;
 import org.elasticsearch.cluster.routing.UnassignedInfo;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.index.Index;
 import org.elasticsearch.index.cache.query.QueryCacheStats;
@@ -45,7 +45,7 @@ public class IndexStatsResolverTests extends MonitoringIndexNameResolverTestCase
         IndexStatsMonitoringDoc doc = new IndexStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setIndexStats(randomIndexStats());
         return doc;
     }
@@ -58,7 +58,7 @@ public class IndexStatsResolverTests extends MonitoringIndexNameResolverTestCase
     public void testIndexStatsResolver() throws Exception {
         IndexStatsMonitoringDoc doc = newMonitoringDoc();
         doc.setTimestamp(1437580442979L);
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
 
         IndexStatsResolver resolver = newResolver();
         assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/indices/IndicesStatsResolverTests.java

@@ -13,7 +13,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.routing.ShardRouting;
 import org.elasticsearch.cluster.routing.UnassignedInfo;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.index.Index;
 import org.elasticsearch.index.cache.query.QueryCacheStats;
@@ -49,7 +49,7 @@ public class IndicesStatsResolverTests extends MonitoringIndexNameResolverTestCa
         IndicesStatsMonitoringDoc doc = new IndicesStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setIndicesStats(randomIndicesStats());
         return doc;
     }
@@ -63,7 +63,7 @@ public class IndicesStatsResolverTests extends MonitoringIndexNameResolverTestCa
         IndicesStatsMonitoringDoc doc = newMonitoringDoc();
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(1437580442979L);
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
 
         IndicesStatsResolver resolver = newResolver();
         assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/DiscoveryNodeResolverTests.java

@@ -7,7 +7,7 @@ package org.elasticsearch.xpack.monitoring.agent.resolver.node;
 
 import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.test.VersionUtils;
 import org.elasticsearch.xpack.monitoring.agent.collector.cluster.DiscoveryNodeMonitoringDoc;
@@ -28,9 +28,9 @@ public class DiscoveryNodeResolverTests extends MonitoringIndexNameResolverTestC
         DiscoveryNodeMonitoringDoc doc = new DiscoveryNodeMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setNode(new DiscoveryNode(randomAsciiOfLength(3), UUID.randomUUID().toString(),
-                DummyTransportAddress.INSTANCE, emptyMap(), emptySet(),
+                LocalTransportAddress.buildUnique(), emptyMap(), emptySet(),
                 VersionUtils.randomVersionBetween(random(), VersionUtils.getFirstVersion(), Version.CURRENT)));
         return doc;
     }

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/node/NodeStatsResolverTests.java

@@ -14,7 +14,7 @@ import org.elasticsearch.action.admin.indices.stats.ShardStats;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.routing.ShardRouting;
 import org.elasticsearch.cluster.routing.UnassignedInfo;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.index.Index;
 import org.elasticsearch.index.cache.query.QueryCacheStats;
@@ -59,7 +59,7 @@ public class NodeStatsResolverTests extends MonitoringIndexNameResolverTestCase<
         NodeStatsMonitoringDoc doc = new NodeStatsMonitoringDoc(randomMonitoringId(), randomAsciiOfLength(2));
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
         doc.setNodeMaster(randomBoolean());
         doc.setNodeId(UUID.randomUUID().toString());
         doc.setDiskThresholdDeciderEnabled(randomBoolean());
@@ -133,7 +133,7 @@ public class NodeStatsResolverTests extends MonitoringIndexNameResolverTestCase<
                 new ThreadPoolStats.Stats(ThreadPool.Names.SEARCH, 0, 0, 0, 0, 0, 0),
                 new ThreadPoolStats.Stats(InternalWatchExecutor.THREAD_POOL_NAME, 0, 0, 0, 0, 0, 0)
         );
-        return new NodeStats(new DiscoveryNode("node_0", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT), 0,
+        return new NodeStats(new DiscoveryNode("node_0", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT), 0,
                 new NodeIndicesStats(new CommonStats(), statsByShard), OsProbe.getInstance().osStats(),
                 ProcessProbe.getInstance().processStats(), JvmStats.jvmStats(),
                 new ThreadPoolStats(threadPoolStats),

elasticsearch/x-pack/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/agent/resolver/shards/ShardsResolverTests.java

@@ -9,7 +9,7 @@ import org.elasticsearch.Version;
 import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.routing.ShardRouting;
 import org.elasticsearch.cluster.routing.UnassignedInfo;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.xcontent.XContentType;
 import org.elasticsearch.index.Index;
 import org.elasticsearch.index.shard.ShardId;
@@ -31,7 +31,7 @@ public class ShardsResolverTests extends MonitoringIndexNameResolverTestCase<Sha
         doc.setClusterUUID(randomAsciiOfLength(5));
         doc.setTimestamp(Math.abs(randomLong()));
         doc.setClusterStateUUID(UUID.randomUUID().toString());
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
 
         ShardRouting shardRouting = ShardRouting.newUnassigned(new ShardId(new Index(randomAsciiOfLength(5), UUID.randomUUID().toString()),
                 randomIntBetween(0, 5)), null, randomBoolean(), new UnassignedInfo(UnassignedInfo.Reason.INDEX_CREATED, null));
@@ -48,7 +48,7 @@ public class ShardsResolverTests extends MonitoringIndexNameResolverTestCase<Sha
 
         final String clusterStateUUID = UUID.randomUUID().toString();
         doc.setClusterStateUUID(clusterStateUUID);
-        doc.setSourceNode(new DiscoveryNode("id", DummyTransportAddress.INSTANCE, emptyMap(), emptySet(), Version.CURRENT));
+        doc.setSourceNode(new DiscoveryNode("id", LocalTransportAddress.buildUnique(), emptyMap(), emptySet(), Version.CURRENT));
 
         ShardsResolver resolver = newResolver();
         assertThat(resolver.index(doc), equalTo(".monitoring-es-" + MonitoringTemplateUtils.TEMPLATE_VERSION + "-2015.07.22"));

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -141,8 +141,12 @@ public class Security implements ActionPlugin {
         }
 
         modules.add(new AuthenticationModule(settings));
+        modules.add(new AuthorizationModule(settings));
         if (enabled == false) {
             modules.add(new SecurityModule(settings, securityLicenseState));
+            modules.add(new CryptoModule(settings));
+            modules.add(new AuditTrailModule(settings));
+            modules.add(new SecurityTransportModule(settings));
             return modules;
         }
 
@@ -152,7 +156,6 @@ public class Security implements ActionPlugin {
         securityLicenseState = new SecurityLicenseState();
         modules.add(new SecurityModule(settings, securityLicenseState));
         modules.add(new CryptoModule(settings));
-        modules.add(new AuthorizationModule(settings));
         modules.add(new AuditTrailModule(settings));
         modules.add(new SecurityRestModule(settings));
         modules.add(new SecurityActionModule(settings));

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityFeatureSet.java

@@ -13,14 +13,21 @@ import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.io.stream.Writeable;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.XContentBuilder;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Realm;
 import org.elasticsearch.xpack.security.authc.Realms;
 import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 import org.elasticsearch.xpack.XPackFeatureSet;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.stream.Collectors;
@@ -30,16 +37,33 @@ import java.util.stream.Collectors;
  */
 public class SecurityFeatureSet implements XPackFeatureSet {
 
+    private final Settings settings;
     private final boolean enabled;
     private final SecurityLicenseState licenseState;
-    @Nullable private final Realms realms;
+    @Nullable
+    private final Realms realms;
+    @Nullable
+    private final RolesStore rolesStore;
+    @Nullable
+    private final IPFilter ipFilter;
+    @Nullable
+    private final AuditTrailService auditTrailService;
+    @Nullable
+    private final CryptoService cryptoService;
 
     @Inject
     public SecurityFeatureSet(Settings settings, @Nullable SecurityLicenseState licenseState,
-                              @Nullable Realms realms, NamedWriteableRegistry namedWriteableRegistry) {
+                              @Nullable Realms realms, NamedWriteableRegistry namedWriteableRegistry, @Nullable RolesStore rolesStore,
+                              @Nullable IPFilter ipFilter, @Nullable AuditTrailService auditTrailService,
+                              @Nullable CryptoService cryptoService) {
         this.enabled = Security.enabled(settings);
         this.licenseState = licenseState;
         this.realms = realms;
+        this.rolesStore = rolesStore;
+        this.settings = settings;
+        this.ipFilter = ipFilter;
+        this.auditTrailService = auditTrailService;
+        this.cryptoService = cryptoService;
         namedWriteableRegistry.register(Usage.class, Usage.writeableName(Security.NAME), Usage::new);
     }
 
@@ -66,7 +90,12 @@ public class SecurityFeatureSet implements XPackFeatureSet {
     @Override
     public XPackFeatureSet.Usage usage() {
         List<Map<String, Object>> enabledRealms = buildEnabledRealms(realms);
-        return new Usage(available(), enabled(), enabledRealms);
+        Map<String, Object> rolesStoreUsage = rolesStoreUsage(rolesStore);
+        Map<String, Object> sslUsage = sslUsage(settings);
+        Map<String, Object> auditUsage = auditUsage(auditTrailService);
+        Map<String, Object> ipFilterUsage = ipFilterUsage(ipFilter);
+        boolean hasSystemKey = systemKeyUsage(cryptoService);
+        return new Usage(available(), enabled(), enabledRealms, rolesStoreUsage, sslUsage, auditUsage, ipFilterUsage, hasSystemKey);
     }
 
     static List<Map<String, Object>> buildEnabledRealms(Realms realms) {
@@ -84,26 +113,86 @@ public class SecurityFeatureSet implements XPackFeatureSet {
         return enabledRealms;
     }
 
+    static Map<String, Object> rolesStoreUsage(@Nullable RolesStore rolesStore) {
+        if (rolesStore == null) {
+            return Collections.emptyMap();
+        }
+        return rolesStore.usageStats();
+    }
+
+    static Map<String, Object> sslUsage(Settings settings) {
+        Map<String, Object> map = new HashMap<>(2);
+        map.put("http", Collections.singletonMap("enabled", SecurityNettyHttpServerTransport.SSL_SETTING.get(settings)));
+        map.put("transport", Collections.singletonMap("enabled", SecurityNettyTransport.SSL_SETTING.get(settings)));
+        return map;
+    }
+
+    static Map<String, Object> auditUsage(@Nullable AuditTrailService auditTrailService) {
+        if (auditTrailService == null) {
+            return Collections.emptyMap();
+        }
+        return auditTrailService.usageStats();
+    }
+
+    static Map<String, Object> ipFilterUsage(@Nullable IPFilter ipFilter) {
+        if (ipFilter == null) {
+            return Collections.emptyMap();
+        }
+        return ipFilter.usageStats();
+    }
+
+    static boolean systemKeyUsage(CryptoService cryptoService) {
+        // we can piggy back on the encryption enabled method as it is only enabled if there is a system key
+        return cryptoService.encryptionEnabled();
+    }
+
     static class Usage extends XPackFeatureSet.Usage {
 
         private static final String ENABLED_REALMS_XFIELD = "enabled_realms";
+        private static final String ROLES_XFIELD = "roles";
+        private static final String SSL_XFIELD = "ssl";
+        private static final String AUDIT_XFIELD = "audit";
+        private static final String IP_FILTER_XFIELD = "ipfilter";
+        private static final String SYSTEM_KEY_XFIELD = "system_key";
 
         private List<Map<String, Object>> enabledRealms;
+        private Map<String, Object> rolesStoreUsage;
+        private Map<String, Object> sslUsage;
+        private Map<String, Object> auditUsage;
+        private Map<String, Object> ipFilterUsage;
+        private boolean hasSystemKey;
 
         public Usage(StreamInput in) throws IOException {
             super(in);
             enabledRealms = in.readList(StreamInput::readMap);
+            rolesStoreUsage = in.readMap();
+            sslUsage = in.readMap();
+            auditUsage = in.readMap();
+            ipFilterUsage = in.readMap();
+            hasSystemKey = in.readBoolean();
         }
 
-        public Usage(boolean available, boolean enabled, List<Map<String, Object>> enabledRealms) {
+        public Usage(boolean available, boolean enabled, List<Map<String, Object>> enabledRealms, Map<String, Object> rolesStoreUsage,
+                     Map<String, Object> sslUsage, Map<String, Object> auditUsage, Map<String, Object> ipFilterUsage,
+                     boolean hasSystemKey) {
             super(Security.NAME, available, enabled);
             this.enabledRealms = enabledRealms;
+            this.rolesStoreUsage = rolesStoreUsage;
+            this.sslUsage = sslUsage;
+            this.auditUsage = auditUsage;
+            this.ipFilterUsage = ipFilterUsage;
+            this.hasSystemKey = hasSystemKey;
         }
 
         @Override
         public void writeTo(StreamOutput out) throws IOException {
             super.writeTo(out);
             out.writeList(enabledRealms.stream().map((m) -> (Writeable) o -> o.writeMap(m)).collect(Collectors.toList()));
+            out.writeMap(rolesStoreUsage);
+            out.writeMap(sslUsage);
+            out.writeMap(auditUsage);
+            out.writeMap(ipFilterUsage);
+            out.writeBoolean(hasSystemKey);
         }
 
         @Override
@@ -111,6 +200,11 @@ public class SecurityFeatureSet implements XPackFeatureSet {
             super.innerXContent(builder, params);
             if (enabled) {
                 builder.field(ENABLED_REALMS_XFIELD, enabledRealms);
+                builder.field(ROLES_XFIELD, rolesStoreUsage);
+                builder.field(SSL_XFIELD, sslUsage);
+                builder.field(AUDIT_XFIELD, auditUsage);
+                builder.field(IP_FILTER_XFIELD, ipFilterUsage);
+                builder.field(SYSTEM_KEY_XFIELD, hasSystemKey);
             }
         }
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityLifecycleService.java

@@ -76,7 +76,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
             if (nativeUserStore.canStart(event.state(), master)) {
                 threadPool.generic().execute(new AbstractRunnable() {
                     @Override
-                    public void onFailure(Throwable throwable) {
+                    public void onFailure(Exception throwable) {
                         logger.error("failed to start native user store service", throwable);
                         assert false : "security lifecycle services startup failed";
                     }
@@ -95,7 +95,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
             if (nativeRolesStore.canStart(event.state(), master)) {
                 threadPool.generic().execute(new AbstractRunnable() {
                     @Override
-                    public void onFailure(Throwable throwable) {
+                    public void onFailure(Exception throwable) {
                         logger.error("failed to start native roles store services", throwable);
                         assert false : "security lifecycle services startup failed";
                     }
@@ -117,7 +117,7 @@ public class SecurityLifecycleService extends AbstractComponent implements Clust
                     threadPool.generic().execute(new AbstractRunnable() {
 
                         @Override
-                        public void onFailure(Throwable throwable) {
+                        public void onFailure(Exception throwable) {
                             logger.error("failed to start index audit trail services", throwable);
                             assert false : "security lifecycle services startup failed";
                         }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/SecurityTemplateService.java

@@ -90,8 +90,8 @@ public class SecurityTemplateService extends AbstractComponent implements Cluste
                 if (createTemplate && templateCreationPending.compareAndSet(false, true)) {
                     threadPool.generic().execute(new AbstractRunnable() {
                         @Override
-                        public void onFailure(Throwable t) {
+                        public void onFailure(Exception e) {
-                            logger.warn("failed to create security index template", t);
+                            logger.warn("failed to create security index template", e);
                             templateCreationPending.set(false);
                         }
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/filter/SecurityActionFilter.java

@@ -44,9 +44,6 @@ import java.util.function.Predicate;
 
 import static org.elasticsearch.xpack.security.support.Exceptions.authorizationError;
 
-/**
- *
- */
 public class SecurityActionFilter extends AbstractComponent implements ActionFilter {
 
     private static final Predicate<String> LICENSE_EXPIRATION_ACTION_MATCHER = HealthAndStatsPrivilege.INSTANCE.predicate();
@@ -109,8 +106,8 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
             } else {
                 chain.proceed(task, action, request, listener);
             }
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            listener.onFailure(t);
+            listener.onFailure(e);
         }
     }
 
@@ -231,7 +228,7 @@ public class SecurityActionFilter extends AbstractComponent implements ActionFil
         }
 
         @Override
-        public void onFailure(Throwable e) {
+        public void onFailure(Exception e) {
             if (threadContext != null) {
                 threadContext.restore();
             }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleAction.java

@@ -44,7 +44,7 @@ public class TransportDeleteRoleAction extends HandledTransportAction<DeleteRole
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     listener.onFailure(t);
                 }
             });

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesAction.java

@@ -77,7 +77,7 @@ public class TransportGetRolesAction extends HandledTransportAction<GetRolesRequ
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     logger.error("failed to retrieve role [{}]", t, rolename);
                     listener.onFailure(t);
                 }
@@ -95,7 +95,7 @@ public class TransportGetRolesAction extends HandledTransportAction<GetRolesRequ
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     logger.error("failed to retrieve role [{}]", t,
                             Strings.arrayToDelimitedString(request.names(), ","));
                     listener.onFailure(t);

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleAction.java

@@ -48,7 +48,7 @@ public class TransportPutRoleAction extends HandledTransportAction<PutRoleReques
             }
 
             @Override
-            public void onFailure(Throwable t) {
+            public void onFailure(Exception t) {
                 listener.onFailure(t);
             }
         });

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordAction.java

@@ -12,7 +12,6 @@ import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
-import org.elasticsearch.xpack.security.authc.esnative.ReservedRealm;
 import org.elasticsearch.xpack.security.user.AnonymousUser;
 import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -50,7 +49,7 @@ public class TransportChangePasswordAction extends HandledTransportAction<Change
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 listener.onFailure(e);
             }
         });

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserAction.java

@@ -54,7 +54,7 @@ public class TransportDeleteUserAction extends HandledTransportAction<DeleteUser
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 listener.onFailure(e);
             }
         });

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersAction.java

@@ -78,7 +78,7 @@ public class TransportGetUsersAction extends HandledTransportAction<GetUsersRequ
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     logger.error("failed to retrieve user [{}]", e, username);
                     listener.onFailure(e);
                 }
@@ -94,7 +94,7 @@ public class TransportGetUsersAction extends HandledTransportAction<GetUsersRequ
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     logger.error("failed to retrieve user [{}]", e,
                             Strings.arrayToDelimitedString(request.usernames(), ","));
                     listener.onFailure(e);

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/action/user/TransportPutUserAction.java

@@ -59,7 +59,7 @@ public class TransportPutUserAction extends HandledTransportAction<PutUserReques
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 logger.error("failed to put user [{}]", e, request.username());
                 listener.onFailure(e);
             }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailModule.java

@@ -7,6 +7,7 @@ package org.elasticsearch.xpack.security.audit;
 
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.common.inject.multibindings.Multibinder;
+import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
@@ -44,18 +45,16 @@ public class AuditTrailModule extends AbstractSecurityModule.Node {
 
     @Override
     protected void configureNode() {
-        if (!enabled) {
-            bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
-            return;
-        }
         List<String> outputs = OUTPUTS_SETTING.get(settings);
-        if (outputs.isEmpty()) {
+        if (securityEnabled == false || enabled == false || outputs.isEmpty()) {
+            bind(AuditTrailService.class).toProvider(Providers.of(null));
             bind(AuditTrail.class).toInstance(AuditTrail.NOOP);
             return;
         }
-        bind(AuditTrail.class).to(AuditTrailService.class).asEagerSingleton();
-        Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
 
+        bind(AuditTrailService.class).asEagerSingleton();
+        bind(AuditTrail.class).to(AuditTrailService.class);
+        Multibinder<AuditTrail> binder = Multibinder.newSetBinder(binder(), AuditTrail.class);
         Set<String> uniqueOutputs = Sets.newHashSet(outputs);
         for (String output : uniqueOutputs) {
             switch (output) {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/AuditTrailService.java

@@ -16,6 +16,8 @@ import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.transport.TransportMessage;
 
 import java.net.InetAddress;
+import java.util.HashMap;
+import java.util.Map;
 import java.util.Set;
 
 /**
@@ -197,4 +199,11 @@ public class AuditTrailService extends AbstractComponent implements AuditTrail {
             }
         }
     }
+
+    public Map<String, Object> usageStats() {
+        Map<String, Object> map = new HashMap<>(2);
+        map.put("enabled", AuditTrailModule.ENABLED_SETTING.get(settings));
+        map.put("outputs", AuditTrailModule.OUTPUTS_SETTING.get(settings));
+        return map;
+    }
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrail.java

@@ -886,7 +886,7 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
                     INDEX_TEMPLATE_NAME);
             threadPool.generic().execute(new AbstractRunnable() {
                 @Override
-                public void onFailure(Throwable throwable) {
+                public void onFailure(Exception throwable) {
                     logger.error("failed to update security audit index template [{}]", throwable, INDEX_TEMPLATE_NAME);
                 }
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/NativeUsersStore.java

@@ -159,7 +159,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             }
 
             @Override
-            public void onFailure(Throwable t) {
+            public void onFailure(Exception t) {
                 if (t instanceof IndexNotFoundException) {
                     logger.trace("failed to retrieve user [{}] since security index does not exist", username);
                     // We don't invoke the onFailure listener here, instead
@@ -228,7 +228,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     // attempt to clear scroll response
                     if (lastResponse != null && lastResponse.getScrollId() != null) {
                         clearScrollResponse(lastResponse.getScrollId());
@@ -260,7 +260,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             }
 
             @Override
-            public void onFailure(Throwable t) {
+            public void onFailure(Exception t) {
                 if (t instanceof IndexNotFoundException) {
                     logger.trace("failed to retrieve user [{}] since security index does not exist", t, username);
                 } else {
@@ -287,7 +287,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     if (t instanceof IndexNotFoundException) {
                         logger.trace("could not retrieve user [{}] because security index does not exist", t, user);
                     } else {
@@ -334,7 +334,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         Throwable cause = e;
                         if (e instanceof ElasticsearchException) {
                             cause = ExceptionsHelper.unwrapCause(e);
@@ -368,7 +368,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         listener.onFailure(e);
                     }
                 });
@@ -410,7 +410,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         Throwable cause = e;
                         if (e instanceof ElasticsearchException) {
                             cause = ExceptionsHelper.unwrapCause(e);
@@ -455,7 +455,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         listener.onFailure(e);
                     }
                 });
@@ -479,7 +479,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     listener.onFailure(e);
                 }
             });
@@ -550,9 +550,9 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         if (state.compareAndSet(State.STARTED, State.STOPPING)) {
             try {
                 userPoller.stop();
-            } catch (Throwable t) {
+            } catch (Exception e) {
                 state.set(State.FAILED);
-                throw t;
+                throw e;
             } finally {
                 state.set(State.STOPPED);
             }
@@ -594,10 +594,10 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
         return securityIndexExists;
     }
 
-    char[] reservedUserPassword(String username) throws Throwable {
+    char[] reservedUserPassword(String username) throws Exception {
         assert started();
         final AtomicReference<char[]> passwordHash = new AtomicReference<>();
-        final AtomicReference<Throwable> failure = new AtomicReference<>();
+        final AtomicReference<Exception> failure = new AtomicReference<>();
         final CountDownLatch latch = new CountDownLatch(1);
         client.prepareGet(SecurityTemplateService.SECURITY_INDEX_NAME, RESERVED_USER_DOC_TYPE, username)
                 .execute(new LatchedActionListener<>(new ActionListener<GetResponse>() {
@@ -615,7 +615,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
                     }
 
                     @Override
-                    public void onFailure(Throwable e) {
+                    public void onFailure(Exception e) {
                         if (e instanceof IndexNotFoundException) {
                             logger.trace("could not retrieve built in user [{}] password since security index does not exist", e, username);
                         } else {
@@ -634,7 +634,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             failure.set(e);
         }
 
-        Throwable failureCause = failure.get();
+        Exception failureCause = failure.get();
         if (failureCause != null) {
             // if there is any sort of failure we need to throw an exception to prevent the fallback to the default password...
             throw failureCause;
@@ -651,7 +651,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             }
 
             @Override
-            public void onFailure(Throwable t) {
+            public void onFailure(Exception t) {
                 // Not really much to do here except for warn about it...
                 logger.warn("failed to clear scroll [{}]", t, scrollId);
             }
@@ -669,7 +669,7 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 logger.error("unable to clear realm cache for user [{}]", e, username);
                 ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + username
                         + "] failed. please clear the realm cache manually", e);
@@ -838,21 +838,22 @@ public class NativeUsersStore extends AbstractComponent implements ClusterStateL
             }
 
             // call listeners
-            Throwable th = null;
+            RuntimeException ex = null;
             for (ChangeListener listener : listeners) {
                 try {
                     listener.onUsersChanged(changedUsers);
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    th = ExceptionsHelper.useOrSuppress(th, t);
+                    if (ex == null) ex = new RuntimeException("exception while notifying listeners");
+                    ex.addSuppressed(e);
                 }
             }
 
-            ExceptionsHelper.reThrowIfNotNull(th);
+            if (ex != null) throw ex;
         }
 
         @Override
-        public void onFailure(Throwable t) {
+        public void onFailure(Exception e) {
-            logger.error("error occurred while checking the native users for changes", t);
+            logger.error("error occurred while checking the native users for changes", e);
         }
 
         private boolean isStopped() {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java

@@ -131,7 +131,7 @@ public class ReservedRealm extends CachingUsernamePasswordRealm {
                 return DEFAULT_PASSWORD_HASH;
             }
             return passwordHash;
-        } catch (Throwable e) {
+        } catch (Exception e) {
             logger.error("failed to retrieve password hash for reserved user [{}]", e, username);
             return null;
         }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserPasswdStore.java

@@ -37,9 +37,6 @@ import static java.util.Collections.emptyMap;
 import static java.util.Collections.unmodifiableMap;
 import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
 
-/**
- *
- */
 public class FileUserPasswdStore {
 
     private final ESLogger logger;
@@ -111,8 +108,8 @@ public class FileUserPasswdStore {
     static Map<String, char[]> parseFileLenient(Path path, ESLogger logger) {
         try {
             return parseFile(path, logger);
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            logger.error("failed to parse users file [{}]. skipping/removing all users...", t, path.toAbsolutePath());
+            logger.error("failed to parse users file [{}]. skipping/removing all users...", e, path.toAbsolutePath());
             return emptyMap();
         }
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/FileUserRolesStore.java

@@ -37,9 +37,6 @@ import static java.util.Collections.emptyMap;
 import static java.util.Collections.unmodifiableMap;
 import static org.elasticsearch.xpack.security.support.SecurityFiles.openAtomicMoveWriter;
 
-/**
- *
- */
 public class FileUserRolesStore {
 
     private static final Pattern USERS_DELIM = Pattern.compile("\\s*,\\s*");
@@ -103,8 +100,8 @@ public class FileUserRolesStore {
     static Map<String, String[]> parseFileLenient(Path path, ESLogger logger) {
         try {
             return parseFile(path, logger);
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            logger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", t, path.toAbsolutePath());
+            logger.error("failed to parse users_roles file [{}]. skipping/removing all entries...", e, path.toAbsolutePath());
             return emptyMap();
         }
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/file/tool/UsersTool.java

@@ -11,7 +11,7 @@ import org.elasticsearch.cli.ExitCodes;
 import org.elasticsearch.cli.MultiCommand;
 import org.elasticsearch.cli.SettingCommand;
 import org.elasticsearch.cli.Terminal;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.set.Sets;
@@ -88,7 +88,7 @@ public class UsersTool extends MultiCommand {
             String username = parseUsername(arguments.values(options));
             Validation.Error validationError = Users.validateUsername(username);
             if (validationError != null) {
-                throw new UserError(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
+                throw new UserException(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
             }
 
             char[] password = parsePassword(terminal, passwordOption.value(options));
@@ -102,7 +102,7 @@ public class UsersTool extends MultiCommand {
 
             Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(passwordFile, null));
             if (users.containsKey(username)) {
-                throw new UserError(ExitCodes.CODE_ERROR, "User [" + username + "] already exists");
+                throw new UserException(ExitCodes.CODE_ERROR, "User [" + username + "] already exists");
             }
             Hasher hasher = Hasher.BCRYPT;
             users.put(username, hasher.hash(new SecuredString(password)));
@@ -149,7 +149,7 @@ public class UsersTool extends MultiCommand {
 
             Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(passwordFile, null));
             if (users.containsKey(username) == false) {
-                throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
+                throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
             }
             if (Files.exists(passwordFile)) {
                 char[] passwd = users.remove(username);
@@ -205,7 +205,7 @@ public class UsersTool extends MultiCommand {
             FileAttributesChecker attributesChecker = new FileAttributesChecker(file);
             Map<String, char[]> users = new HashMap<>(FileUserPasswdStore.parseFile(file, null));
             if (users.containsKey(username) == false) {
-                throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
+                throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
             }
             users.put(username, Hasher.BCRYPT.hash(new SecuredString(password)));
             FileUserPasswdStore.writeFile(users, file);
@@ -261,7 +261,7 @@ public class UsersTool extends MultiCommand {
 
             Map<String, char[]> usersMap = FileUserPasswdStore.parseFile(usersFile, null);
             if (!usersMap.containsKey(username)) {
-                throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
+                throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
             }
 
             Map<String, String[]> userRoles = FileUserRolesStore.parseFile(rolesFile, null);
@@ -325,7 +325,7 @@ public class UsersTool extends MultiCommand {
 
         if (username != null) {
             if (!users.contains(username)) {
-                throw new UserError(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
+                throw new UserException(ExitCodes.NO_USER, "User [" + username + "] doesn't exist");
             }
 
             if (userRoles.containsKey(username)) {
@@ -394,38 +394,38 @@ public class UsersTool extends MultiCommand {
     }
 
     // pkg private for testing
-    static String parseUsername(List<String> args) throws UserError {
+    static String parseUsername(List<String> args) throws UserException {
         if (args.isEmpty()) {
-            throw new UserError(ExitCodes.USAGE, "Missing username argument");
+            throw new UserException(ExitCodes.USAGE, "Missing username argument");
         } else if (args.size() > 1) {
-            throw new UserError(ExitCodes.USAGE, "Expected a single username argument, found extra: " + args.toString());
+            throw new UserException(ExitCodes.USAGE, "Expected a single username argument, found extra: " + args.toString());
         }
         String username = args.get(0);
         Validation.Error validationError = Users.validateUsername(username);
         if (validationError != null) {
-            throw new UserError(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
+            throw new UserException(ExitCodes.DATA_ERROR, "Invalid username [" + username + "]... " + validationError);
         }
         return username;
     }
 
     // pkg private for testing
-    static char[] parsePassword(Terminal terminal, String passwordStr) throws UserError {
+    static char[] parsePassword(Terminal terminal, String passwordStr) throws UserException {
         char[] password;
         if (passwordStr != null) {
             password = passwordStr.toCharArray();
             Validation.Error validationError = Users.validatePassword(password);
             if (validationError != null) {
-                throw new UserError(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
+                throw new UserException(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
             }
         } else {
             password = terminal.readSecret("Enter new password: ");
             Validation.Error validationError = Users.validatePassword(password);
             if (validationError != null) {
-                throw new UserError(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
+                throw new UserException(ExitCodes.DATA_ERROR, "Invalid password..." + validationError);
             }
             char[] retyped = terminal.readSecret("Retype new password: ");
             if (Arrays.equals(password, retyped) == false) {
-                throw new UserError(ExitCodes.DATA_ERROR, "Password mismatch");
+                throw new UserException(ExitCodes.DATA_ERROR, "Password mismatch");
             }
         }
         return password;
@@ -446,7 +446,7 @@ public class UsersTool extends MultiCommand {
     }
 
     // pkg private for testing
-    static String[] parseRoles(Terminal terminal, Environment env, String rolesStr) throws UserError {
+    static String[] parseRoles(Terminal terminal, Environment env, String rolesStr) throws UserException {
         if (rolesStr.isEmpty()) {
             return Strings.EMPTY_ARRAY;
         }
@@ -454,7 +454,7 @@ public class UsersTool extends MultiCommand {
         for (String role : roles) {
             Validation.Error validationError = Validation.Roles.validateRoleName(role);
             if (validationError != null) {
-                throw new UserError(ExitCodes.DATA_ERROR, "Invalid role [" + role + "]... " + validationError);
+                throw new UserException(ExitCodes.DATA_ERROR, "Invalid role [" + role + "]... " + validationError);
             }
         }
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/ldap/support/LdapSession.java

@@ -65,7 +65,7 @@ public class LdapSession implements Closeable {
         return groupsResolver.resolve(ldap, userDn, timeout, logger);
     }
 
-    public static interface GroupsResolver {
+    public interface GroupsResolver {
 
         List<String> resolve(LDAPInterface ldapConnection, String userDn, TimeValue timeout, ESLogger logger);
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/BCrypt.java

@@ -484,7 +484,7 @@ public class BCrypt {
      * @param lr    an array containing the two 32-bit half blocks
      * @param off   the position in the array of the blocks
      */
-    private final void encipher(int lr[], int off) {
+    private void encipher(int lr[], int off) {
         int i, n, l = lr[off], r = lr[off + 1];
 
         l ^= P[0];

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/DnRoleMapper.java

@@ -95,8 +95,8 @@ public class DnRoleMapper {
     public static Map<DN, Set<String>> parseFileLenient(Path path, ESLogger logger, String realmType, String realmName) {
         try {
             return parseFile(path, logger, realmType, realmName);
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            logger.error("failed to parse role mappings file [{}]. skipping/removing all mappings...", t, path.toAbsolutePath());
+            logger.error("failed to parse role mappings file [{}]. skipping/removing all mappings...", e, path.toAbsolutePath());
             return emptyMap();
         }
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authc/support/RefreshListener.java

@@ -10,12 +10,7 @@ package org.elasticsearch.xpack.security.authc.support;
  */
 public interface RefreshListener {
 
-    static final RefreshListener NOOP = new RefreshListener() {
+    RefreshListener NOOP = () -> {};
-        @Override
-        public void onRefresh() {
-        }
-    };
 
     void onRefresh();
-
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationModule.java

@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.xpack.security.authz;
 
+import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
 import org.elasticsearch.xpack.security.authz.store.FileRolesStore;
@@ -24,6 +25,10 @@ public class AuthorizationModule extends AbstractSecurityModule.Node {
 
     @Override
     protected void configureNode() {
+        if (securityEnabled == false) {
+            bind(RolesStore.class).toProvider(Providers.of(null));
+            return;
+        }
 
         // First the file and native roles stores must be bound...
         bind(ReservedRolesStore.class).asEagerSingleton();

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/permission/IndicesPermission.java

@@ -125,7 +125,7 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
                     if (group.check(action, indexOrAlias)) {
                         granted = true;
                         for (String index : concreteIndices) {
-                            if (group.getFields() != null) {
+                            if (group.hasFields()) {
                                 Set<String> roleFields = rolesFieldsByIndex.get(index);
                                 if (roleFields == null) {
                                     roleFields = new HashSet<>();
@@ -133,7 +133,7 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
                                 }
                                 roleFields.addAll(group.getFields());
                             }
-                            if (group.getQuery() != null) {
+                            if (group.hasQuery()) {
                                 Set<BytesReference> roleQueries = roleQueriesByIndex.get(index);
                                 if (roleQueries == null) {
                                     roleQueries = new HashSet<>();
@@ -330,5 +330,13 @@ public interface IndicesPermission extends Permission, Iterable<IndicesPermissio
             assert index != null;
             return actionMatcher.test(action) && indexNameMatcher.test(index);
         }
+
+        public boolean hasFields() {
+            return fields != null;
+        }
+
+        public boolean hasQuery() {
+            return query != null;
+        }
     }
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStore.java

@@ -8,6 +8,9 @@ package org.elasticsearch.xpack.security.authz.store;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.xpack.security.authz.permission.Role;
 
+import java.util.HashMap;
+import java.util.Map;
+
 /**
  * A composite roles store that combines built in roles, file-based roles, and index-based roles. Checks the built in roles first, then the
  * file roles, and finally the index roles.
@@ -40,4 +43,12 @@ public class CompositeRolesStore implements RolesStore {
 
         return nativeRolesStore.role(role);
     }
+
+    @Override
+    public Map<String, Object> usageStats() {
+        Map<String, Object> usage = new HashMap<>(2);
+        usage.put("file", fileRolesStore.usageStats());
+        usage.put("native", nativeRolesStore.usageStats());
+        return usage;
+    }
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/FileRolesStore.java

@@ -15,13 +15,13 @@ import org.elasticsearch.common.logging.ESLogger;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.common.xcontent.XContentParser;
 import org.elasticsearch.common.xcontent.yaml.YamlXContent;
 import org.elasticsearch.env.Environment;
 import org.elasticsearch.xpack.security.Security;
 import org.elasticsearch.xpack.security.authc.support.RefreshListener;
 import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.IndicesPermission.Group;
 import org.elasticsearch.xpack.security.authz.permission.Role;
 import org.elasticsearch.xpack.security.support.NoOpLogger;
 import org.elasticsearch.xpack.security.support.Validation;
@@ -46,9 +46,6 @@ import static java.util.Collections.emptySet;
 import static java.util.Collections.unmodifiableMap;
 import static org.elasticsearch.xpack.security.Security.setting;
 
-/**
- *
- */
 public class FileRolesStore extends AbstractLifecycleComponent implements RolesStore {
 
     public static final Setting<String> ROLES_FILE_SETTING =
@@ -100,6 +97,28 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS
         return permissions.get(role);
     }
 
+    @Override
+    public Map<String, Object> usageStats() {
+        Map<String, Object> usageStats = new HashMap<>();
+        usageStats.put("size", permissions.size());
+
+        boolean dls = false;
+        boolean fls = false;
+        for (Role role : permissions.values()) {
+            for (Group group : role.indices()) {
+                fls = fls || group.hasFields();
+                dls = dls || group.hasQuery();
+            }
+            if (fls && dls) {
+                break;
+            }
+        }
+        usageStats.put("fls", fls);
+        usageStats.put("dls", dls);
+
+        return usageStats;
+    }
+
     public static Path resolveFile(Settings settings, Environment env) {
         String location = ROLES_FILE_SETTING.get(settings);
         if (location.isEmpty()) {
@@ -288,8 +307,8 @@ public class FileRolesStore extends AbstractLifecycleComponent implements RolesS
                 try {
                     permissions = parseFile(file, logger, settings);
                     logger.info("updated roles (roles file [{}] changed)", file.toAbsolutePath());
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    logger.error("could not reload roles file [{}]. Current roles remain unmodified", t, file.toAbsolutePath());
+                    logger.error("could not reload roles file [{}]. Current roles remain unmodified", e, file.toAbsolutePath());
                     return;
                 }
                 listener.onRefresh();

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStore.java

@@ -15,6 +15,9 @@ import org.elasticsearch.action.get.GetResponse;
 import org.elasticsearch.action.index.IndexResponse;
 import org.elasticsearch.action.search.ClearScrollRequest;
 import org.elasticsearch.action.search.ClearScrollResponse;
+import org.elasticsearch.action.search.MultiSearchRequestBuilder;
+import org.elasticsearch.action.search.MultiSearchResponse;
+import org.elasticsearch.action.search.MultiSearchResponse.Item;
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.action.search.SearchResponse;
 import org.elasticsearch.action.search.SearchScrollRequest;
@@ -47,6 +50,7 @@ import org.elasticsearch.xpack.security.action.role.ClearRolesCacheResponse;
 import org.elasticsearch.xpack.security.action.role.DeleteRoleRequest;
 import org.elasticsearch.xpack.security.action.role.PutRoleRequest;
 import org.elasticsearch.xpack.security.authz.RoleDescriptor;
+import org.elasticsearch.xpack.security.authz.permission.IndicesPermission.Group;
 import org.elasticsearch.xpack.security.authz.permission.Role;
 import org.elasticsearch.xpack.security.client.SecurityClient;
 import org.elasticsearch.xpack.security.support.SelfReschedulingRunnable;
@@ -56,8 +60,10 @@ import org.elasticsearch.threadpool.ThreadPool.Names;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CountDownLatch;
@@ -231,7 +237,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
                 }
 
                 @Override
-                public void onFailure(Throwable t) {
+                public void onFailure(Exception t) {
                     // attempt to clear the scroll request
                     if (lastResponse != null && lastResponse.getScrollId() != null) {
                         clearScollRequest(lastResponse.getScrollId());
@@ -277,7 +283,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     logger.error("failed to delete role from the index", e);
                     listener.onFailure(e);
                 }
@@ -311,7 +317,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
                         }
 
                         @Override
-                        public void onFailure(Throwable e) {
+                        public void onFailure(Exception e) {
                             logger.error("failed to put role [{}]", e, request.name());
                             listener.onFailure(e);
                         }
@@ -329,6 +335,84 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
         return roleAndVersion == null ? null : roleAndVersion.getRole();
     }
 
+    @Override
+    public Map<String, Object> usageStats() {
+        if (state() != State.STARTED) {
+            return Collections.emptyMap();
+        }
+
+        boolean dls = false;
+        boolean fls = false;
+        Map<String, Object> usageStats = new HashMap<>();
+        if (securityIndexExists == false) {
+            usageStats.put("size", 0L);
+            usageStats.put("fls", fls);
+            usageStats.put("dls", dls);
+            return usageStats;
+        }
+
+        long count = (long) roleCache.size();
+        for (RoleAndVersion rv : roleCache.values()) {
+            Role role = rv.getRole();
+            for (Group group : role.indices()) {
+                fls = fls || group.hasFields();
+                dls = dls || group.hasQuery();
+            }
+            if (fls && dls) {
+                break;
+            }
+        }
+
+        // slow path - query for necessary information
+        if (fls == false || dls == false) {
+            MultiSearchRequestBuilder builder = client.prepareMultiSearch()
+                    .add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
+                            .setTypes(ROLE_DOC_TYPE)
+                            .setQuery(QueryBuilders.matchAllQuery())
+                            .setSize(0));
+
+            if (fls == false) {
+                builder.add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
+                        .setTypes(ROLE_DOC_TYPE)
+                        .setQuery(QueryBuilders.existsQuery("indices.fields"))
+                        .setSize(0)
+                        .setTerminateAfter(1));
+            }
+
+            if (dls == false) {
+                builder.add(client.prepareSearch(SecurityTemplateService.SECURITY_INDEX_NAME)
+                        .setTypes(ROLE_DOC_TYPE)
+                        .setQuery(QueryBuilders.existsQuery("indices.query"))
+                        .setSize(0)
+                        .setTerminateAfter(1));
+            }
+
+            MultiSearchResponse multiSearchResponse = builder.get();
+            int pos = 0;
+            Item[] responses = multiSearchResponse.getResponses();
+            if (responses[pos].isFailure() == false) {
+                count = responses[pos].getResponse().getHits().getTotalHits();
+            }
+
+            if (fls == false) {
+                if (responses[++pos].isFailure() == false) {
+                    fls = responses[pos].getResponse().getHits().getTotalHits() > 0L;
+                }
+            }
+
+            if (dls == false) {
+                if (responses[++pos].isFailure() == false) {
+                    dls = responses[pos].getResponse().getHits().getTotalHits() > 0L;
+                }
+            }
+        }
+
+        usageStats.put("size", count);
+        usageStats.put("fls", fls);
+        usageStats.put("dls", dls);
+        return usageStats;
+    }
+
     private RoleAndVersion getRoleAndVersion(final String roleId) {
         RoleAndVersion roleAndVersion = null;
         final AtomicReference<GetResponse> getRef = new AtomicReference<>(null);
@@ -345,7 +429,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
                         }
 
                         @Override
-                        public void onFailure(Throwable t) {
+                        public void onFailure(Exception t) {
                             if (t instanceof IndexNotFoundException) {
                                 logger.trace("failed to retrieve role [{}] since security index does not exist", t, roleId);
                             } else {
@@ -403,7 +487,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             }
 
             @Override
-            public void onFailure(Throwable t) {
+            public void onFailure(Exception t) {
                 // Not really much to do here except for warn about it...
                 logger.warn("failed to clear scroll [{}] after retrieving roles", t, scrollId);
             }
@@ -441,7 +525,7 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 logger.error("unable to clear cache for role [{}]", e, role);
                 ElasticsearchException exception = new ElasticsearchException("clearing the cache for [" + role
                         + "] failed. please clear the role cache manually", e);
@@ -568,8 +652,8 @@ public class NativeRolesStore extends AbstractComponent implements RolesStore, C
         }
 
         @Override
-        public void onFailure(Throwable t) {
+        public void onFailure(Exception e) {
-            logger.error("error occurred while checking the native roles for changes", t);
+            logger.error("error occurred while checking the native roles for changes", e);
         }
 
         private boolean isStopped() {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/ReservedRolesStore.java

@@ -19,6 +19,8 @@ import org.elasticsearch.xpack.security.user.SystemUser;
 
 import java.util.Arrays;
 import java.util.Collection;
+import java.util.Collections;
+import java.util.Map;
 import java.util.Set;
 
 /**
@@ -55,6 +57,11 @@ public class ReservedRolesStore implements RolesStore {
         }
     }
 
+    @Override
+    public Map<String, Object> usageStats() {
+        return Collections.emptyMap();
+    }
+
     public RoleDescriptor roleDescriptor(String role) {
         switch (role) {
             case SuperuserRole.NAME:

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/authz/store/RolesStore.java

@@ -7,6 +7,8 @@ package org.elasticsearch.xpack.security.authz.store;
 
 import org.elasticsearch.xpack.security.authz.permission.Role;
 
+import java.util.Map;
+
 /**
  * An interface for looking up a role given a string role name
  */
@@ -14,4 +16,5 @@ public interface RolesStore {
 
     Role role(String role);
 
+    Map<String, Object> usageStats();
 }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/CryptoModule.java

@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.xpack.security.crypto;
 
+import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.xpack.security.support.AbstractSecurityModule;
 
@@ -19,6 +20,10 @@ public class CryptoModule extends AbstractSecurityModule.Node {
 
     @Override
     protected void configureNode() {
+        if (securityEnabled == false) {
+            bind(CryptoService.class).toProvider(Providers.of(null));
+            return;
+        }
         bind(InternalCryptoService.class).asEagerSingleton();
         bind(CryptoService.class).to(InternalCryptoService.class).asEagerSingleton();
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/InternalCryptoService.java

@@ -12,13 +12,12 @@ import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.common.settings.Setting;
 import org.elasticsearch.common.settings.Setting.Property;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.env.Environment;
-import org.elasticsearch.xpack.security.authc.support.CharArrays;
 import org.elasticsearch.watcher.FileChangesListener;
 import org.elasticsearch.watcher.FileWatcher;
 import org.elasticsearch.watcher.ResourceWatcherService;
 import org.elasticsearch.xpack.XPackPlugin;
+import org.elasticsearch.xpack.security.authc.support.CharArrays;
 
 import javax.crypto.BadPaddingException;
 import javax.crypto.Cipher;
@@ -28,6 +27,7 @@ import javax.crypto.Mac;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
+
 import java.io.IOException;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
@@ -45,12 +45,9 @@ import java.util.Objects;
 import java.util.concurrent.CopyOnWriteArrayList;
 import java.util.regex.Pattern;
 
-import static org.elasticsearch.xpack.security.authc.support.SecuredString.constantTimeEquals;
 import static org.elasticsearch.xpack.security.Security.setting;
+import static org.elasticsearch.xpack.security.authc.support.SecuredString.constantTimeEquals;
 
-/**
- *
- */
 public class InternalCryptoService extends AbstractLifecycleComponent implements CryptoService {
 
     public static final String KEY_ALGO = "HmacSHA512";
@@ -232,8 +229,8 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
             base64RandomKey = pieces[2];
             receivedSignature = pieces[3].substring(0, length);
             text = pieces[3].substring(length);
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            logger.error("error occurred while parsing signed text", t);
+            logger.error("error occurred while parsing signed text", e);
             throw new IllegalArgumentException("tampered signed text");
         }
 
@@ -270,8 +267,8 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
             if (constantTimeEquals(sig, receivedSignature)) {
                 return text;
             }
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            logger.error("error occurred while verifying signed text", t);
+            logger.error("error occurred while verifying signed text", e);
             throw new IllegalStateException("error while verifying the signed text");
         }
 
@@ -543,29 +540,20 @@ public class InternalCryptoService extends AbstractLifecycleComponent implements
         }
 
         private void callListeners(SecretKey oldSystemKey, SecretKey oldEncryptionKey) {
-            Throwable th = null;
+            RuntimeException ex = null;
             for (Listener listener : listeners) {
                 try {
                     listener.onKeyChange(oldSystemKey, oldEncryptionKey);
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    if (th == null) {
+                    if (ex == null) ex = new RuntimeException("exception calling key change listeners");
-                        th = t;
+                    ex.addSuppressed(e);
-                    } else {
-                        th.addSuppressed(t);
-                    }
                 }
             }
 
             // all listeners were notified now rethrow
-            if (th != null) {
+            if (ex != null) {
-                logger.error("called all key change listeners but one or more exceptions was thrown", th);
+                logger.error("called all key change listeners but one or more exceptions was thrown", ex);
-                if (th instanceof RuntimeException) {
+                throw ex;
-                    throw (RuntimeException) th;
-                } else if (th instanceof Error) {
-                    throw (Error) th;
-                } else {
-                    throw new RuntimeException(th);
-                }
             }
         }
     }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/crypto/tool/SystemKeyTool.java

@@ -7,12 +7,10 @@ package org.elasticsearch.xpack.security.crypto.tool;
 
 import joptsimple.OptionSet;
 import joptsimple.OptionSpec;
-import joptsimple.util.KeyValuePair;
-import org.elasticsearch.cli.Command;
 import org.elasticsearch.cli.ExitCodes;
 import org.elasticsearch.cli.SettingCommand;
 import org.elasticsearch.cli.Terminal;
-import org.elasticsearch.cli.UserError;
+import org.elasticsearch.cli.UserException;
 import org.elasticsearch.common.SuppressForbidden;
 import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.settings.Settings;
@@ -26,7 +24,6 @@ import java.nio.file.Path;
 import java.nio.file.StandardOpenOption;
 import java.nio.file.attribute.PosixFileAttributeView;
 import java.nio.file.attribute.PosixFilePermission;
-import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
@@ -65,7 +62,7 @@ public class SystemKeyTool extends SettingCommand {
         if (options.hasArgument(arguments)) {
             List<String> args = arguments.values(options);
             if (args.size() > 1) {
-                throw new UserError(ExitCodes.USAGE, "No more than one key path can be supplied");
+                throw new UserException(ExitCodes.USAGE, "No more than one key path can be supplied");
             }
             keyPath = parsePath(args.get(0));
         } else {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/ssl/AbstractSSLService.java

@@ -123,8 +123,8 @@ public abstract class AbstractSSLService extends AbstractComponent {
             sslEngine.setEnabledCipherSuites(supportedCiphers(sslEngine.getSupportedCipherSuites(), ciphers, false));
         } catch (ElasticsearchException e) {
             throw e;
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            throw new IllegalArgumentException("failed loading cipher suites [" + Arrays.asList(ciphers) + "]", t);
+            throw new IllegalArgumentException("failed loading cipher suites [" + Arrays.asList(ciphers) + "]", e);
         }
 
         try {

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/support/SelfReschedulingRunnable.java

@@ -49,8 +49,8 @@ public class SelfReschedulingRunnable extends AbstractRunnable {
     }
 
     @Override
-    public void onFailure(Throwable t) {
+    public void onFailure(Exception e) {
-        logger.warn("failed to run scheduled task", t);
+        logger.warn("failed to run scheduled task", e);
     }
 
     @Override

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityClientTransportService.java

@@ -34,8 +34,8 @@ public class SecurityClientTransportService extends TransportService {
         try {
             clientFilter.outbound(action, request);
             super.sendRequest(node, action, request, options, handler);
-        } catch (Throwable t) {
+        } catch (Exception e) {
-            handler.handleException(new TransportException("failed sending request", t));
+            handler.handleException(new TransportException("failed sending request", e));
         }
     }
 

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityServerTransportService.java

@@ -38,9 +38,6 @@ import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTran
 import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.PROFILE_CLIENT_AUTH_SETTING;
 import static org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport.SSL_SETTING;
 
-/**
- *
- */
 public class SecurityServerTransportService extends TransportService {
 
     public static final String SETTING_NAME = "xpack.security.type";
@@ -81,16 +78,16 @@ public class SecurityServerTransportService extends TransportService {
                 try {
                     clientFilter.outbound(action, request);
                     super.sendRequest(node, action, request, options, new ContextRestoreResponseHandler<>(original, handler));
-                } catch (Throwable t) {
+                } catch (Exception e) {
-                    handler.handleException(new TransportException("failed sending request", t));
+                    handler.handleException(new TransportException("failed sending request", e));
                 }
             }
         } else {
             try {
                 clientFilter.outbound(action, request);
                 super.sendRequest(node, action, request, options, handler);
-            } catch (Throwable t) {
+            } catch (Exception e) {
-                handler.handleException(new TransportException("failed sending request", t));
+                handler.handleException(new TransportException("failed sending request", e));
             }
         }
     }
@@ -194,8 +191,8 @@ public class SecurityServerTransportService extends TransportService {
                 RequestContext context = new RequestContext(request, threadContext);
                 RequestContext.setCurrent(context);
                 handler.messageReceived(request, channel, task);
-            } catch (Throwable t) {
+            } catch (Exception e) {
-                channel.sendResponse(t);
+                channel.sendResponse(e);
             } finally {
                 RequestContext.removeCurrent();
             }

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/SecurityTransportModule.java

@@ -21,6 +21,11 @@ public class SecurityTransportModule extends AbstractSecurityModule {
 
     @Override
     protected void configure(boolean clientMode) {
+        if (securityEnabled == false) {
+            bind(IPFilter.class).toProvider(Providers.<IPFilter>of(null));
+            return;
+        }
+
         if (clientMode) {
             // no ip filtering on the client
             bind(IPFilter.class).toProvider(Providers.<IPFilter>of(null));

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/filter/IPFilter.java

@@ -130,6 +130,13 @@ public class IPFilter {
         updateRules();
     }
 
+    public Map<String, Object> usageStats() {
+        Map<String, Object> map = new HashMap<>(2);
+        map.put("http", Collections.singletonMap("enabled", isHttpFilterEnabled));
+        map.put("transport", Collections.singletonMap("enabled", isIpFilterEnabled));
+        return map;
+    }
+
     private void setTransportProfiles(Settings settings) {
         transportGroups = settings.getAsGroups();
         updateRules();

elasticsearch/x-pack/security/src/main/java/org/elasticsearch/xpack/security/transport/netty/SecurityNettyTransport.java

@@ -26,14 +26,12 @@ import org.jboss.netty.channel.ChannelHandlerContext;
 import org.jboss.netty.channel.ChannelPipeline;
 import org.jboss.netty.channel.ChannelPipelineFactory;
 import org.jboss.netty.channel.ChannelStateEvent;
-import org.jboss.netty.channel.ExceptionEvent;
 import org.jboss.netty.channel.SimpleChannelHandler;
 import org.jboss.netty.handler.ssl.SslHandler;
 
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import java.net.InetSocketAddress;
-import java.util.Collections;
 import java.util.List;
 
 import static org.elasticsearch.xpack.security.Security.featureEnabledSetting;
@@ -113,7 +111,7 @@ public class SecurityNettyTransport extends NettyTransport {
     }
 
     @Override
-    protected void onException(Channel channel, Throwable e) {
+    protected void onException(Channel channel, Exception e) {
         if (isNotSslRecordException(e)) {
             if (logger.isTraceEnabled()) {
                 logger.trace("received plaintext traffic on a encrypted channel, closing connection {}", e, channel);

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/ClearRealmsCacheTests.java

@@ -146,7 +146,7 @@ public class ClearRealmsCacheTests extends SecurityIntegTestCase {
                 }
 
                 @Override
-                public void onFailure(Throwable e) {
+                public void onFailure(Exception e) {
                     error.set(e);
                     latch.countDown();
                 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/integration/FieldLevelSecurityTests.java

@@ -709,9 +709,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         SearchResponse response = client()
                 .filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user1", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(1));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@@ -719,9 +719,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user2 is granted access to field2 only:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user2", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(1));
         assertThat(response.getHits().getAt(0).fields().get("field2").<String>getValue(), equalTo("value2"));
@@ -729,9 +729,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user3 is granted access to field1 and field2:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user3", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(2));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@@ -740,18 +740,18 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user4 is granted access to no fields:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user4", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(0));
 
         // user5 has no field level security configured:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user5", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@@ -761,9 +761,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user6 has field level security configured with access to field*:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user6", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@@ -773,9 +773,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user7 has access to all fields due to a mix of roles without field level security and with:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user7", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(3));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));
@@ -785,9 +785,9 @@ public class FieldLevelSecurityTests extends SecurityIntegTestCase {
         // user8 has field level security configured with access to field1 and field2:
         response = client().filterWithHeader(Collections.singletonMap(BASIC_AUTH_HEADER, basicAuthHeaderValue("user8", USERS_PASSWD)))
                 .prepareSearch("test")
-                .addField("field1")
+                .addStoredField("field1")
-                .addField("field2")
+                .addStoredField("field2")
-                .addField("field3")
+                .addStoredField("field3")
                 .get();
         assertThat(response.getHits().getAt(0).fields().size(), equalTo(2));
         assertThat(response.getHits().getAt(0).fields().get("field1").<String>getValue(), equalTo("value1"));

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/SecurityFeatureSetTests.java

@@ -5,12 +5,19 @@
  */
 package org.elasticsearch.xpack.security;
 
+import org.elasticsearch.common.collect.MapBuilder;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.xpack.security.audit.AuditTrailService;
 import org.elasticsearch.xpack.security.authc.Realm;
 import org.elasticsearch.xpack.security.authc.Realms;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.xpack.XPackFeatureSet;
+import org.elasticsearch.xpack.security.authz.store.RolesStore;
+import org.elasticsearch.xpack.security.crypto.CryptoService;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyHttpServerTransport;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
 import org.elasticsearch.xpack.watcher.support.xcontent.XContentSource;
 import org.junit.Before;
 
@@ -21,6 +28,7 @@ import java.util.List;
 import java.util.Map;
 
 import static org.hamcrest.CoreMatchers.nullValue;
+import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.hamcrest.core.Is.is;
 import static org.mockito.Matchers.anyObject;
@@ -34,24 +42,35 @@ import static org.mockito.Mockito.when;
  */
 public class SecurityFeatureSetTests extends ESTestCase {
 
+    private Settings settings;
     private SecurityLicenseState licenseState;
     private Realms realms;
     private NamedWriteableRegistry namedWriteableRegistry;
+    private IPFilter ipFilter;
+    private RolesStore rolesStore;
+    private AuditTrailService auditTrail;
+    private CryptoService cryptoService;
 
     @Before
     public void init() throws Exception {
+        settings = Settings.builder().put("path.home", createTempDir()).build();
         licenseState = mock(SecurityLicenseState.class);
         realms = mock(Realms.class);
         namedWriteableRegistry = mock(NamedWriteableRegistry.class);
+        ipFilter = mock(IPFilter.class);
+        rolesStore = mock(RolesStore.class);
+        auditTrail = mock(AuditTrailService.class);
+        cryptoService = mock(CryptoService.class);
     }
 
     public void testWritableRegistration() throws Exception {
-        new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
+        new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore, ipFilter, auditTrail, cryptoService);
         verify(namedWriteableRegistry).register(eq(SecurityFeatureSet.Usage.class), eq("xpack.usage.security"), anyObject());
     }
 
     public void testAvailable() throws Exception {
-        SecurityFeatureSet featureSet = new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
+        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
+                ipFilter, auditTrail, cryptoService);
         boolean available = randomBoolean();
         when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(available);
         assertThat(featureSet.available(), is(available));
@@ -60,27 +79,60 @@ public class SecurityFeatureSetTests extends ESTestCase {
     public void testEnabledSetting() throws Exception {
         boolean enabled = randomBoolean();
         Settings settings = Settings.builder()
+                .put(this.settings)
                 .put("xpack.security.enabled", enabled)
                 .build();
-        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry);
+        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
+                ipFilter, auditTrail, cryptoService);
         assertThat(featureSet.enabled(), is(enabled));
     }
 
     public void testEnabledDefault() throws Exception {
-        SecurityFeatureSet featureSet = new SecurityFeatureSet(Settings.EMPTY, licenseState, realms, namedWriteableRegistry);
+        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings, licenseState, realms, namedWriteableRegistry, rolesStore,
+                        ipFilter, auditTrail, cryptoService);
         assertThat(featureSet.enabled(), is(true));
     }
 
     public void testUsage() throws Exception {
 
-        boolean available = randomBoolean();
+        boolean authcAuthzAvailable = randomBoolean();
-        when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(available);
+        when(licenseState.authenticationAndAuthorizationEnabled()).thenReturn(authcAuthzAvailable);
 
-        Settings.Builder settings = Settings.builder();
+        Settings.Builder settings = Settings.builder().put(this.settings);
 
         boolean enabled = randomBoolean();
         settings.put("xpack.security.enabled", enabled);
 
+        final boolean httpSSLEnabled = randomBoolean();
+        settings.put(SecurityNettyHttpServerTransport.SSL_SETTING.getKey(), httpSSLEnabled);
+        final boolean transportSSLEnabled = randomBoolean();
+        settings.put(SecurityNettyTransport.SSL_SETTING.getKey(), transportSSLEnabled);
+        final boolean auditingEnabled = randomBoolean();
+        final String[] auditOutputs = randomFrom(new String[] {"logfile"}, new String[] {"index"}, new String[] {"logfile", "index"});
+        when(auditTrail.usageStats())
+                .thenReturn(MapBuilder.<String, Object>newMapBuilder()
+                        .put("enabled", auditingEnabled)
+                        .put("outputs", auditOutputs)
+                        .map());
+
+        final boolean httpIpFilterEnabled = randomBoolean();
+        final boolean transportIPFilterEnabled = randomBoolean();
+        when(ipFilter.usageStats())
+                .thenReturn(MapBuilder.<String, Object>newMapBuilder()
+                        .put("http", Collections.singletonMap("enabled", httpIpFilterEnabled))
+                        .put("transport", Collections.singletonMap("enabled", transportIPFilterEnabled))
+                        .map());
+
+
+        final boolean rolesStoreEnabled = randomBoolean();
+        if (rolesStoreEnabled) {
+            when(rolesStore.usageStats()).thenReturn(Collections.singletonMap("count", 1));
+        } else {
+            when(rolesStore.usageStats()).thenReturn(Collections.emptyMap());
+        }
+        final boolean useSystemKey = randomBoolean();
+        when(cryptoService.encryptionEnabled()).thenReturn(useSystemKey);
+
         List<Realm> realmsList= new ArrayList<>();
 
         for (int i = 0; i < 5; i++) {
@@ -93,24 +145,49 @@ public class SecurityFeatureSetTests extends ESTestCase {
             realmUsage.put("key3", i % 2 == 0);
             when(realm.usageStats()).thenReturn(realmUsage);
         }
-        when(realms.iterator()).thenReturn(available ? realmsList.iterator() : Collections.<Realm>emptyIterator());
+        when(realms.iterator()).thenReturn(authcAuthzAvailable ? realmsList.iterator() : Collections.<Realm>emptyIterator());
 
-        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry);
+        SecurityFeatureSet featureSet = new SecurityFeatureSet(settings.build(), licenseState, realms, namedWriteableRegistry, rolesStore,
+                ipFilter, auditTrail, cryptoService);
         XPackFeatureSet.Usage usage = featureSet.usage();
         assertThat(usage, is(notNullValue()));
         assertThat(usage.name(), is(Security.NAME));
         assertThat(usage.enabled(), is(enabled));
-        assertThat(usage.available(), is(available));
+        assertThat(usage.available(), is(authcAuthzAvailable));
         XContentSource source = new XContentSource(usage);
 
-        if (enabled && available) {
+        if (enabled) {
-            for (int i = 0; i < 5; i++) {
+            if (authcAuthzAvailable) {
-                assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
+                for (int i = 0; i < 5; i++) {
-                assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
+                    assertThat(source.getValue("enabled_realms." + i + ".key1"), is("value" + i));
-                assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
+                    assertThat(source.getValue("enabled_realms." + i + ".key2"), is(i));
+                    assertThat(source.getValue("enabled_realms." + i + ".key3"), is(i % 2 == 0));
+                }
+            } else {
+                assertThat(source.getValue("enabled_realms"), is(notNullValue()));
             }
-        } else if (enabled) {
+
-            assertThat(source.getValue("enabled_realms"), is(notNullValue()));
+            // check SSL
+            assertThat(source.getValue("ssl.http.enabled"), is(httpSSLEnabled));
+            assertThat(source.getValue("ssl.transport.enabled"), is(transportSSLEnabled));
+
+            // auditing
+            assertThat(source.getValue("audit.enabled"), is(auditingEnabled));
+            assertThat(source.getValue("audit.outputs"), contains(auditOutputs));
+
+            // ip filter
+            assertThat(source.getValue("ipfilter.http.enabled"), is(httpIpFilterEnabled));
+            assertThat(source.getValue("ipfilter.transport.enabled"), is(transportIPFilterEnabled));
+
+            // roles
+            if (rolesStoreEnabled) {
+                assertThat(source.getValue("roles.count"), is(1));
+            } else {
+                assertThat(((Map) source.getValue("roles")).isEmpty(), is(true));
+            }
+
+            // system key
+            assertThat(source.getValue("system_key"), is(useSystemKey));
         } else {
             assertThat(source.getValue("enabled_realms"), is(nullValue()));
         }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/VersionCompatibilityTests.java

@@ -33,6 +33,6 @@ public class VersionCompatibilityTests extends ESTestCase {
          *
          */
         assertThat("Remove workaround in LicenseService class when es core supports merging cluster level custom metadata",
-                   Version.CURRENT.equals(Version.V_5_0_0_alpha4), is(true));
+                   Version.CURRENT.equals(Version.V_5_0_0_alpha5), is(true));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportDeleteRoleActionTests.java

@@ -55,7 +55,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -96,7 +96,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -108,7 +108,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
         final String roleName = randomFrom("admin", "dept_a", "restricted");
         NativeRolesStore rolesStore = mock(NativeRolesStore.class);
         TransportDeleteRoleAction action = new TransportDeleteRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
@@ -124,7 +124,7 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
                 Object[] args = invocation.getArguments();
                 assert args.length == 2;
                 ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
-                listener.onFailure(t);
+                listener.onFailure(e);
                 return null;
             }
         }).when(rolesStore).deleteRole(eq(request), any(ActionListener.class));
@@ -138,14 +138,14 @@ public class TransportDeleteRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(responseRef.get(), is(nullValue()));
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), is(sameInstance(t)));
+        assertThat(throwableRef.get(), is(sameInstance(e)));
         verify(rolesStore, times(1)).deleteRole(eq(request), any(ActionListener.class));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportGetRolesActionTests.java

@@ -89,7 +89,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -158,7 +158,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -251,7 +251,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -273,7 +273,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
         final List<RoleDescriptor> storeRoleDescriptors = randomRoleDescriptors();
         NativeRolesStore rolesStore = mock(NativeRolesStore.class);
         SecurityContext context = mock(SecurityContext.class);
@@ -290,7 +290,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
                     Object[] args = invocation.getArguments();
                     assert args.length == 2;
                     ActionListener<RoleDescriptor> listener = (ActionListener<RoleDescriptor>) args[1];
-                    listener.onFailure(t);
+                    listener.onFailure(e);
                     return null;
                 }
             }).when(rolesStore).getRoleDescriptor(eq(request.names()[0]), any(ActionListener.class));
@@ -301,7 +301,7 @@ public class TransportGetRolesActionTests extends ESTestCase {
                     Object[] args = invocation.getArguments();
                     assert args.length == 2;
                     ActionListener<List<RoleDescriptor>> listener = (ActionListener<List<RoleDescriptor>>) args[1];
-                    listener.onFailure(t);
+                    listener.onFailure(e);
                     return null;
                 }
             }).when(rolesStore).getRoleDescriptors(aryEq(request.names()), any(ActionListener.class));
@@ -316,13 +316,13 @@ public class TransportGetRolesActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), is(t));
+        assertThat(throwableRef.get(), is(e));
         assertThat(responseRef.get(), is(nullValue()));
     }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/role/TransportPutRoleActionTests.java

@@ -56,7 +56,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -97,7 +97,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -109,7 +109,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException());
         final String roleName = randomFrom("admin", "dept_a", "restricted");
         NativeRolesStore rolesStore = mock(NativeRolesStore.class);
         TransportPutRoleAction action = new TransportPutRoleAction(Settings.EMPTY, mock(ThreadPool.class), mock(ActionFilters.class),
@@ -124,7 +124,7 @@ public class TransportPutRoleActionTests extends ESTestCase {
                 Object[] args = invocation.getArguments();
                 assert args.length == 3;
                 ActionListener<Boolean> listener = (ActionListener<Boolean>) args[2];
-                listener.onFailure(t);
+                listener.onFailure(e);
                 return null;
             }
         }).when(rolesStore).putRole(eq(request), any(RoleDescriptor.class), any(ActionListener.class));
@@ -138,14 +138,14 @@ public class TransportPutRoleActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(responseRef.get(), is(nullValue()));
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), is(sameInstance(t)));
+        assertThat(throwableRef.get(), is(sameInstance(e)));
         verify(rolesStore, times(1)).putRole(eq(request), any(RoleDescriptor.class), any(ActionListener.class));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportAuthenticateActionTests.java

@@ -47,7 +47,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -72,7 +72,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -99,7 +99,7 @@ public class TransportAuthenticateActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportChangePasswordActionTests.java

@@ -68,7 +68,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -97,7 +97,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -135,7 +135,7 @@ public class TransportChangePasswordActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -152,13 +152,13 @@ public class TransportChangePasswordActionTests extends ESTestCase {
         ChangePasswordRequest request = new ChangePasswordRequest();
         request.username(user.principal());
         request.passwordHash(Hasher.BCRYPT.hash(new SecuredString("changeme".toCharArray())));
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
         doAnswer(new Answer() {
             public Void answer(InvocationOnMock invocation) {
                 Object[] args = invocation.getArguments();
                 assert args.length == 2;
                 ActionListener<Void> listener = (ActionListener<Void>) args[1];
-                listener.onFailure(t);
+                listener.onFailure(e);
                 return null;
             }
         }).when(usersStore).changePassword(eq(request), any(ActionListener.class));
@@ -174,14 +174,14 @@ public class TransportChangePasswordActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(responseRef.get(), is(nullValue()));
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), sameInstance(t));
+        assertThat(throwableRef.get(), sameInstance(e));
         verify(usersStore, times(1)).changePassword(eq(request), any(ActionListener.class));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportDeleteUserActionTests.java

@@ -63,7 +63,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -90,7 +90,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -118,7 +118,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -156,7 +156,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -168,7 +168,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new RuntimeException());
         final User user = new User("joe");
         NativeUsersStore usersStore = mock(NativeUsersStore.class);
         TransportDeleteUserAction action = new TransportDeleteUserAction(Settings.EMPTY, mock(ThreadPool.class),
@@ -180,7 +180,7 @@ public class TransportDeleteUserActionTests extends ESTestCase {
                 Object[] args = invocation.getArguments();
                 assert args.length == 2;
                 ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
-                listener.onFailure(t);
+                listener.onFailure(e);
                 return null;
             }
         }).when(usersStore).deleteUser(eq(request), any(ActionListener.class));
@@ -194,14 +194,14 @@ public class TransportDeleteUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(responseRef.get(), is(nullValue()));
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), sameInstance(t));
+        assertThat(throwableRef.get(), sameInstance(e));
         verify(usersStore, times(1)).deleteUser(eq(request), any(ActionListener.class));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportGetUsersActionTests.java

@@ -84,7 +84,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -116,7 +116,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -147,7 +147,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -185,7 +185,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -242,7 +242,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -261,7 +261,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
         final List<User> storeUsers =
                 randomFrom(Collections.singletonList(new User("joe")), Arrays.asList(new User("jane"), new User("fred")), randomUsers());
         final String[] storeUsernames = storeUsers.stream().map(User::principal).collect(Collectors.toList()).toArray(Strings.EMPTY_ARRAY);
@@ -277,7 +277,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
                     Object[] args = invocation.getArguments();
                     assert args.length == 2;
                     ActionListener<List<User>> listener = (ActionListener<List<User>>) args[1];
-                    listener.onFailure(t);
+                    listener.onFailure(e);
                     return null;
                 }
             }).when(usersStore).getUsers(aryEq(storeUsernames), any(ActionListener.class));
@@ -288,7 +288,7 @@ public class TransportGetUsersActionTests extends ESTestCase {
                     Object[] args = invocation.getArguments();
                     assert args.length == 2;
                     ActionListener<User> listener = (ActionListener<User>) args[1];
-                    listener.onFailure(t);
+                    listener.onFailure(e);
                     return null;
                 }
             }).when(usersStore).getUser(eq(storeUsernames[0]), any(ActionListener.class));
@@ -303,13 +303,13 @@ public class TransportGetUsersActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), is(sameInstance(t)));
+        assertThat(throwableRef.get(), is(sameInstance(e)));
         assertThat(responseRef.get(), is(nullValue()));
         if (request.usernames().length == 1) {
             verify(usersStore, times(1)).getUser(eq(request.usernames()[0]), any(ActionListener.class));

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/action/user/TransportPutUserActionTests.java

@@ -67,7 +67,7 @@ public class TransportPutUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -95,7 +95,7 @@ public class TransportPutUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -124,7 +124,7 @@ public class TransportPutUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -167,7 +167,7 @@ public class TransportPutUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
@@ -179,7 +179,7 @@ public class TransportPutUserActionTests extends ESTestCase {
     }
 
     public void testException() {
-        final Throwable t = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
+        final Exception e = randomFrom(new ElasticsearchSecurityException(""), new IllegalStateException(), new ValidationException());
         final User user = new User("joe");
         NativeUsersStore usersStore = mock(NativeUsersStore.class);
         TransportPutUserAction action = new TransportPutUserAction(Settings.EMPTY, mock(ThreadPool.class),
@@ -192,7 +192,7 @@ public class TransportPutUserActionTests extends ESTestCase {
                 Object[] args = invocation.getArguments();
                 assert args.length == 2;
                 ActionListener<Boolean> listener = (ActionListener<Boolean>) args[1];
-                listener.onFailure(t);
+                listener.onFailure(e);
                 return null;
             }
         }).when(usersStore).putUser(eq(request), any(ActionListener.class));
@@ -206,14 +206,14 @@ public class TransportPutUserActionTests extends ESTestCase {
             }
 
             @Override
-            public void onFailure(Throwable e) {
+            public void onFailure(Exception e) {
                 throwableRef.set(e);
             }
         });
 
         assertThat(responseRef.get(), is(nullValue()));
         assertThat(throwableRef.get(), is(notNullValue()));
-        assertThat(throwableRef.get(), sameInstance(t));
+        assertThat(throwableRef.get(), sameInstance(e));
         verify(usersStore, times(1)).putUser(eq(request), any(ActionListener.class));
     }
 }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/AuditTrailModuleTests.java

@@ -5,7 +5,6 @@
  */
 package org.elasticsearch.xpack.security.audit;
 
-import org.elasticsearch.Version;
 import org.elasticsearch.common.inject.Guice;
 import org.elasticsearch.common.inject.Injector;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
@@ -15,20 +14,17 @@ import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.settings.SettingsModule;
 import org.elasticsearch.indices.breaker.CircuitBreakerService;
 import org.elasticsearch.node.Node;
-import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.local.LocalTransport;
+import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
 
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
 import static org.hamcrest.Matchers.notNullValue;
 
-/**
- *
- */
 public class AuditTrailModuleTests extends ESTestCase {
     public void testEnabled() throws Exception {
         Settings settings = Settings.builder()
@@ -93,7 +89,7 @@ public class AuditTrailModuleTests extends ESTestCase {
         try {
             Guice.createInjector(settingsModule, new AuditTrailModule(settings));
             fail("Expect initialization to fail when an unknown audit trail output is configured");
-        } catch (Throwable t) {
+        } catch (Exception e) {
             // expected
         }
     }

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailMutedTests.java

@@ -17,20 +17,20 @@ import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.rest.RestRequest;
+import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.threadpool.TestThreadPool;
+import org.elasticsearch.threadpool.ThreadPool;
+import org.elasticsearch.transport.Transport;
+import org.elasticsearch.transport.TransportMessage;
 import org.elasticsearch.xpack.security.InternalClient;
 import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.State;
 import org.elasticsearch.xpack.security.authc.AuthenticationToken;
 import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.xpack.security.user.SystemUser;
 import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.threadpool.TestThreadPool;
-import org.elasticsearch.threadpool.ThreadPool;
-import org.elasticsearch.transport.Transport;
-import org.elasticsearch.transport.TransportMessage;
 import org.junit.After;
 import org.junit.Before;
 
@@ -58,8 +58,8 @@ public class IndexAuditTrailMutedTests extends ESTestCase {
     @Before
     public void setup() {
         transport = mock(Transport.class);
-        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
+        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
-                        DummyTransportAddress.INSTANCE));
+                        LocalTransportAddress.buildUnique()));
 
         threadPool = new TestThreadPool("index audit trail tests");
         transportClient = TransportClient.builder().settings(Settings.EMPTY).build();

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailTests.java

@@ -21,21 +21,11 @@ import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.network.NetworkAddress;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
-import org.elasticsearch.common.transport.DummyTransportAddress;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.rest.RestRequest;
 import org.elasticsearch.search.SearchHit;
-import org.elasticsearch.xpack.security.Security;
-import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
-import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
-import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.xpack.security.authc.AuthenticationToken;
-import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
-import org.elasticsearch.xpack.security.transport.filter.IPFilter;
-import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
 import org.elasticsearch.test.ESIntegTestCase;
 import org.elasticsearch.test.InternalTestCluster;
 import org.elasticsearch.test.SecurityIntegTestCase;
@@ -46,6 +36,15 @@ import org.elasticsearch.transport.Transport;
 import org.elasticsearch.transport.TransportInfo;
 import org.elasticsearch.transport.TransportMessage;
 import org.elasticsearch.transport.TransportRequest;
+import org.elasticsearch.xpack.security.Security;
+import org.elasticsearch.xpack.security.audit.index.IndexAuditTrail.Message;
+import org.elasticsearch.xpack.security.authc.AuthenticationToken;
+import org.elasticsearch.xpack.security.crypto.InternalCryptoService;
+import org.elasticsearch.xpack.security.transport.filter.IPFilter;
+import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
+import org.elasticsearch.xpack.security.transport.netty.SecurityNettyTransport;
+import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.xpack.security.user.User;
 import org.joda.time.DateTime;
 import org.joda.time.DateTimeZone;
 import org.joda.time.format.ISODateTimeFormat;
@@ -64,12 +63,12 @@ import java.util.Map;
 import java.util.Set;
 import java.util.function.Function;
 
+import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
+import static org.elasticsearch.test.InternalTestCluster.clusterName;
 import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.DAILY;
 import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.HOURLY;
 import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.MONTHLY;
 import static org.elasticsearch.xpack.security.audit.index.IndexNameResolver.Rollover.WEEKLY;
-import static org.elasticsearch.test.ESIntegTestCase.Scope.SUITE;
-import static org.elasticsearch.test.InternalTestCluster.clusterName;
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
@@ -255,8 +254,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         Settings settings = builder.put(settings(rollover, includes, excludes)).build();
         logger.info("--> settings: [{}]", settings.getAsMap().toString());
         Transport transport = mock(Transport.class);
-        BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{DummyTransportAddress.INSTANCE},
+        BoundTransportAddress boundTransportAddress = new BoundTransportAddress(new TransportAddress[]{ remoteHostAddress()},
-                DummyTransportAddress.INSTANCE);
+                remoteHostAddress());
         when(transport.boundAddress()).thenReturn(boundTransportAddress);
         threadPool = new TestThreadPool("index audit trail tests");
         enqueuedMessage = new SetOnce<>();
@@ -279,7 +278,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         assertAuditMessage(hit, "transport", "anonymous_access_denied");
         Map<String, Object> sourceMap = hit.sourceAsMap();
         if (message instanceof RemoteHostMockMessage) {
-            assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
+            assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
         } else {
             assertEquals("local[local_host]", sourceMap.get("origin_address"));
         }
@@ -316,7 +315,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         assertAuditMessage(hit, "transport", "authentication_failed");
 
         if (message instanceof RemoteHostMockMessage) {
-            assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
+            assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
         } else {
             assertEquals("local[local_host]", sourceMap.get("origin_address"));
         }
@@ -336,7 +335,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         assertAuditMessage(hit, "transport", "authentication_failed");
         Map<String, Object> sourceMap = hit.sourceAsMap();
         if (message instanceof RemoteHostMockMessage) {
-            assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
+            assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
         } else {
             assertEquals("local[local_host]", sourceMap.get("origin_address"));
         }
@@ -391,7 +390,7 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         Map<String, Object> sourceMap = hit.sourceAsMap();
 
         if (message instanceof RemoteHostMockMessage) {
-            assertEquals(remoteHostAddress(), sourceMap.get("origin_address"));
+            assertEquals(remoteHostAddress().toString(), sourceMap.get("origin_address"));
         } else {
             assertEquals("local[local_host]", sourceMap.get("origin_address"));
         }
@@ -621,8 +620,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         DateTime dateTime = ISODateTimeFormat.dateTimeParser().withZoneUTC().parseDateTime((String) sourceMap.get("@timestamp"));
         assertThat(dateTime.isBefore(DateTime.now(DateTimeZone.UTC)), is(true));
 
-        assertThat(DummyTransportAddress.INSTANCE.getHost(), equalTo(sourceMap.get("node_host_name")));
+        assertThat(remoteHostAddress().getHost(), equalTo(sourceMap.get("node_host_name")));
-        assertThat(DummyTransportAddress.INSTANCE.getAddress(), equalTo(sourceMap.get("node_host_address")));
+        assertThat(remoteHostAddress().getAddress(), equalTo(sourceMap.get("node_host_address")));
 
         assertEquals(layer, sourceMap.get("layer"));
         assertEquals(type, sourceMap.get("event_type"));
@@ -636,13 +635,13 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
 
     private static class RemoteHostMockMessage extends TransportMessage {
         RemoteHostMockMessage() throws Exception {
-            remoteAddress(DummyTransportAddress.INSTANCE);
+            remoteAddress(remoteHostAddress());
         }
     }
 
     private static class RemoteHostMockTransportRequest extends TransportRequest {
         RemoteHostMockTransportRequest() throws Exception {
-            remoteAddress(DummyTransportAddress.INSTANCE);
+            remoteAddress(remoteHostAddress());
         }
     }
 
@@ -738,8 +737,8 @@ public class IndexAuditTrailTests extends SecurityIntegTestCase {
         return actionGet.getStatus();
     }
 
-    static String remoteHostAddress() throws Exception {
+    private static LocalTransportAddress remoteHostAddress() {
-        return DummyTransportAddress.INSTANCE.toString();
+        return new LocalTransportAddress("_remote_host_");
     }
 }
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/index/IndexAuditTrailUpdateMappingTests.java

@@ -10,7 +10,7 @@ import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.inject.util.Providers;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
-import org.elasticsearch.common.transport.DummyTransportAddress;
+import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.rest.FakeRestRequest;
@@ -49,8 +49,8 @@ public class IndexAuditTrailUpdateMappingTests extends SecurityIntegTestCase {
         Settings settings = Settings.builder().put("xpack.security.audit.index.rollover", rollover.name().toLowerCase(Locale.ENGLISH))
                 .put("path.home", createTempDir()).build();
         Transport transport = mock(Transport.class);
-        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
+        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
-                DummyTransportAddress.INSTANCE));
+                LocalTransportAddress.buildUnique()));
         auditor = new IndexAuditTrail(settings, transport, Providers.of(internalClient()), threadPool,
                 mock(ClusterService.class));
 

elasticsearch/x-pack/security/src/test/java/org/elasticsearch/xpack/security/audit/logfile/LoggingAuditTrailTests.java

@@ -13,22 +13,21 @@ import org.elasticsearch.common.component.Lifecycle;
 import org.elasticsearch.common.network.NetworkAddress;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
-import org.elasticsearch.common.transport.DummyTransportAddress;
 import org.elasticsearch.common.transport.InetSocketTransportAddress;
 import org.elasticsearch.common.transport.LocalTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.xpack.security.user.SystemUser;
+import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.xpack.security.user.User;
+import org.elasticsearch.transport.Transport;
+import org.elasticsearch.transport.TransportMessage;
 import org.elasticsearch.xpack.security.audit.logfile.CapturingLogger.Level;
 import org.elasticsearch.xpack.security.authc.AuthenticationToken;
 import org.elasticsearch.xpack.security.rest.RemoteHostHeader;
 import org.elasticsearch.xpack.security.transport.filter.IPFilter;
 import org.elasticsearch.xpack.security.transport.filter.SecurityIpFilterRule;
-import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.xpack.security.user.SystemUser;
-import org.elasticsearch.transport.Transport;
+import org.elasticsearch.xpack.security.user.User;
-import org.elasticsearch.transport.TransportMessage;
 import org.junit.Before;
 
 import java.io.IOException;
@@ -115,8 +114,8 @@ public class LoggingAuditTrailTests extends ESTestCase {
                 .build();
         transport = mock(Transport.class);
         when(transport.lifecycleState()).thenReturn(Lifecycle.State.STARTED);
-        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { DummyTransportAddress.INSTANCE },
+        when(transport.boundAddress()).thenReturn(new BoundTransportAddress(new TransportAddress[] { LocalTransportAddress.buildUnique() },
-                DummyTransportAddress.INSTANCE));
+                LocalTransportAddress.buildUnique()));
         prefix = LoggingAuditTrail.resolvePrefix(settings, transport);
     }