From 380172b49c970cc88c578884d30678e3e0da5bfd Mon Sep 17 00:00:00 2001 From: Tim Vernum Date: Fri, 26 Apr 2019 15:42:52 +1000 Subject: [PATCH] Remove Version.V_6_x_x constants use in security (#41185) This removes some use of the v6 constants in various parts of security. Mostly this is BWC testing code, which is no longer needed as ES8 will not need to maintain compatibility with ES6. Relates: #41164 --- .../hlrc/HasPrivilegesResponseTests.java | 25 ------- .../security/action/role/PutRoleRequest.java | 13 ++-- .../action/user/AuthenticateResponse.java | 16 +---- .../user/GetUserPrivilegesResponse.java | 11 +--- .../action/user/HasPrivilegesRequest.java | 9 +-- .../action/user/HasPrivilegesResponse.java | 25 ++----- .../core/security/authc/Authentication.java | 15 ++--- .../core/security/authz/RoleDescriptor.java | 26 ++------ .../action/role/PutRoleRequestTests.java | 66 +------------------ .../user/HasPrivilegesRequestTests.java | 15 +---- .../xpack/security/Security.java | 12 ---- .../xpack/security/authc/ApiKeyService.java | 6 -- .../xpack/security/authc/UserToken.java | 10 +-- .../xpack/security/SecurityTests.java | 13 ---- .../security/authz/RoleDescriptorTests.java | 4 +- 15 files changed, 33 insertions(+), 233 deletions(-) diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java index bb748a71f42dc..94e326e10555e 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java @@ -19,7 +19,6 @@ package org.elasticsearch.client.security.hlrc; -import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.Version; import org.elasticsearch.client.security.HasPrivilegesResponse; import org.elasticsearch.common.bytes.BytesReference; @@ -32,9 +31,7 @@ import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.client.AbstractHlrcStreamableXContentTestCase; -import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.security.authz.permission.ResourcePrivileges; -import org.hamcrest.Matchers; import org.junit.Assert; import java.io.IOException; @@ -55,28 +52,6 @@ public class HasPrivilegesResponseTests extends AbstractHlrcStreamableXContentTe org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse, HasPrivilegesResponse> { - public void testSerializationV64OrV65() throws IOException { - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse original = randomResponse(); - final Version version = VersionUtils.randomVersionBetween(LuceneTestCase.random(), Version.V_6_4_0, Version.V_6_5_1); - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse copy = serializeAndDeserialize(original, version); - - Assert.assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); - Assert.assertThat(copy.getClusterPrivileges().entrySet(), Matchers.emptyIterable()); - Assert.assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); - Assert.assertThat(copy.getApplicationPrivileges(), equalTo(original.getApplicationPrivileges())); - } - - public void testSerializationV63() throws IOException { - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse original = randomResponse(); - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse copy = - serializeAndDeserialize(original, Version.V_6_3_0); - - Assert.assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); - Assert.assertThat(copy.getClusterPrivileges().entrySet(), Matchers.emptyIterable()); - Assert.assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); - Assert.assertThat(copy.getApplicationPrivileges(), equalTo(Collections.emptyMap())); - } - public void testToXContent() throws Exception { final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse response = new org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse("daredevil", diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java index 3f9de8f1e68b3..e19d9cebb64c1 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.role; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.action.support.WriteRequest; @@ -168,10 +167,8 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indicesSize; i++) { indicesPrivileges.add(new RoleDescriptor.IndicesPrivileges(in)); } - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - applicationPrivileges = in.readList(RoleDescriptor.ApplicationResourcePrivileges::new); - conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); - } + applicationPrivileges = in.readList(RoleDescriptor.ApplicationResourcePrivileges::new); + conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); runAs = in.readStringArray(); refreshPolicy = RefreshPolicy.readFrom(in); metadata = in.readMap(); @@ -186,10 +183,8 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges index : indicesPrivileges) { index.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeList(applicationPrivileges); - ConditionalClusterPrivileges.writeArray(out, this.conditionalClusterPrivileges); - } + out.writeList(applicationPrivileges); + ConditionalClusterPrivileges.writeArray(out, this.conditionalClusterPrivileges); out.writeStringArray(runAs); refreshPolicy.writeTo(out); out.writeMap(metadata); diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java index 06a4df019c326..27e119ef5a9d8 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java @@ -5,12 +5,10 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.xpack.core.security.authc.Authentication; -import org.elasticsearch.xpack.core.security.user.User; import java.io.IOException; @@ -31,23 +29,13 @@ public Authentication authentication() { @Override public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); - if (out.getVersion().before(Version.V_6_6_0)) { - User.writeTo(authentication.getUser(), out); - } else { - authentication.writeTo(out); - } + authentication.writeTo(out); } @Override public void readFrom(StreamInput in) throws IOException { super.readFrom(in); - if (in.getVersion().before(Version.V_6_6_0)) { - final User user = User.readFrom(in); - final Authentication.RealmRef unknownRealm = new Authentication.RealmRef("__unknown", "__unknown", "__unknown"); - authentication = new Authentication(user, unknownRealm, unknownRealm); - } else { - authentication = new Authentication(in); - } + authentication = new Authentication(in); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java index b6d84d766c328..7c47b700cc0b5 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; @@ -145,11 +144,7 @@ public Indices(StreamInput in) throws IOException { return new FieldPermissionsDefinition.FieldGrantExcludeGroup(grant, exclude); })); queries = Collections.unmodifiableSet(in.readSet(StreamInput::readBytesReference)); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - this.allowRestrictedIndices = in.readBoolean(); - } else { - this.allowRestrictedIndices = false; - } + this.allowRestrictedIndices = in.readBoolean(); } public Set getIndices() { @@ -254,9 +249,7 @@ public void writeTo(StreamOutput out) throws IOException { output.writeOptionalStringArray(fields.getExcludedFields()); }); out.writeCollection(queries, StreamOutput::writeBytesReference); - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeBoolean(allowRestrictedIndices); - } + out.writeBoolean(allowRestrictedIndices); } } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java index 64a69abd5ca1e..93ac7ff45dd66 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.common.io.stream.StreamInput; @@ -109,9 +108,7 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indexSize; i++) { indexPrivileges[i] = new RoleDescriptor.IndicesPrivileges(in); } - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); - } + applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); } @Override @@ -123,9 +120,7 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges priv : indexPrivileges) { priv.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); - } + out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java index 74984556dc1a0..f67219061bb85 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; @@ -103,16 +102,10 @@ public int hashCode() { public void readFrom(StreamInput in) throws IOException { super.readFrom(in); completeMatch = in.readBoolean(); - if (in.getVersion().onOrAfter(Version.V_6_6_0 )) { - cluster = in.readMap(StreamInput::readString, StreamInput::readBoolean); - } + cluster = in.readMap(StreamInput::readString, StreamInput::readBoolean); index = readResourcePrivileges(in); - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - application = in.readMap(StreamInput::readString, HasPrivilegesResponse::readResourcePrivileges); - } - if (in.getVersion().onOrAfter(Version.V_6_6_0)) { - username = in.readString(); - } + application = in.readMap(StreamInput::readString, HasPrivilegesResponse::readResourcePrivileges); + username = in.readString(); } private static Set readResourcePrivileges(StreamInput in) throws IOException { @@ -130,16 +123,10 @@ private static Set readResourcePrivileges(StreamInput in) th public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); out.writeBoolean(completeMatch); - if (out.getVersion().onOrAfter(Version.V_6_6_0)) { - out.writeMap(cluster, StreamOutput::writeString, StreamOutput::writeBoolean); - } + out.writeMap(cluster, StreamOutput::writeString, StreamOutput::writeBoolean); writeResourcePrivileges(out, index); - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeMap(application, StreamOutput::writeString, HasPrivilegesResponse::writeResourcePrivileges); - } - if (out.getVersion().onOrAfter(Version.V_6_6_0)) { - out.writeString(username); - } + out.writeMap(application, StreamOutput::writeString, HasPrivilegesResponse::writeResourcePrivileges); + out.writeString(username); } private static void writeResourcePrivileges(StreamOutput out, Set privileges) throws IOException { diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java index de75d90eca51f..17c3e05a772ce 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java @@ -60,13 +60,8 @@ public Authentication(StreamInput in) throws IOException { this.lookedUpBy = null; } this.version = in.getVersion(); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - type = AuthenticationType.values()[in.readVInt()]; - metadata = in.readMap(); - } else { - type = AuthenticationType.REALM; - metadata = Collections.emptyMap(); - } + type = AuthenticationType.values()[in.readVInt()]; + metadata = in.readMap(); } public User getUser() { @@ -165,10 +160,8 @@ public void writeTo(StreamOutput out) throws IOException { } else { out.writeBoolean(false); } - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeVInt(type.ordinal()); - out.writeMap(metadata); - } + out.writeVInt(type.ordinal()); + out.writeMap(metadata); } @Override diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java index 5705d7bf35723..15304ff85dbd9 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.core.security.authz; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.Version; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; @@ -122,13 +121,8 @@ public RoleDescriptor(StreamInput in) throws IOException { this.metadata = in.readMap(); this.transientMetadata = in.readMap(); - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - this.applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); - this.conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); - } else { - this.applicationPrivileges = ApplicationResourcePrivileges.NONE; - this.conditionalClusterPrivileges = ConditionalClusterPrivileges.EMPTY_ARRAY; - } + this.applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); + this.conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); } public String getName() { @@ -264,10 +258,8 @@ public void writeTo(StreamOutput out) throws IOException { out.writeStringArray(runAs); out.writeMap(metadata); out.writeMap(transientMetadata); - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); - ConditionalClusterPrivileges.writeArray(out, getConditionalClusterPrivileges()); - } + out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); + ConditionalClusterPrivileges.writeArray(out, getConditionalClusterPrivileges()); } public static RoleDescriptor parse(String name, BytesReference source, boolean allow2xFormat, XContentType xContentType) @@ -608,11 +600,7 @@ public IndicesPrivileges(StreamInput in) throws IOException { this.deniedFields = in.readOptionalStringArray(); this.privileges = in.readStringArray(); this.query = in.readOptionalBytesReference(); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - allowRestrictedIndices = in.readBoolean(); - } else { - allowRestrictedIndices = false; - } + this.allowRestrictedIndices = in.readBoolean(); } @Override @@ -622,9 +610,7 @@ public void writeTo(StreamOutput out) throws IOException { out.writeOptionalStringArray(deniedFields); out.writeStringArray(privileges); out.writeOptionalBytesReference(query); - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeBoolean(allowRestrictedIndices); - } + out.writeBoolean(allowRestrictedIndices); } public static Builder builder() { diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java index f642f3ab919d2..7ca9f4da74ab3 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.XPackClientPlugin; -import org.elasticsearch.xpack.core.security.authz.RoleDescriptor; import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges; import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivileges; @@ -31,11 +30,9 @@ import java.util.Map; import java.util.function.Supplier; -import static org.hamcrest.Matchers.arrayWithSize; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; -import static org.hamcrest.Matchers.iterableWithSize; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; @@ -60,7 +57,7 @@ public void testSerialization() throws IOException { final BytesStreamOutput out = new BytesStreamOutput(); if (randomBoolean()) { - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_7_0, Version.CURRENT); + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); logger.info("Serializing with version {}", version); out.setVersion(version); } @@ -75,67 +72,6 @@ public void testSerialization() throws IOException { assertThat(copy.roleDescriptor(), equalTo(original.roleDescriptor())); } - public void testSerializationBetweenV64AndV66() throws IOException { - final PutRoleRequest original = buildRandomRequest(); - - final BytesStreamOutput out = new BytesStreamOutput(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.V_6_6_0); - out.setVersion(version); - original.writeTo(out); - - final PutRoleRequest copy = new PutRoleRequest(); - final NamedWriteableRegistry registry = new NamedWriteableRegistry(new XPackClientPlugin(Settings.EMPTY).getNamedWriteables()); - StreamInput in = new NamedWriteableAwareStreamInput(ByteBufferStreamInput.wrap(BytesReference.toBytes(out.bytes())), registry); - in.setVersion(version); - copy.readFrom(in); - - assertThat(copy.name(), equalTo(original.name())); - assertThat(copy.cluster(), equalTo(original.cluster())); - assertIndicesSerializedRestricted(copy.indices(), original.indices()); - assertThat(copy.runAs(), equalTo(original.runAs())); - assertThat(copy.metadata(), equalTo(original.metadata())); - assertThat(copy.getRefreshPolicy(), equalTo(original.getRefreshPolicy())); - - assertThat(copy.applicationPrivileges(), equalTo(original.applicationPrivileges())); - assertThat(copy.conditionalClusterPrivileges(), equalTo(original.conditionalClusterPrivileges())); - } - - public void testSerializationV60AndV32() throws IOException { - final PutRoleRequest original = buildRandomRequest(); - - final BytesStreamOutput out = new BytesStreamOutput(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_0_0, Version.V_6_3_2); - out.setVersion(version); - original.writeTo(out); - - final PutRoleRequest copy = new PutRoleRequest(); - final StreamInput in = out.bytes().streamInput(); - in.setVersion(version); - copy.readFrom(in); - - assertThat(copy.name(), equalTo(original.name())); - assertThat(copy.cluster(), equalTo(original.cluster())); - assertIndicesSerializedRestricted(copy.indices(), original.indices()); - assertThat(copy.runAs(), equalTo(original.runAs())); - assertThat(copy.metadata(), equalTo(original.metadata())); - assertThat(copy.getRefreshPolicy(), equalTo(original.getRefreshPolicy())); - - assertThat(copy.applicationPrivileges(), iterableWithSize(0)); - assertThat(copy.conditionalClusterPrivileges(), arrayWithSize(0)); - } - - private void assertIndicesSerializedRestricted(RoleDescriptor.IndicesPrivileges[] copy, RoleDescriptor.IndicesPrivileges[] original) { - assertThat(copy.length, equalTo(original.length)); - for (int i = 0; i < copy.length; i++) { - assertThat(copy[i].allowRestrictedIndices(), equalTo(false)); - assertThat(copy[i].getIndices(), equalTo(original[i].getIndices())); - assertThat(copy[i].getPrivileges(), equalTo(original[i].getPrivileges())); - assertThat(copy[i].getDeniedFields(), equalTo(original[i].getDeniedFields())); - assertThat(copy[i].getGrantedFields(), equalTo(original[i].getGrantedFields())); - assertThat(copy[i].getQuery(), equalTo(original[i].getQuery())); - } - } - private void assertSuccessfulValidation(PutRoleRequest request) { final ActionRequestValidationException exception = request.validate(); assertThat(exception, nullValue()); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java index a6706542e9613..6dd1d8a25f088 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java @@ -25,13 +25,12 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.Matchers.nullValue; public class HasPrivilegesRequestTests extends ESTestCase { - public void testSerializationV64OrLater() throws IOException { + public void testSerializationCurrentVersion() throws IOException { final HasPrivilegesRequest original = randomRequest(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.CURRENT); + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); final HasPrivilegesRequest copy = serializeAndDeserialize(original, version); assertThat(copy.username(), equalTo(original.username())); @@ -40,16 +39,6 @@ public void testSerializationV64OrLater() throws IOException { assertThat(copy.applicationPrivileges(), equalTo(original.applicationPrivileges())); } - public void testSerializationV63() throws IOException { - final HasPrivilegesRequest original = randomRequest(); - final HasPrivilegesRequest copy = serializeAndDeserialize(original, Version.V_6_3_0); - - assertThat(copy.username(), equalTo(original.username())); - assertThat(copy.clusterPrivileges(), equalTo(original.clusterPrivileges())); - assertThat(copy.indexPrivileges(), equalTo(original.indexPrivileges())); - assertThat(copy.applicationPrivileges(), nullValue()); - } - public void testValidateNullPrivileges() { final HasPrivilegesRequest request = new HasPrivilegesRequest(); final ActionRequestValidationException exception = request.validate(); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 8cc970ca77e4f..ff92122626630 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -985,7 +985,6 @@ public BiConsumer getJoinValidator() { return new ValidateTLSOnJoin(XPackSettings.TRANSPORT_SSL_ENABLED.get(settings), DiscoveryModule.DISCOVERY_TYPE_SETTING.get(settings)) .andThen(new ValidateUpgradedSecurityIndex()) - .andThen(new ValidateLicenseCanBeDeserialized()) .andThen(new ValidateLicenseForFIPS(XPackSettings.FIPS_MODE_ENABLED.get(settings))); } return null; @@ -1023,17 +1022,6 @@ public void accept(DiscoveryNode node, ClusterState state) { } } - static final class ValidateLicenseCanBeDeserialized implements BiConsumer { - @Override - public void accept(DiscoveryNode node, ClusterState state) { - License license = LicenseService.getLicense(state.metaData()); - if (license != null && license.version() >= License.VERSION_CRYPTO_ALGORITHMS && node.getVersion().before(Version.V_6_4_0)) { - throw new IllegalStateException("node " + node + " is on version [" + node.getVersion() + - "] that cannot deserialize the license format [" + license.version() + "], upgrade node to at least 6.4.0"); - } - } - } - static final class ValidateLicenseForFIPS implements BiConsumer { private final boolean inFipsMode; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java index 980a39a186637..1297df19f259e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java @@ -233,12 +233,6 @@ private void createApiKeyAndIndexIt(Authentication authentication, CreateApiKeyR final Instant expiration = getApiKeyExpiration(created, request); final SecureString apiKey = UUIDs.randomBase64UUIDSecureString(); final Version version = clusterService.state().nodes().getMinNodeVersion(); - if (version.before(Version.V_6_7_0)) { - logger.warn( - "nodes prior to the minimum supported version for api keys {} exist in the cluster;" - + " these nodes will not be able to use api keys", - Version.V_6_7_0); - } final char[] keyHash = hasher.hash(apiKey); try (XContentBuilder builder = XContentFactory.jsonBuilder()) { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java index fe8b3823120f4..2bcf0849084bc 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java @@ -73,11 +73,7 @@ public final class UserToken implements Writeable, ToXContentObject { this.id = input.readString(); this.authentication = new Authentication(input); this.expirationTime = Instant.ofEpochSecond(input.readLong(), input.readInt()); - if (version.before(Version.V_6_2_0)) { - this.metadata = Collections.emptyMap(); - } else { - this.metadata = input.readMap(); - } + this.metadata = input.readMap(); } @Override @@ -86,9 +82,7 @@ public void writeTo(StreamOutput out) throws IOException { authentication.writeTo(out); out.writeLong(expirationTime.getEpochSecond()); out.writeInt(expirationTime.getNano()); - if (out.getVersion().onOrAfter(Version.V_6_2_0)) { - out.writeMap(metadata); - } + out.writeMap(metadata); } /** diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index cc573fd9247f9..08f1149572faa 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -271,19 +271,6 @@ public void testTLSJoinValidator() throws Exception { } } - public void testJoinValidatorForLicenseDeserialization() throws Exception { - DiscoveryNode node = new DiscoveryNode("foo", buildNewFakeTransportAddress(), - VersionUtils.randomVersionBetween(random(), null, Version.V_6_3_0)); - MetaData.Builder builder = MetaData.builder(); - License license = TestUtils.generateSignedLicense(null, - randomIntBetween(License.VERSION_CRYPTO_ALGORITHMS, License.VERSION_CURRENT), -1, TimeValue.timeValueHours(24)); - TestUtils.putLicense(builder, license); - ClusterState state = ClusterState.builder(ClusterName.DEFAULT).metaData(builder.build()).build(); - IllegalStateException e = expectThrows(IllegalStateException.class, - () -> new Security.ValidateLicenseCanBeDeserialized().accept(node, state)); - assertThat(e.getMessage(), containsString("cannot deserialize the license format")); - } - public void testJoinValidatorForFIPSLicense() throws Exception { DiscoveryNode node = new DiscoveryNode("foo", buildNewFakeTransportAddress(), VersionUtils.randomVersionBetween(random(), null, Version.CURRENT)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java index 0f4b53e984186..a2d828cf92284 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java @@ -213,8 +213,8 @@ public void testParse() throws Exception { assertThat(ex.getMessage(), containsString("not_supported")); } - public void testSerialization() throws Exception { - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, null); + public void testSerializationForCurrentVersion() throws Exception { + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); logger.info("Testing serialization with version {}", version); BytesStreamOutput output = new BytesStreamOutput(); output.setVersion(version);