diff --git a/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java index bb748a71f42dc..94e326e10555e 100644 --- a/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java +++ b/client/rest-high-level/src/test/java/org/elasticsearch/client/security/hlrc/HasPrivilegesResponseTests.java @@ -19,7 +19,6 @@ package org.elasticsearch.client.security.hlrc; -import org.apache.lucene.util.LuceneTestCase; import org.elasticsearch.Version; import org.elasticsearch.client.security.HasPrivilegesResponse; import org.elasticsearch.common.bytes.BytesReference; @@ -32,9 +31,7 @@ import org.elasticsearch.common.xcontent.XContentParser; import org.elasticsearch.common.xcontent.XContentType; import org.elasticsearch.client.AbstractHlrcStreamableXContentTestCase; -import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.security.authz.permission.ResourcePrivileges; -import org.hamcrest.Matchers; import org.junit.Assert; import java.io.IOException; @@ -55,28 +52,6 @@ public class HasPrivilegesResponseTests extends AbstractHlrcStreamableXContentTe org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse, HasPrivilegesResponse> { - public void testSerializationV64OrV65() throws IOException { - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse original = randomResponse(); - final Version version = VersionUtils.randomVersionBetween(LuceneTestCase.random(), Version.V_6_4_0, Version.V_6_5_1); - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse copy = serializeAndDeserialize(original, version); - - Assert.assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); - Assert.assertThat(copy.getClusterPrivileges().entrySet(), Matchers.emptyIterable()); - Assert.assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); - Assert.assertThat(copy.getApplicationPrivileges(), equalTo(original.getApplicationPrivileges())); - } - - public void testSerializationV63() throws IOException { - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse original = randomResponse(); - final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse copy = - serializeAndDeserialize(original, Version.V_6_3_0); - - Assert.assertThat(copy.isCompleteMatch(), equalTo(original.isCompleteMatch())); - Assert.assertThat(copy.getClusterPrivileges().entrySet(), Matchers.emptyIterable()); - Assert.assertThat(copy.getIndexPrivileges(), equalTo(original.getIndexPrivileges())); - Assert.assertThat(copy.getApplicationPrivileges(), equalTo(Collections.emptyMap())); - } - public void testToXContent() throws Exception { final org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse response = new org.elasticsearch.xpack.core.security.action.user.HasPrivilegesResponse("daredevil", diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java index 3f9de8f1e68b3..e19d9cebb64c1 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequest.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.role; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.action.support.WriteRequest; @@ -168,10 +167,8 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indicesSize; i++) { indicesPrivileges.add(new RoleDescriptor.IndicesPrivileges(in)); } - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - applicationPrivileges = in.readList(RoleDescriptor.ApplicationResourcePrivileges::new); - conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); - } + applicationPrivileges = in.readList(RoleDescriptor.ApplicationResourcePrivileges::new); + conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); runAs = in.readStringArray(); refreshPolicy = RefreshPolicy.readFrom(in); metadata = in.readMap(); @@ -186,10 +183,8 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges index : indicesPrivileges) { index.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeList(applicationPrivileges); - ConditionalClusterPrivileges.writeArray(out, this.conditionalClusterPrivileges); - } + out.writeList(applicationPrivileges); + ConditionalClusterPrivileges.writeArray(out, this.conditionalClusterPrivileges); out.writeStringArray(runAs); refreshPolicy.writeTo(out); out.writeMap(metadata); diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java index 06a4df019c326..27e119ef5a9d8 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/AuthenticateResponse.java @@ -5,12 +5,10 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; import org.elasticsearch.xpack.core.security.authc.Authentication; -import org.elasticsearch.xpack.core.security.user.User; import java.io.IOException; @@ -31,23 +29,13 @@ public Authentication authentication() { @Override public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); - if (out.getVersion().before(Version.V_6_6_0)) { - User.writeTo(authentication.getUser(), out); - } else { - authentication.writeTo(out); - } + authentication.writeTo(out); } @Override public void readFrom(StreamInput in) throws IOException { super.readFrom(in); - if (in.getVersion().before(Version.V_6_6_0)) { - final User user = User.readFrom(in); - final Authentication.RealmRef unknownRealm = new Authentication.RealmRef("__unknown", "__unknown", "__unknown"); - authentication = new Authentication(user, unknownRealm, unknownRealm); - } else { - authentication = new Authentication(in); - } + authentication = new Authentication(in); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java index b6d84d766c328..7c47b700cc0b5 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/GetUserPrivilegesResponse.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.Strings; import org.elasticsearch.common.bytes.BytesReference; @@ -145,11 +144,7 @@ public Indices(StreamInput in) throws IOException { return new FieldPermissionsDefinition.FieldGrantExcludeGroup(grant, exclude); })); queries = Collections.unmodifiableSet(in.readSet(StreamInput::readBytesReference)); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - this.allowRestrictedIndices = in.readBoolean(); - } else { - this.allowRestrictedIndices = false; - } + this.allowRestrictedIndices = in.readBoolean(); } public Set getIndices() { @@ -254,9 +249,7 @@ public void writeTo(StreamOutput out) throws IOException { output.writeOptionalStringArray(fields.getExcludedFields()); }); out.writeCollection(queries, StreamOutput::writeBytesReference); - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeBoolean(allowRestrictedIndices); - } + out.writeBoolean(allowRestrictedIndices); } } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java index 64a69abd5ca1e..93ac7ff45dd66 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequest.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionRequest; import org.elasticsearch.action.ActionRequestValidationException; import org.elasticsearch.common.io.stream.StreamInput; @@ -109,9 +108,7 @@ public void readFrom(StreamInput in) throws IOException { for (int i = 0; i < indexSize; i++) { indexPrivileges[i] = new RoleDescriptor.IndicesPrivileges(in); } - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); - } + applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); } @Override @@ -123,9 +120,7 @@ public void writeTo(StreamOutput out) throws IOException { for (RoleDescriptor.IndicesPrivileges priv : indexPrivileges) { priv.writeTo(out); } - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); - } + out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); } } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java index 74984556dc1a0..f67219061bb85 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesResponse.java @@ -5,7 +5,6 @@ */ package org.elasticsearch.xpack.core.security.action.user; -import org.elasticsearch.Version; import org.elasticsearch.action.ActionResponse; import org.elasticsearch.common.io.stream.StreamInput; import org.elasticsearch.common.io.stream.StreamOutput; @@ -103,16 +102,10 @@ public int hashCode() { public void readFrom(StreamInput in) throws IOException { super.readFrom(in); completeMatch = in.readBoolean(); - if (in.getVersion().onOrAfter(Version.V_6_6_0 )) { - cluster = in.readMap(StreamInput::readString, StreamInput::readBoolean); - } + cluster = in.readMap(StreamInput::readString, StreamInput::readBoolean); index = readResourcePrivileges(in); - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - application = in.readMap(StreamInput::readString, HasPrivilegesResponse::readResourcePrivileges); - } - if (in.getVersion().onOrAfter(Version.V_6_6_0)) { - username = in.readString(); - } + application = in.readMap(StreamInput::readString, HasPrivilegesResponse::readResourcePrivileges); + username = in.readString(); } private static Set readResourcePrivileges(StreamInput in) throws IOException { @@ -130,16 +123,10 @@ private static Set readResourcePrivileges(StreamInput in) th public void writeTo(StreamOutput out) throws IOException { super.writeTo(out); out.writeBoolean(completeMatch); - if (out.getVersion().onOrAfter(Version.V_6_6_0)) { - out.writeMap(cluster, StreamOutput::writeString, StreamOutput::writeBoolean); - } + out.writeMap(cluster, StreamOutput::writeString, StreamOutput::writeBoolean); writeResourcePrivileges(out, index); - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeMap(application, StreamOutput::writeString, HasPrivilegesResponse::writeResourcePrivileges); - } - if (out.getVersion().onOrAfter(Version.V_6_6_0)) { - out.writeString(username); - } + out.writeMap(application, StreamOutput::writeString, HasPrivilegesResponse::writeResourcePrivileges); + out.writeString(username); } private static void writeResourcePrivileges(StreamOutput out, Set privileges) throws IOException { diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java index de75d90eca51f..17c3e05a772ce 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java @@ -60,13 +60,8 @@ public Authentication(StreamInput in) throws IOException { this.lookedUpBy = null; } this.version = in.getVersion(); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - type = AuthenticationType.values()[in.readVInt()]; - metadata = in.readMap(); - } else { - type = AuthenticationType.REALM; - metadata = Collections.emptyMap(); - } + type = AuthenticationType.values()[in.readVInt()]; + metadata = in.readMap(); } public User getUser() { @@ -165,10 +160,8 @@ public void writeTo(StreamOutput out) throws IOException { } else { out.writeBoolean(false); } - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeVInt(type.ordinal()); - out.writeMap(metadata); - } + out.writeVInt(type.ordinal()); + out.writeMap(metadata); } @Override diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java index 5705d7bf35723..15304ff85dbd9 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java @@ -6,7 +6,6 @@ package org.elasticsearch.xpack.core.security.authz; import org.elasticsearch.ElasticsearchParseException; -import org.elasticsearch.Version; import org.elasticsearch.common.Nullable; import org.elasticsearch.common.ParseField; import org.elasticsearch.common.Strings; @@ -122,13 +121,8 @@ public RoleDescriptor(StreamInput in) throws IOException { this.metadata = in.readMap(); this.transientMetadata = in.readMap(); - if (in.getVersion().onOrAfter(Version.V_6_4_0)) { - this.applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); - this.conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); - } else { - this.applicationPrivileges = ApplicationResourcePrivileges.NONE; - this.conditionalClusterPrivileges = ConditionalClusterPrivileges.EMPTY_ARRAY; - } + this.applicationPrivileges = in.readArray(ApplicationResourcePrivileges::new, ApplicationResourcePrivileges[]::new); + this.conditionalClusterPrivileges = ConditionalClusterPrivileges.readArray(in); } public String getName() { @@ -264,10 +258,8 @@ public void writeTo(StreamOutput out) throws IOException { out.writeStringArray(runAs); out.writeMap(metadata); out.writeMap(transientMetadata); - if (out.getVersion().onOrAfter(Version.V_6_4_0)) { - out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); - ConditionalClusterPrivileges.writeArray(out, getConditionalClusterPrivileges()); - } + out.writeArray(ApplicationResourcePrivileges::write, applicationPrivileges); + ConditionalClusterPrivileges.writeArray(out, getConditionalClusterPrivileges()); } public static RoleDescriptor parse(String name, BytesReference source, boolean allow2xFormat, XContentType xContentType) @@ -608,11 +600,7 @@ public IndicesPrivileges(StreamInput in) throws IOException { this.deniedFields = in.readOptionalStringArray(); this.privileges = in.readStringArray(); this.query = in.readOptionalBytesReference(); - if (in.getVersion().onOrAfter(Version.V_6_7_0)) { - allowRestrictedIndices = in.readBoolean(); - } else { - allowRestrictedIndices = false; - } + this.allowRestrictedIndices = in.readBoolean(); } @Override @@ -622,9 +610,7 @@ public void writeTo(StreamOutput out) throws IOException { out.writeOptionalStringArray(deniedFields); out.writeStringArray(privileges); out.writeOptionalBytesReference(query); - if (out.getVersion().onOrAfter(Version.V_6_7_0)) { - out.writeBoolean(allowRestrictedIndices); - } + out.writeBoolean(allowRestrictedIndices); } public static Builder builder() { diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java index f642f3ab919d2..7ca9f4da74ab3 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java @@ -20,7 +20,6 @@ import org.elasticsearch.test.ESTestCase; import org.elasticsearch.test.VersionUtils; import org.elasticsearch.xpack.core.XPackClientPlugin; -import org.elasticsearch.xpack.core.security.authz.RoleDescriptor; import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.ApplicationResourcePrivileges; import org.elasticsearch.xpack.core.security.authz.privilege.ConditionalClusterPrivileges; @@ -31,11 +30,9 @@ import java.util.Map; import java.util.function.Supplier; -import static org.hamcrest.Matchers.arrayWithSize; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; -import static org.hamcrest.Matchers.iterableWithSize; import static org.hamcrest.Matchers.notNullValue; import static org.hamcrest.Matchers.nullValue; @@ -60,7 +57,7 @@ public void testSerialization() throws IOException { final BytesStreamOutput out = new BytesStreamOutput(); if (randomBoolean()) { - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_7_0, Version.CURRENT); + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); logger.info("Serializing with version {}", version); out.setVersion(version); } @@ -75,67 +72,6 @@ public void testSerialization() throws IOException { assertThat(copy.roleDescriptor(), equalTo(original.roleDescriptor())); } - public void testSerializationBetweenV64AndV66() throws IOException { - final PutRoleRequest original = buildRandomRequest(); - - final BytesStreamOutput out = new BytesStreamOutput(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.V_6_6_0); - out.setVersion(version); - original.writeTo(out); - - final PutRoleRequest copy = new PutRoleRequest(); - final NamedWriteableRegistry registry = new NamedWriteableRegistry(new XPackClientPlugin(Settings.EMPTY).getNamedWriteables()); - StreamInput in = new NamedWriteableAwareStreamInput(ByteBufferStreamInput.wrap(BytesReference.toBytes(out.bytes())), registry); - in.setVersion(version); - copy.readFrom(in); - - assertThat(copy.name(), equalTo(original.name())); - assertThat(copy.cluster(), equalTo(original.cluster())); - assertIndicesSerializedRestricted(copy.indices(), original.indices()); - assertThat(copy.runAs(), equalTo(original.runAs())); - assertThat(copy.metadata(), equalTo(original.metadata())); - assertThat(copy.getRefreshPolicy(), equalTo(original.getRefreshPolicy())); - - assertThat(copy.applicationPrivileges(), equalTo(original.applicationPrivileges())); - assertThat(copy.conditionalClusterPrivileges(), equalTo(original.conditionalClusterPrivileges())); - } - - public void testSerializationV60AndV32() throws IOException { - final PutRoleRequest original = buildRandomRequest(); - - final BytesStreamOutput out = new BytesStreamOutput(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_0_0, Version.V_6_3_2); - out.setVersion(version); - original.writeTo(out); - - final PutRoleRequest copy = new PutRoleRequest(); - final StreamInput in = out.bytes().streamInput(); - in.setVersion(version); - copy.readFrom(in); - - assertThat(copy.name(), equalTo(original.name())); - assertThat(copy.cluster(), equalTo(original.cluster())); - assertIndicesSerializedRestricted(copy.indices(), original.indices()); - assertThat(copy.runAs(), equalTo(original.runAs())); - assertThat(copy.metadata(), equalTo(original.metadata())); - assertThat(copy.getRefreshPolicy(), equalTo(original.getRefreshPolicy())); - - assertThat(copy.applicationPrivileges(), iterableWithSize(0)); - assertThat(copy.conditionalClusterPrivileges(), arrayWithSize(0)); - } - - private void assertIndicesSerializedRestricted(RoleDescriptor.IndicesPrivileges[] copy, RoleDescriptor.IndicesPrivileges[] original) { - assertThat(copy.length, equalTo(original.length)); - for (int i = 0; i < copy.length; i++) { - assertThat(copy[i].allowRestrictedIndices(), equalTo(false)); - assertThat(copy[i].getIndices(), equalTo(original[i].getIndices())); - assertThat(copy[i].getPrivileges(), equalTo(original[i].getPrivileges())); - assertThat(copy[i].getDeniedFields(), equalTo(original[i].getDeniedFields())); - assertThat(copy[i].getGrantedFields(), equalTo(original[i].getGrantedFields())); - assertThat(copy[i].getQuery(), equalTo(original[i].getQuery())); - } - } - private void assertSuccessfulValidation(PutRoleRequest request) { final ActionRequestValidationException exception = request.validate(); assertThat(exception, nullValue()); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java index a6706542e9613..6dd1d8a25f088 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/user/HasPrivilegesRequestTests.java @@ -25,13 +25,12 @@ import static org.hamcrest.Matchers.equalTo; import static org.hamcrest.Matchers.hasItem; import static org.hamcrest.Matchers.notNullValue; -import static org.hamcrest.Matchers.nullValue; public class HasPrivilegesRequestTests extends ESTestCase { - public void testSerializationV64OrLater() throws IOException { + public void testSerializationCurrentVersion() throws IOException { final HasPrivilegesRequest original = randomRequest(); - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, Version.CURRENT); + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); final HasPrivilegesRequest copy = serializeAndDeserialize(original, version); assertThat(copy.username(), equalTo(original.username())); @@ -40,16 +39,6 @@ public void testSerializationV64OrLater() throws IOException { assertThat(copy.applicationPrivileges(), equalTo(original.applicationPrivileges())); } - public void testSerializationV63() throws IOException { - final HasPrivilegesRequest original = randomRequest(); - final HasPrivilegesRequest copy = serializeAndDeserialize(original, Version.V_6_3_0); - - assertThat(copy.username(), equalTo(original.username())); - assertThat(copy.clusterPrivileges(), equalTo(original.clusterPrivileges())); - assertThat(copy.indexPrivileges(), equalTo(original.indexPrivileges())); - assertThat(copy.applicationPrivileges(), nullValue()); - } - public void testValidateNullPrivileges() { final HasPrivilegesRequest request = new HasPrivilegesRequest(); final ActionRequestValidationException exception = request.validate(); diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 8cc970ca77e4f..ff92122626630 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -985,7 +985,6 @@ public BiConsumer getJoinValidator() { return new ValidateTLSOnJoin(XPackSettings.TRANSPORT_SSL_ENABLED.get(settings), DiscoveryModule.DISCOVERY_TYPE_SETTING.get(settings)) .andThen(new ValidateUpgradedSecurityIndex()) - .andThen(new ValidateLicenseCanBeDeserialized()) .andThen(new ValidateLicenseForFIPS(XPackSettings.FIPS_MODE_ENABLED.get(settings))); } return null; @@ -1023,17 +1022,6 @@ public void accept(DiscoveryNode node, ClusterState state) { } } - static final class ValidateLicenseCanBeDeserialized implements BiConsumer { - @Override - public void accept(DiscoveryNode node, ClusterState state) { - License license = LicenseService.getLicense(state.metaData()); - if (license != null && license.version() >= License.VERSION_CRYPTO_ALGORITHMS && node.getVersion().before(Version.V_6_4_0)) { - throw new IllegalStateException("node " + node + " is on version [" + node.getVersion() + - "] that cannot deserialize the license format [" + license.version() + "], upgrade node to at least 6.4.0"); - } - } - } - static final class ValidateLicenseForFIPS implements BiConsumer { private final boolean inFipsMode; diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java index 980a39a186637..1297df19f259e 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/ApiKeyService.java @@ -233,12 +233,6 @@ private void createApiKeyAndIndexIt(Authentication authentication, CreateApiKeyR final Instant expiration = getApiKeyExpiration(created, request); final SecureString apiKey = UUIDs.randomBase64UUIDSecureString(); final Version version = clusterService.state().nodes().getMinNodeVersion(); - if (version.before(Version.V_6_7_0)) { - logger.warn( - "nodes prior to the minimum supported version for api keys {} exist in the cluster;" - + " these nodes will not be able to use api keys", - Version.V_6_7_0); - } final char[] keyHash = hasher.hash(apiKey); try (XContentBuilder builder = XContentFactory.jsonBuilder()) { diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java index fe8b3823120f4..2bcf0849084bc 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/UserToken.java @@ -73,11 +73,7 @@ public final class UserToken implements Writeable, ToXContentObject { this.id = input.readString(); this.authentication = new Authentication(input); this.expirationTime = Instant.ofEpochSecond(input.readLong(), input.readInt()); - if (version.before(Version.V_6_2_0)) { - this.metadata = Collections.emptyMap(); - } else { - this.metadata = input.readMap(); - } + this.metadata = input.readMap(); } @Override @@ -86,9 +82,7 @@ public void writeTo(StreamOutput out) throws IOException { authentication.writeTo(out); out.writeLong(expirationTime.getEpochSecond()); out.writeInt(expirationTime.getNano()); - if (out.getVersion().onOrAfter(Version.V_6_2_0)) { - out.writeMap(metadata); - } + out.writeMap(metadata); } /** diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index cc573fd9247f9..08f1149572faa 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -271,19 +271,6 @@ public void testTLSJoinValidator() throws Exception { } } - public void testJoinValidatorForLicenseDeserialization() throws Exception { - DiscoveryNode node = new DiscoveryNode("foo", buildNewFakeTransportAddress(), - VersionUtils.randomVersionBetween(random(), null, Version.V_6_3_0)); - MetaData.Builder builder = MetaData.builder(); - License license = TestUtils.generateSignedLicense(null, - randomIntBetween(License.VERSION_CRYPTO_ALGORITHMS, License.VERSION_CURRENT), -1, TimeValue.timeValueHours(24)); - TestUtils.putLicense(builder, license); - ClusterState state = ClusterState.builder(ClusterName.DEFAULT).metaData(builder.build()).build(); - IllegalStateException e = expectThrows(IllegalStateException.class, - () -> new Security.ValidateLicenseCanBeDeserialized().accept(node, state)); - assertThat(e.getMessage(), containsString("cannot deserialize the license format")); - } - public void testJoinValidatorForFIPSLicense() throws Exception { DiscoveryNode node = new DiscoveryNode("foo", buildNewFakeTransportAddress(), VersionUtils.randomVersionBetween(random(), null, Version.CURRENT)); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java index 0f4b53e984186..a2d828cf92284 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RoleDescriptorTests.java @@ -213,8 +213,8 @@ public void testParse() throws Exception { assertThat(ex.getMessage(), containsString("not_supported")); } - public void testSerialization() throws Exception { - final Version version = VersionUtils.randomVersionBetween(random(), Version.V_6_4_0, null); + public void testSerializationForCurrentVersion() throws Exception { + final Version version = VersionUtils.randomCompatibleVersion(random(), Version.CURRENT); logger.info("Testing serialization with version {}", version); BytesStreamOutput output = new BytesStreamOutput(); output.setVersion(version);