Remove dead code related to auditing (#94114)

This PR removes:
 * the CompositeAuditTrail which is designed to fan-out
auditing events to multiple logger implementation types.
This is not needed because since v7.0 there's only one
audit logger implementation, the logfile.
 * any traces of the index-based logger implementation,
namely the permission of the internal _xpack user to
read the audit log index.

Related: #37707

x-pack/plugin/core/src/main/java/module-info.java

@@ -154,7 +154,6 @@
     exports org.elasticsearch.xpack.core.security.authz.store;
     exports org.elasticsearch.xpack.core.security.authz.support;
     exports org.elasticsearch.xpack.core.security.authz;
-    exports org.elasticsearch.xpack.core.security.index;
     exports org.elasticsearch.xpack.core.security.support;
     exports org.elasticsearch.xpack.core.security.user;
     exports org.elasticsearch.xpack.core.security.xcontent;

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/XPackUser.java

@@ -8,7 +8,6 @@
 
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
-import org.elasticsearch.xpack.core.security.index.IndexAuditTrailField;
 import org.elasticsearch.xpack.core.security.support.MetadataUtils;
 
 /**
@@ -25,8 +24,7 @@ public class XPackUser extends User {
                 .indices("/@&~(\\.security.*)&~(\\.async-search.*)/")
                 .privileges("all")
                 .allowRestrictedIndices(true)
-                .build(),
-            RoleDescriptor.IndicesPrivileges.builder().indices(IndexAuditTrailField.INDEX_NAME_PREFIX + "-*").privileges("read").build() },
+                .build() },
         new String[] { "*" },
         MetadataUtils.DEFAULT_RESERVED_METADATA
     );

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java

@@ -88,9 +88,7 @@ public void testDynamicFilterSettings() throws Exception {
         final String actual = ((LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class)
             .iterator()
             .next()
-            .getAuditTrails()
-            .iterator()
-            .next()).eventFilterPolicyRegistry.toString();
+            .getAuditTrail()).eventFilterPolicyRegistry.toString();
         assertEquals(expected, actual);
     }
 
@@ -112,7 +110,6 @@ public void testInvalidFilterSettings() throws Exception {
     }
 
     public void testDynamicHostSettings() {
-        final boolean persistent = randomBoolean();
         final Settings.Builder settingsBuilder = Settings.builder();
         settingsBuilder.put(LoggingAuditTrail.EMIT_HOST_ADDRESS_SETTING.getKey(), true);
         settingsBuilder.put(LoggingAuditTrail.EMIT_HOST_NAME_SETTING.getKey(), true);
@@ -122,9 +119,7 @@ public void testDynamicHostSettings() {
         final LoggingAuditTrail loggingAuditTrail = (LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class)
             .iterator()
             .next()
-            .getAuditTrails()
-            .iterator()
-            .next();
+            .getAuditTrail();
         assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.NODE_NAME_FIELD_NAME), startsWith("node_"));
         assertThat(loggingAuditTrail.entryCommonFields.commonFields.containsKey(LoggingAuditTrail.NODE_ID_FIELD_NAME), is(true));
         assertThat(loggingAuditTrail.entryCommonFields.commonFields.get(LoggingAuditTrail.HOST_ADDRESS_FIELD_NAME), is("127.0.0.1"));
@@ -159,9 +154,7 @@ public void testDynamicClusterSettings() {
         final LoggingAuditTrail loggingAuditTrail = (LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class)
             .iterator()
             .next()
-            .getAuditTrails()
-            .iterator()
-            .next();
+            .getAuditTrail();
 
         final Settings.Builder settingsBuilder = Settings.builder();
         settingsBuilder.put(LoggingAuditTrail.EMIT_CLUSTER_NAME_SETTING.getKey(), true);
@@ -197,9 +190,7 @@ public void testDynamicRequestBodySettings() {
         final LoggingAuditTrail loggingAuditTrail = (LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class)
             .iterator()
             .next()
-            .getAuditTrails()
-            .iterator()
-            .next();
+            .getAuditTrail();
         assertEquals(enableRequestBody, loggingAuditTrail.includeRequestBody);
         settingsBuilder.put(LoggingAuditTrail.INCLUDE_REQUEST_BODY.getKey(), enableRequestBody == false);
         updateSettings(settingsBuilder.build());
@@ -230,9 +221,7 @@ public void testDynamicEventsSettings() {
         final LoggingAuditTrail loggingAuditTrail = (LoggingAuditTrail) internalCluster().getInstances(AuditTrailService.class)
             .iterator()
             .next()
-            .getAuditTrails()
-            .iterator()
-            .next();
+            .getAuditTrail();
         assertEquals(AuditLevel.parse(includedEvents, excludedEvents), loggingAuditTrail.events);
     }
 

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authz/SecuritySearchOperationListenerTests.java

@@ -38,7 +38,6 @@
 import org.junit.Before;
 
 import java.util.Collections;
-import java.util.List;
 
 import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.AUTHORIZATION_INFO_KEY;
 import static org.elasticsearch.xpack.core.security.authz.AuthorizationServiceField.ORIGINATING_ACTION_KEY;
@@ -126,7 +125,7 @@ public void testValidateSearchContext() throws Exception {
             ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
             final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, threadContext);
             AuditTrail auditTrail = mock(AuditTrail.class);
-            AuditTrailService auditTrailService = new AuditTrailService(Collections.singletonList(auditTrail), licenseState);
+            AuditTrailService auditTrailService = new AuditTrailService(auditTrail, licenseState);
 
             SecuritySearchOperationListener listener = new SecuritySearchOperationListener(securityContext, auditTrailService);
             try (StoredContext ignore = threadContext.newStoredContext()) {
@@ -261,7 +260,7 @@ public void testValidateResourceAccessCheck() throws Exception {
             when(licenseState.isAllowed(Security.AUDITING_FEATURE)).thenReturn(true);
             final SecurityContext securityContext = new SecurityContext(Settings.EMPTY, new ThreadContext(Settings.EMPTY));
             final AuditTrail auditTrail = mock(AuditTrail.class);
-            final AuditTrailService auditTrailService = new AuditTrailService(List.of(auditTrail), licenseState);
+            final AuditTrailService auditTrailService = new AuditTrailService(auditTrail, licenseState);
 
             final SecuritySearchOperationListener listener = new SecuritySearchOperationListener(securityContext, auditTrailService);
             final TransportRequest request = mock(TransportRequest.class);

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -626,10 +626,10 @@ Collection<Object> createComponents(
         final RestrictedIndices restrictedIndices = new RestrictedIndices(expressionResolver);
 
         // audit trail service construction
-        final List<AuditTrail> auditTrails = XPackSettings.AUDIT_ENABLED.get(settings)
-            ? Collections.singletonList(new LoggingAuditTrail(settings, clusterService, threadPool))
-            : Collections.emptyList();
-        final AuditTrailService auditTrailService = new AuditTrailService(auditTrails, getLicenseState());
+        final AuditTrail auditTrail = XPackSettings.AUDIT_ENABLED.get(settings)
+            ? new LoggingAuditTrail(settings, clusterService, threadPool)
+            : null;
+        final AuditTrailService auditTrailService = new AuditTrailService(auditTrail, getLicenseState());
         components.add(auditTrailService);
         this.auditTrailService.set(auditTrailService);