Support audit ignore policy by index privileges

Addressing review comments + changing approach: - use permission check instead of simple "checkIfGrants" - adding more testing
elastic · Feb 15, 2021 · 79649e9 · 79649e9
1 parent 96d22a4
commit 79649e9
Showing 1 changed file with 0 additions and 14 deletions.
diff --git a/...st/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java b/...st/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java
@@ -124,20 +124,6 @@ public void testInvalidPrivilegesFilterSettings() throws Exception {
         assertThat(e.getMessage(), containsString("illegal value can't update"));
     }
 
-    public void testInvalidBothPrivilegesFilterSettings() throws Exception {
-        final Settings.Builder settingsBuilder1 = Settings.builder();
-        settingsBuilder1.putList("xpack.security.audit.logfile.events.ignore_filters.BothPrivilegesFilter.index_privileges",
-            "read");
-        updateSettings(settingsBuilder1.build(), true);
-
-        final Settings.Builder settingsBuilder2 = Settings.builder();
-        settingsBuilder2.putList("xpack.security.audit.logfile.events.ignore_filters.BothPrivilegesFilter.cluster_privileges", "monitor");
-
-        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
-            () -> updateSettings(settingsBuilder2.build(), true));
-        assertThat(e.getMessage(), containsString("illegal value can't update"));
-    }
-
     public void testDynamicHostSettings() {
         final boolean persistent = randomBoolean();
         final Settings.Builder settingsBuilder = Settings.builder();