diff --git a/x-pack/plugin/ccr/src/main/java/org/elasticsearch/xpack/ccr/CcrLicenseChecker.java b/x-pack/plugin/ccr/src/main/java/org/elasticsearch/xpack/ccr/CcrLicenseChecker.java index a693cc57b5229..2b65242949dc4 100644 --- a/x-pack/plugin/ccr/src/main/java/org/elasticsearch/xpack/ccr/CcrLicenseChecker.java +++ b/x-pack/plugin/ccr/src/main/java/org/elasticsearch/xpack/ccr/CcrLicenseChecker.java @@ -412,7 +412,7 @@ private static ElasticsearchStatusException indexMetadataNonCompliantRemoteLicen RemoteClusterLicenseChecker.buildErrorMessage( "ccr", licenseCheck.remoteClusterLicenseInfo(), - RemoteClusterLicenseChecker::isLicensePlatinumOrTrial)); + RemoteClusterLicenseChecker::isAllowedByLicense)); return new ElasticsearchStatusException(message, RestStatus.BAD_REQUEST); } @@ -426,7 +426,7 @@ private static ElasticsearchStatusException clusterStateNonCompliantRemoteLicens RemoteClusterLicenseChecker.buildErrorMessage( "ccr", licenseCheck.remoteClusterLicenseInfo(), - RemoteClusterLicenseChecker::isLicensePlatinumOrTrial)); + RemoteClusterLicenseChecker::isAllowedByLicense)); return new ElasticsearchStatusException(message, RestStatus.BAD_REQUEST); } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/License.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/License.java index 210beaaedecaf..1c14e8df63c8c 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/License.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/License.java @@ -175,7 +175,8 @@ public enum OperationMode { BASIC((byte) 2), STANDARD((byte) 3), GOLD((byte) 4), - PLATINUM((byte) 5); + PLATINUM((byte) 5), + ENTERPRISE((byte) 6); private final byte id; @@ -208,8 +209,9 @@ public static OperationMode resolve(LicenseType type) { case GOLD: return GOLD; case PLATINUM: - case ENTERPRISE: // TODO Add an explicit enterprise operating mode return PLATINUM; + case ENTERPRISE: + return ENTERPRISE; case TRIAL: return TRIAL; default: diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/LicenseService.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/LicenseService.java index 515f8462f98aa..484f97f4a26ae 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/LicenseService.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/LicenseService.java @@ -256,6 +256,7 @@ && isProductionMode(settings, clusterService.localNode())) { "] license unless TLS is configured or security is disabled"); } else if (XPackSettings.FIPS_MODE_ENABLED.get(settings) && newLicense.operationMode() != License.OperationMode.PLATINUM + && newLicense.operationMode() != License.OperationMode.ENTERPRISE && newLicense.operationMode() != License.OperationMode.TRIAL) { throw new IllegalStateException("Cannot install a [" + newLicense.operationMode() + "] license unless FIPS mode is disabled"); diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java index fc7d44c191601..b4abf6e88c82a 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/license/RemoteClusterLicenseChecker.java @@ -138,9 +138,9 @@ public RemoteClusterLicenseChecker(final Client client, final Predicate FIPS_ALLOWED_LICENSE_OPERATION_MODES = - EnumSet.of(License.OperationMode.PLATINUM, License.OperationMode.TRIAL); - /** Messages for each feature which are printed when the license expires. */ static final Map EXPIRATION_MESSAGES; static { @@ -114,6 +109,7 @@ private static String[] securityAcknowledgementMessages(OperationMode currentMod case TRIAL: case GOLD: case PLATINUM: + case ENTERPRISE: return new String[] { "Security will default to disabled (set " + XPackSettings.SECURITY_ENABLED.getKey() + " to enable security).", "Authentication will be limited to the native and file realms.", @@ -132,6 +128,7 @@ private static String[] securityAcknowledgementMessages(OperationMode currentMod // ^^ though technically it was already disabled, it's not bad to remind them case TRIAL: case PLATINUM: + case ENTERPRISE: return new String[] { "Field and document level access control will be disabled.", "Custom realms will be ignored.", @@ -145,6 +142,7 @@ private static String[] securityAcknowledgementMessages(OperationMode currentMod // ^^ though technically it doesn't change the feature set, it's not bad to remind them case GOLD: case PLATINUM: + case ENTERPRISE: case TRIAL: return new String[] { "Authentication will be limited to the native realms.", @@ -166,6 +164,7 @@ private static String[] watcherAcknowledgementMessages(OperationMode currentMode case STANDARD: case GOLD: case PLATINUM: + case ENTERPRISE: return new String[] { "Watcher will be disabled" }; } break; @@ -181,6 +180,7 @@ private static String[] monitoringAcknowledgementMessages(OperationMode currentM case STANDARD: case GOLD: case PLATINUM: + case ENTERPRISE: return new String[] { LoggerMessageFormat.format( "Multi-cluster support is disabled for clusters with [{}] license. If you are\n" + @@ -206,6 +206,7 @@ private static String[] graphAcknowledgementMessages(OperationMode currentMode, switch (currentMode) { case TRIAL: case PLATINUM: + case ENTERPRISE: return new String[] { "Graph will be disabled" }; } break; @@ -221,6 +222,7 @@ private static String[] machineLearningAcknowledgementMessages(OperationMode cur switch (currentMode) { case TRIAL: case PLATINUM: + case ENTERPRISE: return new String[] { "Machine learning will be disabled" }; } break; @@ -258,6 +260,7 @@ private static String[] sqlAcknowledgementMessages(OperationMode currentMode, Op switch (currentMode) { case TRIAL: case PLATINUM: + case ENTERPRISE: return new String[] { "JDBC and ODBC support will be disabled, but you can continue to use SQL CLI and REST endpoint" }; } @@ -348,41 +351,22 @@ public synchronized boolean isActive() { * @return true if authentication and authorization should be enabled. this does not indicate what realms are available * @see #allowedRealmType() for the enabled realms */ - public synchronized boolean isAuthAllowed() { - OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - if (isSecurityCurrentlyEnabled) { - switch (mode) { - case BASIC: - case STANDARD: - case GOLD: - case PLATINUM: - case TRIAL: - return true; - } - } - return false; + public boolean isAuthAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.BASIC, true, false, true); } /** * @return true if IP filtering should be enabled */ - public synchronized boolean isIpFilteringAllowed() { - OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (mode == OperationMode.GOLD || mode == OperationMode.PLATINUM || mode == OperationMode.TRIAL); + public boolean isIpFilteringAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.GOLD, true, false, true); } /** * @return true if auditing should be enabled */ - public synchronized boolean isAuditingAllowed() { - OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (mode == OperationMode.GOLD || mode == OperationMode.PLATINUM || mode == OperationMode.TRIAL); + public boolean isAuditingAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.GOLD, true, false, true); } /** @@ -391,8 +375,8 @@ public synchronized boolean isAuditingAllowed() { * * @return true if the license allows for the stats and health APIs to be used. */ - public synchronized boolean isStatsAndHealthAllowed() { - return status.active; + public boolean isStatsAndHealthAllowed() { + return isActive(); } /** @@ -407,11 +391,8 @@ public synchronized boolean isStatsAndHealthAllowed() { * * @return {@code true} to enable DLS and FLS. Otherwise {@code false}. */ - public synchronized boolean isDocumentAndFieldLevelSecurityAllowed() { - OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (mode == OperationMode.TRIAL || mode == OperationMode.PLATINUM); + public boolean isDocumentAndFieldLevelSecurityAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, true, false, true); } /** Classes of realms that may be available based on the license type. */ @@ -431,6 +412,7 @@ public synchronized AllowedRealmType allowedRealmType() { if (isSecurityCurrentlyEnabled) { switch (status.mode) { case PLATINUM: + case ENTERPRISE: case TRIAL: return AllowedRealmType.ALL; case GOLD: @@ -449,51 +431,38 @@ public synchronized AllowedRealmType allowedRealmType() { /** * @return whether custom role providers are allowed based on the license {@link OperationMode} */ - public synchronized boolean isCustomRoleProvidersAllowed() { - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (status.mode == OperationMode.PLATINUM || status.mode == OperationMode.TRIAL) - && status.active; + public boolean isCustomRoleProvidersAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, true, true, true); } /** * @return whether the Elasticsearch {@code TokenService} is allowed based on the license {@link OperationMode} */ - public synchronized boolean isTokenServiceAllowed() { - final OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (mode == OperationMode.GOLD || mode == OperationMode.PLATINUM || mode == OperationMode.TRIAL); + public boolean isTokenServiceAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.GOLD, true, false, true); } /** * @return whether the Elasticsearch {@code ApiKeyService} is allowed based on the current node/cluster state */ - public synchronized boolean isApiKeyServiceAllowed() { - final OperationMode mode = status.mode; - final boolean isSecurityCurrentlyEnabled = isSecurityEnabled(mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled; + public boolean isApiKeyServiceAllowed() { + return isAllowedBySecurity(); } /** * @return whether "authorization_realms" are allowed based on the license {@link OperationMode} * @see org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings */ - public synchronized boolean isAuthorizationRealmAllowed() { - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (status.mode == OperationMode.PLATINUM || status.mode == OperationMode.TRIAL) - && status.active; + public boolean isAuthorizationRealmAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, true, true, true); } /** * @return whether a custom authorization engine is allowed based on the license {@link OperationMode} * @see org.elasticsearch.xpack.core.security.authc.support.DelegatedAuthorizationSettings */ - public synchronized boolean isAuthorizationEngineAllowed() { - final boolean isSecurityCurrentlyEnabled = - isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled); - return isSecurityCurrentlyEnabled && (status.mode == OperationMode.PLATINUM || status.mode == OperationMode.TRIAL) - && status.active; + public boolean isAuthorizationEngineAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, true, true, true); } /** @@ -509,22 +478,8 @@ public synchronized boolean isAuthorizationEngineAllowed() { * * @return {@code true} as long as the license is valid. Otherwise {@code false}. */ - public synchronized boolean isWatcherAllowed() { - Status localStatus = status; - - if (localStatus.active == false) { - return false; - } - - switch (localStatus.mode) { - case TRIAL: - case GOLD: - case PLATINUM: - case STANDARD: - return true; - default: - return false; - } + public boolean isWatcherAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.STANDARD, false, true, true); } /** @@ -532,8 +487,8 @@ public synchronized boolean isWatcherAllowed() { * * @return true if the license is active */ - public synchronized boolean isMonitoringAllowed() { - return status.active; + public boolean isMonitoringAllowed() { + return isActive(); } /** @@ -542,7 +497,7 @@ public synchronized boolean isMonitoringAllowed() { * @return {@link #isWatcherAllowed()} * @see #isWatcherAllowed() */ - public synchronized boolean isMonitoringClusterAlertsAllowed() { + public boolean isMonitoringClusterAlertsAllowed() { return isWatcherAllowed(); } @@ -555,9 +510,8 @@ public synchronized boolean isMonitoringClusterAlertsAllowed() { * * @return {@code true} if the user is allowed to modify the retention. Otherwise {@code false}. */ - public synchronized boolean isUpdateRetentionAllowed() { - final OperationMode mode = status.mode; - return mode != OperationMode.BASIC && mode != OperationMode.MISSING; + public boolean isUpdateRetentionAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.STANDARD, false, false, true); } /** @@ -571,13 +525,8 @@ public synchronized boolean isUpdateRetentionAllowed() { * * @return {@code true} as long as the license is valid. Otherwise {@code false}. */ - public synchronized boolean isGraphAllowed() { - Status localStatus = status; - OperationMode operationMode = localStatus.mode; - - boolean licensed = operationMode == OperationMode.TRIAL || operationMode == OperationMode.PLATINUM; - - return licensed && localStatus.active; + public boolean isGraphAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, false, true, true); } /** @@ -593,13 +542,12 @@ public synchronized boolean isGraphAllowed() { * @return {@code true} as long as the license is valid. Otherwise * {@code false}. */ - public synchronized boolean isMachineLearningAllowed() { - final Status currentStatus = status; - return currentStatus.active && isMachineLearningAllowedForOperationMode(currentStatus.mode); + public boolean isMachineLearningAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, false, true, true); } public static boolean isMachineLearningAllowedForOperationMode(final OperationMode operationMode) { - return isPlatinumOrTrialOperationMode(operationMode); + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); } /** @@ -607,8 +555,8 @@ public static boolean isMachineLearningAllowedForOperationMode(final OperationMo * * @return true if the license is active */ - public synchronized boolean isTransformAllowed() { - return status.active; + public boolean isTransformAllowed() { + return isActive(); } public static boolean isTransformAllowedForOperationMode(final OperationMode operationMode) { @@ -616,13 +564,17 @@ public static boolean isTransformAllowedForOperationMode(final OperationMode ope return operationMode != License.OperationMode.MISSING; } + public static boolean isFipsAllowedForOperationMode(final OperationMode operationMode) { + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); + } + /** * Rollup is always available as long as there is a valid license * * @return true if the license is active */ - public synchronized boolean isRollupAllowed() { - return status.active; + public boolean isRollupAllowed() { + return isActive(); } /** @@ -630,80 +582,62 @@ public synchronized boolean isRollupAllowed() { * * @return true if the license is active */ - public synchronized boolean isVotingOnlyAllowed() { - return status.active; + public boolean isVotingOnlyAllowed() { + return isActive(); } /** * Logstash is allowed as long as there is an active license of type TRIAL, STANDARD, GOLD or PLATINUM * @return {@code true} as long as there is a valid license */ - public synchronized boolean isLogstashAllowed() { - Status localStatus = status; - return localStatus.active && (isBasic(localStatus.mode) == false); + public boolean isLogstashAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.STANDARD, false, true, true); } /** * Beats is allowed as long as there is an active license of type TRIAL, STANDARD, GOLD or PLATINUM * @return {@code true} as long as there is a valid license */ - public synchronized boolean isBeatsAllowed() { - Status localStatus = status; - return localStatus.active && (isBasic(localStatus.mode) == false); - + public boolean isBeatsAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.STANDARD, false, true, true); } /** * Deprecation APIs are always allowed as long as there is an active license * @return {@code true} as long as there is a valid license */ - public synchronized boolean isDeprecationAllowed() { - return status.active; + public boolean isDeprecationAllowed() { + return isActive(); } /** * Determine if Upgrade API should be enabled. - *

- * Upgrade API is not available in for all license types except {@link OperationMode#MISSING} * * @return {@code true} as long as the license is valid. Otherwise * {@code false}. */ - public synchronized boolean isUpgradeAllowed() { - // Should work on all active licenses - return status.active; + public boolean isUpgradeAllowed() { + return isActive(); } /** * Determine if Index Lifecycle API should be enabled. - *

- * Index Lifecycle API is available in for all license types except - * {@link OperationMode#MISSING} * * @return {@code true} as long as the license is valid. Otherwise * {@code false}. */ public boolean isIndexLifecycleAllowed() { - // status is volatile - Status localStatus = status; - // Should work on all active licenses - return localStatus.active; + return isActive(); } /** * Determine if the enrich processor and related APIs are allowed to be used. - *

- * This is available in for all license types except - * {@link OperationMode#MISSING} * * @return {@code true} as long as the license is valid. Otherwise * {@code false}. */ public boolean isEnrichAllowed() { - // status is volatile - Status localStatus = status; - // Should work on all active licenses - return localStatus.active; + return isActive(); } /** @@ -717,11 +651,9 @@ public synchronized boolean isEqlAllowed() { /** * Determine if SQL support should be enabled. - *

- * SQL is available for all license types except {@link OperationMode#MISSING} */ - public synchronized boolean isSqlAllowed() { - return status.active; + public boolean isSqlAllowed() { + return isActive(); } /** @@ -729,31 +661,22 @@ public synchronized boolean isSqlAllowed() { *

* JDBC is available only in for {@link OperationMode#PLATINUM} and {@link OperationMode#TRIAL} licences */ - public synchronized boolean isJdbcAllowed() { - Status localStatus = status; - OperationMode operationMode = localStatus.mode; - - boolean licensed = operationMode == OperationMode.TRIAL || operationMode == OperationMode.PLATINUM; - - return licensed && localStatus.active; + public boolean isJdbcAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, false, true, true); } /** * Determine if support for flattened object fields should be enabled. - *

- * Flattened fields are available for all license types except {@link OperationMode#MISSING}. */ - public synchronized boolean isFlattenedAllowed() { - return status.active; + public boolean isFlattenedAllowed() { + return isActive(); } /** * Determine if Vectors support should be enabled. - *

- * Vectors is available for all license types except {@link OperationMode#MISSING} */ - public synchronized boolean isVectorsAllowed() { - return status.active; + public boolean isVectorsAllowed() { + return isActive(); } /** @@ -761,29 +684,18 @@ public synchronized boolean isVectorsAllowed() { *

* ODBC is available only in for {@link OperationMode#PLATINUM} and {@link OperationMode#TRIAL} licences */ - public synchronized boolean isOdbcAllowed() { - Status localStatus = status; - OperationMode operationMode = localStatus.mode; - - boolean licensed = operationMode == OperationMode.TRIAL || operationMode == OperationMode.PLATINUM; - - return licensed && localStatus.active; + public boolean isOdbcAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, false, true, true); } /** * Determine if Spatial features should be enabled. - *

- * Spatial features are available in for all license types except - * {@link OperationMode#MISSING} * * @return {@code true} as long as the license is valid. Otherwise * {@code false}. */ public boolean isSpatialAllowed() { - // status is volatile - Status localStatus = status; - // Should work on all active licenses - return localStatus.active; + return isActive(); } /** @@ -791,8 +703,8 @@ public boolean isSpatialAllowed() { * * @return true if the license is active */ - public synchronized boolean isDataScienceAllowed() { - return status.active; + public boolean isDataScienceAllowed() { + return isActive(); } public synchronized boolean isTrialLicense() { @@ -805,7 +717,7 @@ public synchronized boolean isTrialLicense() { public synchronized boolean isSecurityAvailable() { OperationMode mode = status.mode; return mode == OperationMode.GOLD || mode == OperationMode.PLATINUM || mode == OperationMode.STANDARD || - mode == OperationMode.TRIAL || mode == OperationMode.BASIC; + mode == OperationMode.TRIAL || mode == OperationMode.BASIC || mode == OperationMode.ENTERPRISE; } /** @@ -833,6 +745,7 @@ public static boolean isTransportTlsRequired(License license, Settings settings) case STANDARD: case GOLD: case PLATINUM: + case ENTERPRISE: return XPackSettings.SECURITY_ENABLED.get(settings); case BASIC: return XPackSettings.SECURITY_ENABLED.get(settings) && isSecurityExplicitlyEnabled(settings); @@ -866,17 +779,20 @@ private static boolean isSecurityEnabled(final OperationMode mode, final boolean * * @return true is the license is compatible, otherwise false */ - public synchronized boolean isCcrAllowed() { - final Status currentStatus = status; - return currentStatus.active && isCcrAllowedForOperationMode(currentStatus.mode); + public boolean isCcrAllowed() { + return isAllowedByLicenseAndSecurity(OperationMode.PLATINUM, false, true, true); } public static boolean isCcrAllowedForOperationMode(final OperationMode operationMode) { - return isPlatinumOrTrialOperationMode(operationMode); + return isAllowedByOperationMode(operationMode, OperationMode.PLATINUM, true); } - public static boolean isPlatinumOrTrialOperationMode(final OperationMode operationMode) { - return operationMode == OperationMode.PLATINUM || operationMode == OperationMode.TRIAL; + public static boolean isAllowedByOperationMode( + final OperationMode operationMode, final OperationMode minimumMode, final boolean allowTrial) { + if (allowTrial && OperationMode.TRIAL == operationMode) { + return true; + } + return operationMode.compareTo(minimumMode) >= 0; } /** @@ -889,4 +805,31 @@ public static boolean isPlatinumOrTrialOperationMode(final OperationMode operati public synchronized XPackLicenseState copyCurrentLicenseState() { return new XPackLicenseState(this); } + + private synchronized boolean isAllowedBySecurity() { + return isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled); + } + + /** + * Test whether a feature is allowed by the status of current license and security configuration. + * + * @param minimumMode The minimum license to meet or exceed + * @param needSecurity Whether security is required for feature to be allowed + * @param needActive Whether current license needs to be active + * @param allowTrial Whether the feature is allowed for trial license + * + * @return true if feature is allowed, otherwise false + */ + private synchronized boolean isAllowedByLicenseAndSecurity( + OperationMode minimumMode, boolean needSecurity, boolean needActive, boolean allowTrial) { + + if (needSecurity && false == isSecurityEnabled(status.mode, isSecurityExplicitlyEnabled, isSecurityEnabled)) { + return false; + } + if (needActive && false == status.active) { + return false; + } + return isAllowedByOperationMode(status.mode, minimumMode, allowTrial); + } + } diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfig.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfig.java index 9bd447319cc4a..9c49661cfc95f 100644 --- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfig.java +++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfig.java @@ -243,7 +243,8 @@ public boolean isAvailableWithLicense(XPackLicenseState licenseState) { } // The model license does not matter, this is the highest licensed level - if (licenseState.isActive() && XPackLicenseState.isPlatinumOrTrialOperationMode(licenseState.getOperationMode())) { + if (licenseState.isActive() && XPackLicenseState.isAllowedByOperationMode( + licenseState.getOperationMode(), License.OperationMode.PLATINUM, true)) { return true; } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java index a1fbfbe6c6a41..2e5ae01807a00 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/LicenseOperationModeTests.java @@ -47,9 +47,9 @@ public void testResolvePlatinum() { assertResolve(OperationMode.PLATINUM, "PlAtINum", "platinum"); } - public void testResolveEnterpriseAsPlatinum() { - assertResolve(OperationMode.PLATINUM, License.LicenseType.ENTERPRISE.getTypeName()); - assertResolve(OperationMode.PLATINUM, License.LicenseType.ENTERPRISE.name()); + public void testResolveEnterprise() { + assertResolve(OperationMode.ENTERPRISE, License.LicenseType.ENTERPRISE.getTypeName()); + assertResolve(OperationMode.ENTERPRISE, License.LicenseType.ENTERPRISE.name()); } public void testResolveUnknown() { diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java index 0f512a69f92d1..1381bebedd8bc 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/RemoteClusterLicenseCheckerTests.java @@ -146,7 +146,8 @@ public void testCheckRemoteClusterLicensesGivenCompatibleLicenses() { responses.add(new XPackInfoResponse(null, createPlatinumLicenseResponse(), null)); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final AtomicReference licenseCheck = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -188,7 +189,8 @@ public void testCheckRemoteClusterLicensesGivenIncompatibleLicense() { }).when(client).execute(same(XPackInfoAction.INSTANCE), any(), any()); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final AtomicReference licenseCheck = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -234,7 +236,8 @@ public void testCheckRemoteClusterLicencesGivenNonExistentCluster() { responses.add(new XPackInfoResponse(null, createPlatinumLicenseResponse(), null)); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final AtomicReference exception = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( @@ -274,7 +277,8 @@ public void testRemoteClusterLicenseCallUsesSystemContext() throws InterruptedEx }).when(client).execute(same(XPackInfoAction.INSTANCE), any(), any()); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final List remoteClusterAliases = Collections.singletonList("valid"); licenseChecker.checkRemoteClusterLicenses( @@ -313,7 +317,8 @@ public void testListenerIsExecutedWithCallingContext() throws InterruptedExcepti responses.add(new XPackInfoResponse(null, createPlatinumLicenseResponse(), null)); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final AtomicBoolean listenerInvoked = new AtomicBoolean(); threadPool.getThreadContext().putHeader("key", "value"); @@ -355,7 +360,7 @@ public void testBuildErrorMessageForActiveCompatibleLicense() { new RemoteClusterLicenseChecker.RemoteClusterLicenseInfo("platinum-cluster", platinumLicence); final AssertionError e = expectThrows( AssertionError.class, - () -> RemoteClusterLicenseChecker.buildErrorMessage("", info, RemoteClusterLicenseChecker::isLicensePlatinumOrTrial)); + () -> RemoteClusterLicenseChecker.buildErrorMessage("", info, RemoteClusterLicenseChecker::isAllowedByLicense)); assertThat(e, hasToString(containsString("license must be incompatible to build error message"))); } @@ -364,7 +369,7 @@ public void testBuildErrorMessageForIncompatibleLicense() { final RemoteClusterLicenseChecker.RemoteClusterLicenseInfo info = new RemoteClusterLicenseChecker.RemoteClusterLicenseInfo("basic-cluster", basicLicense); assertThat( - RemoteClusterLicenseChecker.buildErrorMessage("Feature", info, RemoteClusterLicenseChecker::isLicensePlatinumOrTrial), + RemoteClusterLicenseChecker.buildErrorMessage("Feature", info, RemoteClusterLicenseChecker::isAllowedByLicense), equalTo("the license mode [BASIC] on cluster [basic-cluster] does not enable [Feature]")); } @@ -373,7 +378,7 @@ public void testBuildErrorMessageForInactiveLicense() { final RemoteClusterLicenseChecker.RemoteClusterLicenseInfo info = new RemoteClusterLicenseChecker.RemoteClusterLicenseInfo("expired-cluster", expiredLicense); assertThat( - RemoteClusterLicenseChecker.buildErrorMessage("Feature", info, RemoteClusterLicenseChecker::isLicensePlatinumOrTrial), + RemoteClusterLicenseChecker.buildErrorMessage("Feature", info, RemoteClusterLicenseChecker::isAllowedByLicense), equalTo("the license on cluster [expired-cluster] is not active")); } @@ -388,7 +393,8 @@ public void testCheckRemoteClusterLicencesNoLicenseMetadata() { }).when(client).execute(same(XPackInfoAction.INSTANCE), any(), any()); final RemoteClusterLicenseChecker licenseChecker = - new RemoteClusterLicenseChecker(client, XPackLicenseState::isPlatinumOrTrialOperationMode); + new RemoteClusterLicenseChecker(client, operationMode -> + XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)); final AtomicReference exception = new AtomicReference<>(); licenseChecker.checkRemoteClusterLicenses( diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/TestUtils.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/TestUtils.java index 47dad7e18eb32..75ff3e50c1232 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/TestUtils.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/TestUtils.java @@ -282,6 +282,11 @@ public static License generateSignedLicense(String type, int version, long issue builder.subscriptionType((type != null) ? type : randomFrom("dev", "gold", "platinum", "silver")); builder.feature(randomAlphaOfLength(10)); } + if ("enterprise".equals(licenseType)) { + builder.version(License.VERSION_ENTERPRISE) + .maxResourceUnits(randomIntBetween(5, 500)) + .maxNodes(-1); + } final LicenseSigner signer = new LicenseSigner(getTestPriKeyPath(), getTestPubKeyPath()); return signer.sign(builder.build()); } diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java index 583de499b42f9..0becc50445fbf 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/license/XPackLicenseStateTests.java @@ -41,7 +41,7 @@ void assertAllowed(OperationMode mode, boolean active, Predicate mode != GOLD && mode != STANDARD); - assertAckMesssages(XPackField.SECURITY, BASIC, toMode, 0); + assertAckMessages(XPackField.SECURITY, BASIC, toMode, 0); } public void testSecurityAckAnyToTrialOrPlatinum() { - assertAckMesssages(XPackField.SECURITY, randomMode(), randomTrialOrPlatinumMode(), 0); + assertAckMessages(XPackField.SECURITY, randomMode(), randomTrialOrPlatinumMode(), 0); } public void testSecurityAckTrialGoldOrPlatinumToBasic() { - assertAckMesssages(XPackField.SECURITY, randomTrialGoldOrPlatinumMode(), BASIC, 7); + assertAckMessages(XPackField.SECURITY, randomTrialGoldOrPlatinumMode(), BASIC, 7); } public void testSecurityAckStandardToBasic() { - assertAckMesssages(XPackField.SECURITY, STANDARD, BASIC, 1); + assertAckMessages(XPackField.SECURITY, STANDARD, BASIC, 1); } public void testSecurityAckAnyToStandard() { OperationMode from = randomFrom(BASIC, GOLD, PLATINUM, TRIAL); - assertAckMesssages(XPackField.SECURITY, from, STANDARD, 5); + assertAckMessages(XPackField.SECURITY, from, STANDARD, 5); } public void testSecurityAckBasicStandardTrialOrPlatinumToGold() { OperationMode from = randomFrom(BASIC, PLATINUM, TRIAL, STANDARD); - assertAckMesssages(XPackField.SECURITY, from, GOLD, 3); + assertAckMessages(XPackField.SECURITY, from, GOLD, 3); } public void testMonitoringAckBasicToAny() { - assertAckMesssages(XPackField.MONITORING, BASIC, randomMode(), 0); + assertAckMessages(XPackField.MONITORING, BASIC, randomMode(), 0); } public void testMonitoringAckAnyToTrialGoldOrPlatinum() { - assertAckMesssages(XPackField.MONITORING, randomMode(), randomTrialStandardGoldOrPlatinumMode(), 0); + assertAckMessages(XPackField.MONITORING, randomMode(), randomTrialStandardGoldOrPlatinumMode(), 0); } public void testMonitoringAckNotBasicToBasic() { OperationMode from = randomFrom(STANDARD, GOLD, PLATINUM, TRIAL); - assertAckMesssages(XPackField.MONITORING, from, BASIC, 2); + assertAckMessages(XPackField.MONITORING, from, BASIC, 2); } public void testMonitoringAllowed() { @@ -484,11 +484,11 @@ public void testSqlPlatinumExpired() { } public void testSqlAckAnyToTrialOrPlatinum() { - assertAckMesssages(XPackField.SQL, randomMode(), randomTrialOrPlatinumMode(), 0); + assertAckMessages(XPackField.SQL, randomMode(), randomTrialOrPlatinumMode(), 0); } public void testSqlAckTrialOrPlatinumToNotTrialOrPlatinum() { - assertAckMesssages(XPackField.SQL, randomTrialOrPlatinumMode(), randomBasicStandardOrGold(), 1); + assertAckMessages(XPackField.SQL, randomTrialOrPlatinumMode(), randomBasicStandardOrGold(), 1); } public void testTransformBasic() throws Exception { diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java index 4eab68271b7e1..8b02e55bca2b4 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/common/validation/SourceDestValidatorTests.java @@ -597,7 +597,8 @@ public void testRemoteSourcePlatinum() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithBasicLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithBasicLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { REMOTE_BASIC + ":" + "SOURCE_1" }, "dest", "node_id", @@ -626,7 +627,8 @@ public void testRemoteSourcePlatinum() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithPlatinumLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithPlatinumLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -646,7 +648,8 @@ public void testRemoteSourcePlatinum() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithPlatinumLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithPlatinumLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -667,7 +670,8 @@ public void testRemoteSourcePlatinum() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithTrialLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithTrialLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { REMOTE_PLATINUM + ":" + "SOURCE_1" }, "dest", "node_id", @@ -690,7 +694,8 @@ public void testRemoteSourceLicenseInActive() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { REMOTE_BASIC + ":" + "SOURCE_1" }, "dest", "node_id", @@ -716,7 +721,8 @@ public void testRemoteSourceDoesNotExist() throws InterruptedException { CLUSTER_STATE, new IndexNameExpressionResolver(), remoteClusterService, - new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, XPackLicenseState::isPlatinumOrTrialOperationMode), + new RemoteClusterLicenseChecker(clientWithExpiredBasicLicense, + operationMode -> XPackLicenseState.isAllowedByOperationMode(operationMode, License.OperationMode.PLATINUM, true)), new String[] { "non_existing_remote:" + "SOURCE_1" }, "dest", "node_id", diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfigTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfigTests.java index 67b67a45500f1..3b0a19b496723 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfigTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/inference/TrainedModelConfigTests.java @@ -64,6 +64,7 @@ public static TrainedModelConfig.Builder createTestInstance(String modelId) { .setEstimatedHeapMemory(randomNonNegativeLong()) .setEstimatedOperations(randomNonNegativeLong()) .setLicenseLevel(randomFrom(License.OperationMode.PLATINUM.description(), + License.OperationMode.ENTERPRISE.description(), License.OperationMode.GOLD.description(), License.OperationMode.BASIC.description())) .setTags(tags); @@ -311,28 +312,45 @@ public void testIsAvailableWithLicense() { when(licenseState.isActive()).thenReturn(false); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.BASIC); + assertFalse(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); + when(licenseState.isActive()).thenReturn(true); + when(licenseState.getOperationMode()).thenReturn(License.OperationMode.ENTERPRISE); + assertTrue(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); + assertTrue(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); + assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); + assertTrue(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); + + when(licenseState.isActive()).thenReturn(false); + assertFalse(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); + assertFalse(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); + assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); + assertFalse(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); when(licenseState.isActive()).thenReturn(true); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.PLATINUM); + assertTrue(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); when(licenseState.isActive()).thenReturn(false); + assertFalse(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); when(licenseState.isActive()).thenReturn(true); when(licenseState.getOperationMode()).thenReturn(License.OperationMode.GOLD); + assertFalse(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); when(licenseState.isActive()).thenReturn(false); + assertFalse(builder.setLicenseLevel(License.OperationMode.ENTERPRISE.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.PLATINUM.description()).build().isAvailableWithLicense(licenseState)); assertTrue(builder.setLicenseLevel(License.OperationMode.BASIC.description()).build().isAvailableWithLicense(licenseState)); assertFalse(builder.setLicenseLevel(License.OperationMode.GOLD.description()).build().isAvailableWithLicense(licenseState)); diff --git a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/TLSLicenseBootstrapCheckTests.java b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/TLSLicenseBootstrapCheckTests.java index 3cb14180930d3..61407d152749a 100644 --- a/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/TLSLicenseBootstrapCheckTests.java +++ b/x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ssl/TLSLicenseBootstrapCheckTests.java @@ -23,7 +23,7 @@ public void testBootstrapCheckOnEmptyMetadata() { } public void testBootstrapCheckFailureOnPremiumLicense() throws Exception { - final OperationMode mode = randomFrom(OperationMode.PLATINUM, OperationMode.GOLD, OperationMode.STANDARD); + final OperationMode mode = randomFrom(OperationMode.ENTERPRISE, OperationMode.PLATINUM, OperationMode.GOLD, OperationMode.STANDARD); final Settings.Builder settings = Settings.builder(); if (randomBoolean()) { // randomise between default-false & explicit-false @@ -43,7 +43,7 @@ public void testBootstrapCheckFailureOnPremiumLicense() throws Exception { } public void testBootstrapCheckSucceedsWithTlsEnabledOnPremiumLicense() throws Exception { - final OperationMode mode = randomFrom(OperationMode.PLATINUM, OperationMode.GOLD, OperationMode.STANDARD); + final OperationMode mode = randomFrom(OperationMode.ENTERPRISE, OperationMode.PLATINUM, OperationMode.GOLD, OperationMode.STANDARD); final Settings.Builder settings = Settings.builder().put("xpack.security.transport.ssl.enabled", true); final BootstrapCheck.BootstrapCheckResult result = runBootstrapCheck(mode, settings); assertSuccess(result); diff --git a/x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDatafeedAction.java b/x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDatafeedAction.java index ddbd3d58966f8..80c3df26e996e 100644 --- a/x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDatafeedAction.java +++ b/x-pack/plugin/ml/src/main/java/org/elasticsearch/xpack/ml/action/TransportStartDatafeedAction.java @@ -342,7 +342,7 @@ private ElasticsearchStatusException createUnlicensedError( RemoteClusterLicenseChecker.buildErrorMessage( "ml", licenseCheck.remoteClusterLicenseInfo(), - RemoteClusterLicenseChecker::isLicensePlatinumOrTrial)); + RemoteClusterLicenseChecker::isAllowedByLicense)); return new ElasticsearchStatusException(message, RestStatus.BAD_REQUEST); } diff --git a/x-pack/plugin/ml/src/test/java/org/elasticsearch/license/MachineLearningLicensingTests.java b/x-pack/plugin/ml/src/test/java/org/elasticsearch/license/MachineLearningLicensingTests.java index a80e8ed709673..0925d252e2019 100644 --- a/x-pack/plugin/ml/src/test/java/org/elasticsearch/license/MachineLearningLicensingTests.java +++ b/x-pack/plugin/ml/src/test/java/org/elasticsearch/license/MachineLearningLicensingTests.java @@ -689,7 +689,7 @@ private static OperationMode randomInvalidLicenseType() { } private static OperationMode randomValidLicenseType() { - return randomFrom(License.OperationMode.TRIAL, License.OperationMode.PLATINUM); + return randomFrom(License.OperationMode.TRIAL, License.OperationMode.PLATINUM, OperationMode.ENTERPRISE); } private static OperationMode randomLicenseType() { diff --git a/x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java b/x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java index 49355d51495ec..054b1880b6b50 100644 --- a/x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java +++ b/x-pack/plugin/monitoring/src/test/java/org/elasticsearch/xpack/monitoring/collector/cluster/ClusterStatsCollectorTests.java @@ -131,6 +131,7 @@ public void testDoCollect() throws Exception { case STANDARD: case GOLD: case PLATINUM: + case ENTERPRISE: transportTLSEnabled = true; break; default: diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java index 3a82a7d0d9f31..0d2b06b1d425b 100644 --- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java +++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java @@ -267,7 +267,6 @@ import static java.util.Collections.emptyList; import static java.util.Collections.singletonList; import static org.elasticsearch.cluster.metadata.IndexMetaData.INDEX_FORMAT_SETTING; -import static org.elasticsearch.license.XPackLicenseState.FIPS_ALLOWED_LICENSE_OPERATION_MODES; import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING; import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED; import static org.elasticsearch.xpack.core.security.index.RestrictedIndicesNames.SECURITY_MAIN_ALIAS; @@ -1045,7 +1044,7 @@ public void accept(DiscoveryNode node, ClusterState state) { if (inFipsMode) { License license = LicenseService.getLicense(state.metaData()); if (license != null && - FIPS_ALLOWED_LICENSE_OPERATION_MODES.contains(license.operationMode()) == false) { + XPackLicenseState.isFipsAllowedForOperationMode(license.operationMode()) == false) { throw new IllegalStateException("FIPS mode cannot be used with a [" + license.operationMode() + "] license. It is only allowed with a Platinum or Trial license."); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java index bddbfb6b6d7f7..78bb56aa4953b 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/license/LicensingTests.java @@ -180,7 +180,7 @@ public void testRestAuthenticationByLicenseType() throws Exception { // generate a new license with a mode that enables auth License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.TRIAL, - License.OperationMode.PLATINUM, License.OperationMode.STANDARD); + License.OperationMode.PLATINUM, License.OperationMode.STANDARD, License.OperationMode.ENTERPRISE); enableLicensing(mode); e = expectThrows(ResponseException.class, () -> getRestClient().performRequest(new Request("GET", "/"))); assertThat(e.getResponse().getStatusLine().getStatusCode(), is(401)); @@ -204,7 +204,8 @@ public void testRestAuthenticationByLicenseType() throws Exception { } public void testNodeJoinWithoutSecurityExplicitlyEnabled() throws Exception { - License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.PLATINUM, License.OperationMode.STANDARD); + License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.PLATINUM, + License.OperationMode.ENTERPRISE, License.OperationMode.STANDARD); enableLicensing(mode); final List seedHosts = internalCluster().masterClient().admin().cluster().nodesInfo(new NodesInfoRequest()).get() diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java index 6dff631adc462..c3c39b5a5685b 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/SecurityTests.java @@ -65,7 +65,6 @@ import java.util.stream.Collectors; import static org.elasticsearch.cluster.metadata.IndexMetaData.INDEX_FORMAT_SETTING; -import static org.elasticsearch.license.XPackLicenseState.FIPS_ALLOWED_LICENSE_OPERATION_MODES; import static org.elasticsearch.xpack.core.security.index.RestrictedIndicesNames.SECURITY_MAIN_ALIAS; import static org.elasticsearch.xpack.security.support.SecurityIndexManager.INTERNAL_MAIN_INDEX_FORMAT; import static org.hamcrest.Matchers.containsString; @@ -245,7 +244,9 @@ public void testJoinValidatorForFIPSOnAllowedLicense() throws Exception { VersionUtils.randomVersionBetween(random(), null, Version.CURRENT)); MetaData.Builder builder = MetaData.builder(); License license = - TestUtils.generateSignedLicense(randomFrom(FIPS_ALLOWED_LICENSE_OPERATION_MODES).toString(), TimeValue.timeValueHours(24)); + TestUtils.generateSignedLicense( + randomFrom(License.OperationMode.ENTERPRISE, License.OperationMode.PLATINUM, License.OperationMode.TRIAL).toString(), + TimeValue.timeValueHours(24)); TestUtils.putLicense(builder, license); ClusterState state = ClusterState.builder(ClusterName.DEFAULT).metaData(builder.build()).build(); new Security.ValidateLicenseForFIPS(false).accept(node, state); @@ -260,7 +261,7 @@ public void testJoinValidatorForFIPSOnForbiddenLicense() throws Exception { MetaData.Builder builder = MetaData.builder(); final String forbiddenLicenseType = randomFrom(List.of(License.OperationMode.values()).stream() - .filter(l -> FIPS_ALLOWED_LICENSE_OPERATION_MODES.contains(l) == false).collect(Collectors.toList())).toString(); + .filter(l -> XPackLicenseState.isFipsAllowedForOperationMode(l) == false).collect(Collectors.toList())).toString(); License license = TestUtils.generateSignedLicense(forbiddenLicenseType, TimeValue.timeValueHours(24)); TestUtils.putLicense(builder, license); ClusterState state = ClusterState.builder(ClusterName.DEFAULT).metaData(builder.build()).build(); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java index 4b453c77691b2..695aa36640d4a 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/CompositeRolesStoreTests.java @@ -758,7 +758,7 @@ Settings.EMPTY, fileRolesStore, nativeRolesStore, reservedRolesStore, mock(Nativ Arrays.asList(inMemoryProvider), new ThreadContext(Settings.EMPTY), xPackLicenseState, cache, mock(ApiKeyService.class), documentSubsetBitsetCache, rds -> effectiveRoleDescriptors.set(rds)); // these licenses allow custom role providers - xPackLicenseState.update(randomFrom(OperationMode.PLATINUM, OperationMode.TRIAL), true, null); + xPackLicenseState.update(randomFrom(OperationMode.PLATINUM, OperationMode.ENTERPRISE, OperationMode.TRIAL), true, null); roleNames = Sets.newHashSet("roleA"); future = new PlainActionFuture<>(); compositeRolesStore.roles(roleNames, future); @@ -774,7 +774,7 @@ Settings.EMPTY, fileRolesStore, nativeRolesStore, reservedRolesStore, mock(Nativ Settings.EMPTY, fileRolesStore, nativeRolesStore, reservedRolesStore, mock(NativePrivilegeStore.class), Arrays.asList(inMemoryProvider), new ThreadContext(Settings.EMPTY), xPackLicenseState, cache, mock(ApiKeyService.class), documentSubsetBitsetCache, rds -> effectiveRoleDescriptors.set(rds)); - xPackLicenseState.update(randomFrom(OperationMode.PLATINUM, OperationMode.TRIAL), false, null); + xPackLicenseState.update(randomFrom(OperationMode.PLATINUM, OperationMode.ENTERPRISE, OperationMode.TRIAL), false, null); roleNames = Sets.newHashSet("roleA"); future = new PlainActionFuture<>(); compositeRolesStore.roles(roleNames, future); diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/saml/SamlBaseRestHandlerTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/saml/SamlBaseRestHandlerTests.java index 66993c2269dfd..2e4d5dcd401fd 100644 --- a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/saml/SamlBaseRestHandlerTests.java +++ b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/rest/action/saml/SamlBaseRestHandlerTests.java @@ -23,7 +23,8 @@ public class SamlBaseRestHandlerTests extends ESTestCase { public void testSamlAvailableOnTrialAndPlatinum() { - final SamlBaseRestHandler handler = buildHandler(randomFrom(License.OperationMode.TRIAL, License.OperationMode.PLATINUM)); + final SamlBaseRestHandler handler = buildHandler(randomFrom( + License.OperationMode.TRIAL, License.OperationMode.PLATINUM, License.OperationMode.ENTERPRISE)); assertThat(handler.checkFeatureAvailable(new FakeRestRequest()), Matchers.nullValue()); }