Minor fixes in tests, sample config and flag update

Author: shivangdoshi07

securityconfig/elasticsearch.yml.example

@@ -7,11 +7,10 @@
 
 ############## Common configuration settings ##############
 
-# Enable or disable the Open Distro Security enterprise modules
-# By default enterprise modules are enabled. If you use any of the modules in production you need
-# to obtain a license. If you want to use the free Community Edition, you can switch
-# all enterprise features off by setting the following key to false
-opendistro_security.enterprise_modules_enabled: true
+# Enable or disable the Open Distro Security advanced modules
+# By default advanced modules are enabled, you can switch
+# all advanced features off by setting the following key to false
+opendistro_security.advanced_modules_enabled: true
 
 # Specify a list of DNs which denote the other nodes in the cluster.
 # This settings support wildcards and regular expressions

src/main/java/com/amazon/opendistroforelasticsearch/security/OpenDistroSecurityPlugin.java

@@ -189,7 +189,7 @@ public final class OpenDistroSecurityPlugin extends OpenDistroSecuritySSLPlugin
     private volatile SslExceptionHandler sslExceptionHandler;
     private volatile Client localClient;
     private final boolean disabled;
-    private final boolean enterpriseModulesEnabled;
+    private final boolean advancedModulesEnabled;
     private final boolean sslOnly;
     private final List<String> demoCertHashes = new ArrayList<String>(3);
     private volatile OpenDistroSecurityFilter odsf;
@@ -227,7 +227,7 @@ public OpenDistroSecurityPlugin(final Settings settings, final Path configPath)
             this.tribeNodeClient = false;
             this.dlsFlsAvailable = false;
             this.dlsFlsConstructor = null;
-            this.enterpriseModulesEnabled = false;
+            this.advancedModulesEnabled = false;
             this.sslOnly = false;
             complianceConfig = null;
             log.warn("Open Distro Security plugin installed but disabled. This can expose your configuration (including passwords) to the public.");
@@ -240,7 +240,7 @@ public OpenDistroSecurityPlugin(final Settings settings, final Path configPath)
             this.tribeNodeClient = false;
             this.dlsFlsAvailable = false;
             this.dlsFlsConstructor = null;
-            this.enterpriseModulesEnabled = false;
+            this.advancedModulesEnabled = false;
             complianceConfig = null;
             log.warn("Open Distro Security plugin run in ssl only mode. No authentication or authorization is performed");
             return;
@@ -279,8 +279,8 @@ public Object run() {
             }
         });
 
-        enterpriseModulesEnabled = settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_ENTERPRISE_MODULES_ENABLED, true);
-        ReflectionHelper.init(enterpriseModulesEnabled);
+        advancedModulesEnabled = settings.getAsBoolean(ConfigConstants.OPENDISTRO_SECURITY_ADVANCED_MODULES_ENABLED, true);
+        ReflectionHelper.init(advancedModulesEnabled);
 
         ReflectionHelper.registerMngtRestApiHandler(settings);
 
@@ -870,7 +870,7 @@ public List<Setting<?>> getSettings() {
             settings.add(Setting.intSetting(ConfigConstants.OPENDISTRO_SECURITY_CACHE_TTL_MINUTES, 60, 0, Property.NodeScope, Property.Filtered));
 
             //Security
-            settings.add(Setting.boolSetting(ConfigConstants.OPENDISTRO_SECURITY_ENTERPRISE_MODULES_ENABLED, true, Property.NodeScope, Property.Filtered));
+            settings.add(Setting.boolSetting(ConfigConstants.OPENDISTRO_SECURITY_ADVANCED_MODULES_ENABLED, true, Property.NodeScope, Property.Filtered));
             settings.add(Setting.boolSetting(ConfigConstants.OPENDISTRO_SECURITY_ALLOW_UNSAFE_DEMOCERTIFICATES, false, Property.NodeScope, Property.Filtered));
             settings.add(Setting.boolSetting(ConfigConstants.OPENDISTRO_SECURITY_ALLOW_DEFAULT_INIT_SECURITYINDEX, false, Property.NodeScope, Property.Filtered));
 

src/main/java/com/amazon/opendistroforelasticsearch/security/auth/BackendRegistry.java

@@ -740,19 +740,19 @@ private User impersonate(final RestRequest request, final User originalUser) thr
     private <T> T newInstance(final String clazzOrShortcut, String type, final Settings settings, final Path configPath) {
 
         String clazz = clazzOrShortcut;
-        boolean isEnterprise = false;
+        boolean isAdvancedModule = false;
 
         if(authImplMap.containsKey(clazz+"_"+type)) {
             clazz = authImplMap.get(clazz+"_"+type);
         } else {
-            isEnterprise = true;
+            isAdvancedModule = true;
         }
 
-        if(ReflectionHelper.isEnterpriseAAAModule(clazz)) {
-            isEnterprise = true;
+        if(ReflectionHelper.isAdvancedModuleAAAModule(clazz)) {
+            isAdvancedModule = true;
         }
 
-        return ReflectionHelper.instantiateAAA(clazz, settings, configPath, isEnterprise);
+        return ReflectionHelper.instantiateAAA(clazz, settings, configPath, isAdvancedModule);
     }
 
     private void destroyDestroyables() {

src/main/java/com/amazon/opendistroforelasticsearch/security/privileges/DlsFlsEvaluator.java

@@ -103,7 +103,7 @@ public PrivilegesEvaluatorResponse evaluate(final ClusterService clusterService,
 
 
         // attach dls/fls map if not already done
-        // TODO do this only if enterprise module are loaded
+        // TODO do this only if advanced module are loaded
         final Tuple<Map<String, Set<String>>, Map<String, Set<String>>> dlsFls = securityRoles.getDlsFls(user, resolver, clusterService);
         final Map<String, Set<String>> dlsQueries = dlsFls.v1();
         final Map<String, Set<String>> flsFields = dlsFls.v2();

src/main/java/com/amazon/opendistroforelasticsearch/security/support/ConfigConstants.java

@@ -191,7 +191,7 @@ public class ConfigConstants {
     public static final String OPENDISTRO_SECURITY_KERBEROS_ACCEPTOR_PRINCIPAL = "opendistro_security.kerberos.acceptor_principal";
     public static final String OPENDISTRO_SECURITY_CERT_OID = "opendistro_security.cert.oid";
     public static final String OPENDISTRO_SECURITY_CERT_INTERCLUSTER_REQUEST_EVALUATOR_CLASS = "opendistro_security.cert.intercluster_request_evaluator_class";
-    public static final String OPENDISTRO_SECURITY_ENTERPRISE_MODULES_ENABLED = "opendistro_security.enterprise_modules_enabled";
+    public static final String OPENDISTRO_SECURITY_ADVANCED_MODULES_ENABLED = "opendistro_security.advanced_modules_enabled";
     public static final String OPENDISTRO_SECURITY_NODES_DN = "opendistro_security.nodes_dn";
     public static final String OPENDISTRO_SECURITY_DISABLED = "opendistro_security.disabled";
     public static final String OPENDISTRO_SECURITY_CACHE_TTL_MINUTES = "opendistro_security.cache.ttl_minutes";

src/main/java/com/amazon/opendistroforelasticsearch/security/support/ModuleInfo.java

@@ -94,7 +94,7 @@ public Map<String, String> getAsMap() {
 		Map<String, String> infoMap = new HashMap<>();
 		infoMap.put("type", moduleType.name());
 		infoMap.put("description", moduleType.getDescription());
-		infoMap.put("is_enterprise", moduleType.isEnterprise().toString());
+		infoMap.put("is_advanced_module", moduleType.isAdvancedModule().toString());
 		infoMap.put("default_implementation", moduleType.getDefaultImplClass());
 		infoMap.put("actual_implementation", this.classname);
 		//infoMap.put("classpath", this.classpath); //this can disclose file locations

src/main/java/com/amazon/opendistroforelasticsearch/security/support/ModuleType.java

@@ -74,7 +74,7 @@ public enum ModuleType implements Serializable {
 
 	private String description;
 	private String defaultImplClass;
-	private Boolean isEnterprise = Boolean.TRUE;
+	private Boolean isAdvancedModule = Boolean.TRUE;
 	private static Map<String, ModuleType> modulesMap = new HashMap<>();
 
 	static{
@@ -85,10 +85,10 @@ public enum ModuleType implements Serializable {
 		}
 	}
 
-	private ModuleType(String description, String defaultImplClass, Boolean isEnterprise) {
+	private ModuleType(String description, String defaultImplClass, Boolean isAdvancedModule) {
 		this.description = description;
 		this.defaultImplClass = defaultImplClass;
-		this.isEnterprise = isEnterprise;
+		this.isAdvancedModule = isAdvancedModule;
 	}
 
 	public static ModuleType getByDefaultImplClass(Class<?> clazz) {
@@ -132,8 +132,8 @@ public String getDefaultImplClass() {
 		return defaultImplClass;
 	}
 
-	public Boolean isEnterprise() {
-		return isEnterprise;
+	public Boolean isAdvancedModule() {
+		return isAdvancedModule;
 	}
 
 

src/main/java/com/amazon/opendistroforelasticsearch/security/support/ReflectionHelper.java

@@ -77,13 +77,13 @@ public static Set<ModuleInfo> getModulesLoaded() {
         return Collections.unmodifiableSet(modulesLoaded);
     }
 
-    private static boolean enterpriseModulesDisabled() {
-        return !enterpriseModulesEnabled;
+    private static boolean advancedModulesDisabled() {
+        return !advancedModulesEnabled;
     }
 
     public static void registerMngtRestApiHandler(final Settings settings) {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return;
         }
 
@@ -106,7 +106,7 @@ public static Collection<RestHandler> instantiateMngtRestApiHandler(final Settin
             final Client localClient, final AdminDNs adminDns, final IndexBaseConfigurationRepository cr, final ClusterService cs, final PrincipalExtractor principalExtractor,
             final PrivilegesEvaluator evaluator, final ThreadPool threadPool, final AuditLog auditlog) {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return Collections.emptyList();
         }
 
@@ -130,7 +130,7 @@ public static Collection<RestHandler> instantiateMngtRestApiHandler(final Settin
     @SuppressWarnings("rawtypes")
     public static Constructor instantiateDlsFlsConstructor() {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return null;
         }
 
@@ -152,7 +152,7 @@ public static Constructor instantiateDlsFlsConstructor() {
 
     public static DlsFlsRequestValve instantiateDlsFlsValve() {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return new DlsFlsRequestValve.NoopDlsFlsRequestValve();
         }
 
@@ -172,7 +172,7 @@ public static DlsFlsRequestValve instantiateDlsFlsValve() {
     public static AuditLog instantiateAuditLog(final Settings settings, final Path configPath, final Client localClient, final ThreadPool threadPool,
             final IndexNameExpressionResolver resolver, final ClusterService clusterService) {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return new NullAuditLog();
         }
 
@@ -194,7 +194,7 @@ public static AuditLog instantiateAuditLog(final Settings settings, final Path c
 
     public static ComplianceIndexingOperationListener instantiateComplianceListener(ComplianceConfig complianceConfig, AuditLog auditlog) {
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return new ComplianceIndexingOperationListener();
         }
 
@@ -226,7 +226,7 @@ public static PrivilegesInterceptor instantiatePrivilegesInterceptorImpl(final I
 
         final PrivilegesInterceptor noop = new PrivilegesInterceptor(resolver, clusterService, localClient, threadPool);
 
-        if (enterpriseModulesDisabled()) {
+        if (advancedModulesDisabled()) {
             return noop;
         }
 
@@ -248,8 +248,8 @@ public static PrivilegesInterceptor instantiatePrivilegesInterceptorImpl(final I
     @SuppressWarnings("unchecked")
     public static <T> T instantiateAAA(final String clazz, final Settings settings, final Path configPath, final boolean checkEnterprise) {
 
-        if (checkEnterprise && enterpriseModulesDisabled()) {
-            throw new ElasticsearchException("Can not load '{}' because enterprise modules are disabled", clazz);
+        if (checkEnterprise && advancedModulesDisabled()) {
+            throw new ElasticsearchException("Can not load '{}' because advanced modules are disabled", clazz);
         }
 
         try {
@@ -301,34 +301,34 @@ public static PrincipalExtractor instantiatePrincipalExtractor(final String claz
         }
     }
 
-    public static boolean isEnterpriseAAAModule(final String clazz) {
-        boolean enterpriseModuleInstalled = false;
+    public static boolean isAdvancedModuleAAAModule(final String clazz) {
+        boolean advancedModuleInstalled = false;
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.ldap.backend.LDAPAuthorizationBackend")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.ldap.backend.LDAPAuthenticationBackend")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.jwt.HTTPJwtAuthenticator")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.jwt.keybyoidc.HTTPJwtKeyByOpenIdConnectAuthenticator")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.kerberos.HTTPSpnegoAuthenticator")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
         if (clazz.equalsIgnoreCase("com.amazon.dlic.auth.http.saml.HTTPSamlAuthenticator")) {
-            enterpriseModuleInstalled = true;
+            advancedModuleInstalled = true;
         }
 
-        return enterpriseModuleInstalled;
+        return advancedModuleInstalled;
     }
 
     public static boolean addLoadedModule(Class<?> clazz) {
@@ -339,11 +339,11 @@ public static boolean addLoadedModule(Class<?> clazz) {
         return modulesLoaded.add(moduleInfo);
     }
 
-    private static boolean enterpriseModulesEnabled;
+    private static boolean advancedModulesEnabled;
 
     // TODO static hack
-    public static void init(final boolean enterpriseModulesEnabled) {
-        ReflectionHelper.enterpriseModulesEnabled = enterpriseModulesEnabled;
+    public static void init(final boolean advancedModulesEnabled) {
+        ReflectionHelper.advancedModulesEnabled = advancedModulesEnabled;
     }
 
     private static ModuleInfo getModuleInfo(final Class<?> impl) {

src/test/java/com/amazon/opendistroforelasticsearch/security/test/AbstractSecurityUnitTest.java

@@ -97,7 +97,7 @@ public abstract class AbstractSecurityUnitTest {
 
     //TODO Test Matrix
     protected boolean allowOpenSSL = false; //disabled, we test this already in SSL Plugin
-    //enable//disable enterprise modules
+    //enable//disable advanced modules
     //1node and 3 node
 
 	@Rule

src/test/java/com/amazon/opendistroforelasticsearch/security/test/SingleClusterTest.java

@@ -60,21 +60,21 @@ protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig
         setup(initTransportClientSettings, dynamicSecuritySettings, nodeOverride, true);
     }
 
-    protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initSeachGuardIndex) throws Exception {
-        setup(initTransportClientSettings, dynamicSecuritySettings, nodeOverride, initSeachGuardIndex, ClusterConfiguration.DEFAULT);
+    protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initOpendistroSecurityIndex) throws Exception {
+        setup(initTransportClientSettings, dynamicSecuritySettings, nodeOverride, initOpendistroSecurityIndex, ClusterConfiguration.DEFAULT);
     }
 
-    protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initSeachGuardIndex, ClusterConfiguration clusterConfiguration) throws Exception {
+    protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride, boolean initOpendistroSecurityIndex, ClusterConfiguration clusterConfiguration) throws Exception {
         clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(nodeOverride), clusterConfiguration);
-        if(initSeachGuardIndex && dynamicSecuritySettings != null) {
+        if(initOpendistroSecurityIndex && dynamicSecuritySettings != null) {
             initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings);
         }
     }
 
     protected void setup(Settings initTransportClientSettings, DynamicSecurityConfig dynamicSecuritySettings, Settings nodeOverride
-            , boolean initSeachGuardIndex, ClusterConfiguration clusterConfiguration, int timeout, Integer nodes) throws Exception {    
+            , boolean initOpendistroSecurityIndex, ClusterConfiguration clusterConfiguration, int timeout, Integer nodes) throws Exception {
         clusterInfo = clusterHelper.startCluster(minimumSecuritySettings(nodeOverride), clusterConfiguration, timeout, nodes);
-        if(initSeachGuardIndex) {
+        if(initOpendistroSecurityIndex) {
             initialize(clusterInfo, initTransportClientSettings, dynamicSecuritySettings);
         }
     }