org.elasticsearch.xpack.security.SecurityUsageTransportAction Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of x-pack-security Show documentation
Show all versions of x-pack-security Show documentation
Elasticsearch Expanded Pack Plugin - Security
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0; you may not use this file except in compliance with the Elastic License
* 2.0.
*/
package org.elasticsearch.xpack.security;
import org.elasticsearch.action.ActionListener;
import org.elasticsearch.action.support.ActionFilters;
import org.elasticsearch.action.support.RefCountingListener;
import org.elasticsearch.cluster.ClusterState;
import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
import org.elasticsearch.cluster.service.ClusterService;
import org.elasticsearch.common.inject.Inject;
import org.elasticsearch.common.settings.Settings;
import org.elasticsearch.common.util.Maps;
import org.elasticsearch.core.Nullable;
import org.elasticsearch.license.XPackLicenseState;
import org.elasticsearch.protocol.xpack.XPackUsageRequest;
import org.elasticsearch.tasks.Task;
import org.elasticsearch.threadpool.ThreadPool;
import org.elasticsearch.transport.RemoteClusterPortSettings;
import org.elasticsearch.transport.TransportService;
import org.elasticsearch.xpack.core.XPackSettings;
import org.elasticsearch.xpack.core.action.XPackUsageFeatureAction;
import org.elasticsearch.xpack.core.action.XPackUsageFeatureResponse;
import org.elasticsearch.xpack.core.action.XPackUsageFeatureTransportAction;
import org.elasticsearch.xpack.core.security.SecurityFeatureSetUsage;
import org.elasticsearch.xpack.core.security.user.AnonymousUser;
import org.elasticsearch.xpack.security.audit.logfile.LoggingAuditTrail;
import org.elasticsearch.xpack.security.authc.ApiKeyService;
import org.elasticsearch.xpack.security.authc.Realms;
import org.elasticsearch.xpack.security.authc.support.mapper.NativeRoleMappingStore;
import org.elasticsearch.xpack.security.authz.store.CompositeRolesStore;
import org.elasticsearch.xpack.security.operator.OperatorPrivileges;
import org.elasticsearch.xpack.security.profile.ProfileService;
import org.elasticsearch.xpack.security.transport.filter.IPFilter;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import java.util.concurrent.atomic.AtomicReference;
import static java.util.Collections.singletonMap;
import static org.elasticsearch.xpack.core.XPackSettings.API_KEY_SERVICE_ENABLED_SETTING;
import static org.elasticsearch.xpack.core.XPackSettings.FIPS_MODE_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.HTTP_SSL_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.REMOTE_CLUSTER_CLIENT_SSL_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.REMOTE_CLUSTER_SERVER_SSL_ENABLED;
import static org.elasticsearch.xpack.core.XPackSettings.TOKEN_SERVICE_ENABLED_SETTING;
import static org.elasticsearch.xpack.core.XPackSettings.TRANSPORT_SSL_ENABLED;
import static org.elasticsearch.xpack.security.Security.ADVANCED_REMOTE_CLUSTER_SECURITY_FEATURE;
public class SecurityUsageTransportAction extends XPackUsageFeatureTransportAction {
private final Settings settings;
private final XPackLicenseState licenseState;
private final Realms realms;
private final CompositeRolesStore rolesStore;
private final NativeRoleMappingStore roleMappingStore;
private final IPFilter ipFilter;
private final ProfileService profileService;
private final ApiKeyService apiKeyService;
@Inject
public SecurityUsageTransportAction(
TransportService transportService,
ClusterService clusterService,
ThreadPool threadPool,
ActionFilters actionFilters,
IndexNameExpressionResolver indexNameExpressionResolver,
Settings settings,
XPackLicenseState licenseState,
SecurityUsageServices securityServices
) {
super(
XPackUsageFeatureAction.SECURITY.name(),
transportService,
clusterService,
threadPool,
actionFilters,
indexNameExpressionResolver
);
this.settings = settings;
this.licenseState = licenseState;
this.realms = securityServices.realms;
this.rolesStore = securityServices.rolesStore;
this.roleMappingStore = securityServices.roleMappingStore;
this.ipFilter = securityServices.ipFilter;
this.profileService = securityServices.profileService;
this.apiKeyService = securityServices.apiKeyService;
}
@Override
protected void masterOperation(
Task task,
XPackUsageRequest request,
ClusterState state,
ActionListener listener
) {
Map sslUsage = sslUsage(settings);
Map tokenServiceUsage = tokenServiceUsage(settings);
Map apiKeyServiceUsage = apiKeyServiceUsage(settings);
Map auditUsage = auditUsage(settings);
Map ipFilterUsage = ipFilterUsage(ipFilter);
Map anonymousUsage = singletonMap("enabled", AnonymousUser.isAnonymousEnabled(settings));
Map fips140Usage = fips140Usage(settings);
Map operatorPrivilegesUsage = Map.of(
"available",
Security.OPERATOR_PRIVILEGES_FEATURE.checkWithoutTracking(licenseState),
"enabled",
OperatorPrivileges.OPERATOR_PRIVILEGES_ENABLED.get(settings)
);
final AtomicReference
© 2015 - 2024 Weber Informatics LLC | Privacy Policy