Support audit ignore policy by index privileges

BigPandaToo · BigPandaToo · commit 79649e9a6a84 · 2021-02-15T23:26:37.000+01:00
Addressing review comments + changing approach:
- use permission check instead of simple "checkIfGrants"
- adding more testing
diff --git a/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java b/x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/audit/logfile/AuditTrailSettingsUpdateTests.java
@@ -124,20 +124,6 @@ public void testInvalidPrivilegesFilterSettings() throws Exception {
         assertThat(e.getMessage(), containsString("illegal value can't update"));
     }
 
-    public void testInvalidBothPrivilegesFilterSettings() throws Exception {
-        final Settings.Builder settingsBuilder1 = Settings.builder();
-        settingsBuilder1.putList("xpack.security.audit.logfile.events.ignore_filters.BothPrivilegesFilter.index_privileges",
-            "read");
-        updateSettings(settingsBuilder1.build(), true);
-
-        final Settings.Builder settingsBuilder2 = Settings.builder();
-        settingsBuilder2.putList("xpack.security.audit.logfile.events.ignore_filters.BothPrivilegesFilter.cluster_privileges", "monitor");
-
-        IllegalArgumentException e = expectThrows(IllegalArgumentException.class,
-            () -> updateSettings(settingsBuilder2.build(), true));
-        assertThat(e.getMessage(), containsString("illegal value can't update"));
-    }
-
     public void testDynamicHostSettings() {
         final boolean persistent = randomBoolean();
         final Settings.Builder settingsBuilder = Settings.builder();
