Allow license installation in dev mode without TLS (elastic/x-pack-elasticsearch#4155)

This commit allows license installation without TLS being enabled when
the cluster is in dev mode. The main difference this change enables is
the ability to install a production license on a single node cluster
that is bound to localhost and does not have the single-node discovery
enabled.

relates elastic/x-pack-elasticsearch#4123

Original commit: elastic/x-pack-elasticsearch@04ebcc0

Author: jaymode

plugin/core/src/main/java/org/elasticsearch/license/LicenseService.java

@@ -14,6 +14,7 @@
 import org.elasticsearch.cluster.ClusterStateListener;
 import org.elasticsearch.cluster.ack.ClusterStateUpdateResponse;
 import org.elasticsearch.cluster.metadata.MetaData;
+import org.elasticsearch.cluster.node.DiscoveryNode;
 import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.common.component.AbstractLifecycleComponent;
 import org.elasticsearch.common.component.Lifecycle;
@@ -206,7 +207,7 @@ public void registerLicense(final PutLicenseRequest request, final ActionListene
             if (newLicense.isProductionLicense()
                     && XPackSettings.SECURITY_ENABLED.get(settings)
                     && XPackSettings.TRANSPORT_SSL_ENABLED.get(settings) == false
-                    && "single-node".equals(DiscoveryModule.DISCOVERY_TYPE_SETTING.get(settings)) == false) {
+                    && isProductionMode(settings, clusterService.localNode())) {
                 // security is on but TLS is not configured we gonna fail the entire request and throw an exception
                 throw new IllegalStateException("Cannot install a [" + newLicense.operationMode() +
                         "] license unless TLS is configured or security is disabled");
@@ -512,4 +513,13 @@ static License getLicense(final LicensesMetaData metaData) {
         }
         return null;
     }
-}
+
+    private static boolean isProductionMode(Settings settings, DiscoveryNode localNode) {
+        final boolean singleNodeDisco = "single-node".equals(DiscoveryModule.DISCOVERY_TYPE_SETTING.get(settings));
+        return singleNodeDisco == false && isBoundToLoopback(localNode) == false;
+    }
+
+    private static boolean isBoundToLoopback(DiscoveryNode localNode) {
+        return localNode.getAddress().address().getAddress().isLoopbackAddress();
+    }
+}

plugin/core/src/test/java/org/elasticsearch/license/AbstractLicenseServiceTestCase.java

@@ -64,14 +64,19 @@ protected void setInitialState(License license, XPackLicenseState licenseState,
         MetaData metaData = mock(MetaData.class);
         when(metaData.custom(LicensesMetaData.TYPE)).thenReturn(new LicensesMetaData(license, null));
         when(state.metaData()).thenReturn(metaData);
-        final DiscoveryNode mockNode = new DiscoveryNode("b", buildNewFakeTransportAddress(), emptyMap(), emptySet(), Version.CURRENT);
+        final DiscoveryNode mockNode = getLocalNode();
         when(discoveryNodes.getMasterNode()).thenReturn(mockNode);
         when(discoveryNodes.isLocalNodeElectedMaster()).thenReturn(false);
         when(state.nodes()).thenReturn(discoveryNodes);
         when(state.getNodes()).thenReturn(discoveryNodes); // it is really ridiculous we have nodes() and getNodes()...
         when(clusterService.state()).thenReturn(state);
         when(clusterService.lifecycleState()).thenReturn(Lifecycle.State.STARTED);
         when(clusterService.getClusterName()).thenReturn(new ClusterName("a"));
+        when(clusterService.localNode()).thenReturn(mockNode);
+    }
+
+    protected DiscoveryNode getLocalNode() {
+        return new DiscoveryNode("b", buildNewFakeTransportAddress(), emptyMap(), emptySet(), Version.CURRENT);
     }
 
     @After

plugin/core/src/test/java/org/elasticsearch/license/LicenseTLSTests.java

@@ -0,0 +1,99 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License;
+ * you may not use this file except in compliance with the Elastic License.
+ */
+package org.elasticsearch.license;
+
+import org.elasticsearch.Version;
+import org.elasticsearch.action.support.PlainActionFuture;
+import org.elasticsearch.cluster.ClusterStateUpdateTask;
+import org.elasticsearch.cluster.node.DiscoveryNode;
+import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.common.transport.TransportAddress;
+import org.elasticsearch.common.unit.TimeValue;
+
+import java.net.InetAddress;
+
+import static java.util.Collections.emptyMap;
+import static java.util.Collections.emptySet;
+import static org.hamcrest.Matchers.containsString;
+import static org.mockito.Matchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
+
+public class LicenseTLSTests extends AbstractLicenseServiceTestCase {
+
+    private InetAddress inetAddress;
+
+    public void testApplyLicenseInDevMode() throws Exception {
+        License newLicense = TestUtils.generateSignedLicense(randomFrom("gold", "platinum"), TimeValue.timeValueHours(24L));
+        PutLicenseRequest request = new PutLicenseRequest();
+        request.acknowledge(true);
+        request.license(newLicense);
+        Settings settings = Settings.builder().put("xpack.security.enabled", true).build();
+        XPackLicenseState licenseState = new XPackLicenseState(settings);
+        inetAddress = InetAddress.getLoopbackAddress();
+
+        setInitialState(null, licenseState, settings);
+        licenseService.start();
+        PlainActionFuture<PutLicenseResponse> responseFuture = new PlainActionFuture<>();
+        licenseService.registerLicense(request, responseFuture);
+        verify(clusterService).submitStateUpdateTask(any(String.class), any(ClusterStateUpdateTask.class));
+
+        inetAddress = TransportAddress.META_ADDRESS;
+        settings = Settings.builder()
+                .put("xpack.security.enabled", true)
+                .put("discovery.type", "single-node")
+                .build();
+        licenseService.stop();
+        licenseState = new XPackLicenseState(settings);
+        setInitialState(null, licenseState, settings);
+        licenseService.start();
+        licenseService.registerLicense(request, responseFuture);
+        verify(clusterService, times(2)).submitStateUpdateTask(any(String.class), any(ClusterStateUpdateTask.class));
+    }
+
+    public void testApplyLicenseInProdMode() throws Exception {
+        final String licenseType = randomFrom("GOLD", "PLATINUM");
+        License newLicense = TestUtils.generateSignedLicense(licenseType, TimeValue.timeValueHours(24L));
+        PutLicenseRequest request = new PutLicenseRequest();
+        request.acknowledge(true);
+        request.license(newLicense);
+        Settings settings = Settings.builder().put("xpack.security.enabled", true).build();
+        XPackLicenseState licenseState = new XPackLicenseState(settings);
+        inetAddress = TransportAddress.META_ADDRESS;
+
+        setInitialState(null, licenseState, settings);
+        licenseService.start();
+        PlainActionFuture<PutLicenseResponse> responseFuture = new PlainActionFuture<>();
+        IllegalStateException e = expectThrows(IllegalStateException.class, () -> licenseService.registerLicense(request, responseFuture));
+        assertThat(e.getMessage(),
+                containsString("Cannot install a [" + licenseType + "] license unless TLS is configured or security is disabled"));
+
+        settings = Settings.builder().put("xpack.security.enabled", false).build();
+        licenseService.stop();
+        licenseState = new XPackLicenseState(settings);
+        setInitialState(null, licenseState, settings);
+        licenseService.start();
+        licenseService.registerLicense(request, responseFuture);
+        verify(clusterService).submitStateUpdateTask(any(String.class), any(ClusterStateUpdateTask.class));
+
+        settings = Settings.builder()
+                .put("xpack.security.enabled", true)
+                .put("xpack.security.transport.ssl.enabled", true)
+                .build();
+        licenseService.stop();
+        licenseState = new XPackLicenseState(settings);
+        setInitialState(null, licenseState, settings);
+        licenseService.start();
+        licenseService.registerLicense(request, responseFuture);
+        verify(clusterService, times(2)).submitStateUpdateTask(any(String.class), any(ClusterStateUpdateTask.class));
+    }
+
+    @Override
+    protected DiscoveryNode getLocalNode() {
+        return new DiscoveryNode("localnode", new TransportAddress(inetAddress, randomIntBetween(9300, 9399)),
+                emptyMap(), emptySet(), Version.CURRENT);
+    }
+}