Rename "URL Whitelist" to "URL Allowlist" (#22903)

* Rename "URL Whitelist" to "URL Allowlist"

* fix build

* rename whitelist to allowlist

* CL and upgrading.md

* rename telemtry event to URL_ALLOW_LIST_UPDATED

* fix eslint issues

* back-compat support

---------

Co-authored-by: Patrick Mann <[email protected]>
Co-authored-by: patrickmann <[email protected]>
Co-authored-by: Kolin Newby <[email protected]>
Co-authored-by: Maxwell <[email protected]>

Author: 4 people

UPGRADING.md

@@ -85,7 +85,10 @@ is now used as the primary color for elements like buttons and badges in the UI.
 
 The following REST API changes have been made.
 
-| Endpoint                                                              | Description                                                                             |
-|-----------------------------------------------------------------------|-----------------------------------------------------------------------------------------|
-| `GET /<endpoint>`                                                     | description                                                                             |
-| `GET /<endpoint>`                                                     | description                                                                             |
+| Endpoint                          | Description                                                                                                                                                                                |
+|-----------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `GET /system/urlallowlist`        | Renamed from `GET /system/urlwhitelist`. The corresponding REST API permission is renamed to `urlallowlist:read`.                                                                          |
+| `PUT /system/urlallowlist`        | Renamed from `PUT /system/urlwhitelist`                                                                         . The corresponding REST API permission is renamed to `urlallowlist:write` |
+| `POST /system/urlallowlist/check` | Renamed from `POST /system/urlwhitelist/check`                                                                                                                                             |
+| `POST /system/urlallowlist/generate_regex` | Renamed from `POST /system/urlwhitelist/generate_regex`                                                                                                                                    |
+| `GET /<endpoint>`                 | description                                                                                                                                                                                |

changelog/unreleased/issue-21034.toml

@@ -0,0 +1,5 @@
+type = "f"
+message = "Rename `whitelist` to `allowlist` in UI, API, and codebase."
+
+pulls = ["22903", "Graylog2/graylog-plugin-enterprise#11590"]
+issues = ["21034"]

full-backend-tests/src/test/java/org/graylog/events/processor/aggregation/EventNotificationsResourceIT.java

@@ -17,17 +17,14 @@
 package org.graylog.events.processor.aggregation;
 
 import com.github.rholder.retry.RetryException;
-import org.assertj.core.api.Assertions;
 import org.graylog.testing.completebackend.Lifecycle;
-import org.graylog.testing.completebackend.WebhookRequest;
 import org.graylog.testing.completebackend.WebhookServerInstance;
 import org.graylog.testing.completebackend.apis.GraylogApis;
 import org.graylog.testing.containermatrix.SearchServer;
 import org.graylog.testing.containermatrix.annotations.ContainerMatrixTest;
 import org.graylog.testing.containermatrix.annotations.ContainerMatrixTestsConfiguration;
 import org.junit.jupiter.api.BeforeEach;
 
-import java.util.List;
 import java.util.concurrent.ExecutionException;
 
 @ContainerMatrixTestsConfiguration(serverLifecycle = Lifecycle.CLASS, searchVersions = {SearchServer.DATANODE_DEV}, withWebhookServerEnabled = true)
@@ -42,7 +39,7 @@ public EventNotificationsResourceIT(GraylogApis graylogApis) {
 
     @BeforeEach
     void setUp() {
-        graylogApis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        graylogApis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
     }
 
     @ContainerMatrixTest

full-backend-tests/src/test/java/org/graylog/events/processor/aggregation/PivotAggregationSearchIT.java

@@ -81,7 +81,7 @@ void tearDown() {
 
     @ContainerMatrixTest
     void testPivotAggregationSearchAllKnownFields() throws ExecutionException, RetryException {
-        apis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        apis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
 
         final String notificationID = apis.eventsNotifications().createHttpNotification(webhookTester.getContainerizedCollectorURI());
 
@@ -100,7 +100,7 @@ void testPivotAggregationSearchAllKnownFields() throws ExecutionException, Retry
 
     @ContainerMatrixTest
     void testPivotAggregationSearchOneUnknownField() throws ExecutionException, RetryException {
-        apis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        apis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
 
         final String notificationID = apis.eventsNotifications().createHttpNotification(webhookTester.getContainerizedCollectorURI());
 
@@ -120,7 +120,7 @@ void testPivotAggregationSearchOneUnknownField() throws ExecutionException, Retr
 
     @ContainerMatrixTest
     void testPivotAggregationSearchAllUnknownFields() throws ExecutionException, RetryException {
-        apis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        apis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
 
         final String notificationID = apis.eventsNotifications().createHttpNotification(webhookTester.getContainerizedCollectorURI());
 
@@ -140,7 +140,7 @@ void testPivotAggregationSearchAllUnknownFields() throws ExecutionException, Ret
 
     @ContainerMatrixTest
     void testPivotAggregationIsolatedToStream() throws ExecutionException, RetryException {
-        apis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        apis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
 
         final String notificationID = apis.eventsNotifications().createHttpNotification(webhookTester.getContainerizedCollectorURI());
 
@@ -165,7 +165,7 @@ void testPivotAggregationIsolatedToStream() throws ExecutionException, RetryExce
 
     @ContainerMatrixTest
     void testPivotAggregationWithGroupingIsIsolatedToStream() throws ExecutionException, RetryException {
-        apis.system().urlWhitelist(webhookTester.getContainerizedCollectorURI());
+        apis.system().urlAllowlist(webhookTester.getContainerizedCollectorURI());
 
         final String notificationID = apis.eventsNotifications().createHttpNotification(webhookTester.getContainerizedCollectorURI());
 

graylog2-server/src/main/java/org/graylog/events/notifications/types/HTTPEventNotification.java

@@ -19,6 +19,7 @@
 import com.fasterxml.jackson.core.JsonProcessingException;
 import com.fasterxml.jackson.databind.ObjectMapper;
 import com.google.common.collect.ImmutableList;
+import jakarta.inject.Inject;
 import okhttp3.HttpUrl;
 import okhttp3.MediaType;
 import okhttp3.OkHttpClient;
@@ -37,13 +38,11 @@
 import org.graylog2.plugin.system.NodeId;
 import org.graylog2.security.encryption.EncryptedValueService;
 import org.graylog2.shared.bindings.providers.ParameterizedHttpClientProvider;
-import org.graylog2.system.urlwhitelist.UrlWhitelistNotificationService;
-import org.graylog2.system.urlwhitelist.UrlWhitelistService;
+import org.graylog2.system.urlallowlist.UrlAllowlistNotificationService;
+import org.graylog2.system.urlallowlist.UrlAllowlistService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import jakarta.inject.Inject;
-
 import java.io.IOException;
 
 import static jakarta.ws.rs.core.MediaType.APPLICATION_JSON;
@@ -65,14 +64,14 @@ public interface Factory extends EventNotification.Factory<HTTPEventNotification
 
     @Inject
     public HTTPEventNotification(EventNotificationService notificationCallbackService, ObjectMapper objectMapper,
-                                 UrlWhitelistService whitelistService,
-                                 UrlWhitelistNotificationService urlWhitelistNotificationService,
+                                 UrlAllowlistService allowlistService,
+                                 UrlAllowlistNotificationService urlAllowlistNotificationService,
                                  EncryptedValueService encryptedValueService,
                                  EventsConfigurationProvider configurationProvider,
                                  NotificationService notificationService,
                                  NodeId nodeId,
                                  final ParameterizedHttpClientProvider parameterizedHttpClientProvider) {
-        super(whitelistService, urlWhitelistNotificationService, encryptedValueService, notificationService, nodeId);
+        super(allowlistService, urlAllowlistNotificationService, encryptedValueService, notificationService, nodeId);
         this.notificationCallbackService = notificationCallbackService;
         this.objectMapper = objectMapper;
         this.configurationProvider = configurationProvider;

graylog2-server/src/main/java/org/graylog/events/notifications/types/HTTPEventNotificationV2.java

@@ -45,8 +45,8 @@
 import org.graylog2.security.encryption.EncryptedValueService;
 import org.graylog2.shared.bindings.providers.ObjectMapperProvider;
 import org.graylog2.shared.bindings.providers.ParameterizedHttpClientProvider;
-import org.graylog2.system.urlwhitelist.UrlWhitelistNotificationService;
-import org.graylog2.system.urlwhitelist.UrlWhitelistService;
+import org.graylog2.system.urlallowlist.UrlAllowlistNotificationService;
+import org.graylog2.system.urlallowlist.UrlAllowlistService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -103,16 +103,16 @@ public interface Factory extends EventNotification.Factory<HTTPEventNotification
 
     @Inject
     public HTTPEventNotificationV2(EventNotificationService notificationCallbackService, ObjectMapperProvider objectMapperProvider,
-                                   UrlWhitelistService whitelistService,
-                                   UrlWhitelistNotificationService urlWhitelistNotificationService,
+                                   UrlAllowlistService allowlistService,
+                                   UrlAllowlistNotificationService urlAllowlistNotificationService,
                                    EncryptedValueService encryptedValueService,
                                    EventsConfigurationProvider configurationProvider,
                                    Engine templateEngine,
                                    @Named("JsonSafe") Engine jsonTemplateEngine,
                                    NotificationService notificationService,
                                    NodeId nodeId,
                                    final ParameterizedHttpClientProvider parameterizedHttpClientProvider) {
-        super(whitelistService, urlWhitelistNotificationService, encryptedValueService, notificationService, nodeId);
+        super(allowlistService, urlAllowlistNotificationService, encryptedValueService, notificationService, nodeId);
         this.notificationCallbackService = notificationCallbackService;
         this.objectMapperProvider = objectMapperProvider;
         this.configurationProvider = configurationProvider;

graylog2-server/src/main/java/org/graylog/events/notifications/types/HTTPNotification.java

@@ -28,24 +28,24 @@
 import org.graylog2.plugin.system.NodeId;
 import org.graylog2.security.encryption.EncryptedValue;
 import org.graylog2.security.encryption.EncryptedValueService;
-import org.graylog2.system.urlwhitelist.UrlWhitelistNotificationService;
-import org.graylog2.system.urlwhitelist.UrlWhitelistService;
+import org.graylog2.system.urlallowlist.UrlAllowlistNotificationService;
+import org.graylog2.system.urlallowlist.UrlAllowlistService;
 
 import java.nio.charset.StandardCharsets;
 
 public class HTTPNotification {
-    private final UrlWhitelistService whitelistService;
-    private final UrlWhitelistNotificationService urlWhitelistNotificationService;
+    private final UrlAllowlistService allowlistService;
+    private final UrlAllowlistNotificationService urlAllowlistNotificationService;
     private final EncryptedValueService encryptedValueService;
     private final NotificationService notificationService;
     private final NodeId nodeId;
 
-    public HTTPNotification(UrlWhitelistService whitelistService,
-                            UrlWhitelistNotificationService urlWhitelistNotificationService,
+    public HTTPNotification(UrlAllowlistService allowlistService,
+                            UrlAllowlistNotificationService urlAllowlistNotificationService,
                             EncryptedValueService encryptedValueService,
                             NotificationService notificationService, NodeId nodeId) {
-        this.whitelistService = whitelistService;
-        this.urlWhitelistNotificationService = urlWhitelistNotificationService;
+        this.allowlistService = allowlistService;
+        this.urlAllowlistNotificationService = urlAllowlistNotificationService;
         this.encryptedValueService = encryptedValueService;
         this.notificationService = notificationService;
         this.nodeId = nodeId;
@@ -58,11 +58,11 @@ public HttpUrl validateUrl(String url, String notificationId, String eventDefTit
             throw new TemporaryEventNotificationException(
                     "Malformed URL: <" + url + "> in notification <" + notificationId + ">");
         }
-        if (!whitelistService.isWhitelisted(url)) {
+        if (!allowlistService.isAllowlisted(url)) {
             if (!NotificationTestData.TEST_NOTIFICATION_ID.equals(notificationId)) {
-                publishSystemNotificationForWhitelistFailure(url, eventDefTitle);
+                publishSystemNotificationForAllowlistFailure(url, eventDefTitle);
             }
-            throw new TemporaryEventNotificationException("URL <" + url + "> is not whitelisted.");
+            throw new TemporaryEventNotificationException("URL <" + url + "> is not allowlisted.");
         }
         return httpUrl;
     }
@@ -113,11 +113,11 @@ private String getApiKeyValue(EncryptedValue apiSecret) {
         return encryptedValueService.decrypt(apiSecret);
     }
 
-    private void publishSystemNotificationForWhitelistFailure(String url, String eventNotificationTitle) {
+    private void publishSystemNotificationForAllowlistFailure(String url, String eventNotificationTitle) {
         final String description = "The alert notification \"" + eventNotificationTitle +
-                "\" is trying to access a URL which is not whitelisted. Please check your configuration. [url: \"" +
+                "\" is trying to access a URL which is not allowlisted. Please check your configuration. [url: \"" +
                 url + "\"]";
-        urlWhitelistNotificationService.publishWhitelistFailure(description);
+        urlAllowlistNotificationService.publishAllowlistFailure(description);
     }
 
     void createSystemErrorNotification(String message, EventNotificationContext ctx) {

graylog2-server/src/main/java/org/graylog/plugins/views/search/Query.java

@@ -165,7 +165,7 @@ Query applyExecutionState(ExecutionStateGlobalOverride state) {
 
             if (!state.searchTypes().isEmpty() || !state.keepSearchTypes().isEmpty()) {
                 final Set<SearchType> searchTypesToKeep = !state.keepSearchTypes().isEmpty()
-                        ? filterForWhiteListFromState(searchTypes(), state)
+                        ? filterForAllowListFromState(searchTypes(), state)
                         : searchTypes();
 
                 final Set<SearchType> searchTypesWithOverrides = applyAvailableOverrides(state, searchTypesToKeep);
@@ -178,7 +178,7 @@ Query applyExecutionState(ExecutionStateGlobalOverride state) {
         return this;
     }
 
-    private Set<SearchType> filterForWhiteListFromState(Set<SearchType> previousSearchTypes, ExecutionStateGlobalOverride state) {
+    private Set<SearchType> filterForAllowListFromState(Set<SearchType> previousSearchTypes, ExecutionStateGlobalOverride state) {
         return previousSearchTypes.stream()
                 .filter(st -> state.keepSearchTypes().contains(st.id()))
                 .collect(toSet());

graylog2-server/src/main/java/org/graylog2/alarmcallbacks/HTTPAlarmCallback.java

@@ -36,7 +36,7 @@
 import org.graylog2.plugin.configuration.fields.ConfigurationField;
 import org.graylog2.plugin.configuration.fields.TextField;
 import org.graylog2.plugin.streams.Stream;
-import org.graylog2.system.urlwhitelist.UrlWhitelistService;
+import org.graylog2.system.urlallowlist.UrlAllowlistService;
 
 import java.io.IOException;
 import java.net.MalformedURLException;
@@ -54,14 +54,14 @@ public class HTTPAlarmCallback implements AlarmCallback {
     private final OkHttpClient httpClient;
     private final ObjectMapper objectMapper;
     private Configuration configuration;
-    private final UrlWhitelistService whitelistService;
+    private final UrlAllowlistService allowlistService;
 
     @Inject
     public HTTPAlarmCallback(final OkHttpClient httpClient, final ObjectMapper objectMapper,
-                             UrlWhitelistService whitelistService) {
+                             UrlAllowlistService allowlistService) {
         this.httpClient = httpClient;
         this.objectMapper = objectMapper;
-        this.whitelistService = whitelistService;
+        this.allowlistService = allowlistService;
     }
 
     @Override
@@ -88,8 +88,8 @@ public void call(final Stream stream, final AlertCondition.CheckResult result) t
             throw new AlarmCallbackException("Malformed URL: " + url);
         }
 
-        if (!whitelistService.isWhitelisted(url)) {
-            throw new AlarmCallbackException("URL <" + url + "> is not whitelisted.");
+        if (!allowlistService.isAllowlisted(url)) {
+            throw new AlarmCallbackException("URL <" + url + "> is not allowlisted.");
         }
 
         final Request request = new Request.Builder()
@@ -140,8 +140,8 @@ public void checkConfiguration() throws ConfigurationException {
             throw new ConfigurationException("Malformed URL '" + url + "'", e);
         }
 
-        if (!whitelistService.isWhitelisted(url)) {
-            throw new ConfigurationException("URL <" + url + "> is not whitelisted.");
+        if (!allowlistService.isAllowlisted(url)) {
+            throw new ConfigurationException("URL <" + url + "> is not allowlisted.");
         }
     }
 }

graylog2-server/src/main/java/org/graylog2/audit/AuditEventTypes.java

@@ -166,7 +166,7 @@ public class AuditEventTypes implements PluginAuditEventTypes {
     public static final String SYSTEM_JOB_ACKNOWLEDGE = PREFIX + "system_job:acknowledge";
     public static final String SYSTEM_NOTIFICATION_CREATE = PREFIX + "system_notification:create";
     public static final String SYSTEM_NOTIFICATION_DELETE = PREFIX + "system_notification:delete";
-    public static final String URL_WHITELIST_UPDATE = PREFIX + "url_whitelist:update";
+    public static final String URL_ALLOWLIST_UPDATE = PREFIX + "url_allowlist:update";
     public static final String USER_ACCESS_TOKEN_CREATE = PREFIX + "user_access_token:create";
     public static final String USER_ACCESS_TOKEN_DELETE = PREFIX + "user_access_token:delete";
     public static final String USER_CREATE = PREFIX + "user:create";
@@ -320,7 +320,7 @@ public class AuditEventTypes implements PluginAuditEventTypes {
             .add(SYSTEM_JOB_ACKNOWLEDGE)
             .add(SYSTEM_NOTIFICATION_CREATE)
             .add(SYSTEM_NOTIFICATION_DELETE)
-            .add(URL_WHITELIST_UPDATE)
+            .add(URL_ALLOWLIST_UPDATE)
             .add(USER_ACCESS_TOKEN_CREATE)
             .add(USER_ACCESS_TOKEN_DELETE)
             .add(USER_CREATE)