Remove pre-7.2 token serialization support (#118057)

Author: thecoop

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -54,11 +54,9 @@ static TransportVersion def(int id) {
     public static final TransportVersion ZERO = def(0);
     public static final TransportVersion V_7_0_0 = def(7_00_00_99);
     public static final TransportVersion V_7_0_1 = def(7_00_01_99);
-    public static final TransportVersion V_7_1_0 = def(7_01_00_99);
     public static final TransportVersion V_7_2_0 = def(7_02_00_99);
     public static final TransportVersion V_7_2_1 = def(7_02_01_99);
     public static final TransportVersion V_7_3_0 = def(7_03_00_99);
-    public static final TransportVersion V_7_3_2 = def(7_03_02_99);
     public static final TransportVersion V_7_4_0 = def(7_04_00_99);
     public static final TransportVersion V_7_5_0 = def(7_05_00_99);
     public static final TransportVersion V_7_6_0 = def(7_06_00_99);

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java

@@ -55,10 +55,8 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         realmsUsage = in.readGenericMap();
         rolesStoreUsage = in.readGenericMap();
         sslUsage = in.readGenericMap();
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
-            tokenServiceUsage = in.readGenericMap();
-            apiKeyServiceUsage = in.readGenericMap();
-        }
+        tokenServiceUsage = in.readGenericMap();
+        apiKeyServiceUsage = in.readGenericMap();
         auditUsage = in.readGenericMap();
         ipFilterUsage = in.readGenericMap();
         anonymousUsage = in.readGenericMap();
@@ -125,10 +123,8 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeGenericMap(realmsUsage);
         out.writeGenericMap(rolesStoreUsage);
         out.writeGenericMap(sslUsage);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
-            out.writeGenericMap(tokenServiceUsage);
-            out.writeGenericMap(apiKeyServiceUsage);
-        }
+        out.writeGenericMap(tokenServiceUsage);
+        out.writeGenericMap(apiKeyServiceUsage);
         out.writeGenericMap(auditUsage);
         out.writeGenericMap(ipFilterUsage);
         out.writeGenericMap(anonymousUsage);

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/TokensInvalidationResult.java

@@ -59,9 +59,6 @@ public TokensInvalidationResult(StreamInput in) throws IOException {
         this.invalidatedTokens = in.readStringCollectionAsList();
         this.previouslyInvalidatedTokens = in.readStringCollectionAsList();
         this.errors = in.readCollectionAsList(StreamInput::readException);
-        if (in.getTransportVersion().before(TransportVersions.V_7_2_0)) {
-            in.readVInt();
-        }
         if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
             this.restStatus = RestStatus.readFrom(in);
         }
@@ -111,9 +108,6 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeStringCollection(invalidatedTokens);
         out.writeStringCollection(previouslyInvalidatedTokens);
         out.writeCollection(errors, StreamOutput::writeException);
-        if (out.getTransportVersion().before(TransportVersions.V_7_2_0)) {
-            out.writeVInt(5);
-        }
         if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
             RestStatus.writeTo(out, restStatus);
         }

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java

@@ -327,8 +327,8 @@ public void testInvalidateNotValidAccessTokens() throws Exception {
             ResponseException.class,
             () -> invalidateAccessToken(
                 tokenService.prependVersionAndEncodeAccessToken(
-                    TransportVersions.V_7_3_2,
-                    tokenService.getRandomTokenBytes(TransportVersions.V_7_3_2, randomBoolean()).v1()
+                    TransportVersions.MINIMUM_COMPATIBLE,
+                    tokenService.getRandomTokenBytes(TransportVersions.MINIMUM_COMPATIBLE, randomBoolean()).v1()
                 )
             )
         );
@@ -347,7 +347,7 @@ public void testInvalidateNotValidAccessTokens() throws Exception {
         byte[] longerAccessToken = new byte[randomIntBetween(17, 24)];
         random().nextBytes(longerAccessToken);
         invalidateResponse = invalidateAccessToken(
-            tokenService.prependVersionAndEncodeAccessToken(TransportVersions.V_7_3_2, longerAccessToken)
+            tokenService.prependVersionAndEncodeAccessToken(TransportVersions.MINIMUM_COMPATIBLE, longerAccessToken)
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
         assertThat(invalidateResponse.previouslyInvalidated(), equalTo(0));
@@ -365,7 +365,7 @@ public void testInvalidateNotValidAccessTokens() throws Exception {
         byte[] shorterAccessToken = new byte[randomIntBetween(12, 15)];
         random().nextBytes(shorterAccessToken);
         invalidateResponse = invalidateAccessToken(
-            tokenService.prependVersionAndEncodeAccessToken(TransportVersions.V_7_3_2, shorterAccessToken)
+            tokenService.prependVersionAndEncodeAccessToken(TransportVersions.MINIMUM_COMPATIBLE, shorterAccessToken)
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
         assertThat(invalidateResponse.previouslyInvalidated(), equalTo(0));
@@ -394,8 +394,8 @@ public void testInvalidateNotValidAccessTokens() throws Exception {
 
         invalidateResponse = invalidateAccessToken(
             tokenService.prependVersionAndEncodeAccessToken(
-                TransportVersions.V_7_3_2,
-                tokenService.getRandomTokenBytes(TransportVersions.V_7_3_2, randomBoolean()).v1()
+                TransportVersions.MINIMUM_COMPATIBLE,
+                tokenService.getRandomTokenBytes(TransportVersions.MINIMUM_COMPATIBLE, randomBoolean()).v1()
             )
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
@@ -420,8 +420,8 @@ public void testInvalidateNotValidRefreshTokens() throws Exception {
             ResponseException.class,
             () -> invalidateRefreshToken(
                 TokenService.prependVersionAndEncodeRefreshToken(
-                    TransportVersions.V_7_3_2,
-                    tokenService.getRandomTokenBytes(TransportVersions.V_7_3_2, true).v2()
+                    TransportVersions.MINIMUM_COMPATIBLE,
+                    tokenService.getRandomTokenBytes(TransportVersions.MINIMUM_COMPATIBLE, true).v2()
                 )
             )
         );
@@ -441,7 +441,7 @@ public void testInvalidateNotValidRefreshTokens() throws Exception {
         byte[] longerRefreshToken = new byte[randomIntBetween(17, 24)];
         random().nextBytes(longerRefreshToken);
         invalidateResponse = invalidateRefreshToken(
-            TokenService.prependVersionAndEncodeRefreshToken(TransportVersions.V_7_3_2, longerRefreshToken)
+            TokenService.prependVersionAndEncodeRefreshToken(TransportVersions.MINIMUM_COMPATIBLE, longerRefreshToken)
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
         assertThat(invalidateResponse.previouslyInvalidated(), equalTo(0));
@@ -459,7 +459,7 @@ public void testInvalidateNotValidRefreshTokens() throws Exception {
         byte[] shorterRefreshToken = new byte[randomIntBetween(12, 15)];
         random().nextBytes(shorterRefreshToken);
         invalidateResponse = invalidateRefreshToken(
-            TokenService.prependVersionAndEncodeRefreshToken(TransportVersions.V_7_3_2, shorterRefreshToken)
+            TokenService.prependVersionAndEncodeRefreshToken(TransportVersions.MINIMUM_COMPATIBLE, shorterRefreshToken)
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
         assertThat(invalidateResponse.previouslyInvalidated(), equalTo(0));
@@ -488,8 +488,8 @@ public void testInvalidateNotValidRefreshTokens() throws Exception {
 
         invalidateResponse = invalidateRefreshToken(
             TokenService.prependVersionAndEncodeRefreshToken(
-                TransportVersions.V_7_3_2,
-                tokenService.getRandomTokenBytes(TransportVersions.V_7_3_2, true).v2()
+                TransportVersions.MINIMUM_COMPATIBLE,
+                tokenService.getRandomTokenBytes(TransportVersions.MINIMUM_COMPATIBLE, true).v2()
             )
         );
         assertThat(invalidateResponse.invalidated(), equalTo(0));
@@ -758,18 +758,11 @@ public void testAuthenticateWithWrongToken() throws Exception {
         assertAuthenticateWithToken(response.accessToken(), TEST_USER_NAME);
         // Now attempt to authenticate with an invalid access token string
         assertUnauthorizedToken(randomAlphaOfLengthBetween(0, 128));
-        // Now attempt to authenticate with an invalid access token with valid structure (pre 7.2)
+        // Now attempt to authenticate with an invalid access token with valid structure (after 8.0 pre 8.10)
         assertUnauthorizedToken(
             tokenService.prependVersionAndEncodeAccessToken(
-                TransportVersions.V_7_1_0,
-                tokenService.getRandomTokenBytes(TransportVersions.V_7_1_0, randomBoolean()).v1()
-            )
-        );
-        // Now attempt to authenticate with an invalid access token with valid structure (after 7.2 pre 8.10)
-        assertUnauthorizedToken(
-            tokenService.prependVersionAndEncodeAccessToken(
-                TransportVersions.V_7_4_0,
-                tokenService.getRandomTokenBytes(TransportVersions.V_7_4_0, randomBoolean()).v1()
+                TransportVersions.V_8_0_0,
+                tokenService.getRandomTokenBytes(TransportVersions.V_8_0_0, randomBoolean()).v1()
             )
         );
         // Now attempt to authenticate with an invalid access token with valid structure (current version)