Create transport version for 9.0 release (#120936)

Also bump the minimum compatible version to something similar to what 8.18 will be

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -172,6 +172,7 @@ public class TransportVersions {
     public static final TransportVersion TIMEOUT_GET_PARAM_FOR_RESOLVE_CLUSTER = def(8_838_00_0);
     public static final TransportVersion INFERENCE_REQUEST_ADAPTIVE_RATE_LIMITING = def(8_839_00_0);
     public static final TransportVersion ML_INFERENCE_IBM_WATSONX_RERANK_ADDED = def(8_840_00_0);
+    public static final TransportVersion ELASTICSEARCH_9_0 = def(9_000_00_0);
 
     /*
      * STOP! READ THIS FIRST! No, really,
@@ -230,15 +231,13 @@ public class TransportVersions {
      * Reference to the earliest compatible transport version to this version of the codebase.
      * This should be the transport version used by the highest minor version of the previous major.
      */
-    @UpdateForV9(owner = UpdateForV9.Owner.CORE_INFRA)
-    // This needs to be bumped to the 8.last
-    public static final TransportVersion MINIMUM_COMPATIBLE = V_7_17_0;
+    public static final TransportVersion MINIMUM_COMPATIBLE = BYTE_SIZE_VALUE_ALWAYS_USES_BYTES_1;
 
     /**
      * Reference to the minimum transport version that can be used with CCS.
      * This should be the transport version used by the previous minor release.
      */
-    public static final TransportVersion MINIMUM_CCS_VERSION = V_8_15_0;
+    public static final TransportVersion MINIMUM_CCS_VERSION = BYTE_SIZE_VALUE_ALWAYS_USES_BYTES_1;
 
     /**
      * Sorted list of all versions defined in this class

server/src/test/java/org/elasticsearch/TransportVersionTests.java

@@ -16,7 +16,6 @@ import java.lang.reflect.Modifier;
 import java.util.Collections;
 import java.util.List;
 import java.util.Set;
-import java.util.TreeSet;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
 
@@ -199,40 +198,4 @@ public class TransportVersionTests extends ESTestCase {
         assertEquals("2000099", TransportVersion.fromId(2_00_00_99).toString());
         assertEquals("5000099", TransportVersion.fromId(5_00_00_99).toString());
     }
-
-    /**
-     * Until 9.0 bumps its transport version to 9_000_00_0, all transport changes must be backported to 8.x.
-     * This test ensures transport versions are dense, so that we have confidence backports have not been missed.
-     * Note that it does not ensure patches are not missed, but it should catch the majority of misordered
-     * or missing transport versions.
-     */
-    public void testDenseTransportVersions() {
-        Set<Integer> missingVersions = new TreeSet<>();
-        TransportVersion previous = null;
-        for (var tv : TransportVersion.getAllVersions()) {
-            if (tv.before(TransportVersions.V_8_16_0)) {
-                continue;
-            }
-            if (previous == null) {
-                previous = tv;
-                continue;
-            }
-
-            if (previous.id() + 1000 < tv.id()) {
-                int nextId = previous.id();
-                do {
-                    nextId = (nextId + 1000) / 1000 * 1000;
-                    missingVersions.add(nextId);
-                } while (nextId + 1000 < tv.id());
-            }
-            previous = tv;
-        }
-        if (missingVersions.isEmpty() == false) {
-            StringBuilder msg = new StringBuilder("Missing transport versions:\n");
-            for (Integer id : missingVersions) {
-                msg.append("  " + id + "\n");
-            }
-            fail(msg.toString());
-        }
-    }
 }

server/src/test/java/org/elasticsearch/action/fieldcaps/FieldCapabilitiesNodeResponseTests.java

@@ -20,7 +20,6 @@ import org.elasticsearch.index.shard.ShardId;
 import org.elasticsearch.test.AbstractWireSerializingTestCase;
 import org.elasticsearch.test.TransportVersionUtils;
 
-import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.Comparator;
@@ -37,7 +36,6 @@ import static org.elasticsearch.action.fieldcaps.FieldCapabilitiesIndexResponseT
 import static org.elasticsearch.action.fieldcaps.FieldCapabilitiesIndexResponseTests.randomMappingHashToIndices;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;
-import static org.hamcrest.Matchers.nullValue;
 
 public class FieldCapabilitiesNodeResponseTests extends AbstractWireSerializingTestCase<FieldCapabilitiesNodeResponse> {
 
@@ -145,48 +143,6 @@ public class FieldCapabilitiesNodeResponseTests extends AbstractWireSerializingT
         }
     }
 
-    public void testSerializeNodeResponseBetweenOldNodes() throws IOException {
-        final TransportVersion minCompactVersion = TransportVersions.MINIMUM_COMPATIBLE;
-        assertTrue("Remove this test once minCompactVersion >= 8.2.0", minCompactVersion.before(TransportVersions.V_8_2_0));
-        List<FieldCapabilitiesIndexResponse> indexResponses = CollectionUtils.concatLists(
-            randomIndexResponsesWithMappingHash(randomMappingHashToIndices()),
-            randomIndexResponsesWithoutMappingHash()
-        );
-        Randomness.shuffle(indexResponses);
-        FieldCapabilitiesNodeResponse inResponse = randomNodeResponse(indexResponses);
-        TransportVersion version = TransportVersionUtils.randomVersionBetween(
-            random(),
-            minCompactVersion,
-            TransportVersionUtils.getPreviousVersion(TransportVersions.V_8_2_0)
-        );
-        final FieldCapabilitiesNodeResponse outResponse = copyInstance(inResponse, version);
-        assertThat(outResponse.getFailures().keySet(), equalTo(inResponse.getFailures().keySet()));
-        assertThat(outResponse.getUnmatchedShardIds(), equalTo(inResponse.getUnmatchedShardIds()));
-        final List<FieldCapabilitiesIndexResponse> inList = inResponse.getIndexResponses();
-        final List<FieldCapabilitiesIndexResponse> outList = outResponse.getIndexResponses();
-        assertThat(outList, hasSize(inList.size()));
-        for (int i = 0; i < inList.size(); i++) {
-            assertThat("Responses between old nodes don't have mapping hash", outList.get(i).getIndexMappingHash(), nullValue());
-            assertThat(outList.get(i).getIndexName(), equalTo(inList.get(i).getIndexName()));
-            assertThat(outList.get(i).canMatch(), equalTo(inList.get(i).canMatch()));
-            Map<String, IndexFieldCapabilities> outCap = outList.get(i).get();
-            Map<String, IndexFieldCapabilities> inCap = inList.get(i).get();
-            if (version.onOrAfter(TransportVersions.V_8_0_0)) {
-                assertThat(outCap, equalTo(inCap));
-            } else {
-                // Exclude metric types which was introduced in 8.0
-                assertThat(outCap.keySet(), equalTo(inCap.keySet()));
-                for (String field : outCap.keySet()) {
-                    assertThat(outCap.get(field).name(), equalTo(inCap.get(field).name()));
-                    assertThat(outCap.get(field).type(), equalTo(inCap.get(field).type()));
-                    assertThat(outCap.get(field).isSearchable(), equalTo(inCap.get(field).isSearchable()));
-                    assertThat(outCap.get(field).isAggregatable(), equalTo(inCap.get(field).isAggregatable()));
-                    assertThat(outCap.get(field).meta(), equalTo(inCap.get(field).meta()));
-                }
-            }
-        }
-    }
-
     private static FieldCapabilitiesNodeResponse randomNodeResponse(List<FieldCapabilitiesIndexResponse> indexResponses) {
         int numUnmatched = randomIntBetween(0, 3);
         final Set<ShardId> unmatchedShardIds = new HashSet<>();

server/src/test/java/org/elasticsearch/action/fieldcaps/FieldCapabilitiesResponseTests.java

@@ -40,7 +40,6 @@ import static org.elasticsearch.action.fieldcaps.FieldCapabilitiesIndexResponseT
 import static org.elasticsearch.action.fieldcaps.FieldCapabilitiesIndexResponseTests.randomMappingHashToIndices;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.hasSize;
-import static org.hamcrest.Matchers.nullValue;
 
 public class FieldCapabilitiesResponseTests extends AbstractWireSerializingTestCase<FieldCapabilitiesResponse> {
 
@@ -198,48 +197,4 @@ public class FieldCapabilitiesResponseTests extends AbstractWireSerializingTestC
             }
         }
     }
-
-    public void testSerializeCCSResponseBetweenOldClusters() throws IOException {
-        TransportVersion minCompactVersion = TransportVersions.MINIMUM_COMPATIBLE;
-        assertTrue("Remove this test once minCompactVersion >= 8.2.0", minCompactVersion.before(TransportVersions.V_8_2_0));
-        List<FieldCapabilitiesIndexResponse> indexResponses = CollectionUtils.concatLists(
-            randomIndexResponsesWithMappingHash(randomMappingHashToIndices()),
-            randomIndexResponsesWithoutMappingHash()
-        );
-        Randomness.shuffle(indexResponses);
-        FieldCapabilitiesResponse inResponse = randomCCSResponse(indexResponses);
-        TransportVersion version = TransportVersionUtils.randomVersionBetween(
-            random(),
-            minCompactVersion,
-            TransportVersionUtils.getPreviousVersion(TransportVersions.V_8_2_0)
-        );
-        final FieldCapabilitiesResponse outResponse = copyInstance(inResponse, version);
-        assertThat(
-            outResponse.getFailures().stream().flatMap(f -> Arrays.stream(f.getIndices())).toList(),
-            equalTo(inResponse.getFailures().stream().flatMap(f -> Arrays.stream(f.getIndices())).toList())
-        );
-        final List<FieldCapabilitiesIndexResponse> inList = inResponse.getIndexResponses();
-        final List<FieldCapabilitiesIndexResponse> outList = outResponse.getIndexResponses();
-        assertThat(outList, hasSize(inList.size()));
-        for (int i = 0; i < inList.size(); i++) {
-            assertThat("Responses between old clusters don't have mapping hash", outList.get(i).getIndexMappingHash(), nullValue());
-            assertThat(outList.get(i).getIndexName(), equalTo(inList.get(i).getIndexName()));
-            assertThat(outList.get(i).canMatch(), equalTo(inList.get(i).canMatch()));
-            Map<String, IndexFieldCapabilities> outCap = outList.get(i).get();
-            Map<String, IndexFieldCapabilities> inCap = inList.get(i).get();
-            if (version.onOrAfter(TransportVersions.V_8_0_0)) {
-                assertThat(outCap, equalTo(inCap));
-            } else {
-                // Exclude metric types which was introduced in 8.0
-                assertThat(outCap.keySet(), equalTo(inCap.keySet()));
-                for (String field : outCap.keySet()) {
-                    assertThat(outCap.get(field).name(), equalTo(inCap.get(field).name()));
-                    assertThat(outCap.get(field).type(), equalTo(inCap.get(field).type()));
-                    assertThat(outCap.get(field).isSearchable(), equalTo(inCap.get(field).isSearchable()));
-                    assertThat(outCap.get(field).isAggregatable(), equalTo(inCap.get(field).isAggregatable()));
-                    assertThat(outCap.get(field).meta(), equalTo(inCap.get(field).meta()));
-                }
-            }
-        }
-    }
 }

server/src/test/java/org/elasticsearch/cluster/action/shard/ShardStateActionTests.java

@@ -612,11 +612,7 @@ public class ShardStateActionTests extends ESTestCase {
         final String allocationId = randomRealisticUnicodeOfCodepointLengthBetween(10, 100);
         final long primaryTerm = randomIntBetween(0, 100);
         final String message = randomRealisticUnicodeOfCodepointLengthBetween(10, 100);
-        final TransportVersion version = randomFrom(
-            getFirstVersion(),
-            getPreviousVersion(TransportVersions.MINIMUM_COMPATIBLE),
-            getPreviousVersion(TransportVersions.V_8_15_0)
-        );
+        final TransportVersion version = randomFrom(getFirstVersion(), getPreviousVersion(TransportVersions.V_8_15_0));
         final ShardLongFieldRange timestampRange = ShardLongFieldRangeWireTests.randomRange();
         final ShardLongFieldRange eventIngestedRange = ShardLongFieldRangeWireTests.randomRange();
         var startedShardEntry = new StartedShardEntry(shardId, allocationId, primaryTerm, message, timestampRange, eventIngestedRange);

server/src/test/java/org/elasticsearch/cluster/node/DiscoveryNodeTests.java

@@ -31,8 +31,6 @@ import static java.util.Collections.emptyMap;
 import static java.util.Collections.emptySet;
 import static org.elasticsearch.test.NodeRoles.nonRemoteClusterClientNode;
 import static org.elasticsearch.test.NodeRoles.remoteClusterClientNode;
-import static org.elasticsearch.test.TransportVersionUtils.getPreviousVersion;
-import static org.elasticsearch.test.TransportVersionUtils.randomVersionBetween;
 import static org.hamcrest.Matchers.allOf;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -274,39 +272,5 @@ public class DiscoveryNodeTests extends ESTestCase {
                 }
             }
         }
-
-        {
-            var oldVersion = randomVersionBetween(
-                random(),
-                TransportVersions.MINIMUM_COMPATIBLE,
-                getPreviousVersion(TransportVersions.NODE_VERSION_INFORMATION_WITH_MIN_READ_ONLY_INDEX_VERSION)
-            );
-            try (var out = new BytesStreamOutput()) {
-                out.setTransportVersion(oldVersion);
-                node.writeTo(out);
-
-                try (var in = StreamInput.wrap(out.bytes().array())) {
-                    in.setTransportVersion(oldVersion);
-
-                    var deserialized = new DiscoveryNode(in);
-                    assertThat(deserialized.getId(), equalTo(node.getId()));
-                    assertThat(deserialized.getAddress(), equalTo(node.getAddress()));
-                    assertThat(deserialized.getMinIndexVersion(), equalTo(node.getMinIndexVersion()));
-                    assertThat(deserialized.getMaxIndexVersion(), equalTo(node.getMaxIndexVersion()));
-                    assertThat(deserialized.getMinReadOnlyIndexVersion(), equalTo(node.getMinIndexVersion()));
-                    assertThat(
-                        deserialized.getVersionInformation(),
-                        equalTo(
-                            new VersionInformation(
-                                node.getBuildVersion(),
-                                node.getMinIndexVersion(),
-                                node.getMinIndexVersion(),
-                                node.getMaxIndexVersion()
-                            )
-                        )
-                    );
-                }
-            }
-        }
     }
 }

server/src/test/java/org/elasticsearch/index/mapper/MappingParserTests.java

@@ -22,7 +22,6 @@ import org.elasticsearch.index.cache.bitset.BitsetFilterCache;
 import org.elasticsearch.index.similarity.SimilarityService;
 import org.elasticsearch.indices.IndicesModule;
 import org.elasticsearch.script.ScriptService;
-import org.elasticsearch.test.TransportVersionUtils;
 import org.elasticsearch.test.index.IndexVersionUtils;
 import org.elasticsearch.xcontent.XContentBuilder;
 import org.hamcrest.CoreMatchers;
@@ -327,11 +326,7 @@ public class MappingParserTests extends MapperServiceTestCase {
             IndexVersions.MINIMUM_READONLY_COMPATIBLE,
             IndexVersions.V_8_5_0
         );
-        TransportVersion transportVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
-            TransportVersions.MINIMUM_COMPATIBLE,
-            TransportVersions.V_8_5_0
-        );
+        TransportVersion transportVersion = TransportVersions.V_8_5_0;
         {
             XContentBuilder builder = mapping(b -> b.startObject(" ").field("type", randomFieldType()).endObject());
             MappingParser mappingParser = createMappingParser(Settings.EMPTY, version, transportVersion);

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/ml/action/CoordinatedInferenceActionRequestTests.java

@@ -120,7 +120,7 @@ public class CoordinatedInferenceActionRequestTests extends AbstractBWCWireSeria
             instance.setPrefixType(TrainedModelPrefixStrings.PrefixType.NONE);
         }
 
-        return new CoordinatedInferenceAction.Request(
+        var newInstance = new CoordinatedInferenceAction.Request(
             instance.getModelId(),
             instance.getInputs(),
             instance.getTaskSettings(),
@@ -131,5 +131,7 @@ public class CoordinatedInferenceActionRequestTests extends AbstractBWCWireSeria
             instance.getHighPriority(),
             instance.getRequestModelType()
         );
+        newInstance.setPrefixType(instance.getPrefixType());
+        return newInstance;
     }
 }

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/ApiKeyServiceTests.java

@@ -13,7 +13,6 @@ import org.apache.logging.log4j.Logger;
 import org.apache.lucene.search.TotalHits;
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.Version;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.DocWriteRequest;
@@ -3008,48 +3007,6 @@ public class ApiKeyServiceTests extends ESTestCase {
         assertThat(e.getMessage(), containsString("authentication realm must be [_es_api_key]"));
     }
 
-    public void testMaybeRemoveRemoteIndicesPrivilegesWithUnsupportedVersion() {
-        final String apiKeyId = randomAlphaOfLengthBetween(5, 8);
-        final Set<RoleDescriptor> userRoleDescriptors = Set.copyOf(
-            randomList(
-                2,
-                5,
-                () -> RoleDescriptorTestHelper.builder()
-                    .allowReservedMetadata(randomBoolean())
-                    .allowRemoteIndices(randomBoolean())
-                    .allowRestriction(randomBoolean())
-                    .allowRemoteClusters(false)
-                    .build()
-            )
-        );
-
-        // Selecting random unsupported version.
-        final TransportVersion minTransportVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
-            TransportVersions.MINIMUM_COMPATIBLE,
-            TransportVersionUtils.getPreviousVersion(TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY)
-        );
-
-        final Set<RoleDescriptor> result = ApiKeyService.maybeRemoveRemotePrivileges(userRoleDescriptors, minTransportVersion, apiKeyId);
-        assertThat(result.stream().anyMatch(RoleDescriptor::hasRemoteIndicesPrivileges), equalTo(false));
-        assertThat(result.size(), equalTo(userRoleDescriptors.size()));
-
-        // Roles for which warning headers are added.
-        final List<String> userRoleNamesWithRemoteIndicesPrivileges = userRoleDescriptors.stream()
-            .filter(RoleDescriptor::hasRemoteIndicesPrivileges)
-            .map(RoleDescriptor::getName)
-            .sorted()
-            .toList();
-
-        if (false == userRoleNamesWithRemoteIndicesPrivileges.isEmpty()) {
-            assertWarnings(
-                "Removed API key's remote indices privileges from role(s) "
-                    + userRoleNamesWithRemoteIndicesPrivileges
-                    + ". Remote indices are not supported by all nodes in the cluster. "
-            );
-        }
-    }
-
     public void testMaybeRemoveRemoteClusterPrivilegesWithUnsupportedVersion() {
         final String apiKeyId = randomAlphaOfLengthBetween(5, 8);
         final Set<RoleDescriptor> userRoleDescriptors = Set.copyOf(
@@ -3124,52 +3081,6 @@ public class ApiKeyServiceTests extends ESTestCase {
         assertThat(e.getMessage(), equalTo("limit must be positive number"));
     }
 
-    public void testCreateCrossClusterApiKeyMinVersionConstraint() {
-        final Authentication authentication = randomValueOtherThanMany(
-            Authentication::isApiKey,
-            () -> AuthenticationTestHelper.builder().build()
-        );
-        final AbstractCreateApiKeyRequest request = mock(AbstractCreateApiKeyRequest.class);
-        when(request.getType()).thenReturn(ApiKey.Type.CROSS_CLUSTER);
-
-        final ClusterService clusterService = mock(ClusterService.class);
-        when(clusterService.getClusterSettings()).thenReturn(
-            new ClusterSettings(Settings.EMPTY, Set.of(ApiKeyService.DELETE_RETENTION_PERIOD, ApiKeyService.DELETE_INTERVAL))
-        );
-        final ClusterState clusterState = mock(ClusterState.class);
-        when(clusterService.state()).thenReturn(clusterState);
-        final TransportVersion minTransportVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
-            TransportVersions.MINIMUM_COMPATIBLE,
-            TransportVersionUtils.getPreviousVersion(TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY)
-        );
-        when(clusterState.getMinTransportVersion()).thenReturn(minTransportVersion);
-
-        final ApiKeyService service = new ApiKeyService(
-            Settings.EMPTY,
-            clock,
-            client,
-            securityIndex,
-            clusterService,
-            cacheInvalidatorRegistry,
-            threadPool,
-            MeterRegistry.NOOP
-        );
-
-        final PlainActionFuture<CreateApiKeyResponse> future = new PlainActionFuture<>();
-        service.createApiKey(authentication, request, Set.of(), future);
-        final IllegalArgumentException e = expectThrows(IllegalArgumentException.class, future::actionGet);
-
-        assertThat(
-            e.getMessage(),
-            containsString(
-                "all nodes must have version ["
-                    + TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY.toReleaseVersion()
-                    + "] or higher to support creating cross cluster API keys"
-            )
-        );
-    }
-
     public void testAuthenticationFailureWithApiKeyTypeMismatch() throws Exception {
         final Settings settings = Settings.builder().put(XPackSettings.API_KEY_SERVICE_ENABLED_SETTING.getKey(), true).build();
         final ApiKeyService service = spy(createApiKeyService(settings));
@@ -3268,73 +3179,6 @@ public class ApiKeyServiceTests extends ESTestCase {
         assertThat(auth3.getMetadata(), hasEntry(API_KEY_TYPE_KEY, apiKeyDoc3.type.value()));
     }
 
-    public void testCreateOrUpdateApiKeyWithWorkflowsRestrictionForUnsupportedVersion() {
-        final Authentication authentication = AuthenticationTestHelper.builder().build();
-        final ClusterService clusterService = mock(ClusterService.class);
-        when(clusterService.getClusterSettings()).thenReturn(
-            new ClusterSettings(Settings.EMPTY, Set.of(ApiKeyService.DELETE_RETENTION_PERIOD, ApiKeyService.DELETE_INTERVAL))
-        );
-        final ClusterState clusterState = mock(ClusterState.class);
-        when(clusterService.state()).thenReturn(clusterState);
-        final TransportVersion minTransportVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
-            TransportVersions.MINIMUM_COMPATIBLE,
-            TransportVersionUtils.getPreviousVersion(WORKFLOWS_RESTRICTION_VERSION)
-        );
-        when(clusterState.getMinTransportVersion()).thenReturn(minTransportVersion);
-
-        final ApiKeyService service = new ApiKeyService(
-            Settings.EMPTY,
-            clock,
-            client,
-            securityIndex,
-            clusterService,
-            cacheInvalidatorRegistry,
-            threadPool,
-            MeterRegistry.NOOP
-        );
-
-        final List<RoleDescriptor> roleDescriptorsWithWorkflowsRestriction = randomList(
-            1,
-            3,
-            () -> randomRoleDescriptorWithWorkflowsRestriction()
-        );
-
-        final AbstractCreateApiKeyRequest createRequest = mock(AbstractCreateApiKeyRequest.class);
-        when(createRequest.getType()).thenReturn(ApiKey.Type.REST);
-        when(createRequest.getRoleDescriptors()).thenReturn(roleDescriptorsWithWorkflowsRestriction);
-
-        final PlainActionFuture<CreateApiKeyResponse> createFuture = new PlainActionFuture<>();
-        service.createApiKey(authentication, createRequest, Set.of(), createFuture);
-        final IllegalArgumentException e1 = expectThrows(IllegalArgumentException.class, createFuture::actionGet);
-        assertThat(
-            e1.getMessage(),
-            containsString(
-                "all nodes must have version ["
-                    + WORKFLOWS_RESTRICTION_VERSION.toReleaseVersion()
-                    + "] or higher to support restrictions for API keys"
-            )
-        );
-
-        final BulkUpdateApiKeyRequest updateRequest = new BulkUpdateApiKeyRequest(
-            randomList(1, 3, () -> randomAlphaOfLengthBetween(3, 5)),
-            roleDescriptorsWithWorkflowsRestriction,
-            Map.of(),
-            ApiKeyTests.randomFutureExpirationTime()
-        );
-        final PlainActionFuture<BulkUpdateApiKeyResponse> updateFuture = new PlainActionFuture<>();
-        service.updateApiKeys(authentication, updateRequest, Set.of(), updateFuture);
-        final IllegalArgumentException e2 = expectThrows(IllegalArgumentException.class, createFuture::actionGet);
-        assertThat(
-            e2.getMessage(),
-            containsString(
-                "all nodes must have version ["
-                    + WORKFLOWS_RESTRICTION_VERSION.toReleaseVersion()
-                    + "] or higher to support restrictions for API keys"
-            )
-        );
-    }
-
     public void testValidateOwnerUserRoleDescriptorsWithWorkflowsRestriction() {
         final Authentication authentication = AuthenticationTestHelper.builder().build();
         final ClusterService clusterService = mock(ClusterService.class);

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/CrossClusterAccessAuthenticationServiceTests.java

@@ -9,7 +9,6 @@ package org.elasticsearch.xpack.security.authc;
 
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.support.PlainActionFuture;
 import org.elasticsearch.cluster.service.ClusterService;
@@ -17,7 +16,6 @@ import org.elasticsearch.common.UUIDs;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.test.TransportVersionUtils;
 import org.elasticsearch.transport.TransportRequest;
 import org.elasticsearch.xpack.core.security.action.apikey.ApiKey;
 import org.elasticsearch.xpack.core.security.authc.Authentication;
@@ -36,7 +34,6 @@ import org.mockito.Mockito;
 import java.io.IOException;
 import java.util.concurrent.ExecutionException;
 
-import static org.elasticsearch.transport.RemoteClusterPortSettings.TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.instanceOf;
@@ -75,55 +72,6 @@ public class CrossClusterAccessAuthenticationServiceTests extends ESTestCase {
         );
     }
 
-    public void testAuthenticateThrowsOnUnsupportedMinVersions() throws IOException {
-        when(clusterService.state().getMinTransportVersion()).thenReturn(
-            TransportVersionUtils.randomVersionBetween(
-                random(),
-                TransportVersions.MINIMUM_COMPATIBLE,
-                TransportVersionUtils.getPreviousVersion(TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY)
-            )
-        );
-        final var authcContext = mock(Authenticator.Context.class, Mockito.RETURNS_DEEP_STUBS);
-        when(authcContext.getThreadContext()).thenReturn(threadContext);
-        final var crossClusterAccessHeaders = new CrossClusterAccessHeaders(
-            CrossClusterAccessHeadersTests.randomEncodedApiKeyHeader(),
-            AuthenticationTestHelper.randomCrossClusterAccessSubjectInfo()
-        );
-        crossClusterAccessHeaders.writeToContext(threadContext);
-        final AuthenticationService.AuditableRequest auditableRequest = mock(AuthenticationService.AuditableRequest.class);
-        when(authcContext.getRequest()).thenReturn(auditableRequest);
-        when(auditableRequest.exceptionProcessingRequest(any(), any())).thenAnswer(
-            i -> new ElasticsearchSecurityException("potato", (Exception) i.getArguments()[0])
-        );
-        doAnswer(
-            invocationOnMock -> new Authenticator.Context(
-                threadContext,
-                auditableRequest,
-                mock(Realms.class),
-                (AuthenticationToken) invocationOnMock.getArguments()[2]
-            )
-        ).when(authenticationService).newContext(anyString(), any(), any());
-
-        final PlainActionFuture<Authentication> future = new PlainActionFuture<>();
-        crossClusterAccessAuthenticationService.authenticate("action", mock(TransportRequest.class), future);
-        final ExecutionException actual = expectThrows(ExecutionException.class, future::get);
-
-        assertThat(actual.getCause().getCause(), instanceOf(IllegalArgumentException.class));
-        assertThat(
-            actual.getCause().getCause().getMessage(),
-            equalTo(
-                "all nodes must have version ["
-                    + TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY.toReleaseVersion()
-                    + "] or higher to support cross cluster requests through the dedicated remote cluster port"
-            )
-        );
-        verify(auditableRequest).exceptionProcessingRequest(
-            any(Exception.class),
-            credentialsArgMatches(crossClusterAccessHeaders.credentials())
-        );
-        verifyNoMoreInteractions(auditableRequest);
-    }
-
     public void testAuthenticationSuccessOnSuccessfulAuthentication() throws IOException, ExecutionException, InterruptedException {
         final var crossClusterAccessHeaders = new CrossClusterAccessHeaders(
             CrossClusterAccessHeadersTests.randomEncodedApiKeyHeader(),

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/store/NativeRolesStoreTests.java

@@ -10,7 +10,6 @@ import org.apache.logging.log4j.Logger;
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.ElasticsearchSecurityException;
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.action.bulk.BulkRequest;
@@ -51,7 +50,6 @@ import org.elasticsearch.license.MockLicenseState;
 import org.elasticsearch.license.TestUtils;
 import org.elasticsearch.license.XPackLicenseState;
 import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.test.TransportVersionUtils;
 import org.elasticsearch.threadpool.TestThreadPool;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.xcontent.NamedXContentRegistry;
@@ -64,8 +62,6 @@ import org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor;
 import org.elasticsearch.xpack.core.security.authz.RoleDescriptor.IndicesPrivileges;
 import org.elasticsearch.xpack.core.security.authz.RoleRestrictionTests;
-import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissionGroup;
-import org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissions;
 import org.elasticsearch.xpack.core.security.authz.privilege.ClusterPrivilegeResolver;
 import org.elasticsearch.xpack.core.security.authz.store.ReservedRolesStore;
 import org.elasticsearch.xpack.core.security.authz.store.RoleRetrievalResult;
@@ -85,20 +81,17 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Locale;
 import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicReference;
 
 import static org.elasticsearch.cluster.metadata.IndexMetadata.INDEX_FORMAT_SETTING;
 import static org.elasticsearch.indices.SystemIndexDescriptor.VERSION_META_KEY;
-import static org.elasticsearch.transport.RemoteClusterPortSettings.TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY;
 import static org.elasticsearch.xpack.core.security.SecurityField.DOCUMENT_LEVEL_SECURITY_FEATURE;
 import static org.elasticsearch.xpack.core.security.authz.RoleDescriptorTestHelper.randomApplicationPrivileges;
 import static org.elasticsearch.xpack.core.security.authz.RoleDescriptorTestHelper.randomClusterPrivileges;
 import static org.elasticsearch.xpack.core.security.authz.RoleDescriptorTestHelper.randomRemoteIndicesPrivileges;
 import static org.elasticsearch.xpack.core.security.authz.RoleDescriptorTestHelper.randomRoleDescriptorMetadata;
-import static org.elasticsearch.xpack.core.security.authz.permission.RemoteClusterPermissions.ROLE_REMOTE_CLUSTER_PRIVS;
 import static org.elasticsearch.xpack.security.support.SecuritySystemIndices.SECURITY_MAIN_ALIAS;
 import static org.hamcrest.Matchers.arrayContaining;
 import static org.hamcrest.Matchers.contains;
@@ -465,101 +458,6 @@ public class NativeRolesStoreTests extends ESTestCase {
         assertThat(e.getMessage(), containsString("field and document level security"));
     }
 
-    public void testPutRoleWithRemotePrivsUnsupportedMinNodeVersion() throws IOException {
-        // Init for validation
-        new ReservedRolesStore(Set.of("superuser"));
-        enum TEST_MODE {
-            REMOTE_INDICES_PRIVS,
-            REMOTE_CLUSTER_PRIVS,
-            REMOTE_INDICES_AND_CLUSTER_PRIVS
-        }
-        for (TEST_MODE testMode : TEST_MODE.values()) {
-            // default to both remote indices and cluster privileges and use the switch below to remove one or the other
-            TransportVersion transportVersionBeforeAdvancedRemoteClusterSecurity = TransportVersionUtils.getPreviousVersion(
-                TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY
-            );
-            RoleDescriptor.RemoteIndicesPrivileges[] remoteIndicesPrivileges = new RoleDescriptor.RemoteIndicesPrivileges[] {
-                RoleDescriptor.RemoteIndicesPrivileges.builder("remote").privileges("read").indices("index").build() };
-            RemoteClusterPermissions remoteClusterPermissions = new RemoteClusterPermissions().addGroup(
-                new RemoteClusterPermissionGroup(
-                    RemoteClusterPermissions.getSupportedRemoteClusterPermissions().toArray(new String[0]),
-                    new String[] { "remote" }
-                )
-            );
-            switch (testMode) {
-                case REMOTE_CLUSTER_PRIVS -> {
-                    transportVersionBeforeAdvancedRemoteClusterSecurity = TransportVersionUtils.getPreviousVersion(
-                        ROLE_REMOTE_CLUSTER_PRIVS
-                    );
-                    remoteIndicesPrivileges = null;
-                }
-                case REMOTE_INDICES_PRIVS -> remoteClusterPermissions = null;
-            }
-            final Client client = mock(Client.class);
-
-            final TransportVersion minTransportVersion = TransportVersionUtils.randomVersionBetween(
-                random(),
-                TransportVersions.MINIMUM_COMPATIBLE,
-                transportVersionBeforeAdvancedRemoteClusterSecurity
-            );
-            final ClusterService clusterService = mockClusterServiceWithMinNodeVersion(minTransportVersion);
-
-            final XPackLicenseState licenseState = mock(XPackLicenseState.class);
-
-            final SecuritySystemIndices systemIndices = new SecuritySystemIndices(clusterService.getSettings());
-            final FeatureService featureService = mock(FeatureService.class);
-            systemIndices.init(client, featureService, clusterService);
-            final SecurityIndexManager securityIndex = systemIndices.getMainIndexManager();
-
-            final NativeRolesStore rolesStore = new NativeRolesStore(
-                Settings.EMPTY,
-                client,
-                licenseState,
-                securityIndex,
-                clusterService,
-                mock(FeatureService.class),
-                mock(ReservedRoleNameChecker.class),
-                mock(NamedXContentRegistry.class)
-            );
-            // setup the roles store so the security index exists
-            securityIndex.clusterChanged(new ClusterChangedEvent("source", getClusterStateWithSecurityIndex(), getEmptyClusterState()));
-
-            RoleDescriptor remoteIndicesRole = new RoleDescriptor(
-                "remote",
-                null,
-                null,
-                null,
-                null,
-                null,
-                null,
-                null,
-                remoteIndicesPrivileges,
-                remoteClusterPermissions,
-                null,
-                null
-            );
-            PlainActionFuture<Boolean> future = new PlainActionFuture<>();
-            putRole(rolesStore, remoteIndicesRole, future);
-            IllegalStateException e = expectThrows(
-                IllegalStateException.class,
-                String.format(Locale.ROOT, "expected IllegalStateException, but not thrown for mode [%s]", testMode),
-                future::actionGet
-            );
-            assertThat(
-                e.getMessage(),
-                containsString(
-                    "all nodes must have version ["
-                        + (TEST_MODE.REMOTE_CLUSTER_PRIVS.equals(testMode)
-                            ? ROLE_REMOTE_CLUSTER_PRIVS.toReleaseVersion()
-                            : TRANSPORT_VERSION_ADVANCED_REMOTE_CLUSTER_SECURITY.toReleaseVersion())
-                        + "] or higher to support remote "
-                        + (remoteIndicesPrivileges != null ? "indices" : "cluster")
-                        + " privileges"
-                )
-            );
-        }
-    }
-
     public void testGetRoleWhenDisabled() throws Exception {
         final Settings settings = Settings.builder().put(NativeRolesStore.NATIVE_ROLES_ENABLED, "false").build();
         NativeRolesStore store = createRoleStoreForTest(settings);