elastic
diff --git a/‎server/src/main/java/org/elasticsearch/TransportVersions.java‎
Lines changed: 0 additions & 10 deletions b/‎server/src/main/java/org/elasticsearch/TransportVersions.java‎
Lines changed: 0 additions & 10 deletions
diff --git a/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java‎
Lines changed: 4 additions & 8 deletions b/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/SecurityFeatureSetUsage.java‎
Lines changed: 4 additions & 8 deletions
diff --git a/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java‎
Lines changed: 5 additions & 5 deletions b/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/Authentication.java‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/TokensInvalidationResult.java‎
Lines changed: 0 additions & 7 deletions b/‎x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authc/support/TokensInvalidationResult.java‎
Lines changed: 0 additions & 7 deletions
diff --git a/‎x-pack/plugin/core/src/test/java/org/elasticsearch/protocol/xpack/XPackInfoRequestTests.java‎
Lines changed: 0 additions & 12 deletions b/‎x-pack/plugin/core/src/test/java/org/elasticsearch/protocol/xpack/XPackInfoRequestTests.java‎
Lines changed: 0 additions & 12 deletions
diff --git a/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/apikey/InvalidateApiKeyRequestTests.java‎
Lines changed: 4 additions & 6 deletions b/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/apikey/InvalidateApiKeyRequestTests.java‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationSerializationTests.java‎
Lines changed: 3 additions & 7 deletions b/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationSerializationTests.java‎
Lines changed: 3 additions & 7 deletions
diff --git a/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationTests.java‎
Lines changed: 49 additions & 21 deletions b/‎x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationTests.java‎
Lines changed: 49 additions & 21 deletions
@@ -53,16 +53,6 @@ static TransportVersion def(int id) {
     }
 
     // TODO: ES-10337 we can remove all transport versions earlier than 8.18
-    public static final TransportVersion V_7_0_0 = def(7_00_00_99);
-    public static final TransportVersion V_7_1_0 = def(7_01_00_99);
-    public static final TransportVersion V_7_2_0 = def(7_02_00_99);
-    public static final TransportVersion V_7_3_0 = def(7_03_00_99);
-    public static final TransportVersion V_7_3_2 = def(7_03_02_99);
-    public static final TransportVersion V_7_4_0 = def(7_04_00_99);
-    public static final TransportVersion V_7_8_0 = def(7_08_00_99);
-    public static final TransportVersion V_7_8_1 = def(7_08_01_99);
-    public static final TransportVersion V_7_9_0 = def(7_09_00_99);
-    public static final TransportVersion V_7_10_0 = def(7_10_00_99);
     public static final TransportVersion V_8_0_0 = def(8_00_00_99);
     public static final TransportVersion V_8_1_0 = def(8_01_00_99);
     public static final TransportVersion V_8_2_0 = def(8_02_00_99);
 
@@ -55,10 +55,8 @@ public SecurityFeatureSetUsage(StreamInput in) throws IOException {
         realmsUsage = in.readGenericMap();
         rolesStoreUsage = in.readGenericMap();
         sslUsage = in.readGenericMap();
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
-            tokenServiceUsage = in.readGenericMap();
-            apiKeyServiceUsage = in.readGenericMap();
-        }
+        tokenServiceUsage = in.readGenericMap();
+        apiKeyServiceUsage = in.readGenericMap();
         auditUsage = in.readGenericMap();
         ipFilterUsage = in.readGenericMap();
         anonymousUsage = in.readGenericMap();
@@ -121,10 +119,8 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeGenericMap(realmsUsage);
         out.writeGenericMap(rolesStoreUsage);
         out.writeGenericMap(sslUsage);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_2_0)) {
-            out.writeGenericMap(tokenServiceUsage);
-            out.writeGenericMap(apiKeyServiceUsage);
-        }
+        out.writeGenericMap(tokenServiceUsage);
+        out.writeGenericMap(apiKeyServiceUsage);
         out.writeGenericMap(auditUsage);
         out.writeGenericMap(ipFilterUsage);
         out.writeGenericMap(anonymousUsage);
 
@@ -9,7 +9,6 @@
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.common.bytes.BytesReference;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
 import org.elasticsearch.common.io.stream.StreamInput;
@@ -115,9 +114,10 @@ public final class Authentication implements ToXContentObject {
     private static final Logger logger = LogManager.getLogger(Authentication.class);
     private static final TransportVersion VERSION_AUTHENTICATION_TYPE = TransportVersion.fromId(6_07_00_99);
 
-    public static final TransportVersion VERSION_API_KEY_ROLES_AS_BYTES = TransportVersions.V_7_9_0;
-    public static final TransportVersion VERSION_REALM_DOMAINS = TransportVersions.V_8_2_0;
-    public static final TransportVersion VERSION_METADATA_BEYOND_GENERIC_MAP = TransportVersions.V_8_8_0;
+    public static final TransportVersion VERSION_SYNTHETIC_ROLE_NAMES = TransportVersion.fromId(7_08_00_99);
+    public static final TransportVersion VERSION_API_KEY_ROLES_AS_BYTES = TransportVersion.fromId(7_09_00_99);
+    public static final TransportVersion VERSION_REALM_DOMAINS = TransportVersion.fromId(8_02_00_99);
+    public static final TransportVersion VERSION_METADATA_BEYOND_GENERIC_MAP = TransportVersion.fromId(8_08_00_99);
 
     private static final TransportVersion SECURITY_CLOUD_API_KEY_REALM_AND_TYPE = TransportVersion.fromName(
         "security_cloud_api_key_realm_and_type"
@@ -211,7 +211,7 @@ public Authentication(StreamInput in) throws IOException {
 
     private User copyUserWithRolesRemovedForLegacyApiKeys(TransportVersion version, User user) {
         // API keys prior to 7.8 had synthetic role names. Strip these out to maintain the invariant that API keys don't have role names
-        if (type == AuthenticationType.API_KEY && version.onOrBefore(TransportVersions.V_7_8_0) && user.roles().length > 0) {
+        if (type == AuthenticationType.API_KEY && version.onOrBefore(VERSION_SYNTHETIC_ROLE_NAMES) && user.roles().length > 0) {
             logger.debug(
                 "Stripping [{}] roles from API key user [{}] for legacy version [{}]",
                 user.roles().length,
 
@@ -8,7 +8,6 @@
 package org.elasticsearch.xpack.core.security.authc.support;
 
 import org.elasticsearch.ElasticsearchException;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.common.io.stream.Writeable;
@@ -59,9 +58,6 @@ public TokensInvalidationResult(StreamInput in) throws IOException {
         this.invalidatedTokens = in.readStringCollectionAsList();
         this.previouslyInvalidatedTokens = in.readStringCollectionAsList();
         this.errors = in.readCollectionAsList(StreamInput::readException);
-        if (in.getTransportVersion().before(TransportVersions.V_7_2_0)) {
-            in.readVInt();
-        }
         this.restStatus = RestStatus.readFrom(in);
     }
 
@@ -109,9 +105,6 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeStringCollection(invalidatedTokens);
         out.writeStringCollection(previouslyInvalidatedTokens);
         out.writeCollection(errors, StreamOutput::writeException);
-        if (out.getTransportVersion().before(TransportVersions.V_7_2_0)) {
-            out.writeVInt(5);
-        }
         RestStatus.writeTo(out, restStatus);
     }
 }
@@ -8,11 +8,9 @@
 package org.elasticsearch.protocol.xpack;
 
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
 import org.elasticsearch.protocol.xpack.XPackInfoRequest.Category;
 import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.test.TransportVersionUtils;
 
 import java.util.EnumSet;
 import java.util.List;
@@ -25,16 +23,6 @@ public void testSerializeToCurrentVersion() throws Exception {
         assertSerialization(TransportVersion.current());
     }
 
-    public void testSerializeUsing7xVersion() throws Exception {
-        assertSerialization(
-            TransportVersionUtils.randomVersionBetween(
-                random(),
-                TransportVersions.V_7_8_1,
-                TransportVersionUtils.getPreviousVersion(TransportVersions.V_8_0_0)
-            )
-        );
-    }
-
     private void assertSerialization(TransportVersion version) throws java.io.IOException {
         final XPackInfoRequest request = new XPackInfoRequest();
         final List<Category> categories = randomSubsetOf(List.of(Category.values()));
 
@@ -8,7 +8,6 @@
 package org.elasticsearch.xpack.core.security.action.apikey;
 
 import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.action.LegacyActionRequest;
 import org.elasticsearch.common.Strings;
@@ -17,13 +16,13 @@
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.core.Booleans;
 import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.test.TransportVersionUtils;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 import java.util.function.Supplier;
 
-import static org.elasticsearch.test.TransportVersionUtils.randomVersionBetween;
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -175,15 +174,14 @@ public void testSerialization() throws IOException {
         final boolean ownedByAuthenticatedUser = true;
         InvalidateApiKeyRequest invalidateApiKeyRequest = InvalidateApiKeyRequest.usingApiKeyId(apiKeyId, ownedByAuthenticatedUser);
         {
+            TransportVersion transportVersion = TransportVersionUtils.randomCompatibleVersion(random());
             ByteArrayOutputStream outBuffer = new ByteArrayOutputStream();
             OutputStreamStreamOutput out = new OutputStreamStreamOutput(outBuffer);
-            out.setTransportVersion(randomVersionBetween(random(), TransportVersions.V_7_10_0, TransportVersion.current()));
+            out.setTransportVersion(transportVersion);
             invalidateApiKeyRequest.writeTo(out);
 
             InputStreamStreamInput inputStreamStreamInput = new InputStreamStreamInput(new ByteArrayInputStream(outBuffer.toByteArray()));
-            inputStreamStreamInput.setTransportVersion(
-                randomVersionBetween(random(), TransportVersions.V_7_10_0, TransportVersion.current())
-            );
+            inputStreamStreamInput.setTransportVersion(transportVersion);
             InvalidateApiKeyRequest requestFromInputStream = new InvalidateApiKeyRequest(inputStreamStreamInput);
 
             assertThat(requestFromInputStream, equalTo(invalidateApiKeyRequest));
 
@@ -36,6 +36,7 @@
 
 public class AuthenticationSerializationTests extends ESTestCase {
 
+    private static final TransportVersion VERSION_7_0_0 = TransportVersion.fromId(7_00_00_99);
     private static final TransportVersion SECURITY_CLOUD_API_KEY_REALM_AND_TYPE = TransportVersion.fromName(
         "security_cloud_api_key_realm_and_type"
     );
@@ -234,21 +235,16 @@ public void testReservedUserSerialization() throws Exception {
     }
 
     public void testRolesRemovedFromUserForLegacyApiKeys() throws IOException {
-        TransportVersion transportVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
-            TransportVersions.V_7_0_0,
-            TransportVersions.V_7_8_0
-        );
         Subject authenticatingSubject = new Subject(
             new User("foo", "role"),
             new Authentication.RealmRef(AuthenticationField.API_KEY_REALM_NAME, AuthenticationField.API_KEY_REALM_TYPE, "node"),
-            transportVersion,
+            VERSION_7_0_0,
             Map.of(AuthenticationField.API_KEY_ID_KEY, "abc")
         );
         Subject effectiveSubject = new Subject(
             new User("bar", "role"),
             new Authentication.RealmRef("native", "native", "node"),
-            transportVersion,
+            VERSION_7_0_0,
             Map.of()
         );
 
 
@@ -46,6 +46,7 @@
 import static java.util.Map.entry;
 import static org.elasticsearch.common.bytes.BytesReferenceTestUtils.equalBytes;
 import static org.elasticsearch.xpack.core.security.authc.Authentication.VERSION_API_KEY_ROLES_AS_BYTES;
+import static org.elasticsearch.xpack.core.security.authc.Authentication.VERSION_REALM_DOMAINS;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper.randomCloudApiKeyAuthentication;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationTestHelper.randomCrossClusterAccessSubjectInfo;
 import static org.elasticsearch.xpack.core.security.authc.CrossClusterAccessSubjectInfoTests.randomRoleDescriptorsIntersection;
@@ -64,6 +65,15 @@
 
 public class AuthenticationTests extends ESTestCase {
 
+    private static final TransportVersion VERSION_7_0_0 = TransportVersion.fromId(7_00_00_99);
+    public static final TransportVersion[] AUTHENTICATION_TRANSPORT_VERSIONS = {
+        VERSION_7_0_0,
+        Authentication.VERSION_SYNTHETIC_ROLE_NAMES,
+        VERSION_API_KEY_ROLES_AS_BYTES,
+        Authentication.VERSION_REALM_DOMAINS,
+        Authentication.VERSION_METADATA_BEYOND_GENERIC_MAP,
+        TransportVersion.current() };
+
     public void testIsFailedRunAs() {
         final Authentication failedAuthentication = randomRealmAuthentication(randomBoolean()).runAs(randomUser(), null);
         assertTrue(failedAuthentication.isRunAs());
@@ -982,11 +992,11 @@ public void testMaybeRewriteForOlderVersionErasesDomainForVersionsBeforeDomains(
         final TransportVersion olderVersion = TransportVersionUtils.randomVersionBetween(
             random(),
             TransportVersions.V_8_0_0,
-            TransportVersionUtils.getPreviousVersion(Authentication.VERSION_REALM_DOMAINS)
+            TransportVersionUtils.getPreviousVersion(VERSION_REALM_DOMAINS)
         );
         final Authentication authentication = AuthenticationTestHelper.builder()
             .realm() // randomize to test both when realm is null on the original auth and non-null, instead of setting `underDomain`
-            .transportVersion(TransportVersionUtils.randomVersionBetween(random(), Authentication.VERSION_REALM_DOMAINS, null))
+            .transportVersion(TransportVersionUtils.randomVersionBetween(random(), VERSION_REALM_DOMAINS, null))
             .build();
         assertThat(authentication.getEffectiveSubject().getTransportVersion().after(olderVersion), is(true));
 
@@ -1000,7 +1010,7 @@ public void testMaybeRewriteForOlderVersionErasesDomainForVersionsBeforeDomains(
     public void testMaybeRewriteForOlderVersionDoesNotEraseDomainForVersionsAfterDomains() {
         final TransportVersion olderVersion = TransportVersionUtils.randomVersionBetween(
             random(),
-            Authentication.VERSION_REALM_DOMAINS,
+            VERSION_REALM_DOMAINS,
             // Don't include CURRENT, so we always have at least one newer version available below
             TransportVersionUtils.getPreviousVersion()
         );
@@ -1053,19 +1063,15 @@ public void testMaybeRewriteRealmRef() {
 
         assertThat(
             Authentication.maybeRewriteRealmRef(
-                TransportVersionUtils.randomVersionBetween(
-                    random(),
-                    null,
-                    TransportVersionUtils.getPreviousVersion(Authentication.VERSION_REALM_DOMAINS)
-                ),
+                TransportVersionUtils.randomVersionBetween(random(), null, TransportVersionUtils.getPreviousVersion(VERSION_REALM_DOMAINS)),
                 realmRefWithDomain
             ).getDomain(),
             nullValue()
         );
 
         assertThat(
             Authentication.maybeRewriteRealmRef(
-                TransportVersionUtils.randomVersionBetween(random(), Authentication.VERSION_REALM_DOMAINS, null),
+                TransportVersionUtils.randomVersionBetween(random(), VERSION_REALM_DOMAINS, null),
                 realmRefWithDomain
             ),
             equalTo(realmRefWithDomain)
@@ -1095,10 +1101,9 @@ public void testMaybeRewriteMetadataForApiKeyRoleDescriptorsWithRemoteIndices()
             .build();
 
         // pick a version before that of the authentication instance to force a rewrite
-        final TransportVersion olderVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
+        final TransportVersion olderVersion = randomTransportVersionBetween(
             VERSION_API_KEY_ROLES_AS_BYTES,
-            TransportVersionUtils.getPreviousVersion(original.getEffectiveSubject().getTransportVersion())
+            original.getEffectiveSubject().getTransportVersion()
         );
 
         final Map<String, Object> rewrittenMetadata = original.maybeRewriteForOlderVersion(olderVersion)
@@ -1140,10 +1145,9 @@ public void testMaybeRewriteMetadataForApiKeyRoleDescriptorsWithRemoteCluster()
             .build();
 
         // pick a version before that of the authentication instance to force a rewrite
-        final TransportVersion olderVersion = TransportVersionUtils.randomVersionBetween(
-            random(),
+        final TransportVersion olderVersion = randomTransportVersionBetween(
             VERSION_API_KEY_ROLES_AS_BYTES,
-            TransportVersionUtils.getPreviousVersion(original.getEffectiveSubject().getTransportVersion())
+            original.getEffectiveSubject().getTransportVersion()
         );
 
         final Map<String, Object> rewrittenMetadata = original.maybeRewriteForOlderVersion(olderVersion)
@@ -1323,8 +1327,8 @@ public static Authentication randomAuthentication(User user, RealmRef realmRef,
             realmRef = randomRealmRef(false);
         }
         // If the realm is expected to have a domain, we need a version that's at least compatible with domains
-        final TransportVersion minVersion = realmRef.getDomain() != null ? Authentication.VERSION_REALM_DOMAINS : TransportVersions.V_7_0_0;
-        final TransportVersion version = TransportVersionUtils.randomVersionBetween(random(), minVersion, TransportVersion.current());
+        final TransportVersion minVersion = realmRef.getDomain() != null ? VERSION_REALM_DOMAINS : VERSION_7_0_0;
+        final TransportVersion version = randomTransportVersion(minVersion);
         final Map<String, Object> metadata;
         if (randomBoolean()) {
             metadata = Map.of(randomAlphaOfLengthBetween(3, 8), randomAlphaOfLengthBetween(3, 8));
@@ -1337,13 +1341,37 @@ public static Authentication randomAuthentication(User user, RealmRef realmRef,
     }
 
     public static Authentication randomApiKeyAuthentication(User user, String apiKeyId) {
-        return randomApiKeyAuthentication(
-            user,
-            apiKeyId,
-            TransportVersionUtils.randomVersionBetween(random(), TransportVersions.V_7_0_0, TransportVersion.current())
+        return randomApiKeyAuthentication(user, apiKeyId, randomTransportVersion());
+    }
+
+    /**
+     * @param minVersion minimum version, inclusive
+     * @param maxVersion maximum version, exclusive
+     */
+    public static TransportVersion randomTransportVersionBetween(TransportVersion minVersion, TransportVersion maxVersion) {
+        return randomFrom(
+            Arrays.stream(AUTHENTICATION_TRANSPORT_VERSIONS)
+                .filter(v -> v.onOrAfter(minVersion) && v.before(maxVersion))
+                .toArray(TransportVersion[]::new)
+        );
+    }
+
+    public static TransportVersion randomTransportVersionBefore(TransportVersion maxVersion) {
+        return randomFrom(
+            Arrays.stream(AUTHENTICATION_TRANSPORT_VERSIONS).filter(v -> v.before(maxVersion)).toArray(TransportVersion[]::new)
         );
     }
 
+    public static TransportVersion randomTransportVersion(TransportVersion minVersion) {
+        return randomFrom(
+            Arrays.stream(AUTHENTICATION_TRANSPORT_VERSIONS).filter(v -> v.onOrAfter(minVersion)).toArray(TransportVersion[]::new)
+        );
+    }
+
+    public static TransportVersion randomTransportVersion() {
+        return randomFrom(AUTHENTICATION_TRANSPORT_VERSIONS);
+    }
+
     public static Authentication randomApiKeyAuthentication(User user, String apiKeyId, TransportVersion version) {
         return randomApiKeyAuthentication(
             user,