Remove TestXPackTransportClient (#42103)

In preparation for removing the transport client for 8.0, this commit
begins removing transport client testing infrastructure. The tests
removed here were all testing transport client specific behavior.
For the rest, there already exist http specific test methods.

Author: rjernst

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/TestXPackTransportClient.java

@@ -19,11 +19,8 @@
 import org.elasticsearch.client.RequestOptions;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.ResponseException;
-import org.elasticsearch.client.transport.NoNodeAvailableException;
-import org.elasticsearch.client.transport.TransportClient;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.util.concurrent.ThreadContext;
 import org.elasticsearch.discovery.DiscoveryModule;
 import org.elasticsearch.license.License.OperationMode;
 import org.elasticsearch.node.MockNode;
@@ -36,14 +33,8 @@
 import org.elasticsearch.test.SecuritySettingsSourceField;
 import org.elasticsearch.test.junit.annotations.TestLogging;
 import org.elasticsearch.transport.Netty4Plugin;
-import org.elasticsearch.transport.Transport;
-import org.elasticsearch.xpack.core.TestXPackTransportClient;
 import org.elasticsearch.xpack.core.XPackField;
-import org.elasticsearch.xpack.core.security.SecurityField;
-import org.elasticsearch.xpack.core.security.action.user.PutUserResponse;
-import org.elasticsearch.xpack.core.security.authc.support.Hasher;
 import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
-import org.elasticsearch.xpack.core.security.client.SecurityClient;
 import org.elasticsearch.xpack.security.LocalStateSecurity;
 import org.junit.After;
 import org.junit.Before;
@@ -60,7 +51,6 @@
 import static org.elasticsearch.common.xcontent.XContentFactory.jsonBuilder;
 import static org.elasticsearch.discovery.SettingsBasedSeedHostsProvider.DISCOVERY_SEED_HOSTS_SETTING;
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertNoFailures;
-import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.greaterThanOrEqualTo;
 import static org.hamcrest.Matchers.hasItem;
 import static org.hamcrest.Matchers.is;
@@ -156,7 +146,7 @@ public void testEnableDisableBehaviour() throws Exception {
         assertEquals(DocWriteResponse.Result.CREATED, indexResponse.getResult());
 
         refresh();
-        final Client client = internalCluster().transportClient();
+        final Client client = internalCluster().client();
 
         disableLicensing();
 
@@ -216,57 +206,6 @@ public void testRestAuthenticationByLicenseType() throws Exception {
         assertThat(authorizedAuthenticateResponse.getStatusLine().getStatusCode(), is(200));
     }
 
-    public void testSecurityActionsByLicenseType() throws Exception {
-        // security actions should not work!
-        Settings settings = internalCluster().transportClient().settings();
-        try (TransportClient client = new TestXPackTransportClient(settings, LocalStateSecurity.class)) {
-            client.addTransportAddress(internalCluster().getDataNodeInstance(Transport.class).boundAddress().publishAddress());
-            new SecurityClient(client).preparePutUser("john", "password".toCharArray(), Hasher.BCRYPT).get();
-            fail("security actions should not be enabled!");
-        } catch (ElasticsearchSecurityException e) {
-            assertThat(e.status(), is(RestStatus.FORBIDDEN));
-            assertThat(e.getMessage(), containsString("non-compliant"));
-        }
-
-        // enable a license that enables security
-        License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.TRIAL,
-                License.OperationMode.PLATINUM, License.OperationMode.STANDARD, OperationMode.BASIC);
-        enableLicensing(mode);
-        // security actions should work!
-        try (TransportClient client = new TestXPackTransportClient(settings, LocalStateSecurity.class)) {
-            client.addTransportAddress(internalCluster().getDataNodeInstance(Transport.class).boundAddress().publishAddress());
-            PutUserResponse response = new SecurityClient(client).preparePutUser("john", "password".toCharArray(), Hasher.BCRYPT).get();
-            assertNotNull(response);
-        }
-    }
-
-    public void testTransportClientAuthenticationByLicenseType() throws Exception {
-        Settings.Builder builder = Settings.builder()
-                .put(internalCluster().transportClient().settings());
-        // remove user info
-        builder.remove(SecurityField.USER_SETTING.getKey());
-        builder.remove(ThreadContext.PREFIX + "." + UsernamePasswordToken.BASIC_AUTH_HEADER);
-
-        // basic has no auth
-        try (TransportClient client = new TestXPackTransportClient(builder.build(), LocalStateSecurity.class)) {
-            client.addTransportAddress(internalCluster().getDataNodeInstance(Transport.class).boundAddress().publishAddress());
-            assertGreenClusterState(client);
-        }
-
-        // enable a license that enables security
-        License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.TRIAL,
-                License.OperationMode.PLATINUM, License.OperationMode.STANDARD);
-        enableLicensing(mode);
-
-        try (TransportClient client = new TestXPackTransportClient(builder.build(), LocalStateSecurity.class)) {
-            client.addTransportAddress(internalCluster().getDataNodeInstance(Transport.class).boundAddress().publishAddress());
-            client.admin().cluster().prepareHealth().get();
-            fail("should not have been able to connect to a node!");
-        } catch (NoNodeAvailableException e) {
-            // expected
-        }
-    }
-
     public void testNodeJoinWithoutSecurityExplicitlyEnabled() throws Exception {
         License.OperationMode mode = randomFrom(License.OperationMode.GOLD, License.OperationMode.PLATINUM, License.OperationMode.STANDARD);
         enableLicensing(mode);

x-pack/plugin/ml/src/test/java/org/elasticsearch/license/MachineLearningLicensingTests.java

@@ -5,35 +5,16 @@
  */
 package org.elasticsearch.xpack.security.authc;
 
-import org.elasticsearch.ElasticsearchSecurityException;
-import org.elasticsearch.action.admin.cluster.health.ClusterHealthResponse;
-import org.elasticsearch.action.admin.cluster.node.info.NodeInfo;
-import org.elasticsearch.action.admin.cluster.node.info.NodesInfoResponse;
 import org.elasticsearch.client.Request;
 import org.elasticsearch.client.RequestOptions;
 import org.elasticsearch.client.ResponseException;
-import org.elasticsearch.client.transport.TransportClient;
-import org.elasticsearch.common.settings.SecureString;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.transport.TransportAddress;
 import org.elasticsearch.test.SecurityIntegTestCase;
 import org.elasticsearch.test.SecuritySettingsSource;
-import org.elasticsearch.test.SecuritySettingsSourceField;
-import org.elasticsearch.xpack.core.TestXPackTransportClient;
 import org.elasticsearch.xpack.core.security.authc.AuthenticationServiceField;
-import org.elasticsearch.xpack.security.LocalStateSecurity;
-import org.elasticsearch.xpack.core.security.SecurityField;
 import org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken;
 import org.junit.BeforeClass;
 
-import java.util.Collections;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-
 import static org.elasticsearch.test.SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING;
-import static org.hamcrest.Matchers.containsString;
-import static org.hamcrest.Matchers.greaterThan;
 import static org.hamcrest.Matchers.is;
 
 public class RunAsIntegTests extends SecurityIntegTestCase {
@@ -86,43 +67,6 @@ protected boolean transportSSLEnabled() {
         return false;
     }
 
-    public void testUserImpersonation() throws Exception {
-        try (TransportClient client = getTransportClient(Settings.builder()
-                .put(SecurityField.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" +
-                     SecuritySettingsSourceField.TEST_PASSWORD).build())) {
-            //ensure the client can connect
-            assertBusy(() -> assertThat(client.connectedNodes().size(), greaterThan(0)));
-
-            // make sure the client can't get health
-            try {
-                client.admin().cluster().prepareHealth().get();
-                fail("the client user should not have privileges to get the health");
-            } catch (ElasticsearchSecurityException e) {
-                assertThat(e.getMessage(), containsString("unauthorized"));
-            }
-
-            // let's run as without authorization
-            try {
-                Map<String, String> headers = Collections.singletonMap(AuthenticationServiceField.RUN_AS_USER_HEADER,
-                        SecuritySettingsSource.TEST_USER_NAME);
-                client.filterWithHeader(headers)
-                        .admin().cluster().prepareHealth().get();
-                fail("run as should be unauthorized for the transport client user");
-            } catch (ElasticsearchSecurityException e) {
-                assertThat(e.getMessage(), containsString("unauthorized"));
-                assertThat(e.getMessage(), containsString("run as"));
-            }
-
-            Map<String, String> headers = new HashMap<>();
-            headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                    new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
-            headers.put(AuthenticationServiceField.RUN_AS_USER_HEADER, SecuritySettingsSource.TEST_USER_NAME);
-            // lets set the user
-            ClusterHealthResponse response = client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
-            assertThat(response.isTimedOut(), is(false));
-        }
-    }
-
     public void testUserImpersonationUsingHttp() throws Exception {
         // use the transport client user and try to run as
         try {
@@ -156,29 +100,6 @@ public void testUserImpersonationUsingHttp() throws Exception {
         getRestClient().performRequest(requestForUserRunAsUser(SecuritySettingsSource.TEST_USER_NAME));
     }
 
-    public void testEmptyUserImpersonationHeader() throws Exception {
-        try (TransportClient client = getTransportClient(Settings.builder()
-                .put(SecurityField.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":"
-                     + SecuritySettingsSourceField.TEST_PASSWORD).build())) {
-            //ensure the client can connect
-            awaitBusy(() -> {
-                return client.connectedNodes().size() > 0;
-            });
-
-            try {
-                Map<String, String> headers = new HashMap<>();
-                headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
-                headers.put(AuthenticationServiceField.RUN_AS_USER_HEADER, "");
-
-                client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
-                fail("run as header should not be allowed to be empty");
-            } catch (ElasticsearchSecurityException e) {
-                assertThat(e.getMessage(), containsString("unable to authenticate"));
-            }
-        }
-    }
-
     public void testEmptyHeaderUsingHttp() throws Exception {
         try {
             getRestClient().performRequest(requestForUserRunAsUser(""));
@@ -188,29 +109,6 @@ public void testEmptyHeaderUsingHttp() throws Exception {
         }
     }
 
-    public void testNonExistentRunAsUser() throws Exception {
-        try (TransportClient client = getTransportClient(Settings.builder()
-                .put(SecurityField.USER_SETTING.getKey(), TRANSPORT_CLIENT_USER + ":" +
-                     SecuritySettingsSourceField.TEST_PASSWORD).build())) {
-            //ensure the client can connect
-            awaitBusy(() -> {
-                return client.connectedNodes().size() > 0;
-            });
-
-            try {
-                Map<String, String> headers = new HashMap<>();
-                headers.put("Authorization", UsernamePasswordToken.basicAuthHeaderValue(RUN_AS_USER,
-                        new SecureString(SecuritySettingsSourceField.TEST_PASSWORD.toCharArray())));
-                headers.put(AuthenticationServiceField.RUN_AS_USER_HEADER, "idontexist");
-
-                client.filterWithHeader(headers).admin().cluster().prepareHealth().get();
-                fail("run as header should not accept non-existent users");
-            } catch (ElasticsearchSecurityException e) {
-                assertThat(e.getMessage(), containsString("unauthorized"));
-            }
-        }
-    }
-
     public void testNonExistentRunAsUserUsingHttp() throws Exception {
         try {
             getRestClient().performRequest(requestForUserRunAsUser("idontexist"));
@@ -228,21 +126,4 @@ private static Request requestForUserRunAsUser(String user) {
         request.setOptions(options);
         return request;
     }
-
-    // build our own here to better mimic an actual client...
-    TransportClient getTransportClient(Settings extraSettings) {
-        NodesInfoResponse nodeInfos = client().admin().cluster().prepareNodesInfo().get();
-        List<NodeInfo> nodes = nodeInfos.getNodes();
-        assertTrue(nodes.isEmpty() == false);
-        TransportAddress publishAddress = randomFrom(nodes).getTransport().address().publishAddress();
-        String clusterName = nodeInfos.getClusterName().value();
-
-        Settings settings = Settings.builder()
-                .put(extraSettings)
-                .put("cluster.name", clusterName)
-                .build();
-
-        return new TestXPackTransportClient(settings, LocalStateSecurity.class)
-                .addTransportAddress(publishAddress);
-    }
 }