Merge branch 'master' into delete-snap-on-searchable-index-deletion

Author: tlrx

.ci/jobs.t/elastic+elasticsearch+pull-request+packaging-tests-unix.yml

@@ -32,19 +32,15 @@
           type: label-expression
           name: os
           values:
-            - centos-6-packaging
             - centos-7-packaging
             - centos-8-packaging
-            - debian-8-packaging
             - debian-9-packaging
             - debian-10-packaging
             - opensuse-15-1-packaging
-            - oraclelinux-6-packaging
             - oraclelinux-7-packaging
             - oraclelinux-8-packaging
             - sles-12-packaging
             - sles-15-packaging
-            - ubuntu-16.04-packaging
             - ubuntu-18.04-packaging
             - ubuntu-20.04-packaging
       - axis:

build-tools-internal/src/main/groovy/elasticsearch.run.gradle

@@ -27,9 +27,6 @@ testClusters {
         throw new IllegalArgumentException("Unsupported self-generated license type: [" + licenseType + "[basic] or [trial].")
       }
       setting 'xpack.security.enabled', 'true'
-      if (VersionProperties.elasticsearch.toString().endsWith('-SNAPSHOT')) {
-        setting 'es.shutdown_feature_flag_enabled', 'true'
-      }
       keystore 'bootstrap.password', 'password'
       user username: 'elastic-admin', password: 'elastic-password', role: 'superuser'
     }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/GetServiceAccountCredentialsResponse.java

@@ -9,84 +9,83 @@
 package org.elasticsearch.client.security;
 
 import org.elasticsearch.client.security.support.ServiceTokenInfo;
-import org.elasticsearch.common.xcontent.ParseField;
 import org.elasticsearch.common.xcontent.ConstructingObjectParser;
+import org.elasticsearch.common.xcontent.ParseField;
 import org.elasticsearch.common.xcontent.XContentParser;
 
 import java.io.IOException;
+import java.util.ArrayList;
 import java.util.List;
-import java.util.Map;
 import java.util.Objects;
-import java.util.stream.Collectors;
-import java.util.stream.Stream;
 
 import static org.elasticsearch.common.xcontent.ConstructingObjectParser.constructorArg;
+import static org.elasticsearch.common.xcontent.XContentParserUtils.ensureExpectedToken;
 
 /**
  * Response when requesting credentials of a service account.
  */
 public final class GetServiceAccountCredentialsResponse {
 
     private final String principal;
-    private final String nodeName;
-    private final List<ServiceTokenInfo> serviceTokenInfos;
+    private final List<ServiceTokenInfo> indexTokenInfos;
+    private final ServiceAccountCredentialsNodesResponse nodesResponse;
 
-    public GetServiceAccountCredentialsResponse(
-        String principal, String nodeName, List<ServiceTokenInfo> serviceTokenInfos) {
+    public GetServiceAccountCredentialsResponse(String principal,
+                                                List<ServiceTokenInfo> indexTokenInfos,
+                                                ServiceAccountCredentialsNodesResponse nodesResponse) {
         this.principal = Objects.requireNonNull(principal, "principal is required");
-        this.nodeName = Objects.requireNonNull(nodeName, "nodeName is required");
-        this.serviceTokenInfos = List.copyOf(Objects.requireNonNull(serviceTokenInfos, "service token infos are required)"));
+        this.indexTokenInfos = List.copyOf(Objects.requireNonNull(indexTokenInfos, "service token infos are required"));
+        this.nodesResponse = Objects.requireNonNull(nodesResponse, "nodes response is required");
     }
 
     public String getPrincipal() {
         return principal;
     }
 
-    public String getNodeName() {
-        return nodeName;
-    }
-
-    public List<ServiceTokenInfo> getServiceTokenInfos() {
-        return serviceTokenInfos;
+    public List<ServiceTokenInfo> getIndexTokenInfos() {
+        return indexTokenInfos;
     }
 
-    @Override
-    public boolean equals(Object o) {
-        if (this == o)
-            return true;
-        if (o == null || getClass() != o.getClass())
-            return false;
-        GetServiceAccountCredentialsResponse that = (GetServiceAccountCredentialsResponse) o;
-        return principal.equals(that.principal) && nodeName.equals(that.nodeName) && serviceTokenInfos.equals(that.serviceTokenInfos);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(principal, nodeName, serviceTokenInfos);
+    public ServiceAccountCredentialsNodesResponse getNodesResponse() {
+        return nodesResponse;
     }
 
+    @SuppressWarnings("unchecked")
     static ConstructingObjectParser<GetServiceAccountCredentialsResponse, Void> PARSER =
         new ConstructingObjectParser<>("get_service_account_credentials_response",
             args -> {
-                @SuppressWarnings("unchecked")
-                final List<ServiceTokenInfo> tokenInfos = Stream.concat(
-                    ((Map<String, Object>) args[3]).keySet().stream().map(name -> new ServiceTokenInfo(name, "index")),
-                    ((Map<String, Object>) args[4]).keySet().stream().map(name -> new ServiceTokenInfo(name, "file")))
-                    .collect(Collectors.toList());
-                assert tokenInfos.size() == (int) args[2] : "number of tokens do not match";
-                return new GetServiceAccountCredentialsResponse((String) args[0], (String) args[1], tokenInfos);
+                final int count = (int) args[1];
+                final List<ServiceTokenInfo> indexTokenInfos = (List<ServiceTokenInfo>) args[2];
+                final ServiceAccountCredentialsNodesResponse fileTokensResponse = (ServiceAccountCredentialsNodesResponse) args[3];
+                if (count != indexTokenInfos.size() + fileTokensResponse.getFileTokenInfos().size()) {
+                    throw new IllegalArgumentException("number of tokens do not match");
+                }
+                return new GetServiceAccountCredentialsResponse((String) args[0], indexTokenInfos, fileTokensResponse);
             });
 
     static {
         PARSER.declareString(constructorArg(), new ParseField("service_account"));
-        PARSER.declareString(constructorArg(), new ParseField("node_name"));
         PARSER.declareInt(constructorArg(), new ParseField("count"));
-        PARSER.declareObject(constructorArg(), (p, c) -> p.map(), new ParseField("tokens"));
-        PARSER.declareObject(constructorArg(), (p, c) -> p.map(), new ParseField("file_tokens"));
+        PARSER.declareObject(constructorArg(),
+            (p, c) -> GetServiceAccountCredentialsResponse.parseIndexTokenInfos(p), new ParseField("tokens"));
+        PARSER.declareObject(constructorArg(),
+            (p, c) -> ServiceAccountCredentialsNodesResponse.fromXContent(p), new ParseField("nodes_credentials"));
     }
 
     public static GetServiceAccountCredentialsResponse fromXContent(XContentParser parser) throws IOException {
         return PARSER.parse(parser, null);
     }
 
+    static List<ServiceTokenInfo> parseIndexTokenInfos(XContentParser parser) throws IOException {
+        ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.currentToken(), parser);
+        final List<ServiceTokenInfo> indexTokenInfos = new ArrayList<>();
+        XContentParser.Token token;
+        while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
+            ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser);
+            indexTokenInfos.add(new ServiceTokenInfo(parser.currentName(), "index"));
+            ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.nextToken(), parser);
+            ensureExpectedToken(XContentParser.Token.END_OBJECT, parser.nextToken(), parser);
+        }
+        return indexTokenInfos;
+    }
 }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/ServiceAccountCredentialsNodesResponse.java

@@ -0,0 +1,81 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0 and the Server Side Public License, v 1; you may not use this file except
+ * in compliance with, at your election, the Elastic License 2.0 or the Server
+ * Side Public License, v 1.
+ */
+
+package org.elasticsearch.client.security;
+
+import org.elasticsearch.client.NodesResponseHeader;
+import org.elasticsearch.client.security.support.ServiceTokenInfo;
+import org.elasticsearch.common.xcontent.XContentParser;
+import org.elasticsearch.common.xcontent.XContentParserUtils;
+
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+
+import static org.elasticsearch.common.xcontent.XContentParserUtils.ensureExpectedToken;
+import static org.elasticsearch.common.xcontent.XContentParserUtils.ensureFieldName;
+
+public class ServiceAccountCredentialsNodesResponse {
+
+    private final NodesResponseHeader header;
+    private final List<ServiceTokenInfo> fileTokenInfos;
+
+    public ServiceAccountCredentialsNodesResponse(
+        NodesResponseHeader header, List<ServiceTokenInfo> fileTokenInfos) {
+        this.header = header;
+        this.fileTokenInfos = fileTokenInfos;
+    }
+
+    public NodesResponseHeader getHeader() {
+        return header;
+    }
+
+    public List<ServiceTokenInfo> getFileTokenInfos() {
+        return fileTokenInfos;
+    }
+
+    public static ServiceAccountCredentialsNodesResponse fromXContent(XContentParser parser) throws IOException {
+        ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.currentToken(), parser);
+        NodesResponseHeader header = null;
+        List<ServiceTokenInfo> fileTokenInfos = List.of();
+        XContentParser.Token token;
+        while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
+            ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser);
+            if ("_nodes".equals(parser.currentName())) {
+                if (header == null) {
+                    header = NodesResponseHeader.fromXContent(parser, null);
+                } else {
+                    throw new IllegalArgumentException("expecting only a single [_nodes] field, multiple found");
+                }
+            } else if ("file_tokens".equals(parser.currentName())) {
+                fileTokenInfos = parseFileToken(parser);
+            } else {
+                throw new IllegalArgumentException("expecting field of either [_nodes] or [file_tokens], found ["
+                    + parser.currentName() + "]");
+            }
+        }
+        return new ServiceAccountCredentialsNodesResponse(header, fileTokenInfos);
+    }
+
+    static List<ServiceTokenInfo> parseFileToken(XContentParser parser) throws IOException {
+        ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.nextToken(), parser);
+        XContentParser.Token token;
+        final ArrayList<ServiceTokenInfo> fileTokenInfos = new ArrayList<>();
+        while ((token = parser.nextToken()) != XContentParser.Token.END_OBJECT) {
+            ensureExpectedToken(XContentParser.Token.FIELD_NAME, token, parser);
+            final String tokenName = parser.currentName();
+            ensureExpectedToken(XContentParser.Token.START_OBJECT, parser.nextToken(), parser);
+            ensureFieldName(parser, parser.nextToken(), "nodes");
+            parser.nextToken();
+            final List<String> nodeNames = XContentParserUtils.parseList(parser, XContentParser::text);
+            ensureExpectedToken(XContentParser.Token.END_OBJECT, parser.nextToken(), parser);
+            fileTokenInfos.add(new ServiceTokenInfo(tokenName, "file", nodeNames));
+        }
+        return fileTokenInfos;
+    }
+}

client/rest-high-level/src/main/java/org/elasticsearch/client/security/support/ServiceTokenInfo.java

@@ -8,15 +8,25 @@
 
 package org.elasticsearch.client.security.support;
 
+import org.elasticsearch.core.Nullable;
+
+import java.util.Collection;
 import java.util.Objects;
 
 public class ServiceTokenInfo {
     private final String name;
     private final String source;
+    @Nullable
+    private final Collection<String> nodeNames;
 
     public ServiceTokenInfo(String name, String source) {
+        this(name, source, null);
+    }
+
+    public ServiceTokenInfo(String name, String source, Collection<String> nodeNames) {
         this.name = Objects.requireNonNull(name, "token name is required");
         this.source = Objects.requireNonNull(source, "token source is required");
+        this.nodeNames = nodeNames;
     }
 
     public String getName() {
@@ -27,23 +37,27 @@ public String getSource() {
         return source;
     }
 
+    public Collection<String> getNodeNames() {
+        return nodeNames;
+    }
+
     @Override
     public boolean equals(Object o) {
         if (this == o)
             return true;
         if (o == null || getClass() != o.getClass())
             return false;
         ServiceTokenInfo that = (ServiceTokenInfo) o;
-        return name.equals(that.name) && source.equals(that.source);
+        return Objects.equals(name, that.name) && Objects.equals(source, that.source) && Objects.equals(nodeNames, that.nodeNames);
     }
 
     @Override
     public int hashCode() {
-        return Objects.hash(name, source);
+        return Objects.hash(name, source, nodeNames);
     }
 
     @Override
     public String toString() {
-        return "ServiceTokenInfo{" + "name='" + name + '\'' + ", source='" + source + '\'' + '}';
+        return "ServiceTokenInfo{" + "name='" + name + '\'' + ", source='" + source + '\'' + ", nodeNames=" + nodeNames + '}';
     }
 }

client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java

@@ -14,6 +14,7 @@
 import org.elasticsearch.action.LatchedActionListener;
 import org.elasticsearch.action.support.PlainActionFuture;
 import org.elasticsearch.client.ESRestHighLevelClientTestCase;
+import org.elasticsearch.client.NodesResponseHeader;
 import org.elasticsearch.client.RequestOptions;
 import org.elasticsearch.client.RestHighLevelClient;
 import org.elasticsearch.client.security.AuthenticateResponse;
@@ -122,6 +123,7 @@
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Base64;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
@@ -2745,17 +2747,23 @@ public void testGetServiceAccountCredentials() throws IOException {
 
             // tag::get-service-account-credentials-response
             final String principal = getServiceAccountCredentialsResponse.getPrincipal(); // <1>
-            final String nodeName = getServiceAccountCredentialsResponse.getNodeName(); // <2>
-            final List<ServiceTokenInfo> serviceTokenInfos = getServiceAccountCredentialsResponse.getServiceTokenInfos(); // <3>
-            final String tokenName = serviceTokenInfos.get(0).getName(); // <4>
-            final String tokenSource = serviceTokenInfos.get(0).getSource(); // <5>
+            final List<ServiceTokenInfo> indexTokenInfos = getServiceAccountCredentialsResponse.getIndexTokenInfos(); // <2>
+            final String tokenName = indexTokenInfos.get(0).getName(); // <3>
+            final String tokenSource = indexTokenInfos.get(0).getSource(); // <4>
+            final Collection<String> nodeNames = indexTokenInfos.get(0).getNodeNames(); // <5>
+            final List<ServiceTokenInfo> fileTokenInfos
+                = getServiceAccountCredentialsResponse.getNodesResponse().getFileTokenInfos(); // <6>
+            final NodesResponseHeader fileTokensResponseHeader
+                = getServiceAccountCredentialsResponse.getNodesResponse().getHeader(); // <7>
+            final int nSuccessful = fileTokensResponseHeader.getSuccessful(); // <8>
+            final int nFailed = fileTokensResponseHeader.getFailed(); // <9>
             // end::get-service-account-credentials-response
             assertThat(principal, equalTo("elastic/fleet-server"));
             // Cannot assert exactly one token because there are rare occasions where tests overlap and it will see
             // token created from other tests
-            assertThat(serviceTokenInfos.size(), greaterThanOrEqualTo(1));
-            assertThat(serviceTokenInfos.stream().map(ServiceTokenInfo::getName).collect(Collectors.toSet()), hasItem("token2"));
-            assertThat(serviceTokenInfos.stream().map(ServiceTokenInfo::getSource).collect(Collectors.toSet()), hasItem("index"));
+            assertThat(indexTokenInfos.size(), greaterThanOrEqualTo(1));
+            assertThat(indexTokenInfos.stream().map(ServiceTokenInfo::getName).collect(Collectors.toSet()), hasItem("token2"));
+            assertThat(indexTokenInfos.stream().map(ServiceTokenInfo::getSource).collect(Collectors.toSet()), hasItem("index"));
         }
 
         {
@@ -2787,8 +2795,8 @@ public void onFailure(Exception e) {
 
             assertNotNull(future.actionGet());
             assertThat(future.actionGet().getPrincipal(), equalTo("elastic/fleet-server"));
-            assertThat(future.actionGet().getServiceTokenInfos().size(), greaterThanOrEqualTo(1));
-            assertThat(future.actionGet().getServiceTokenInfos().stream().map(ServiceTokenInfo::getName).collect(Collectors.toSet()),
+            assertThat(future.actionGet().getIndexTokenInfos().size(), greaterThanOrEqualTo(1));
+            assertThat(future.actionGet().getIndexTokenInfos().stream().map(ServiceTokenInfo::getName).collect(Collectors.toSet()),
                 hasItem("token2"));
         }
     }