Restore behavior for force parameter (#44847)

Turns out that the behavior of `-f` for the add and add-file sub
commands where it would also forcibly create the keystore if it
didn't exist, was by design - although undocumented.
This change restores that behavior auto-creating a keystore that
is not password protected if the force flag is used. The force
OptionSpec is moved to the BaseKeyStoreCommand as we will presumably
want to maintain the same behavior in any other command that takes
a force option.

Author: jkakavas

distribution/docker/docker-test-entrypoint.sh

@@ -1,7 +1,6 @@
 #!/bin/bash
 cd /usr/share/elasticsearch/bin/
 ./elasticsearch-users useradd x_pack_rest_user -p x-pack-test-password -r superuser || true
-./elasticsearch-keystore create
 echo "testnode" > /tmp/password
 cat /tmp/password  | ./elasticsearch-keystore add -x -f -v 'xpack.security.transport.ssl.keystore.secure_password'
 cat /tmp/password  | ./elasticsearch-keystore add -x -f -v 'xpack.security.http.ssl.keystore.secure_password'

distribution/tools/keystore-cli/src/main/java/org/elasticsearch/common/settings/AddFileKeyStoreCommand.java

@@ -38,12 +38,12 @@
  */
 class AddFileKeyStoreCommand extends BaseKeyStoreCommand {
 
-    private final OptionSpec<Void> forceOption;
     private final OptionSpec<String> arguments;
 
     AddFileKeyStoreCommand() {
         super("Add a file setting to the keystore", false);
-        this.forceOption = parser.acceptsAll(Arrays.asList("f", "force"), "Overwrite existing setting without prompting");
+        this.forceOption = parser.acceptsAll(Arrays.asList("f", "force"),
+            "Overwrite existing setting without prompting, creating keystore if necessary");
         // jopt simple has issue with multiple non options, so we just get one set of them here
         // and convert to File when necessary
         // see https://github.com/jopt-simple/jopt-simple/issues/103
@@ -52,7 +52,6 @@ class AddFileKeyStoreCommand extends BaseKeyStoreCommand {
 
     @Override
     protected void executeCommand(Terminal terminal, OptionSet options, Environment env) throws Exception {
-
         List<String> argumentValues = arguments.values(options);
         if (argumentValues.size() == 0) {
             throw new UserException(ExitCodes.USAGE, "Missing setting name");

distribution/tools/keystore-cli/src/main/java/org/elasticsearch/common/settings/AddStringKeyStoreCommand.java

@@ -38,13 +38,13 @@
 class AddStringKeyStoreCommand extends BaseKeyStoreCommand {
 
     private final OptionSpec<Void> stdinOption;
-    private final OptionSpec<Void> forceOption;
     private final OptionSpec<String> arguments;
 
     AddStringKeyStoreCommand() {
         super("Add a string setting to the keystore", false);
         this.stdinOption = parser.acceptsAll(Arrays.asList("x", "stdin"), "Read setting value from stdin");
-        this.forceOption = parser.acceptsAll(Arrays.asList("f", "force"), "Overwrite existing setting without prompting");
+        this.forceOption = parser.acceptsAll(Arrays.asList("f", "force"),
+            "Overwrite existing setting without prompting, creating keystore if necessary");
         this.arguments = parser.nonOptions("setting name");
     }
 

distribution/tools/keystore-cli/src/main/java/org/elasticsearch/common/settings/BaseKeyStoreCommand.java

@@ -20,6 +20,7 @@
 package org.elasticsearch.common.settings;
 
 import joptsimple.OptionSet;
+import joptsimple.OptionSpec;
 import org.elasticsearch.cli.EnvironmentAwareCommand;
 import org.elasticsearch.cli.ExitCodes;
 import org.elasticsearch.cli.Terminal;
@@ -34,6 +35,7 @@ public abstract class BaseKeyStoreCommand extends EnvironmentAwareCommand {
     private KeyStoreWrapper keyStore;
     private SecureString keyStorePassword;
     private final boolean keyStoreMustExist;
+    OptionSpec<Void> forceOption;
 
     public BaseKeyStoreCommand(String description, boolean keyStoreMustExist) {
         super(description);
@@ -49,7 +51,7 @@ protected final void execute(Terminal terminal, OptionSet options, Environment e
                 if (keyStoreMustExist) {
                     throw new UserException(ExitCodes.DATA_ERROR, "Elasticsearch keystore not found at [" +
                         KeyStoreWrapper.keystorePath(env.configFile()) + "]. Use 'create' command to create one.");
-                } else {
+                } else if (options.has(forceOption) == false) {
                     if (terminal.promptYesNo("The elasticsearch keystore does not exist. Do you want to create it?", false) == false) {
                         terminal.println("Exiting without creating keystore.");
                         return;
@@ -101,8 +103,7 @@ static SecureString readPassword(Terminal terminal, boolean withVerification) th
         } else {
             passwordArray = terminal.readSecret("Enter password for the elasticsearch keystore : ");
         }
-        final SecureString password = new SecureString(passwordArray);
-        return password;
+        return new SecureString(passwordArray);
     }
 
     /**

distribution/tools/keystore-cli/src/test/java/org/elasticsearch/common/settings/AddFileKeyStoreCommandTests.java

@@ -58,14 +58,21 @@ private void addFile(KeyStoreWrapper keystore, String setting, Path file, String
         keystore.save(env.configFile(), password.toCharArray());
     }
 
-    public void testMissingCreateWithEmptyPassword() throws Exception {
+    public void testMissingCreateWithEmptyPasswordWhenPrompted() throws Exception {
         String password = "";
         Path file1 = createRandomFile();
         terminal.addTextInput("y");
         execute("foo", file1.toString());
         assertSecureFile("foo", file1, password);
     }
 
+    public void testMissingCreateWithEmptyPasswordWithoutPromptIfForced() throws Exception {
+        String password = "";
+        Path file1 = createRandomFile();
+        execute("-f", "foo", file1.toString());
+        assertSecureFile("foo", file1, password);
+    }
+
     public void testMissingNoCreate() throws Exception {
         terminal.addSecretInput(randomFrom("", "keystorepassword"));
         terminal.addTextInput("n"); // explicit no

distribution/tools/keystore-cli/src/test/java/org/elasticsearch/common/settings/AddStringKeyStoreCommandTests.java

@@ -59,13 +59,19 @@ public void testInvalidPassphrease() throws Exception {
 
     }
 
-    public void testMissingPromptCreateWithoutPassword() throws Exception {
+    public void testMissingPromptCreateWithoutPasswordWhenPrompted() throws Exception {
         terminal.addTextInput("y");
         terminal.addSecretInput("bar");
         execute("foo");
         assertSecureString("foo", "bar", "");
     }
 
+    public void testMissingPromptCreateWithoutPasswordWithoutPromptIfForced() throws Exception {
+        terminal.addSecretInput("bar");
+        execute("-f", "foo");
+        assertSecureString("foo", "bar", "");
+    }
+
     public void testMissingNoCreate() throws Exception {
         terminal.addTextInput("n"); // explicit no
         execute("foo");