ensure auth config conflicts throw an exception

Author: philkra

src/Elasticsearch/ClientBuilder.php

@@ -7,6 +7,7 @@
 use Elasticsearch\Common\Exceptions\InvalidArgumentException;
 use Elasticsearch\Common\Exceptions\RuntimeException;
 use Elasticsearch\Common\Exceptions\ElasticCloudIdParseException;
+use Elasticsearch\Common\Exceptions\AuthenticationConfigException;
 use Elasticsearch\ConnectionPool\AbstractConnectionPool;
 use Elasticsearch\ConnectionPool\Selectors\RoundRobinSelector;
 use Elasticsearch\ConnectionPool\Selectors\SelectorInterface;
@@ -334,23 +335,23 @@ public function setHosts(array $hosts): ClientBuilder
     /**
      * Set the APIKey Pair, consiting of the API Id and the ApiKey of the Response from /_security/api_key
      *
-     * <i>APIKey will have precedence over Basic Authentication</i>
-     *
      * @link https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-create-api-key.html
      *
      * @param string $id
      * @param string $apiKey
+     *
+     * @throws Elasticsearch\Common\Exceptions\AuthenticationConfigException
      */
     public function setApiKey(string $id, string $apiKey)
     {
+        if (isset($this->connectionParams['client']['curl'][CURLOPT_HTTPAUTH]) === true) {
+            throw new AuthenticationConfigException("You can't use APIKey - and Basic Authenication together.");
+        }
+
         $this->connectionParams['client']['headers']['Authorization'] = [
             'ApiKey ' . base64_encode($id . ':' . $apiKey)
         ];
 
-        // Remove Basic Auth Credentials if set
-        unset($this->connectionParams['client']['curl'][CURLOPT_HTTPAUTH]);
-        unset($this->connectionParams['client']['curl'][CURLOPT_USERPWD]);
-
         return $this;
     }
 
@@ -359,9 +360,15 @@ public function setApiKey(string $id, string $apiKey)
      *
      * @param string $username
      * @param string $password
+     *
+     * @throws Elasticsearch\Common\Exceptions\AuthenticationConfigException
      */
     public function setBasicAuthentication(string $username, string $password)
     {
+        if (isset($this->connectionParams['client']['headers']['Authorization']) === true) {
+            throw new AuthenticationConfigException("You can't use APIKey - and Basic Authenication together.");
+        }
+
         if (isset($this->connectionParams['client']['curl']) === false) {
             $this->connectionParams['client']['curl'] = [];
         }

src/Elasticsearch/Common/Exceptions/AuthenticationConfigException.php

@@ -0,0 +1,20 @@
+<?php declare(strict_types = 1);
+
+// Licensed to Elasticsearch B.V under one or more agreements.
+// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
+// See the LICENSE file in the project root for more information
+
+namespace Elasticsearch\Common\Exceptions;
+
+/**
+ * AuthenticationConfigException
+ *
+ * @category Elasticsearch
+ * @package  Elasticsearch\Common\Exceptions
+ * @author   Philip Krauss <[email protected]>
+ * @license  http://www.apache.org/licenses/LICENSE-2.0 Apache2
+ * @link     http://elastic.co
+ */
+class AuthenticationConfigException extends \RuntimeException implements ElasticsearchException
+{
+}