improve test

Author: ankit--sethi

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationTestHelper.java

@@ -92,6 +92,27 @@ public static User randomUser() {
         );
     }
 
+    public static User randomCloudApiKeyUser() {
+        return randomCloudApiKeyUser(null);
+    }
+
+    public static User randomCloudApiKeyUser(String principal) {
+        final Map<String, Object> metadata = ESTestCase.randomBoolean()
+            ? null
+            : Map.ofEntries(
+                Map.entry(AuthenticationField.API_KEY_NAME_KEY, ESTestCase.randomAlphanumericOfLength(64)),
+                Map.entry(AuthenticationField.API_KEY_INTERNAL_KEY, ESTestCase.randomBoolean())
+            );
+        return new User(
+            principal == null ? ESTestCase.randomAlphanumericOfLength(64) : principal,
+            ESTestCase.randomArray(1, 3, String[]::new, () -> "role_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)),
+            null,
+            null,
+            metadata,
+            true
+        );
+    }
+
     public static InternalUser randomInternalUser() {
         return ESTestCase.randomFrom(InternalUsers.get());
     }
@@ -260,27 +281,14 @@ public static Authentication randomCloudApiKeyAuthentication(User user, String a
         if (apiKeyId == null) {
             apiKeyId = user != null ? user.principal() : ESTestCase.randomAlphanumericOfLength(64);
         }
-        final Map<String, Object> metadata = ESTestCase.randomBoolean()
-            ? null
-            : Map.ofEntries(
-                Map.entry(AuthenticationField.API_KEY_NAME_KEY, ESTestCase.randomAlphanumericOfLength(64)),
-                Map.entry(AuthenticationField.API_KEY_INTERNAL_KEY, ESTestCase.randomBoolean())
-            );
         if (user == null) {
-            user = new User(
-                apiKeyId,
-                ESTestCase.randomArray(1, 3, String[]::new, () -> "role_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)),
-                null,
-                null,
-                metadata,
-                true
-            );
+            user = randomCloudApiKeyUser(apiKeyId);
         }
 
         assert user.principal().equals(apiKeyId) : "user principal must match cloud API key ID";
 
         return Authentication.newCloudApiKeyAuthentication(
-            AuthenticationResult.success(user, metadata),
+            AuthenticationResult.success(user, user.metadata()),
             "node_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)
         );
 

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/xcontent/XContentUtilsTests.java

@@ -24,6 +24,7 @@
 import java.util.stream.Collectors;
 
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_ID_KEY;
+import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_INTERNAL_KEY;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_NAME_KEY;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.CROSS_CLUSTER_ACCESS_AUTHENTICATION_KEY;
 import static org.hamcrest.Matchers.containsString;
@@ -64,10 +65,18 @@ public void testAddAuthorizationInfoWithApiKey() throws IOException {
     }
 
     public void testAddAuthorizationInfoWithCloudApiKey() throws IOException {
-        String apiKeyId = randomAlphaOfLength(20);
-        Authentication authentication = AuthenticationTestHelper.randomCloudApiKeyAuthentication(apiKeyId);
+        User user = AuthenticationTestHelper.randomCloudApiKeyUser();
+        Authentication authentication = AuthenticationTestHelper.randomCloudApiKeyAuthentication(user);
         String json = generateJson(Map.of(AuthenticationField.AUTHENTICATION_KEY, authentication.encode()));
-        assertThat(json, containsString("{\"authorization\":{\"cloud_api_key\":{\"id\":\"" + apiKeyId + "\""));
+        assertThat(json, containsString("{\"authorization\":{\"cloud_api_key\":{\"id\":\"" + user.principal()));
+        assertThat(json, containsString("\"internal\":" + user.metadata().getOrDefault(API_KEY_INTERNAL_KEY, null)));
+        if (user.metadata().containsKey(API_KEY_NAME_KEY)) {
+            assertThat(json, containsString("\"name\":\"" + user.metadata().getOrDefault(API_KEY_NAME_KEY, null) + "\""));
+        }
+        for (String role : user.roles()) {
+            assertThat(json, containsString(role));
+        }
+
     }
 
     public void testAddAuthorizationInfoWithServiceAccount() throws IOException {