Make the Get API keys API local only (#105497)

The Get API Key transport action is always executed locally,
which means that the transport requests and responses are
never serialized over the wire between cluster nodes.
This PR removes the serialization dead code.

Relates: #100111 #104653

Author: albertzaharovits

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/ApiKey.java

@@ -7,11 +7,6 @@
 
 package org.elasticsearch.xpack.core.security.action.apikey;
 
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
-import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.common.io.stream.Writeable;
 import org.elasticsearch.common.xcontent.XContentParserUtils;
 import org.elasticsearch.core.Assertions;
 import org.elasticsearch.core.Nullable;
@@ -44,9 +39,7 @@
 /**
  * API key information
  */
-public final class ApiKey implements ToXContentObject, Writeable {
-
-    public static final TransportVersion CROSS_CLUSTER_KEY_VERSION = TransportVersions.V_8_9_X;
+public final class ApiKey implements ToXContentObject {
 
     public enum Type {
         /**
@@ -164,47 +157,6 @@ private ApiKey(
         this.limitedBy = limitedBy;
     }
 
-    public ApiKey(StreamInput in) throws IOException {
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_5_0)) {
-            this.name = in.readOptionalString();
-        } else {
-            this.name = in.readString();
-        }
-        this.id = in.readString();
-        if (in.getTransportVersion().onOrAfter(CROSS_CLUSTER_KEY_VERSION)) {
-            this.type = in.readEnum(Type.class);
-        } else {
-            // This default is safe because
-            // 1. ApiKey objects never transfer between nodes
-            // 2. Creating cross-cluster API keys mandates minimal node version that understands the API key type
-            this.type = Type.REST;
-        }
-        this.creation = in.readInstant();
-        this.expiration = in.readOptionalInstant();
-        this.invalidated = in.readBoolean();
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_12_0)) {
-            this.invalidation = in.readOptionalInstant();
-        } else {
-            this.invalidation = null;
-        }
-
-        this.username = in.readString();
-        this.realm = in.readString();
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
-            this.metadata = in.readGenericMap();
-        } else {
-            this.metadata = Map.of();
-        }
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
-            final List<RoleDescriptor> roleDescriptors = in.readOptionalCollectionAsList(RoleDescriptor::new);
-            this.roleDescriptors = roleDescriptors != null ? List.copyOf(roleDescriptors) : null;
-            this.limitedBy = in.readOptionalWriteable(RoleDescriptorsIntersection::new);
-        } else {
-            this.roleDescriptors = null;
-            this.limitedBy = null;
-        }
-    }
-
     public String getId() {
         return id;
     }
@@ -323,34 +275,6 @@ private void buildXContentForCrossClusterApiKeyAccess(XContentBuilder builder, R
         builder.endObject();
     }
 
-    @Override
-    public void writeTo(StreamOutput out) throws IOException {
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_5_0)) {
-            out.writeOptionalString(name);
-        } else {
-            out.writeString(name);
-        }
-        out.writeString(id);
-        if (out.getTransportVersion().onOrAfter(CROSS_CLUSTER_KEY_VERSION)) {
-            out.writeEnum(type);
-        }
-        out.writeInstant(creation);
-        out.writeOptionalInstant(expiration);
-        out.writeBoolean(invalidated);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_12_0)) {
-            out.writeOptionalInstant(invalidation);
-        }
-        out.writeString(username);
-        out.writeString(realm);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_0_0)) {
-            out.writeGenericMap(metadata);
-        }
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
-            out.writeOptionalCollection(roleDescriptors);
-            out.writeOptionalWriteable(limitedBy);
-        }
-    }
-
     @Override
     public int hashCode() {
         return Objects.hash(

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/GetApiKeyRequest.java

@@ -7,12 +7,10 @@
 
 package org.elasticsearch.xpack.core.security.action.apikey;
 
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.action.support.TransportAction;
 import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
 import org.elasticsearch.core.Nullable;
 
@@ -26,8 +24,6 @@
  */
 public final class GetApiKeyRequest extends ActionRequest {
 
-    static TransportVersion API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION = TransportVersions.V_8_10_X;
-
     private final String realmName;
     private final String userName;
     private final String apiKeyId;
@@ -36,29 +32,6 @@ public final class GetApiKeyRequest extends ActionRequest {
     private final boolean withLimitedBy;
     private final boolean activeOnly;
 
-    public GetApiKeyRequest(StreamInput in) throws IOException {
-        super(in);
-        realmName = textOrNull(in.readOptionalString());
-        userName = textOrNull(in.readOptionalString());
-        apiKeyId = textOrNull(in.readOptionalString());
-        apiKeyName = textOrNull(in.readOptionalString());
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_7_4_0)) {
-            ownedByAuthenticatedUser = in.readOptionalBoolean();
-        } else {
-            ownedByAuthenticatedUser = false;
-        }
-        if (in.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
-            withLimitedBy = in.readBoolean();
-        } else {
-            withLimitedBy = false;
-        }
-        if (in.getTransportVersion().onOrAfter(API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION)) {
-            activeOnly = in.readBoolean();
-        } else {
-            activeOnly = false;
-        }
-    }
-
     private GetApiKeyRequest(
         @Nullable String realmName,
         @Nullable String userName,
@@ -136,20 +109,7 @@ public ActionRequestValidationException validate() {
 
     @Override
     public void writeTo(StreamOutput out) throws IOException {
-        super.writeTo(out);
-        out.writeOptionalString(realmName);
-        out.writeOptionalString(userName);
-        out.writeOptionalString(apiKeyId);
-        out.writeOptionalString(apiKeyName);
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_7_4_0)) {
-            out.writeOptionalBoolean(ownedByAuthenticatedUser);
-        }
-        if (out.getTransportVersion().onOrAfter(TransportVersions.V_8_5_0)) {
-            out.writeBoolean(withLimitedBy);
-        }
-        if (out.getTransportVersion().onOrAfter(API_KEY_ACTIVE_ONLY_PARAM_TRANSPORT_VERSION)) {
-            out.writeBoolean(activeOnly);
-        }
+        TransportAction.localOnly();
     }
 
     @Override

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/apikey/GetApiKeyResponse.java

@@ -8,9 +8,8 @@
 package org.elasticsearch.xpack.core.security.action.apikey;
 
 import org.elasticsearch.action.ActionResponse;
-import org.elasticsearch.common.io.stream.StreamInput;
+import org.elasticsearch.action.support.TransportAction;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.common.io.stream.Writeable;
 import org.elasticsearch.xcontent.ConstructingObjectParser;
 import org.elasticsearch.xcontent.ParseField;
 import org.elasticsearch.xcontent.ToXContentObject;
@@ -19,7 +18,6 @@
 
 import java.io.IOException;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.List;
 import java.util.Objects;
 
@@ -29,22 +27,17 @@
  * Response for get API keys.<br>
  * The result contains information about the API keys that were found.
  */
-public final class GetApiKeyResponse extends ActionResponse implements ToXContentObject, Writeable {
+public final class GetApiKeyResponse extends ActionResponse implements ToXContentObject {
 
     private final ApiKey[] foundApiKeysInfo;
 
-    public GetApiKeyResponse(StreamInput in) throws IOException {
-        super(in);
-        this.foundApiKeysInfo = in.readArray(ApiKey::new, ApiKey[]::new);
-    }
-
     public GetApiKeyResponse(Collection<ApiKey> foundApiKeysInfo) {
         Objects.requireNonNull(foundApiKeysInfo, "found_api_keys_info must be provided");
         this.foundApiKeysInfo = foundApiKeysInfo.toArray(new ApiKey[0]);
     }
 
     public static GetApiKeyResponse emptyResponse() {
-        return new GetApiKeyResponse(Collections.emptyList());
+        return new GetApiKeyResponse(List.of());
     }
 
     public ApiKey[] getApiKeyInfos() {
@@ -59,7 +52,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
 
     @Override
     public void writeTo(StreamOutput out) throws IOException {
-        out.writeArray(foundApiKeysInfo);
+        TransportAction.localOnly();
     }
 
     @SuppressWarnings("unchecked")