Add transport-version checks

Author: tvernum

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -273,6 +273,7 @@ static TransportVersion def(int id) {
     public static final TransportVersion INFERENCE_CUSTOM_SERVICE_ADDED = def(9_084_0_00);
     public static final TransportVersion ESQL_LIMIT_ROW_SIZE = def(9_085_0_00);
     public static final TransportVersion ESQL_REGEX_MATCH_WITH_CASE_INSENSITIVITY = def(9_086_0_00);
+    public static final TransportVersion IDP_CUSTOM_SAML_ATTRIBUTES = def(9_087_0_00);
 
     /*
      * STOP! READ THIS FIRST! No, really,

x-pack/plugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequest.java

@@ -6,6 +6,7 @@
  */
 package org.elasticsearch.xpack.idp.action;
 
+import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.action.LegacyActionRequest;
 import org.elasticsearch.common.Strings;
@@ -30,7 +31,9 @@ public SamlInitiateSingleSignOnRequest(StreamInput in) throws IOException {
         spEntityId = in.readString();
         assertionConsumerService = in.readString();
         samlAuthenticationState = in.readOptionalWriteable(SamlAuthenticationState::new);
-        attributes = in.readOptionalWriteable(SamlInitiateSingleSignOnAttributes::new);
+        if (in.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
+            attributes = in.readOptionalWriteable(SamlInitiateSingleSignOnAttributes::new);
+        }
     }
 
     public SamlInitiateSingleSignOnRequest() {}
@@ -96,7 +99,9 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeString(spEntityId);
         out.writeString(assertionConsumerService);
         out.writeOptionalWriteable(samlAuthenticationState);
-        out.writeOptionalWriteable(attributes);
+        if (out.getTransportVersion().onOrAfter(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)) {
+            out.writeOptionalWriteable(attributes);
+        }
     }
 
     @Override

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/action/SamlInitiateSingleSignOnRequestTests.java

@@ -6,9 +6,13 @@
  */
 package org.elasticsearch.xpack.idp.action;
 
+import org.elasticsearch.TransportVersion;
+import org.elasticsearch.TransportVersions;
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.common.io.stream.BytesStreamOutput;
+import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.test.TransportVersionUtils;
 import org.elasticsearch.xpack.idp.saml.support.SamlInitiateSingleSignOnAttributes;
 
 import java.util.Arrays;
@@ -23,19 +27,76 @@
 
 public class SamlInitiateSingleSignOnRequestTests extends ESTestCase {
 
-    public void testSerialization() throws Exception {
+    public void testSerializationCurrentVersion() throws Exception {
         final SamlInitiateSingleSignOnRequest request = new SamlInitiateSingleSignOnRequest();
         request.setSpEntityId("https://kibana_url");
         request.setAssertionConsumerService("https://kibana_url/acs");
+        request.setAttributes(
+            new SamlInitiateSingleSignOnAttributes(
+                Map.ofEntries(
+                    Map.entry("http://idp.elastic.co/attribute/custom1", List.of("foo")),
+                    Map.entry("http://idp.elastic.co/attribute/custom2", List.of("bar", "baz"))
+                )
+            )
+        );
         assertThat("An invalid request is not guaranteed to serialize correctly", request.validate(), nullValue());
         final BytesStreamOutput out = new BytesStreamOutput();
+        if (randomBoolean()) {
+            out.setTransportVersion(
+                TransportVersionUtils.randomVersionBetween(
+                    random(),
+                    TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES,
+                    TransportVersion.current()
+                )
+            );
+        }
         request.writeTo(out);
 
-        final SamlInitiateSingleSignOnRequest request1 = new SamlInitiateSingleSignOnRequest(out.bytes().streamInput());
-        assertThat(request1.getSpEntityId(), equalTo(request.getSpEntityId()));
-        assertThat(request1.getAssertionConsumerService(), equalTo(request.getAssertionConsumerService()));
-        final ActionRequestValidationException validationException = request1.validate();
-        assertNull(validationException);
+        try (StreamInput in = out.bytes().streamInput()) {
+            in.setTransportVersion(out.getTransportVersion());
+            final SamlInitiateSingleSignOnRequest request1 = new SamlInitiateSingleSignOnRequest(in);
+            assertThat(request1.getSpEntityId(), equalTo(request.getSpEntityId()));
+            assertThat(request1.getAssertionConsumerService(), equalTo(request.getAssertionConsumerService()));
+            assertThat(request1.getAttributes(), equalTo(request.getAttributes()));
+            final ActionRequestValidationException validationException = request1.validate();
+            assertNull(validationException);
+        }
+    }
+
+    public void testSerializationOldTransportVersion() throws Exception {
+        final SamlInitiateSingleSignOnRequest request = new SamlInitiateSingleSignOnRequest();
+        request.setSpEntityId("https://kibana_url");
+        request.setAssertionConsumerService("https://kibana_url/acs");
+        if (randomBoolean()) {
+            request.setAttributes(
+                new SamlInitiateSingleSignOnAttributes(
+                    Map.ofEntries(
+                        Map.entry("http://idp.elastic.co/attribute/custom1", List.of("foo")),
+                        Map.entry("http://idp.elastic.co/attribute/custom2", List.of("bar", "baz"))
+                    )
+                )
+            );
+        }
+        assertThat("An invalid request is not guaranteed to serialize correctly", request.validate(), nullValue());
+        final BytesStreamOutput out = new BytesStreamOutput();
+        out.setTransportVersion(
+            TransportVersionUtils.randomVersionBetween(
+                random(),
+                TransportVersions.MINIMUM_COMPATIBLE,
+                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES)
+            )
+        );
+        request.writeTo(out);
+
+        try (StreamInput in = out.bytes().streamInput()) {
+            in.setTransportVersion(out.getTransportVersion());
+            final SamlInitiateSingleSignOnRequest request1 = new SamlInitiateSingleSignOnRequest(in);
+            assertThat(request1.getSpEntityId(), equalTo(request.getSpEntityId()));
+            assertThat(request1.getAssertionConsumerService(), equalTo(request.getAssertionConsumerService()));
+            assertThat(request1.getAttributes(), nullValue());
+            final ActionRequestValidationException validationException = request1.validate();
+            assertNull(validationException);
+        }
     }
 
     public void testValidation() {