Address review comments

n1v0lg · n1v0lg · commit 6a1e4afdeb90 · 2025-04-01T09:54:37.000+02:00
diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/failurestore/FailureStoreSecurityRestIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/failurestore/FailureStoreSecurityRestIT.java
@@ -1290,7 +1290,7 @@ public void testFailureStoreAccess() throws Exception {
                             request,
                             containsString(
                                 "this action is granted by the index privileges [read,all] for data access, "
-                                    + "or by [read_failure_store] for access with the [failures] selector"
+                                    + "or by [read_failure_store] for access with the [::failures] selector"
                             )
                         );
                         break;
@@ -2272,7 +2272,7 @@ private static void expectThrows(ThrowingRunnable runnable, int statusCode) {
     }
 
     private void expectThrowsUnauthorized(String user, Search search, Matcher<String> errorMatcher) {
-        ResponseException ex = expectThrows(ResponseException.class, () -> performRequest(user, search.toSearchRequest()));
+        ResponseException ex = expectThrows(ResponseException.class, () -> performRequestMaybeUsingApiKey(user, search.toSearchRequest()));
         assertThat(ex.getResponse().getStatusLine().getStatusCode(), equalTo(403));
         assertThat(ex.getMessage(), errorMatcher);
     }
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationDenialMessages.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationDenialMessages.java
@@ -130,7 +130,7 @@ public String actionDenied(
                         message = message
                             + " for data access, or by ["
                             + collectionToCommaDelimitedString(privilegesForFailuresOnly)
-                            + "] for access with the [failures] selector";
+                            + "] for access with the [::failures] selector";
                     }
                 }
             }
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationDenialMessagesTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationDenialMessagesTests.java
@@ -255,7 +255,7 @@ public void testActionDeniedWithFailuresAndCorrectActionIncludesFailuresMessage(
                 denialMessages.actionDenied(authentication, null, action, request, null),
                 endsWith(
                     "this action is granted by the index privileges [read,all] for data access, "
-                        + "or by [read_failure_store] for access with the [failures] selector"
+                        + "or by [read_failure_store] for access with the [::failures] selector"
                 )
             );
         }

Original file line number	Diff line number	Diff line change
`@@ -1290,7 +1290,7 @@ public void testFailureStoreAccess() throws Exception {`
`1290`	`1290`	`request,`
`1291`	`1291`	`containsString(`
`1292`	`1292`	`"this action is granted by the index privileges [read,all] for data access, "`
`1293`		`- + "or by [read_failure_store] for access with the [failures] selector"`
	`1293`	`+ + "or by [read_failure_store] for access with the [::failures] selector"`
`1294`	`1294`	`)`
`1295`	`1295`	`);`
`1296`	`1296`	`break;`
`@@ -2272,7 +2272,7 @@ private static void expectThrows(ThrowingRunnable runnable, int statusCode) {`
`2272`	`2272`	`}`
`2273`	`2273`
`2274`	`2274`	`private void expectThrowsUnauthorized(String user, Search search, Matcher<String> errorMatcher) {`
`2275`		`- ResponseException ex = expectThrows(ResponseException.class, () -> performRequest(user, search.toSearchRequest()));`
	`2275`	`+ ResponseException ex = expectThrows(ResponseException.class, () -> performRequestMaybeUsingApiKey(user, search.toSearchRequest()));`
`2276`	`2276`	`assertThat(ex.getResponse().getStatusLine().getStatusCode(), equalTo(403));`
`2277`	`2277`	`assertThat(ex.getMessage(), errorMatcher);`
`2278`	`2278`	`}`
Original file line number	Diff line number	Diff line change
`@@ -130,7 +130,7 @@ public String actionDenied(`
`130`	`130`	`message = message`
`131`	`131`	`+ " for data access, or by ["`
`132`	`132`	`+ collectionToCommaDelimitedString(privilegesForFailuresOnly)`
`133`		`- + "] for access with the [failures] selector";`
	`133`	`+ + "] for access with the [::failures] selector";`
`134`	`134`	`}`
`135`	`135`	`}`
`136`	`136`	`}`
Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ public void testActionDeniedWithFailuresAndCorrectActionIncludesFailuresMessage(`
`255`	`255`	`denialMessages.actionDenied(authentication, null, action, request, null),`
`256`	`256`	`endsWith(`
`257`	`257`	`"this action is granted by the index privileges [read,all] for data access, "`
`258`		`- + "or by [read_failure_store] for access with the [failures] selector"`
	`258`	`+ + "or by [read_failure_store] for access with the [::failures] selector"`
`259`	`259`	`)`
`260`	`260`	`);`
`261`	`261`	`}`