Add 8.19 transport version for IdP Extension Attr (#129233)

This adds a new patch level TransportVersion in preparation
for backporting #128805

Author: tvernum

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -195,6 +195,7 @@ static TransportVersion def(int id) {
     public static final TransportVersion ML_INFERENCE_MISTRAL_CHAT_COMPLETION_ADDED_8_19 = def(8_841_0_47);
     public static final TransportVersion ML_INFERENCE_ELASTIC_RERANK_ADDED_8_19 = def(8_841_0_48);
     public static final TransportVersion NONE_CHUNKING_STRATEGY_8_19 = def(8_841_0_49);
+    public static final TransportVersion IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19 = def(8_841_0_50);
     public static final TransportVersion V_9_0_0 = def(9_000_0_09);
     public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_1 = def(9_000_0_10);
     public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_2 = def(9_000_0_11);

x-pack/plugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderDocument.java

@@ -43,6 +43,7 @@
 import java.util.function.BiConsumer;
 
 import static org.elasticsearch.TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST;
+import static org.elasticsearch.TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19;
 
 /**
  * This class models the storage of a {@link SamlServiceProvider} as an Elasticsearch document.
@@ -276,7 +277,8 @@ public SamlServiceProviderDocument(StreamInput in) throws IOException {
         attributeNames.name = in.readOptionalString();
         attributeNames.roles = in.readOptionalString();
 
-        if (in.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
+        if (in.getTransportVersion().isPatchFrom(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+            || in.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
             attributeNames.extensions = in.readCollectionAsImmutableSet(StreamInput::readString);
         }
 
@@ -305,7 +307,8 @@ public void writeTo(StreamOutput out) throws IOException {
         out.writeOptionalString(attributeNames.name);
         out.writeOptionalString(attributeNames.roles);
 
-        if (out.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
+        if (out.getTransportVersion().isPatchFrom(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+            || out.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
             out.writeStringCollection(attributeNames.extensions);
         }
 

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderDocumentTests.java

@@ -32,6 +32,7 @@
 import java.util.Set;
 
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertToXContentEquivalent;
+import static org.hamcrest.Matchers.empty;
 import static org.hamcrest.Matchers.emptyIterable;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.not;
@@ -90,6 +91,31 @@ public void testStreamRoundTripWithAllFields() throws Exception {
         assertThat(assertSerializationRoundTrip(doc2), equalTo(doc1));
     }
 
+    public void testSerializationBeforeExtensionAttributes() throws Exception {
+        final SamlServiceProviderDocument original = createFullDocument();
+        final TransportVersion version = randomBoolean()
+            ? TransportVersionUtils.randomVersionBetween(
+                random(),
+                TransportVersions.V_9_0_0,
+                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)
+            )
+            : TransportVersionUtils.randomVersionBetween(
+                random(),
+                TransportVersions.V_8_0_0,
+                TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+            );
+        final SamlServiceProviderDocument copy = copyWriteable(
+            original,
+            new NamedWriteableRegistry(List.of()),
+            SamlServiceProviderDocument::new,
+            version
+        );
+        assertThat(copy.attributeNames.extensions, empty());
+
+        copy.attributeNames.setExtensions(original.attributeNames.extensions);
+        assertThat(copy, equalTo(original));
+    }
+
     private SamlServiceProviderDocument createFullDocument() throws GeneralSecurityException, IOException {
         final List<X509Credential> credentials = readCredentials();
         final List<X509Certificate> certificates = credentials.stream().map(X509Credential::getEntityCertificate).toList();
@@ -121,6 +147,7 @@ private SamlServiceProviderDocument createFullDocument() throws GeneralSecurityE
         doc1.attributeNames.setEmail("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
         doc1.attributeNames.setName("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
         doc1.attributeNames.setRoles("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
+        doc1.attributeNames.setExtensions(List.of("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8)));
         return doc1;
     }
 
@@ -162,7 +189,7 @@ private SamlServiceProviderDocument assertXContentRoundTrip(SamlServiceProviderD
     private SamlServiceProviderDocument assertSerializationRoundTrip(SamlServiceProviderDocument doc) throws IOException {
         final TransportVersion version = TransportVersionUtils.randomVersionBetween(
             random(),
-            TransportVersions.V_8_0_0,
+            TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST,
             TransportVersion.current()
         );
         final SamlServiceProviderDocument read = copyWriteable(