Merge branch 'main' into add-iae-when-shard-is-non-integer

Author: joshua-adams-1

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/xcontent/XContentUtils.java

@@ -112,9 +112,7 @@ public static void addAuthorizationInfo(final XContentBuilder builder, final Map
     private static void addSubjectInfo(XContentBuilder builder, Subject subject) throws IOException {
         switch (subject.getType()) {
             case USER -> builder.array(User.Fields.ROLES.getPreferredName(), subject.getUser().roles());
-            case API_KEY -> {
-                addApiKeyInfo(builder, subject);
-            }
+            case API_KEY -> addApiKeyInfo(builder, subject);
             case SERVICE_ACCOUNT -> builder.field("service_account", subject.getUser().principal());
             case CROSS_CLUSTER_ACCESS -> {
                 builder.startObject("cross_cluster_access");
@@ -129,7 +127,16 @@ private static void addSubjectInfo(XContentBuilder builder, Subject subject) thr
                 builder.endObject();
             }
             case CLOUD_API_KEY -> {
-                // TODO Add cloud API key information here
+                builder.startObject("cloud_api_key");
+                Map<String, Object> metadata = subject.getUser().metadata();
+                builder.field("id", subject.getUser().principal());
+                Object name = metadata.get(AuthenticationField.API_KEY_NAME_KEY);
+                if (name instanceof String) {
+                    builder.field("name", name);
+                }
+                builder.field("internal", metadata.get(AuthenticationField.API_KEY_INTERNAL_KEY));
+                builder.array(User.Fields.ROLES.getPreferredName(), subject.getUser().roles());
+                builder.endObject();
             }
         }
     }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/authc/AuthenticationTestHelper.java

@@ -92,6 +92,27 @@ public static User randomUser() {
         );
     }
 
+    public static User randomCloudApiKeyUser() {
+        return randomCloudApiKeyUser(null);
+    }
+
+    public static User randomCloudApiKeyUser(String principal) {
+        final Map<String, Object> metadata = ESTestCase.randomBoolean()
+            ? null
+            : Map.ofEntries(
+                Map.entry(AuthenticationField.API_KEY_NAME_KEY, ESTestCase.randomAlphanumericOfLength(64)),
+                Map.entry(AuthenticationField.API_KEY_INTERNAL_KEY, ESTestCase.randomBoolean())
+            );
+        return new User(
+            principal == null ? ESTestCase.randomAlphanumericOfLength(64) : principal,
+            ESTestCase.randomArray(1, 3, String[]::new, () -> "role_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)),
+            null,
+            null,
+            metadata,
+            true
+        );
+    }
+
     public static InternalUser randomInternalUser() {
         return ESTestCase.randomFrom(InternalUsers.get());
     }
@@ -260,27 +281,14 @@ public static Authentication randomCloudApiKeyAuthentication(User user, String a
         if (apiKeyId == null) {
             apiKeyId = user != null ? user.principal() : ESTestCase.randomAlphanumericOfLength(64);
         }
-        final Map<String, Object> metadata = ESTestCase.randomBoolean()
-            ? null
-            : Map.ofEntries(
-                Map.entry(AuthenticationField.API_KEY_NAME_KEY, ESTestCase.randomAlphanumericOfLength(64)),
-                Map.entry(AuthenticationField.API_KEY_INTERNAL_KEY, ESTestCase.randomBoolean())
-            );
         if (user == null) {
-            user = new User(
-                apiKeyId,
-                ESTestCase.randomArray(1, 3, String[]::new, () -> "role_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)),
-                null,
-                null,
-                metadata,
-                true
-            );
+            user = randomCloudApiKeyUser(apiKeyId);
         }
 
         assert user.principal().equals(apiKeyId) : "user principal must match cloud API key ID";
 
         return Authentication.newCloudApiKeyAuthentication(
-            AuthenticationResult.success(user, metadata),
+            AuthenticationResult.success(user, user.metadata()),
             "node_" + ESTestCase.randomAlphaOfLengthBetween(3, 8)
         );
 

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/xcontent/XContentUtilsTests.java

@@ -24,8 +24,10 @@
 import java.util.stream.Collectors;
 
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_ID_KEY;
+import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_INTERNAL_KEY;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.API_KEY_NAME_KEY;
 import static org.elasticsearch.xpack.core.security.authc.AuthenticationField.CROSS_CLUSTER_ACCESS_AUTHENTICATION_KEY;
+import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
 
 public class XContentUtilsTests extends ESTestCase {
@@ -62,6 +64,21 @@ public void testAddAuthorizationInfoWithApiKey() throws IOException {
         assertThat(json, equalTo("{\"authorization\":{\"api_key\":{\"id\":\"" + apiKeyId + "\",\"name\":\"" + apiKeyName + "\"}}}"));
     }
 
+    public void testAddAuthorizationInfoWithCloudApiKey() throws IOException {
+        User user = AuthenticationTestHelper.randomCloudApiKeyUser();
+        Authentication authentication = AuthenticationTestHelper.randomCloudApiKeyAuthentication(user);
+        String json = generateJson(Map.of(AuthenticationField.AUTHENTICATION_KEY, authentication.encode()));
+        assertThat(json, containsString("{\"authorization\":{\"cloud_api_key\":{\"id\":\"" + user.principal()));
+        assertThat(json, containsString("\"internal\":" + user.metadata().getOrDefault(API_KEY_INTERNAL_KEY, null)));
+        if (user.metadata().containsKey(API_KEY_NAME_KEY)) {
+            assertThat(json, containsString("\"name\":\"" + user.metadata().getOrDefault(API_KEY_NAME_KEY, null) + "\""));
+        }
+        for (String role : user.roles()) {
+            assertThat(json, containsString(role));
+        }
+
+    }
+
     public void testAddAuthorizationInfoWithServiceAccount() throws IOException {
         String account = "elastic/" + randomFrom("kibana", "fleet-server");
         User user = new User(account);

x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/ClusterDeprecationChecker.java

@@ -9,8 +9,6 @@
 
 import org.apache.logging.log4j.LogManager;
 import org.apache.logging.log4j.Logger;
-import org.elasticsearch.cluster.ClusterState;
-import org.elasticsearch.common.TriConsumer;
 import org.elasticsearch.xcontent.NamedXContentRegistry;
 import org.elasticsearch.xpack.core.deprecation.DeprecationIssue;
 import org.elasticsearch.xpack.core.transform.transforms.TransformConfig;
@@ -25,26 +23,19 @@
 public class ClusterDeprecationChecker {
 
     private static final Logger logger = LogManager.getLogger(ClusterDeprecationChecker.class);
-    private final List<TriConsumer<ClusterState, List<TransformConfig>, List<DeprecationIssue>>> CHECKS = List.of(
-        this::checkTransformSettings
-    );
     private final NamedXContentRegistry xContentRegistry;
 
     ClusterDeprecationChecker(NamedXContentRegistry xContentRegistry) {
         this.xContentRegistry = xContentRegistry;
     }
 
-    public List<DeprecationIssue> check(ClusterState clusterState, List<TransformConfig> transformConfigs) {
+    public List<DeprecationIssue> check(List<TransformConfig> transformConfigs) {
         List<DeprecationIssue> allIssues = new ArrayList<>();
-        CHECKS.forEach(check -> check.apply(clusterState, transformConfigs, allIssues));
+        checkTransformSettings(transformConfigs, allIssues);
         return allIssues;
     }
 
-    private void checkTransformSettings(
-        ClusterState clusterState,
-        List<TransformConfig> transformConfigs,
-        List<DeprecationIssue> allIssues
-    ) {
+    private void checkTransformSettings(List<TransformConfig> transformConfigs, List<DeprecationIssue> allIssues) {
         for (var config : transformConfigs) {
             try {
                 allIssues.addAll(config.checkForDeprecations(xContentRegistry));

x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/DataStreamDeprecationChecker.java

@@ -9,9 +9,9 @@
 
 import org.elasticsearch.Version;
 import org.elasticsearch.action.support.IndicesOptions;
-import org.elasticsearch.cluster.ClusterState;
 import org.elasticsearch.cluster.metadata.DataStream;
 import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
+import org.elasticsearch.cluster.metadata.ProjectMetadata;
 import org.elasticsearch.index.Index;
 import org.elasticsearch.xpack.core.deprecation.DeprecatedIndexPredicate;
 import org.elasticsearch.xpack.core.deprecation.DeprecationIssue;
@@ -33,7 +33,7 @@
 public class DataStreamDeprecationChecker implements ResourceDeprecationChecker {
 
     public static final String NAME = "data_streams";
-    private static final List<BiFunction<DataStream, ClusterState, DeprecationIssue>> DATA_STREAM_CHECKS = List.of(
+    private static final List<BiFunction<DataStream, ProjectMetadata, DeprecationIssue>> DATA_STREAM_CHECKS = List.of(
         DataStreamDeprecationChecker::oldIndicesCheck,
         DataStreamDeprecationChecker::ignoredOldIndicesCheck
     );
@@ -44,38 +44,38 @@ public DataStreamDeprecationChecker(IndexNameExpressionResolver indexNameExpress
     }
 
     /**
-     * @param clusterState The cluster state provided for the checker
+     * @param project The project metadata provided for the checker
      * @param request not used yet in these checks
      * @param precomputedData not used yet in these checks
      * @return the name of the data streams that have violated the checks with their respective warnings.
      */
     @Override
     public Map<String, List<DeprecationIssue>> check(
-        ClusterState clusterState,
+        ProjectMetadata project,
         DeprecationInfoAction.Request request,
         TransportDeprecationInfoAction.PrecomputedData precomputedData
     ) {
-        return check(clusterState);
+        return check(project);
     }
 
     /**
-     * @param clusterState The cluster state provided for the checker
+     * @param project The project metadata provided for the checker
      * @return the name of the data streams that have violated the checks with their respective warnings.
      */
-    public Map<String, List<DeprecationIssue>> check(ClusterState clusterState) {
+    public Map<String, List<DeprecationIssue>> check(ProjectMetadata project) {
         List<String> dataStreamNames = indexNameExpressionResolver.dataStreamNames(
-            clusterState,
+            project,
             IndicesOptions.LENIENT_EXPAND_OPEN_CLOSED_HIDDEN
         );
         if (dataStreamNames.isEmpty()) {
             return Map.of();
         }
         Map<String, List<DeprecationIssue>> dataStreamIssues = new HashMap<>();
         for (String dataStreamName : dataStreamNames) {
-            DataStream dataStream = clusterState.metadata().getProject().dataStreams().get(dataStreamName);
+            DataStream dataStream = project.dataStreams().get(dataStreamName);
             if (dataStream.isSystem() == false) {
                 List<DeprecationIssue> issuesForSingleDataStream = DATA_STREAM_CHECKS.stream()
-                    .map(c -> c.apply(dataStream, clusterState))
+                    .map(c -> c.apply(dataStream, project))
                     .filter(Objects::nonNull)
                     .toList();
                 if (issuesForSingleDataStream.isEmpty() == false) {
@@ -86,10 +86,10 @@ public Map<String, List<DeprecationIssue>> check(ClusterState clusterState) {
         return dataStreamIssues.isEmpty() ? Map.of() : dataStreamIssues;
     }
 
-    static DeprecationIssue oldIndicesCheck(DataStream dataStream, ClusterState clusterState) {
+    static DeprecationIssue oldIndicesCheck(DataStream dataStream, ProjectMetadata project) {
         List<Index> backingIndices = dataStream.getIndices();
 
-        Set<String> indicesNeedingUpgrade = getReindexRequiredIndices(backingIndices, clusterState, false);
+        Set<String> indicesNeedingUpgrade = getReindexRequiredIndices(backingIndices, project, false);
 
         if (indicesNeedingUpgrade.isEmpty() == false) {
             return new DeprecationIssue(
@@ -110,9 +110,9 @@ static DeprecationIssue oldIndicesCheck(DataStream dataStream, ClusterState clus
         return null;
     }
 
-    static DeprecationIssue ignoredOldIndicesCheck(DataStream dataStream, ClusterState clusterState) {
+    static DeprecationIssue ignoredOldIndicesCheck(DataStream dataStream, ProjectMetadata project) {
         List<Index> backingIndices = dataStream.getIndices();
-        Set<String> ignoredIndices = getReindexRequiredIndices(backingIndices, clusterState, true);
+        Set<String> ignoredIndices = getReindexRequiredIndices(backingIndices, project, true);
         if (ignoredIndices.isEmpty() == false) {
             return new DeprecationIssue(
                 DeprecationIssue.Level.WARNING,
@@ -135,13 +135,11 @@ static DeprecationIssue ignoredOldIndicesCheck(DataStream dataStream, ClusterSta
 
     private static Set<String> getReindexRequiredIndices(
         List<Index> backingIndices,
-        ClusterState clusterState,
+        ProjectMetadata project,
         boolean filterToBlockedStatus
     ) {
         return backingIndices.stream()
-            .filter(
-                DeprecatedIndexPredicate.getReindexRequiredPredicate(clusterState.metadata().getProject(), filterToBlockedStatus, false)
-            )
+            .filter(DeprecatedIndexPredicate.getReindexRequiredPredicate(project, filterToBlockedStatus, false))
             .map(Index::getName)
             .collect(Collectors.toUnmodifiableSet());
     }

x-pack/plugin/deprecation/src/main/java/org/elasticsearch/xpack/deprecation/IlmPolicyDeprecationChecker.java

@@ -7,7 +7,7 @@
 
 package org.elasticsearch.xpack.deprecation;
 
-import org.elasticsearch.cluster.ClusterState;
+import org.elasticsearch.cluster.metadata.ProjectMetadata;
 import org.elasticsearch.xpack.core.deprecation.DeprecationIssue;
 import org.elasticsearch.xpack.core.ilm.AllocateAction;
 import org.elasticsearch.xpack.core.ilm.FreezeAction;
@@ -36,26 +36,26 @@ public class IlmPolicyDeprecationChecker implements ResourceDeprecationChecker {
     private final List<Function<LifecyclePolicy, DeprecationIssue>> checks = List.of(this::checkLegacyTiers, this::checkFrozenAction);
 
     /**
-     * @param clusterState The cluster state provided for the checker
+     * @param project The project metadata provided for the checker
      * @param request not used yet in these checks
      * @param precomputedData not used yet in these checks
      * @return the name of the data streams that have violated the checks with their respective warnings.
      */
     @Override
     public Map<String, List<DeprecationIssue>> check(
-        ClusterState clusterState,
+        ProjectMetadata project,
         DeprecationInfoAction.Request request,
         TransportDeprecationInfoAction.PrecomputedData precomputedData
     ) {
-        return check(clusterState);
+        return check(project);
     }
 
     /**
-     * @param clusterState The cluster state provided for the checker
+     * @param project The project metadata provided for the checker
      * @return the name of the data streams that have violated the checks with their respective warnings.
      */
-    Map<String, List<DeprecationIssue>> check(ClusterState clusterState) {
-        IndexLifecycleMetadata lifecycleMetadata = clusterState.metadata().getProject().custom(IndexLifecycleMetadata.TYPE);
+    Map<String, List<DeprecationIssue>> check(ProjectMetadata project) {
+        IndexLifecycleMetadata lifecycleMetadata = project.custom(IndexLifecycleMetadata.TYPE);
         if (lifecycleMetadata == null || lifecycleMetadata.getPolicyMetadatas().isEmpty()) {
             return Map.of();
         }