Use REMOTE_CLUSTER_PROFILE for linked project connections when CPS is enabled (#135964)

Currently the presence of credentials for a linked project alias determines
if the RCS2.0 REMOTE_CLUSTER_PROFILE is used for the transport profile.
For CPS we want to use the REMOTE_CLUSTER_PROFILE, but will not be using the
credentials manager.  This PR adds a check to see if CPS is enabled and if so
the REMOTE_CLUSTER_PROFILE is used when constructing RemoteClusterConnection
instances.

Resolves: ES-13109

Author: JeremyDahlgren

server/src/main/java/org/elasticsearch/transport/RemoteClusterConnection.java

@@ -60,17 +60,21 @@ public final class RemoteClusterConnection implements Closeable {
      * @param credentialsManager object to lookup remote cluster credentials by cluster alias. If a cluster is protected by a credential,
      *                           i.e. it has a credential configured via secure setting.
      *                           This means the remote cluster uses the advances RCS model (as opposed to the basic model).
+     * @param crossProjectEnabled True if cross-project search is enabled, false otherwise.
      */
     RemoteClusterConnection(
         LinkedProjectConfig config,
         TransportService transportService,
-        RemoteClusterCredentialsManager credentialsManager
+        RemoteClusterCredentialsManager credentialsManager,
+        boolean crossProjectEnabled
     ) {
         this.transportService = transportService;
         this.clusterAlias = config.linkedProjectAlias();
         ConnectionProfile profile = RemoteConnectionStrategy.buildConnectionProfile(
             config,
-            credentialsManager.hasCredentials(clusterAlias)
+            crossProjectEnabled || credentialsManager.hasCredentials(clusterAlias)
+                ? RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE
+                : TransportSettings.DEFAULT_PROFILE
         );
         this.remoteConnectionManager = new RemoteConnectionManager(
             clusterAlias,
@@ -217,7 +221,7 @@ public RemoteConnectionInfo getConnectionInfo() {
             connectionStrategy.getModeInfo(),
             initialConnectionTimeout,
             skipUnavailable,
-            REMOTE_CLUSTER_PROFILE.equals(remoteConnectionManager.getConnectionProfile().getTransportProfile())
+            remoteConnectionManager.getCredentialsManager().hasCredentials(clusterAlias)
         );
     }
 

server/src/main/java/org/elasticsearch/transport/RemoteClusterService.java

@@ -371,7 +371,7 @@ public synchronized void updateRemoteCluster(
 
         if (remote == null) {
             // this is a new cluster we have to add a new representation
-            remote = new RemoteClusterConnection(config, transportService, remoteClusterCredentialsManager);
+            remote = new RemoteClusterConnection(config, transportService, remoteClusterCredentialsManager, crossProjectEnabled);
             connectionMap.put(clusterAlias, remote);
             remote.ensureConnected(listener.map(ignored -> RemoteClusterConnectionStatus.CONNECTED));
         } else if (forceRebuild || remote.shouldRebuildConnection(config)) {
@@ -382,7 +382,7 @@ public synchronized void updateRemoteCluster(
                 logger.warn("project [" + projectId + "] failed to close remote cluster connections for cluster: " + clusterAlias, e);
             }
             connectionMap.remove(clusterAlias);
-            remote = new RemoteClusterConnection(config, transportService, remoteClusterCredentialsManager);
+            remote = new RemoteClusterConnection(config, transportService, remoteClusterCredentialsManager, crossProjectEnabled);
             connectionMap.put(clusterAlias, remote);
             remote.ensureConnected(listener.map(ignored -> RemoteClusterConnectionStatus.RECONNECTED));
         } else {

server/src/main/java/org/elasticsearch/transport/RemoteConnectionStrategy.java

@@ -95,11 +95,7 @@ public Writeable.Reader<RemoteConnectionInfo.ModeInfo> getReader() {
         connectionManager.addListener(this);
     }
 
-    static ConnectionProfile buildConnectionProfile(LinkedProjectConfig config, boolean credentialsProtected) {
-        final String transportProfile = credentialsProtected
-            ? RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE
-            : TransportSettings.DEFAULT_PROFILE;
-
+    static ConnectionProfile buildConnectionProfile(LinkedProjectConfig config, String transportProfile) {
         ConnectionProfile.Builder builder = new ConnectionProfile.Builder().setConnectTimeout(config.transportConnectTimeout())
             .setHandshakeTimeout(config.transportConnectTimeout())
             .setCompressionEnabled(config.connectionCompression())

server/src/test/java/org/elasticsearch/transport/ProxyConnectionStrategyTests.java

@@ -61,7 +61,7 @@ public class ProxyConnectionStrategyTests extends ESTestCase {
     private final Settings settings = Settings.builder().put(modeKey, "proxy").build();
     private final ConnectionProfile profile = RemoteConnectionStrategy.buildConnectionProfile(
         RemoteClusterSettings.toConfig("cluster", settings),
-        false
+        TransportSettings.DEFAULT_PROFILE
     );
     private final ThreadPool threadPool = new TestThreadPool(getClass().getName());
 

server/src/test/java/org/elasticsearch/transport/RemoteClusterConnectionTests.java

@@ -237,13 +237,8 @@ public void run() {
                 AtomicReference<Exception> exceptionReference = new AtomicReference<>();
                 String clusterAlias = "test-cluster";
                 Settings settings = buildRandomSettings(clusterAlias, addresses(seedNode));
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        randomFrom(RemoteClusterCredentialsManager.EMPTY, buildCredentialsManager(clusterAlias))
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, randomBoolean())) {
+
                     ActionListener<Void> listener = ActionListener.wrap(x -> {
                         listenerCalled.countDown();
                         fail("expected exception");
@@ -313,13 +308,7 @@ public void testCloseWhileConcurrentlyConnecting() throws IOException, Interrupt
                 service.acceptIncomingRequests();
                 String clusterAlias = "test-cluster";
                 Settings settings = buildRandomSettings(clusterAlias, seedNodes);
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        RemoteClusterCredentialsManager.EMPTY
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, false)) {
                     int numThreads = randomIntBetween(4, 10);
                     Thread[] threads = new Thread[numThreads];
                     CyclicBarrier barrier = new CyclicBarrier(numThreads + 1);
@@ -466,13 +455,7 @@ private void doTestGetConnectionInfo(boolean hasClusterCredentials) throws Excep
                     );
                     settings = Settings.builder().put(settings).setSecureSettings(secureSettings).build();
                 }
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        hasClusterCredentials ? buildCredentialsManager(clusterAlias) : RemoteClusterCredentialsManager.EMPTY
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, hasClusterCredentials)) {
                     // test no nodes connected
                     RemoteConnectionInfo remoteConnectionInfo = assertSerialization(connection.getConnectionInfo());
                     assertNotNull(remoteConnectionInfo);
@@ -662,13 +645,7 @@ private void doTestCollectNodes(boolean hasClusterCredentials) throws Exception
                     settings = Settings.builder().put(settings).setSecureSettings(secureSettings).build();
                 }
 
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        hasClusterCredentials ? buildCredentialsManager(clusterAlias) : RemoteClusterCredentialsManager.EMPTY
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, hasClusterCredentials)) {
                     CountDownLatch responseLatch = new CountDownLatch(1);
                     AtomicReference<Function<String, DiscoveryNode>> reference = new AtomicReference<>();
                     AtomicReference<Exception> failReference = new AtomicReference<>();
@@ -718,13 +695,7 @@ public void testNoChannelsExceptREG() throws Exception {
                 String clusterAlias = "test-cluster";
                 Settings settings = buildRandomSettings(clusterAlias, addresses(seedNode));
 
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        RemoteClusterCredentialsManager.EMPTY
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, false)) {
                     PlainActionFuture<Void> plainActionFuture = new PlainActionFuture<>();
                     connection.ensureConnected(plainActionFuture);
                     plainActionFuture.get(10, TimeUnit.SECONDS);
@@ -790,13 +761,7 @@ public void testConnectedNodesConcurrentAccess() throws IOException, Interrupted
 
                 String clusterAlias = "test-cluster";
                 Settings settings = buildRandomSettings(clusterAlias, seedNodes);
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        randomFrom(RemoteClusterCredentialsManager.EMPTY, buildCredentialsManager(clusterAlias))
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, randomBoolean())) {
                     final int numGetThreads = randomIntBetween(4, 10);
                     final Thread[] getThreads = new Thread[numGetThreads];
                     final int numModifyingThreads = randomIntBetween(4, 10);
@@ -890,13 +855,7 @@ public void testGetConnection() throws Exception {
                 service.acceptIncomingRequests();
                 String clusterAlias = "test-cluster";
                 Settings settings = buildRandomSettings(clusterAlias, addresses(seedNode));
-                try (
-                    RemoteClusterConnection connection = new RemoteClusterConnection(
-                        RemoteClusterSettings.toConfig(clusterAlias, settings),
-                        service,
-                        RemoteClusterCredentialsManager.EMPTY
-                    )
-                ) {
+                try (RemoteClusterConnection connection = createConnection(clusterAlias, settings, service, false)) {
                     safeAwait(listener -> connection.ensureConnected(listener.map(x -> null)));
                     for (int i = 0; i < 10; i++) {
                         // always a direct connection as the remote node is already connected
@@ -953,4 +912,18 @@ private static RemoteClusterCredentialsManager buildCredentialsManager(String cl
         builder.setSecureSettings(secureSettings);
         return new RemoteClusterCredentialsManager(builder.build());
     }
+
+    private RemoteClusterConnection createConnection(
+        String alias,
+        Settings settings,
+        TransportService transportService,
+        boolean hasCredentials
+    ) {
+        return new RemoteClusterConnection(
+            RemoteClusterSettings.toConfig(alias, settings),
+            transportService,
+            hasCredentials ? buildCredentialsManager(alias) : RemoteClusterCredentialsManager.EMPTY,
+            false
+        );
+    }
 }

server/src/test/java/org/elasticsearch/transport/RemoteClusterServiceTests.java

@@ -1782,6 +1782,36 @@ public void testUpdateRemoteClusterCredentialsRebuildsMultipleConnectionsDespite
         }
     }
 
+    public void testCorrectTransportProfileUsedWhenCPSEnabled() throws IOException {
+        final var versionInfo = VersionInformation.CURRENT;
+        final var transportVers = TransportVersion.current();
+        final var knownNodes = new CopyOnWriteArrayList<DiscoveryNode>();
+        final var linkedTransportServiceSettings = Settings.builder()
+            .put(RemoteClusterPortSettings.REMOTE_CLUSTER_SERVER_ENABLED.getKey(), "true")
+            .put(RemoteClusterPortSettings.PORT.getKey(), "0")
+            .build();
+
+        try (var seedTransport = startTransport("seed_node", knownNodes, versionInfo, transportVers, linkedTransportServiceSettings)) {
+            knownNodes.add(seedTransport.getLocalNode());
+            final var settings = Settings.builder()
+                .putList("cluster.remote.cluster1.seeds", seedTransport.getLocalNode().getAddress().toString())
+                .put("serverless.cross_project.enabled", true)
+                .build();
+            try (var transportService = MockTransportService.createNewService(settings, versionInfo, transportVers, threadPool)) {
+                transportService.start();
+                transportService.acceptIncomingRequests();
+                try (RemoteClusterService service = createRemoteClusterService(settings, transportService)) {
+                    initializeRemoteClusters(service);
+                    assertTrue(hasRegisteredClusters(service));
+                    assertConnectionHasProfile(
+                        service.getRemoteClusterConnection("cluster1"),
+                        RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE
+                    );
+                }
+            }
+        }
+    }
+
     private static void assertConnectionHasProfile(RemoteClusterConnection remoteClusterConnection, String expectedConnectionProfile) {
         assertThat(
             remoteClusterConnection.getConnectionManager().getConnectionProfile().getTransportProfile(),

server/src/test/java/org/elasticsearch/transport/RemoteConnectionStrategyTests.java

@@ -143,7 +143,10 @@ public void testCorrectChannelNumber() {
         for (RemoteConnectionStrategy.ConnectionStrategy strategy : RemoteConnectionStrategy.ConnectionStrategy.values()) {
             String settingKey = REMOTE_CONNECTION_MODE.getConcreteSettingForNamespace(clusterAlias).getKey();
             Settings proxySettings = Settings.builder().put(settingKey, strategy.name()).build();
-            ConnectionProfile proxyProfile = buildConnectionProfile(toConfig(clusterAlias, proxySettings), randomBoolean());
+            ConnectionProfile proxyProfile = buildConnectionProfile(
+                toConfig(clusterAlias, proxySettings),
+                randomBoolean() ? RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE : TransportSettings.DEFAULT_PROFILE
+            );
             assertEquals(
                 "Incorrect number of channels for " + strategy.name(),
                 strategy.getNumberOfChannels(),
@@ -157,7 +160,10 @@ public void testTransportProfile() {
 
         // New rcs connection with credentials
         for (RemoteConnectionStrategy.ConnectionStrategy strategy : RemoteConnectionStrategy.ConnectionStrategy.values()) {
-            ConnectionProfile profile = buildConnectionProfile(toConfig(clusterAlias, Settings.EMPTY), true);
+            ConnectionProfile profile = buildConnectionProfile(
+                toConfig(clusterAlias, Settings.EMPTY),
+                RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE
+            );
             assertEquals(
                 "Incorrect transport profile for " + strategy.name(),
                 RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE,
@@ -167,7 +173,7 @@ public void testTransportProfile() {
 
         // Legacy ones without credentials
         for (RemoteConnectionStrategy.ConnectionStrategy strategy : RemoteConnectionStrategy.ConnectionStrategy.values()) {
-            ConnectionProfile profile = buildConnectionProfile(toConfig(clusterAlias, Settings.EMPTY), false);
+            ConnectionProfile profile = buildConnectionProfile(toConfig(clusterAlias, Settings.EMPTY), TransportSettings.DEFAULT_PROFILE);
             assertEquals(
                 "Incorrect transport profile for " + strategy.name(),
                 TransportSettings.DEFAULT_PROFILE,

server/src/test/java/org/elasticsearch/transport/SniffConnectionStrategyTests.java

@@ -93,7 +93,10 @@ public void setUp() throws Exception {
             builder.setSecureSettings(secureSettings);
         }
         clientSettings = builder.build();
-        profile = RemoteConnectionStrategy.buildConnectionProfile(toConfig(clusterAlias, clientSettings), hasClusterCredentials);
+        profile = RemoteConnectionStrategy.buildConnectionProfile(
+            toConfig(clusterAlias, clientSettings),
+            hasClusterCredentials ? RemoteClusterPortSettings.REMOTE_CLUSTER_PROFILE : TransportSettings.DEFAULT_PROFILE
+        );
     }
 
     @Override