more trivial test fixes

jakelandis · Oct 21, 2024 · 32017a7 · 32017a7
1 parent 89aa208
commit 32017a7
Show file tree

Hide file tree

Showing 7 changed files with 8 additions and 5 deletions.
diff --git a/x-pack/plugin/build.gradle b/x-pack/plugin/build.gradle
@@ -85,5 +85,6 @@ tasks.named("yamlRestCompatTestTransform").configure({ task ->
   task.skipTest("wildcard/30_ignore_above_synthetic_source/wildcard field type ignore_above", "Temporary until backported")
   task.skipTest("inference/inference_crud/Test get all", "Assertions on number of inference models break due to default configs")
   task.skipTest("esql/60_usage/Basic ESQL usage output (telemetry)", "The telemetry output changed. We dropped a column. That's safe.")
+  task.replaceValueInLength("cluster", 62, "Test get builtin privileges") // new builtin privileges have been added
 })
 
diff --git a/...plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java b/...plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/RoleDescriptor.java
@@ -827,6 +827,7 @@ private static RemoteClusterPermissions parseRemoteCluster(final String roleName
                 if (token == XContentParser.Token.FIELD_NAME) {
                     currentFieldName = parser.currentName();
                 } else if (Fields.PRIVILEGES.match(currentFieldName, parser.getDeprecationHandler())) {
+                    //TODO: fix this!
                     privileges = readStringArray(roleName, parser, false);
                     if (privileges.length > 2
                         || RemoteClusterPermissions.getSupportedRemoteClusterPermissions()

diff --git a/...java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java b/...java/org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissions.java
@@ -29,6 +29,7 @@
 import java.util.Map;
 import java.util.Objects;
 import java.util.Set;
+import java.util.TreeSet;
 import java.util.stream.Collectors;
 
 /**
@@ -76,7 +77,7 @@ public class RemoteClusterPermissions implements NamedWriteable, ToXContentObjec
     public static final RemoteClusterPermissions NONE = new RemoteClusterPermissions();
 
     public static Set<String> getSupportedRemoteClusterPermissions() {
-        return allowedRemoteClusterPermissions.values().stream().flatMap(Set::stream).collect(Collectors.toSet());
+        return allowedRemoteClusterPermissions.values().stream().flatMap(Set::stream).collect(Collectors.toCollection(TreeSet::new));
     }
 
     public RemoteClusterPermissions(StreamInput in) throws IOException {

diff --git a/.../src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java b/.../src/test/java/org/elasticsearch/xpack/core/security/action/role/PutRoleRequestTests.java
@@ -104,7 +104,7 @@ public void testValidationErrorWithUnknownRemoteClusterPrivilegeName() {
         }
         request.putRemoteCluster(remoteClusterPermissions);
         assertValidationError("Invalid remote_cluster permissions found. Please remove the following: [", request);
-        assertValidationError("Only [monitor_enrich] are allowed", request);
+        assertValidationError("Only [monitor_enrich, monitor_stats] are allowed", request);
     }
 
     public void testValidationErrorWithEmptyClustersInRemoteIndices() {

diff --git a/...org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionsTests.java b/...org/elasticsearch/xpack/core/security/authz/permission/RemoteClusterPermissionsTests.java
@@ -181,7 +181,7 @@ public void testValidate() {
         // random values not allowed
         IllegalArgumentException error = expectThrows(IllegalArgumentException.class, () -> remoteClusterPermission.validate());
         assertTrue(error.getMessage().contains("Invalid remote_cluster permissions found. Please remove the following:"));
-        assertTrue(error.getMessage().contains("Only [monitor_enrich] are allowed"));
+        assertTrue(error.getMessage().contains("Only [monitor_enrich, monitor_stats] are allowed"));
 
         new RemoteClusterPermissions().addGroup(new RemoteClusterPermissionGroup(new String[] { "monitor_enrich" }, new String[] { "*" }))
             .validate(); // no error

diff --git a/...urity/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java b/...urity/src/test/java/org/elasticsearch/xpack/security/authz/store/FileRolesStoreTests.java
@@ -388,7 +388,7 @@ public void testParseFileWithRemoteIndicesAndCluster() throws IllegalAccessExcep
             events.get(4),
             startsWith(
                 "failed to parse remote_cluster for role [invalid_role_bad_priv_remote_clusters]. "
-                    + "[monitor_enrich] is the only value allowed for [privileges] within [remote_cluster]. skipping role..."
+                    + "[monitor_enrich, monitor_stats] is the only value allowed for [privileges] within [remote_cluster]. skipping role..."
             )
         );
     }

diff --git a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml
@@ -15,5 +15,5 @@ setup:
   # This is fragile - it needs to be updated every time we add a new cluster/index privilege
   # I would much prefer we could just check that specific entries are in the array, but we don't have
   # an assertion for that
-  - length: { "cluster" : 61 }
+  - length: { "cluster" : 62 }
   - length: { "index" : 22 }