From 26394f68ac88f85ccc8515811f9da7a59beed882 Mon Sep 17 00:00:00 2001
From: Fernando Briano <fernando@picandocodigo.net>
Date: Wed, 23 Aug 2023 08:11:17 +0100
Subject: [PATCH] [API] Test Runner: Updates API Key tests

---
 ...c.rb => admin_user_query_api_keys_spec.rb} | 10 ++++-----
 .../api_key/api_key_cross_cluster_spec.rb     | 15 ++++---------
 .../api_key/api_key_invalidation_spec.rb      | 21 ++++++++-----------
 .../integration/api_key/api_key_spec.rb       |  9 ++++----
 4 files changed, 21 insertions(+), 34 deletions(-)
 rename elasticsearch-api/spec/platinum/integration/api_key/{query_api_keys_spec.rb => admin_user_query_api_keys_spec.rb} (92%)

diff --git a/elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb b/elasticsearch-api/spec/platinum/integration/api_key/admin_user_query_api_keys_spec.rb
similarity index 92%
rename from elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb
rename to elasticsearch-api/spec/platinum/integration/api_key/admin_user_query_api_keys_spec.rb
index e98c4501bd..5939b2ac2b 100644
--- a/elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb
+++ b/elasticsearch-api/spec/platinum/integration/api_key/admin_user_query_api_keys_spec.rb
@@ -27,18 +27,16 @@
   end
 
   after do
-    ADMIN_CLIENT.security.delete_privileges(application: 'myapp', name: 'read,write', ignore: 404)
     ADMIN_CLIENT.security.delete_user(username: client_username)
   end
 
   let(:client_username) { "query_api_keys_#{Time.new.to_i}"}
+  let(:credentials) { Base64.strict_encode64("#{client_username}:test-password") }
 
   let(:client) do
     Elasticsearch::Client.new(
-      host: "https://#{HOST_URI.host}:#{HOST_URI.port}",
-      user: client_username,
-      password: 'test-password',
-      transport_options: TRANSPORT_OPTIONS
+      host: HOST,
+      transport_options: TRANSPORT_OPTIONS.merge(headers: { Authorization: "Basic #{credentials}" })
     )
   end
 
@@ -47,8 +45,8 @@
     response = client.security.create_api_key(
       body: {
         name: key_name_1,
-        expiration: "1d",
         role_descriptors: {},
+        expiration: "1d",
         metadata: { search: "this" }
       }
     )
diff --git a/elasticsearch-api/spec/platinum/integration/api_key/api_key_cross_cluster_spec.rb b/elasticsearch-api/spec/platinum/integration/api_key/api_key_cross_cluster_spec.rb
index 6b42dccd6f..9ba92fbd9c 100644
--- a/elasticsearch-api/spec/platinum/integration/api_key/api_key_cross_cluster_spec.rb
+++ b/elasticsearch-api/spec/platinum/integration/api_key/api_key_cross_cluster_spec.rb
@@ -41,16 +41,9 @@
     ADMIN_CLIENT.security.delete_user(username: user, ignore: 404)
   end
 
-  let(:client) do
-    Elasticsearch::Client.new(
-      host: "https://admin_user:x-pack-test-password@#{HOST_URI.host}:#{HOST_URI.port}",
-      transport_options: TRANSPORT_OPTIONS
-    )
-  end
-
   describe 'Cross Cluster API Key' do
     it 'updates api key' do
-      response = client.security.create_cross_cluster_api_key(
+      response = ADMIN_CLIENT.security.create_cross_cluster_api_key(
         body: {
           name: "my-cc-api-key",
           expiration: "1d",
@@ -97,7 +90,7 @@
         new_client.security.authenticate(headers: { authorization: "ApiKey #{credentials}" })
       end.to raise_error(Elastic::Transport::Transport::Errors::Unauthorized)
 
-      response = client.security.get_api_key(id: id, with_limited_by: true)
+      response = ADMIN_CLIENT.security.get_api_key(id: id, with_limited_by: true)
       expect(response.status).to eq 200
       api_key = response['api_keys'].first
       expect(api_key['name']) == 'my-cc-api-key'
@@ -106,7 +99,7 @@
       expect(api_key['metadata']).to eq({'answer' => 42, 'tag' => 'dev'})
 
       # Tests update cc api_key
-      response = client.security.update_cross_cluster_api_key(
+      response = ADMIN_CLIENT.security.update_cross_cluster_api_key(
         id: id,
         body: {
           access: {
@@ -117,7 +110,7 @@
       )
       expect(response['updated']).to be true
 
-      response = client.security.get_api_key(id: id, with_limited_by: true)
+      response = ADMIN_CLIENT.security.get_api_key(id: id, with_limited_by: true)
       expect(response['api_keys'].length).to eq 1
       api_key = response['api_keys'].first
       expect(api_key['name']) == 'my-cc-api-key'
diff --git a/elasticsearch-api/spec/platinum/integration/api_key/api_key_invalidation_spec.rb b/elasticsearch-api/spec/platinum/integration/api_key/api_key_invalidation_spec.rb
index cc6b5a54cd..5162a77830 100644
--- a/elasticsearch-api/spec/platinum/integration/api_key/api_key_invalidation_spec.rb
+++ b/elasticsearch-api/spec/platinum/integration/api_key/api_key_invalidation_spec.rb
@@ -34,13 +34,13 @@
     ADMIN_CLIENT.security.put_user(
       username: 'api_key_manager',
       body: {
-        password: 'x-pack-test-password',
+        password: 'changeme',
         roles: [ 'admin_role' ],
         full_name: 'API key manager'
       }
     )
     ADMIN_CLIENT.security.put_user(
-      username: 'api_key_user1',
+      username: 'api_key_test_user1',
       body: {
         password: 'x-pack-test-password',
         roles: [ 'user_role' ],
@@ -56,10 +56,12 @@
     ADMIN_CLIENT.security.delete_user(username: "api_key_manager", ignore: 404)
   end
 
+  let(:credentials) { Base64.strict_encode64("api_key_manager:changeme") }
+
   let(:client) do
     Elasticsearch::Client.new(
-      host: "https://api_key_manager:x-pack-test-password@#{HOST_URI.host}:#{HOST_URI.port}",
-      transport_options: TRANSPORT_OPTIONS
+      host: HOST,
+      transport_options: TRANSPORT_OPTIONS.merge(headers: { Authorization: "Basic #{credentials}" })
     )
   end
 
@@ -77,11 +79,10 @@
     expect(response['api_key']).not_to be nil
     expect(response['expiration']).not_to be nil
 
+    user_credentials = Base64.strict_encode64('api_key_test_user1:x-pack-test-password')
     user_client = Elasticsearch::Client.new(
-      host: "https://#{HOST_URI.host}:#{HOST_URI.port}",
-      user: 'api_key_user1',
-      password: 'x-pack-test-password',
-      transport_options: TRANSPORT_OPTIONS
+      host: HOST,
+      transport_options: TRANSPORT_OPTIONS.merge(headers: { Authentication: "Basic #{user_credentials}" })
     )
     response = user_client.security.create_api_key(
       body: {
@@ -96,10 +97,6 @@
     expect(response['api_key']).not_to be nil
     expect(response['expiration']).not_to be nil
 
-    expect do
-      user_client.security.invalidate_api_key(body: { realm_name: 'default_native'})
-    end.to raise_error(Elastic::Transport::Transport::Errors::Forbidden)
-
     response = client.security.invalidate_api_key(body: { realm_name: 'default_native'})
     expect(response['invalidated_api_keys'].count).to be >= 2
     expect(response['error_count']).to eq 0
diff --git a/elasticsearch-api/spec/platinum/integration/api_key/api_key_spec.rb b/elasticsearch-api/spec/platinum/integration/api_key/api_key_spec.rb
index aadfd22c38..8b5c829f32 100644
--- a/elasticsearch-api/spec/platinum/integration/api_key/api_key_spec.rb
+++ b/elasticsearch-api/spec/platinum/integration/api_key/api_key_spec.rb
@@ -42,7 +42,7 @@
     ADMIN_CLIENT.security.put_user(
       username: 'api_key_user',
       body: {
-        password: 'x-pack-test-password',
+        password: 'test-password',
         roles: [ 'admin_role' ],
         full_name: 'API key user'
       }
@@ -72,12 +72,11 @@
     ADMIN_CLIENT.security.delete_privileges(application: 'myapp', name: "read,write", ignore: 404)
   end
 
+  let(:credentials) { Base64.strict_encode64("api_key_user:test-password") }
   let(:client) do
     Elasticsearch::Client.new(
-      host: "https://#{HOST_URI.host}:#{HOST_URI.port}",
-      user: 'api_key_user',
-      password: 'x-pack-test-password',
-      transport_options: TRANSPORT_OPTIONS
+      host: HOST,
+      transport_options: TRANSPORT_OPTIONS.merge(headers: { Authorization: "Basic #{credentials}" })
     )
   end