From 6b2287249280d5d29691b1589d5477f88bd66ba3 Mon Sep 17 00:00:00 2001
From: Fernando Briano <fernando@picandocodigo.net>
Date: Tue, 22 Aug 2023 11:19:22 +0100
Subject: [PATCH] [API] Test Runner: Implements admin user query api key
 manually

---
 .../api_key/query_api_keys_spec.rb            | 113 ++++++++++++++++++
 .../spec/rest_api/skipped_tests_platinum.yml  |   3 +
 2 files changed, 116 insertions(+)
 create mode 100644 elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb

diff --git a/elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb b/elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb
new file mode 100644
index 0000000000..e98c4501bd
--- /dev/null
+++ b/elasticsearch-api/spec/platinum/integration/api_key/query_api_keys_spec.rb
@@ -0,0 +1,113 @@
+# Licensed to Elasticsearch B.V. under one or more contributor
+# license agreements. See the NOTICE file distributed with
+# this work for additional information regarding copyright
+# ownership. Elasticsearch B.V. licenses this file to you under
+# the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+require 'base64'
+require_relative '../platinum_helper'
+
+describe 'API keys' do
+  before do
+    ADMIN_CLIENT.security.put_user(
+      username: client_username,
+      body: { password: 'test-password', roles: ['superuser'] }
+    )
+  end
+
+  after do
+    ADMIN_CLIENT.security.delete_privileges(application: 'myapp', name: 'read,write', ignore: 404)
+    ADMIN_CLIENT.security.delete_user(username: client_username)
+  end
+
+  let(:client_username) { "query_api_keys_#{Time.new.to_i}"}
+
+  let(:client) do
+    Elasticsearch::Client.new(
+      host: "https://#{HOST_URI.host}:#{HOST_URI.port}",
+      user: client_username,
+      password: 'test-password',
+      transport_options: TRANSPORT_OPTIONS
+    )
+  end
+
+  it 'queries API keys' do
+    key_name_1 = "query-key-1-#{Time.new.to_i}"
+    response = client.security.create_api_key(
+      body: {
+        name: key_name_1,
+        expiration: "1d",
+        role_descriptors: {},
+        metadata: { search: "this" }
+      }
+    )
+    expect(response['name']).to eq key_name_1
+    expect(response['api_key']).not_to be nil
+    api_key_id_1 = response['id']
+
+    key_name_2 = "query-key-2-#{Time.new.to_i}"
+    response = client.security.create_api_key(
+      body: {
+        name: key_name_2,
+        expiration: "2d",
+        role_descriptors: { "role-a" => { "cluster": [ "monitor"] } },
+        metadata: { search: false }
+      }
+    )
+    expect(response['name']).to eq key_name_2
+    expect(response['api_key']).not_to be nil
+    api_key_id_2 = response['id']
+
+    key_name_3 = "query-key-3#{Time.new.to_i}"
+    response = client.security.create_api_key(
+      body: {
+        name: key_name_3,
+        expiration: "3d",
+      }
+    )
+    expect(response['name']).to eq key_name_3
+    expect(response['api_key']).not_to be nil
+    api_key_id_3 = response['id']
+
+    response = client.security.authenticate
+    owner_name = response['username']
+
+    response = client.security.query_api_keys(
+      body: {
+        query: { wildcard: { name: key_name_1 }}
+      }
+    )
+    expect(response['total']).to eq 1
+    expect(response['count']).to eq 1
+    expect(response['api_keys'].first['id']).to eq api_key_id_1
+
+    response = client.security.query_api_keys(
+      body: {
+        query: { wildcard: { name: key_name_2 }}
+      }
+    )
+    expect(response['total']).to eq 1
+    expect(response['count']).to eq 1
+    expect(response['api_keys'].first['id']).to eq api_key_id_2
+
+    response = client.security.query_api_keys(
+      body: {
+        query: { wildcard: { name: key_name_3 }}
+      }
+    )
+    expect(response['total']).to eq 1
+    expect(response['count']).to eq 1
+    expect(response['api_keys'].first['id']).to eq api_key_id_3
+  end
+end
diff --git a/elasticsearch-api/spec/rest_api/skipped_tests_platinum.yml b/elasticsearch-api/spec/rest_api/skipped_tests_platinum.yml
index 271ea581d0..bc79ecbcaf 100644
--- a/elasticsearch-api/spec/rest_api/skipped_tests_platinum.yml
+++ b/elasticsearch-api/spec/rest_api/skipped_tests_platinum.yml
@@ -102,3 +102,6 @@
 -
   :file: 'api_key/60_admin_user.yml'
   :description: 'Test get api key (with role descriptors + metadata)'
+-
+  :file: 'api_key/60_admin_user.yml'
+  :description: 'Test query api keys'