From 1403ab318b14ad39030c6824237e1477a9392dd8 Mon Sep 17 00:00:00 2001
From: Nikolaj Volgushev <n1v0lg@users.noreply.github.com>
Date: Thu, 18 Aug 2022 14:10:15 +0200
Subject: [PATCH] Remove redundant cluster upgrade tests for auth tokens
 (#89417)

This PR removes YAML cluster upgrade tests for token backwards
compatibility. The Java REST test suite TokenBackwardsCompatibilityIT
fully covers all scenarios included in the YAML tests already. Due to
the complex test setup, and since this particular YAML test suite is
not meant to be tested with different clients, Java REST tests are more
appropriate.

The test suite we are removing is resource intensive, both in terms of
build times and maintenance, and as such not justified as a redundant
suite.

Relates: #77350
---
 .../test/mixed_cluster/50_token_auth.yml      | 180 ------------------
 .../test/old_cluster/50_token_auth.yml        | 130 -------------
 .../test/upgraded_cluster/50_token_auth.yml   |  92 ---------
 3 files changed, 402 deletions(-)
 delete mode 100644 x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml
 delete mode 100644 x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml
 delete mode 100644 x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml

diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml
deleted file mode 100644
index 9fac41b569048..0000000000000
--- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/mixed_cluster/50_token_auth.yml
+++ /dev/null
@@ -1,180 +0,0 @@
----
-"Get the indexed token and use if to authenticate":
-  - skip:
-      features: headers
-
-  - do:
-      cluster.health:
-          wait_for_status: yellow
-
-  - do:
-      get:
-        index: token_index
-        id:    "6"
-
-  - match: { _index:   token_index }
-  - match: { _id:      "6"      }
-  - is_true: _source.token
-  - set: { _source.token : token }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  # call three times because the client rotates the nodes
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
----
-"Get the indexed refreshed access token and use if to authenticate":
-  - skip:
-      features: headers
-
-  - do:
-      get:
-        index: token_index
-        id:    "7"
-
-  - match: { _index:   token_index }
-  - match: { _id:      "7"      }
-  - is_true: _source.token
-  - set: { _source.token : token }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
----
-"Get the indexed refresh token and use it to get another access token and authenticate":
-  - skip:
-      features: headers
-
-  - do:
-      get:
-        index: token_index
-        id:    "8"
-
-  - match: { _index:   token_index }
-  - match: { _id:      "8"      }
-  - is_true: _source.token
-  - set: { _source.token : refresh_token }
-
-  - do:
-      security.get_token:
-        body:
-          grant_type: "refresh_token"
-          refresh_token: "${refresh_token}"
-
-  - match: { type: "Bearer" }
-  - is_true: access_token
-  - set: { access_token: token }
-  - is_true: refresh_token
-  - set: { refresh_token: refresh_token }
-  - match: { expires_in: 3600 }
-  - is_false: scope
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-    # overwrite the used refresh token with the new one
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      index:
-        index: token_index
-        id: "8"
-        body: { "token" : "${refresh_token}"}
diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml
deleted file mode 100644
index 2f44c37a37f98..0000000000000
--- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/50_token_auth.yml
+++ /dev/null
@@ -1,130 +0,0 @@
----
-"Create a token and reuse it across the upgrade":
-  - skip:
-      features: headers
-
-  - do:
-      cluster.health:
-          wait_for_status: yellow
-
-  - do:
-      security.put_user:
-        username: "token_user"
-        body:  >
-          {
-            "password" : "x-pack-test-password",
-            "roles" : [ "superuser" ],
-            "full_name" : "Token User"
-          }
-
-  - do:
-      security.get_token:
-        body:
-          grant_type: "password"
-          username: "token_user"
-          password: "x-pack-test-password"
-
-  - match: { type: "Bearer" }
-  - is_true: access_token
-  - set: { access_token: token }
-  - is_true: refresh_token
-  - set: { refresh_token: refresh_token }
-  - match: { expires_in: 3600 }
-  - is_false: scope
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  - do:
-      indices.create:
-        index: token_index
-        wait_for_active_shards : all
-        body:
-          settings:
-            index:
-              number_of_replicas: 1
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      bulk:
-        refresh: true
-        body:
-          - '{"index": {"_index": "token_index", "_id" : "1"}}'
-          - '{"f1": "v1_old", "f2": 0}'
-          - '{"index": {"_index": "token_index", "_id" : "2"}}'
-          - '{"f1": "v2_old", "f2": 1}'
-          - '{"index": {"_index": "token_index", "_id" : "3"}}'
-          - '{"f1": "v3_old", "f2": 2}'
-          - '{"index": {"_index": "token_index", "_id" : "4"}}'
-          - '{"f1": "v4_old", "f2": 3}'
-          - '{"index": {"_index": "token_index", "_id" : "5"}}'
-          - '{"f1": "v5_old", "f2": 4}'
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 5 }
-
-  # we do store the token in the index such that we can reuse it down the road once
-  # the cluster is upgraded
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      index:
-        index: token_index
-        id: "6"
-        body: { "token" : "${token}"}
-
-  # refresh token and store it as well
-  - do:
-      security.get_token:
-        body:
-          grant_type: "refresh_token"
-          refresh_token: "${refresh_token}"
-
-  - match: { type: "Bearer" }
-  - is_true: access_token
-  - set: { access_token: refreshed_access_token }
-  - is_true: refresh_token
-  - set: { refresh_token: refreshed_refresh_token }
-  - match: { expires_in: 3600 }
-  - is_false: scope
-
-  # test refresh token (use it)
-  - do:
-      headers:
-        Authorization: Bearer ${refreshed_access_token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  # store the new refreshed access token
-  - do:
-      headers:
-        Authorization: Bearer ${refreshed_access_token}
-      index:
-        index: token_index
-        id: "7"
-        body: { "token" : "${refreshed_access_token}"}
-
-  # store the refresh token
-  - do:
-      headers:
-        Authorization: Bearer ${refreshed_access_token}
-      index:
-        index: token_index
-        id: "8"
-        body: { "token" : "${refreshed_refresh_token}"}
diff --git a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml b/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml
deleted file mode 100644
index 2ca983fc031bc..0000000000000
--- a/x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/50_token_auth.yml
+++ /dev/null
@@ -1,92 +0,0 @@
----
-"Get the indexed token and use if to authenticate":
-  - skip:
-      features: headers
-
-  - do:
-      cluster.health:
-          wait_for_status: yellow
-
-  - do:
-      get:
-        index: token_index
-        id:    "6"
-
-  - match: { _index:   token_index }
-  - match: { _id:      "6"      }
-  - is_true: _source.token
-  - set: { _source.token : token }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }
-
-  # counter example that we are really checking this
-  - do:
-      headers:
-        Authorization: Bearer boom
-      catch: /unable to authenticate with provided credentials and anonymous access is not allowed for this request/
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
----
-"Get the indexed refresh token and use if to get another access token and authenticate":
-  - skip:
-      features: headers
-
-  - do:
-      get:
-        index: token_index
-        id:    "8"
-
-  - match: { _index:   token_index }
-  - match: { _id:      "8"      }
-  - is_true: _source.token
-  - set: { _source.token : refresh_token }
-
-  - do:
-      security.get_token:
-        body:
-          grant_type: "refresh_token"
-          refresh_token: "${refresh_token}"
-
-  - match: { type: "Bearer" }
-  - is_true: access_token
-  - set: { access_token: token }
-  - is_true: refresh_token
-  - set: { refresh_token: refresh_token }
-  - match: { expires_in: 3600 }
-  - is_false: scope
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      security.authenticate: {}
-
-  - match: { username: "token_user" }
-  - match: { roles.0:  "superuser" }
-  - match: { full_name: "Token User" }
-
-  - do:
-      headers:
-        Authorization: Bearer ${token}
-      search:
-        rest_total_hits_as_int: true
-        index: token_index
-
-  - match: { hits.total: 8 }