Revert "[Enterprise Search] Add `.connector-secrets` system index and GET/POST requests (#103683)" (#104760)

This reverts commit b4345d9d9118494d22fdf228be87bcc52902f547.

docs/reference/rest-api/security/get-builtin-privileges.asciidoc

@@ -108,14 +108,12 @@ A successful call returns an object with "cluster" and "index" fields.
     "none",
     "post_behavioral_analytics_event",
     "read_ccr",
-    "read_connector_secrets",
     "read_fleet_secrets",
     "read_ilm",
     "read_pipeline",
     "read_security",
     "read_slm",
     "transport_client",
-    "write_connector_secrets",
     "write_fleet_secrets"
   ],
   "index" : [

rest-api-spec/src/main/resources/rest-api-spec/api/connector_secret.get.json

@@ -1,28 +0,0 @@
-{
-  "connector_secret.get": {
-    "documentation": {
-      "url": null,
-      "description": "Retrieves a secret stored by Connectors."
-    },
-    "stability": "experimental",
-    "visibility":"private",
-    "headers":{
-      "accept": [ "application/json"]
-    },
-    "url":{
-      "paths":[
-        {
-          "path":"/_connector/_secret/{id}",
-          "methods":[ "GET" ],
-          "parts":{
-            "id":{
-              "type":"string",
-              "description":"The ID of the secret"
-            }
-          }
-        }
-      ]
-    },
-    "params":{}
-  }
-}

rest-api-spec/src/main/resources/rest-api-spec/api/connector_secret.post.json

@@ -1,26 +0,0 @@
-{
-  "connector_secret.post": {
-    "documentation": {
-      "url": null,
-      "description": "Creates a secret for a Connector."
-    },
-    "stability": "experimental",
-    "visibility":"private",
-    "headers":{
-      "accept": [ "application/json" ]
-    },
-    "url":{
-      "paths":[
-        {
-          "path":"/_connector/_secret",
-          "methods":[ "POST" ]
-        }
-      ]
-    },
-    "params":{},
-    "body": {
-      "description":"The secret value to store",
-      "required":true
-    }
-  }
-}

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/ClusterPrivilegeResolver.java

@@ -326,16 +326,6 @@ public class ClusterPrivilegeResolver {
         CROSS_CLUSTER_REPLICATION_PATTERN
     );
 
-    public static final NamedClusterPrivilege READ_CONNECTOR_SECRETS = new ActionClusterPrivilege(
-        "read_connector_secrets",
-        Set.of("cluster:admin/xpack/connector/secret/get")
-    );
-
-    public static final NamedClusterPrivilege WRITE_CONNECTOR_SECRETS = new ActionClusterPrivilege(
-        "write_connector_secrets",
-        Set.of("cluster:admin/xpack/connector/secret/post")
-    );
-
     private static final Map<String, NamedClusterPrivilege> VALUES = sortByAccessLevel(
         Stream.of(
             NONE,
@@ -390,9 +380,7 @@ public class ClusterPrivilegeResolver {
             POST_BEHAVIORAL_ANALYTICS_EVENT,
             MANAGE_SEARCH_QUERY_RULES,
             CROSS_CLUSTER_SEARCH,
-            CROSS_CLUSTER_REPLICATION,
-            READ_CONNECTOR_SECRETS,
-            WRITE_CONNECTOR_SECRETS
+            CROSS_CLUSTER_REPLICATION
         ).filter(Objects::nonNull).toList()
     );
 

x-pack/plugin/core/template-resources/src/main/resources/connector-secrets.json

@@ -1,26 +0,0 @@
-{
-  "settings": {
-    "index": {
-      "auto_expand_replicas": "0-1",
-      "number_of_shards": 1,
-      "number_of_replicas": 0,
-      "priority": 100,
-      "refresh_interval": "1s"
-    }
-  },
-  "mappings": {
-    "_doc" : {
-      "dynamic": false,
-      "_meta": {
-        "version": "${connector-secrets.version}",
-        "managed_index_mappings_version": ${connector-secrets.managed.index.version}
-      },
-      "properties": {
-        "value": {
-          "type": "keyword",
-          "index": false
-        }
-      }
-    }
-  }
-}

x-pack/plugin/ent-search/build.gradle

@@ -38,13 +38,6 @@ dependencies {
   module ':modules:search-business-rules'
 }
 
-testClusters.configureEach {
-  testDistribution = 'DEFAULT'
-  setting 'xpack.security.enabled', 'true'
-  setting 'xpack.security.autoconfiguration.enabled', 'false'
-  user username: 'x_pack_rest_user', password: 'x-pack-test-password'
-}
-
 tasks.named("dependencyLicenses").configure {
   mapping from: /jackson.*/, to: 'jackson'
 }

x-pack/plugin/ent-search/qa/rest/roles.yml

@@ -16,8 +16,6 @@ user:
   cluster:
     - post_behavioral_analytics_event
     - manage_api_key
-    - read_connector_secrets
-    - write_connector_secrets
   indices:
     - names: [
       "test-index1",

x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/500_connector_secret_post.yml

@@ -1,55 +0,0 @@
-setup:
-  - skip:
-      version: " - 8.12.99"
-      reason: Introduced in 8.13.0
-
----
-'Post connector secret - admin':
-  - do:
-      connector_secret.post:
-        body:
-          value: my-secret
-  - set: { id: id }
-  - match: { id: $id }
-  - do:
-      connector_secret.get:
-        id: $id
-  - match: { value: my-secret }
-
----
-'Post connector secret - authorized user':
-  - skip:
-      features: headers
-
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVzZXI6ZW50c2VhcmNoLXVzZXItcGFzc3dvcmQ=" }  # user
-      connector_secret.post:
-        body:
-          value: my-secret
-  - set: { id: id }
-  - match: { id: $id }
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVzZXI6ZW50c2VhcmNoLXVzZXItcGFzc3dvcmQ=" }  # user
-      connector_secret.get:
-        id: $id
-  - match: { value: my-secret }
-
----
-'Post connector secret - unauthorized user':
-  - skip:
-      features: headers
-
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVucHJpdmlsZWdlZDplbnRzZWFyY2gtdW5wcml2aWxlZ2VkLXVzZXI=" }  # unprivileged
-      connector_secret.post:
-        body:
-          value: my-secret
-      catch: unauthorized
-
----
-'Post connector secret when id is missing should fail':
-  - do:
-      connector_secret.post:
-        body:
-          value: null
-      catch: bad_request

x-pack/plugin/ent-search/qa/rest/src/yamlRestTest/resources/rest-api-spec/test/entsearch/510_connector_secret_get.yml

@@ -1,60 +0,0 @@
-setup:
-  - skip:
-      version: " - 8.12.99"
-      reason: Introduced in 8.13.0
-
----
-'Get connector secret - admin':
-  - do:
-      connector_secret.post:
-        body:
-          value: my-secret
-  - set: { id: id }
-  - match: { id: $id }
-  - do:
-      connector_secret.get:
-        id: $id
-  - match: { value: my-secret }
-
----
-'Get connector secret - user with privileges':
-  - skip:
-      features: headers
-
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVzZXI6ZW50c2VhcmNoLXVzZXItcGFzc3dvcmQ=" }  # user
-      connector_secret.post:
-        body:
-          value: my-secret
-  - set: { id: id }
-  - match: { id: $id }
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVzZXI6ZW50c2VhcmNoLXVzZXItcGFzc3dvcmQ=" }  # user
-      connector_secret.get:
-        id: $id
-  - match: { value: my-secret }
-
----
-'Get connector secret - user without privileges':
-  - skip:
-      features: headers
-
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVzZXI6ZW50c2VhcmNoLXVzZXItcGFzc3dvcmQ=" }  # user
-      connector_secret.post:
-        body:
-          value: my-secret
-  - set: { id: id }
-  - match: { id: $id }
-  - do:
-      headers: { Authorization: "Basic ZW50c2VhcmNoLXVucHJpdmlsZWdlZDplbnRzZWFyY2gtdW5wcml2aWxlZ2VkLXVzZXI=" }  # unprivileged
-      connector_secret.get:
-        id: $id
-      catch: unauthorized
-
----
-'Get connector secret - Missing secret id':
-  - do:
-      connector_secret.get:
-        id: non-existing-secret-id
-      catch: missing

x-pack/plugin/ent-search/src/javaRestTest/java/org/elasticsearch/xpack/entsearch/ConnectorSecretsSystemIndexIT.java

@@ -1,94 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.entsearch;
-
-import org.apache.http.util.EntityUtils;
-import org.elasticsearch.client.Request;
-import org.elasticsearch.client.Response;
-import org.elasticsearch.client.ResponseException;
-import org.elasticsearch.common.bytes.BytesReference;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.common.util.concurrent.ThreadContext;
-import org.elasticsearch.common.xcontent.XContentHelper;
-import org.elasticsearch.test.SecuritySettingsSourceField;
-import org.elasticsearch.test.rest.ESRestTestCase;
-import org.elasticsearch.xcontent.XContentBuilder;
-import org.elasticsearch.xcontent.XContentType;
-import org.elasticsearch.xcontent.json.JsonXContent;
-
-import java.io.IOException;
-import java.util.Map;
-
-import static org.hamcrest.Matchers.is;
-
-public class ConnectorSecretsSystemIndexIT extends ESRestTestCase {
-
-    static final String BASIC_AUTH_VALUE = basicAuthHeaderValue(
-        "x_pack_rest_user",
-        SecuritySettingsSourceField.TEST_PASSWORD_SECURE_STRING
-    );
-
-    @Override
-    protected Settings restClientSettings() {
-        return Settings.builder().put(ThreadContext.PREFIX + ".Authorization", BASIC_AUTH_VALUE).build();
-    }
-
-    public void testConnectorSecretsCRUD() throws Exception {
-        // post secret
-        final String secretJson = getPostSecretJson();
-        Request postRequest = new Request("POST", "/_connector/_secret/");
-        postRequest.setJsonEntity(secretJson);
-        Response postResponse = client().performRequest(postRequest);
-        assertThat(postResponse.getStatusLine().getStatusCode(), is(200));
-        Map<String, Object> responseMap = getResponseMap(postResponse);
-        assertThat(responseMap.size(), is(1));
-        assertTrue(responseMap.containsKey("id"));
-        final String id = responseMap.get("id").toString();
-
-        // get secret
-        Request getRequest = new Request("GET", "/_connector/_secret/" + id);
-        Response getResponse = client().performRequest(getRequest);
-        assertThat(getResponse.getStatusLine().getStatusCode(), is(200));
-        responseMap = getResponseMap(getResponse);
-        assertThat(responseMap.size(), is(2));
-        assertTrue(responseMap.containsKey("id"));
-        assertTrue(responseMap.containsKey("value"));
-        assertThat(responseMap.get("value"), is("test secret"));
-    }
-
-    public void testPostInvalidSecretBody() throws Exception {
-        Request postRequest = new Request("POST", "/_connector/_secret/");
-        postRequest.setJsonEntity("""
-            {"something":"else"}""");
-        ResponseException re = expectThrows(ResponseException.class, () -> client().performRequest(postRequest));
-        Response getResponse = re.getResponse();
-        assertThat(getResponse.getStatusLine().getStatusCode(), is(400));
-    }
-
-    public void testGetNonExistingSecret() {
-        Request getRequest = new Request("GET", "/_connector/_secret/123");
-        ResponseException re = expectThrows(ResponseException.class, () -> client().performRequest(getRequest));
-        Response getResponse = re.getResponse();
-        assertThat(getResponse.getStatusLine().getStatusCode(), is(404));
-    }
-
-    private String getPostSecretJson() throws IOException {
-        try (XContentBuilder builder = JsonXContent.contentBuilder()) {
-            builder.startObject();
-            {
-                builder.field("value", "test secret");
-            }
-            builder.endObject();
-            return BytesReference.bytes(builder).utf8ToString();
-        }
-    }
-
-    private Map<String, Object> getResponseMap(Response response) throws IOException {
-        return XContentHelper.convertToMap(XContentType.JSON.xContent(), EntityUtils.toString(response.getEntity()), false);
-    }
-}

x-pack/plugin/ent-search/src/main/java/module-info.java

@@ -39,6 +39,4 @@ module org.elasticsearch.application {
     exports org.elasticsearch.xpack.application.connector.syncjob.action;
 
     provides org.elasticsearch.features.FeatureSpecification with org.elasticsearch.xpack.application.EnterpriseSearchFeatures;
-
-    exports org.elasticsearch.xpack.application.connector.secrets.action to org.elasticsearch.server;
 }

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/EnterpriseSearch.java

@@ -88,14 +88,6 @@ import org.elasticsearch.xpack.application.connector.action.UpdateConnectorNativ
 import org.elasticsearch.xpack.application.connector.action.UpdateConnectorPipelineAction;
 import org.elasticsearch.xpack.application.connector.action.UpdateConnectorSchedulingAction;
 import org.elasticsearch.xpack.application.connector.action.UpdateConnectorServiceTypeAction;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsFeature;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsIndexService;
-import org.elasticsearch.xpack.application.connector.secrets.action.GetConnectorSecretAction;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretAction;
-import org.elasticsearch.xpack.application.connector.secrets.action.RestGetConnectorSecretAction;
-import org.elasticsearch.xpack.application.connector.secrets.action.RestPostConnectorSecretAction;
-import org.elasticsearch.xpack.application.connector.secrets.action.TransportGetConnectorSecretAction;
-import org.elasticsearch.xpack.application.connector.secrets.action.TransportPostConnectorSecretAction;
 import org.elasticsearch.xpack.application.connector.syncjob.action.CancelConnectorSyncJobAction;
 import org.elasticsearch.xpack.application.connector.syncjob.action.CheckInConnectorSyncJobAction;
 import org.elasticsearch.xpack.application.connector.syncjob.action.DeleteConnectorSyncJobAction;
@@ -268,15 +260,6 @@ public class EnterpriseSearch extends Plugin implements ActionPlugin, SystemInde
             );
         }
 
-        if (ConnectorSecretsFeature.isEnabled()) {
-            actionHandlers.addAll(
-                List.of(
-                    new ActionHandler<>(GetConnectorSecretAction.INSTANCE, TransportGetConnectorSecretAction.class),
-                    new ActionHandler<>(PostConnectorSecretAction.INSTANCE, TransportPostConnectorSecretAction.class)
-                )
-            );
-        }
-
         return Collections.unmodifiableList(actionHandlers);
     }
 
@@ -354,10 +337,6 @@ public class EnterpriseSearch extends Plugin implements ActionPlugin, SystemInde
             );
         }
 
-        if (ConnectorSecretsFeature.isEnabled()) {
-            restHandlers.addAll(List.of(new RestGetConnectorSecretAction(), new RestPostConnectorSecretAction()));
-        }
-
         return Collections.unmodifiableList(restHandlers);
     }
 
@@ -392,15 +371,7 @@ public class EnterpriseSearch extends Plugin implements ActionPlugin, SystemInde
 
     @Override
     public Collection<SystemIndexDescriptor> getSystemIndexDescriptors(Settings settings) {
-        Collection<SystemIndexDescriptor> systemIndices = new ArrayList<>(
-            List.of(SearchApplicationIndexService.getSystemIndexDescriptor(), QueryRulesIndexService.getSystemIndexDescriptor())
-        );
-
-        if (ConnectorSecretsFeature.isEnabled()) {
-            systemIndices.add(ConnectorSecretsIndexService.getSystemIndexDescriptor());
-        }
-
-        return systemIndices;
+        return Arrays.asList(SearchApplicationIndexService.getSystemIndexDescriptor(), QueryRulesIndexService.getSystemIndexDescriptor());
     }
 
     @Override

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsFeature.java

@@ -1,32 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets;
-
-import org.elasticsearch.common.util.FeatureFlag;
-
-/**
- * Connector Secrets feature flag. When the feature is complete, this flag will be removed.
- */
-public class ConnectorSecretsFeature {
-
-    private static final FeatureFlag SECRETS_FEATURE_FLAG = new FeatureFlag("connector_secrets");
-
-    /**
-     * Enables the Connectors Secrets feature by default for the tech preview phase.
-     * As documented, the Connectors Secrets is currently a tech preview feature,
-     * and customers should be aware that no SLAs or support are guaranteed during
-     * its pre-General Availability (GA) stage.
-     *
-     * Instead of removing the feature flag from the code, we enable it by default.
-     * This approach allows for the complete deactivation of the feature during the QA phase,
-     * should any critical bugs be discovered, with a single, trackable code change.
-     */
-    public static boolean isEnabled() {
-        return true;
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsIndexService.java

@@ -1,96 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets;
-
-import org.elasticsearch.ResourceNotFoundException;
-import org.elasticsearch.Version;
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
-import org.elasticsearch.client.internal.Client;
-import org.elasticsearch.client.internal.OriginSettingClient;
-import org.elasticsearch.indices.SystemIndexDescriptor;
-import org.elasticsearch.xcontent.XContentType;
-import org.elasticsearch.xpack.application.connector.secrets.action.GetConnectorSecretResponse;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretRequest;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretResponse;
-import org.elasticsearch.xpack.core.template.TemplateUtils;
-
-import java.util.Map;
-
-import static org.elasticsearch.xcontent.XContentFactory.jsonBuilder;
-import static org.elasticsearch.xpack.core.ClientHelper.CONNECTORS_ORIGIN;
-
-/**
- * A service that manages persistent Connector Secrets.
- */
-public class ConnectorSecretsIndexService {
-
-    private final Client clientWithOrigin;
-
-    public static final String CONNECTOR_SECRETS_INDEX_NAME = ".connector-secrets";
-    private static final int CURRENT_INDEX_VERSION = 1;
-    private static final String MAPPING_VERSION_VARIABLE = "connector-secrets.version";
-    private static final String MAPPING_MANAGED_VERSION_VARIABLE = "connector-secrets.managed.index.version";
-
-    public ConnectorSecretsIndexService(Client client) {
-        this.clientWithOrigin = new OriginSettingClient(client, CONNECTORS_ORIGIN);
-    }
-
-    /**
-     * Returns the {@link SystemIndexDescriptor} for the Connector Secrets system index.
-     *
-     * @return The {@link SystemIndexDescriptor} for the Connector Secrets system index.
-     */
-    public static SystemIndexDescriptor getSystemIndexDescriptor() {
-        PutIndexTemplateRequest request = new PutIndexTemplateRequest();
-
-        String templateSource = TemplateUtils.loadTemplate(
-            "/connector-secrets.json",
-            Version.CURRENT.toString(),
-            MAPPING_VERSION_VARIABLE,
-            Map.of(MAPPING_MANAGED_VERSION_VARIABLE, Integer.toString(CURRENT_INDEX_VERSION))
-        );
-        request.source(templateSource, XContentType.JSON);
-
-        return SystemIndexDescriptor.builder()
-            .setIndexPattern(CONNECTOR_SECRETS_INDEX_NAME + "*")
-            .setPrimaryIndex(CONNECTOR_SECRETS_INDEX_NAME + "-" + CURRENT_INDEX_VERSION)
-            .setDescription("Secret values managed by Connectors")
-            .setMappings(request.mappings())
-            .setSettings(request.settings())
-            .setAliasName(CONNECTOR_SECRETS_INDEX_NAME)
-            .setVersionMetaKey("version")
-            .setOrigin(CONNECTORS_ORIGIN)
-            .setType(SystemIndexDescriptor.Type.INTERNAL_MANAGED)
-            .build();
-    }
-
-    public void getSecret(String id, ActionListener<GetConnectorSecretResponse> listener) {
-        clientWithOrigin.prepareGet(CONNECTOR_SECRETS_INDEX_NAME, id).execute(listener.delegateFailureAndWrap((delegate, getResponse) -> {
-            if (getResponse.isSourceEmpty()) {
-                delegate.onFailure(new ResourceNotFoundException("No secret with id [" + id + "]"));
-                return;
-            }
-            delegate.onResponse(new GetConnectorSecretResponse(getResponse.getId(), getResponse.getSource().get("value").toString()));
-        }));
-    }
-
-    public void createSecret(PostConnectorSecretRequest request, ActionListener<PostConnectorSecretResponse> listener) {
-        try {
-            clientWithOrigin.prepareIndex(CONNECTOR_SECRETS_INDEX_NAME)
-                .setSource(request.toXContent(jsonBuilder()))
-                .execute(
-                    listener.delegateFailureAndWrap(
-                        (l, indexResponse) -> l.onResponse(new PostConnectorSecretResponse(indexResponse.getId()))
-                    )
-                );
-        } catch (Exception e) {
-            listener.onFailure(e);
-        }
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretAction.java

@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionType;
-
-public class GetConnectorSecretAction extends ActionType<GetConnectorSecretResponse> {
-
-    public static final String NAME = "cluster:admin/xpack/connector/secret/get";
-
-    public static final GetConnectorSecretAction INSTANCE = new GetConnectorSecretAction();
-
-    private GetConnectorSecretAction() {
-        super(NAME, GetConnectorSecretResponse::new);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequest.java

@@ -1,67 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionRequest;
-import org.elasticsearch.action.ActionRequestValidationException;
-import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.io.stream.StreamOutput;
-
-import java.io.IOException;
-import java.util.Objects;
-
-import static org.elasticsearch.action.ValidateActions.addValidationError;
-
-public class GetConnectorSecretRequest extends ActionRequest {
-
-    private final String id;
-
-    public GetConnectorSecretRequest(String id) {
-        this.id = Objects.requireNonNull(id);
-    }
-
-    public GetConnectorSecretRequest(StreamInput in) throws IOException {
-        super(in);
-        id = in.readString();
-    }
-
-    public String id() {
-        return id;
-    }
-
-    @Override
-    public void writeTo(StreamOutput out) throws IOException {
-        super.writeTo(out);
-        out.writeString(id);
-    }
-
-    @Override
-    public ActionRequestValidationException validate() {
-        ActionRequestValidationException validationException = null;
-
-        if (Strings.isNullOrEmpty(id)) {
-            validationException = addValidationError("id missing", validationException);
-        }
-
-        return validationException;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        GetConnectorSecretRequest that = (GetConnectorSecretRequest) o;
-        return Objects.equals(id, that.id);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(id);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretResponse.java

@@ -1,70 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionResponse;
-import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.xcontent.ToXContent;
-import org.elasticsearch.xcontent.ToXContentObject;
-import org.elasticsearch.xcontent.XContentBuilder;
-
-import java.io.IOException;
-import java.util.Objects;
-
-public class GetConnectorSecretResponse extends ActionResponse implements ToXContentObject {
-
-    private final String id;
-    private final String value;
-
-    public GetConnectorSecretResponse(StreamInput in) throws IOException {
-        super(in);
-        id = in.readString();
-        value = in.readString();
-    }
-
-    public GetConnectorSecretResponse(String id, String value) {
-        this.id = id;
-        this.value = value;
-    }
-
-    public String id() {
-        return id;
-    }
-
-    public String value() {
-        return value;
-    }
-
-    @Override
-    public void writeTo(StreamOutput out) throws IOException {
-        out.writeString(id);
-        out.writeString(value);
-    }
-
-    @Override
-    public XContentBuilder toXContent(XContentBuilder builder, ToXContent.Params params) throws IOException {
-        builder.startObject();
-        builder.field("id", id);
-        builder.field("value", value);
-        return builder.endObject();
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        GetConnectorSecretResponse that = (GetConnectorSecretResponse) o;
-        return Objects.equals(id, that.id) && Objects.equals(value, that.value);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(id, value);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretAction.java

@@ -1,21 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionType;
-
-public class PostConnectorSecretAction extends ActionType<PostConnectorSecretResponse> {
-
-    public static final String NAME = "cluster:admin/xpack/connector/secret/post";
-
-    public static final PostConnectorSecretAction INSTANCE = new PostConnectorSecretAction();
-
-    private PostConnectorSecretAction() {
-        super(NAME, PostConnectorSecretResponse::new);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretRequest.java

@@ -1,99 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionRequest;
-import org.elasticsearch.action.ActionRequestValidationException;
-import org.elasticsearch.common.Strings;
-import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.xcontent.ConstructingObjectParser;
-import org.elasticsearch.xcontent.ObjectParser;
-import org.elasticsearch.xcontent.ParseField;
-import org.elasticsearch.xcontent.XContentBuilder;
-import org.elasticsearch.xcontent.XContentParser;
-
-import java.io.IOException;
-import java.util.Objects;
-
-public class PostConnectorSecretRequest extends ActionRequest {
-
-    public static final ParseField VALUE_FIELD = new ParseField("value");
-
-    public static final ConstructingObjectParser<PostConnectorSecretRequest, Void> PARSER = new ConstructingObjectParser<>(
-        "post_secret_request",
-        args -> {
-            return new PostConnectorSecretRequest((String) args[0]);
-        }
-    );
-
-    static {
-        PARSER.declareField(
-            ConstructingObjectParser.optionalConstructorArg(),
-            (p, c) -> p.text(),
-            VALUE_FIELD,
-            ObjectParser.ValueType.STRING
-        );
-    }
-
-    public static PostConnectorSecretRequest fromXContent(XContentParser parser) throws IOException {
-        return PARSER.parse(parser, null);
-    }
-
-    private final String value;
-
-    public PostConnectorSecretRequest(String value) {
-        this.value = value;
-    }
-
-    public PostConnectorSecretRequest(StreamInput in) throws IOException {
-        super(in);
-        this.value = in.readString();
-    }
-
-    public String value() {
-        return value;
-    }
-
-    public XContentBuilder toXContent(XContentBuilder builder) throws IOException {
-        builder.startObject();
-        builder.field(VALUE_FIELD.getPreferredName(), this.value);
-        builder.endObject();
-        return builder;
-    }
-
-    @Override
-    public void writeTo(StreamOutput out) throws IOException {
-        super.writeTo(out);
-        out.writeString(value);
-    }
-
-    @Override
-    public ActionRequestValidationException validate() {
-        if (Strings.isNullOrEmpty(this.value)) {
-            ActionRequestValidationException exception = new ActionRequestValidationException();
-            exception.addValidationError("value is missing");
-            return exception;
-        }
-
-        return null;
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        PostConnectorSecretRequest that = (PostConnectorSecretRequest) o;
-        return Objects.equals(value, that.value);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(value);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretResponse.java

@@ -1,61 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionResponse;
-import org.elasticsearch.common.io.stream.StreamInput;
-import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.xcontent.ToXContent;
-import org.elasticsearch.xcontent.ToXContentObject;
-import org.elasticsearch.xcontent.XContentBuilder;
-
-import java.io.IOException;
-import java.util.Objects;
-
-public class PostConnectorSecretResponse extends ActionResponse implements ToXContentObject {
-
-    private final String id;
-
-    public PostConnectorSecretResponse(String id) {
-        this.id = id;
-    }
-
-    public PostConnectorSecretResponse(StreamInput in) throws IOException {
-        super(in);
-        this.id = in.readString();
-    }
-
-    public String id() {
-        return id;
-    }
-
-    @Override
-    public void writeTo(StreamOutput out) throws IOException {
-        out.writeString(id);
-    }
-
-    @Override
-    public XContentBuilder toXContent(XContentBuilder builder, ToXContent.Params params) throws IOException {
-        builder.startObject();
-        builder.field("id", id);
-        return builder.endObject();
-    }
-
-    @Override
-    public boolean equals(Object o) {
-        if (this == o) return true;
-        if (o == null || getClass() != o.getClass()) return false;
-        PostConnectorSecretResponse that = (PostConnectorSecretResponse) o;
-        return Objects.equals(id, that.id);
-    }
-
-    @Override
-    public int hashCode() {
-        return Objects.hash(id);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/RestGetConnectorSecretAction.java

@@ -1,42 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.client.internal.node.NodeClient;
-import org.elasticsearch.rest.BaseRestHandler;
-import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.rest.Scope;
-import org.elasticsearch.rest.ServerlessScope;
-import org.elasticsearch.rest.action.RestToXContentListener;
-
-import java.io.IOException;
-import java.util.List;
-
-@ServerlessScope(Scope.INTERNAL)
-public class RestGetConnectorSecretAction extends BaseRestHandler {
-
-    @Override
-    public String getName() {
-        return "connector_get_secret";
-    }
-
-    @Override
-    public List<Route> routes() {
-        return List.of(new Route(RestRequest.Method.GET, "/_connector/_secret/{id}"));
-    }
-
-    @Override
-    protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
-        final String id = request.param("id");
-        return restChannel -> client.execute(
-            GetConnectorSecretAction.INSTANCE,
-            new GetConnectorSecretRequest(id),
-            new RestToXContentListener<>(restChannel)
-        );
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/RestPostConnectorSecretAction.java

@@ -1,45 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.client.internal.node.NodeClient;
-import org.elasticsearch.rest.BaseRestHandler;
-import org.elasticsearch.rest.RestRequest;
-import org.elasticsearch.rest.Scope;
-import org.elasticsearch.rest.ServerlessScope;
-import org.elasticsearch.rest.action.RestToXContentListener;
-import org.elasticsearch.xcontent.XContentParser;
-
-import java.io.IOException;
-import java.util.List;
-
-@ServerlessScope(Scope.INTERNAL)
-public class RestPostConnectorSecretAction extends BaseRestHandler {
-
-    @Override
-    public String getName() {
-        return "connector_post_secret";
-    }
-
-    @Override
-    public List<Route> routes() {
-        return List.of(new Route(RestRequest.Method.POST, "/_connector/_secret"));
-    }
-
-    @Override
-    protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) throws IOException {
-        try (XContentParser parser = request.contentParser()) {
-            PostConnectorSecretRequest postSecretRequest = PostConnectorSecretRequest.fromXContent(parser);
-            return restChannel -> client.execute(
-                PostConnectorSecretAction.INSTANCE,
-                postSecretRequest,
-                new RestToXContentListener<>(restChannel)
-            );
-        }
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/TransportGetConnectorSecretAction.java

@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.action.support.HandledTransportAction;
-import org.elasticsearch.client.internal.Client;
-import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.util.concurrent.EsExecutors;
-import org.elasticsearch.tasks.Task;
-import org.elasticsearch.transport.TransportService;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsIndexService;
-
-public class TransportGetConnectorSecretAction extends HandledTransportAction<GetConnectorSecretRequest, GetConnectorSecretResponse> {
-
-    private final ConnectorSecretsIndexService connectorSecretsIndexService;
-
-    @Inject
-    public TransportGetConnectorSecretAction(TransportService transportService, ActionFilters actionFilters, Client client) {
-        super(
-            GetConnectorSecretAction.NAME,
-            transportService,
-            actionFilters,
-            GetConnectorSecretRequest::new,
-            EsExecutors.DIRECT_EXECUTOR_SERVICE
-        );
-        this.connectorSecretsIndexService = new ConnectorSecretsIndexService(client);
-    }
-
-    protected void doExecute(Task task, GetConnectorSecretRequest request, ActionListener<GetConnectorSecretResponse> listener) {
-        connectorSecretsIndexService.getSecret(request.id(), listener);
-    }
-}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/secrets/action/TransportPostConnectorSecretAction.java

@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.action.support.HandledTransportAction;
-import org.elasticsearch.client.internal.Client;
-import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.util.concurrent.EsExecutors;
-import org.elasticsearch.tasks.Task;
-import org.elasticsearch.transport.TransportService;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsIndexService;
-
-public class TransportPostConnectorSecretAction extends HandledTransportAction<PostConnectorSecretRequest, PostConnectorSecretResponse> {
-
-    private final ConnectorSecretsIndexService connectorSecretsIndexService;
-
-    @Inject
-    public TransportPostConnectorSecretAction(TransportService transportService, ActionFilters actionFilters, Client client) {
-        super(
-            PostConnectorSecretAction.NAME,
-            transportService,
-            actionFilters,
-            PostConnectorSecretRequest::new,
-            EsExecutors.DIRECT_EXECUTOR_SERVICE
-        );
-        this.connectorSecretsIndexService = new ConnectorSecretsIndexService(client);
-    }
-
-    protected void doExecute(Task task, PostConnectorSecretRequest request, ActionListener<PostConnectorSecretResponse> listener) {
-        connectorSecretsIndexService.createSecret(request, listener);
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsIndexServiceTests.java

@@ -1,104 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets;
-
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.test.ESSingleNodeTestCase;
-import org.elasticsearch.xpack.application.connector.secrets.action.GetConnectorSecretResponse;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretRequest;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretResponse;
-import org.junit.Before;
-
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-import java.util.concurrent.atomic.AtomicReference;
-
-import static org.hamcrest.Matchers.equalTo;
-import static org.hamcrest.Matchers.notNullValue;
-
-public class ConnectorSecretsIndexServiceTests extends ESSingleNodeTestCase {
-
-    private static final int TIMEOUT_SECONDS = 10;
-
-    private ConnectorSecretsIndexService connectorSecretsIndexService;
-
-    @Before
-    public void setup() throws Exception {
-        this.connectorSecretsIndexService = new ConnectorSecretsIndexService(client());
-    }
-
-    public void testCreateAndGetConnectorSecret() throws Exception {
-        PostConnectorSecretRequest createSecretRequest = ConnectorSecretsTestUtils.getRandomPostConnectorSecretRequest();
-        PostConnectorSecretResponse createdSecret = awaitPostConnectorSecret(createSecretRequest);
-
-        GetConnectorSecretResponse gotSecret = awaitGetConnectorSecret(createdSecret.id());
-
-        assertThat(gotSecret.id(), equalTo(createdSecret.id()));
-        assertThat(gotSecret.value(), notNullValue());
-    }
-
-    private PostConnectorSecretResponse awaitPostConnectorSecret(PostConnectorSecretRequest secretRequest) throws Exception {
-        CountDownLatch latch = new CountDownLatch(1);
-
-        final AtomicReference<PostConnectorSecretResponse> responseRef = new AtomicReference<>(null);
-        final AtomicReference<Exception> exception = new AtomicReference<>(null);
-
-        connectorSecretsIndexService.createSecret(secretRequest, new ActionListener<>() {
-            @Override
-            public void onResponse(PostConnectorSecretResponse postConnectorSecretResponse) {
-                responseRef.set(postConnectorSecretResponse);
-                latch.countDown();
-            }
-
-            @Override
-            public void onFailure(Exception e) {
-                exception.set(e);
-                latch.countDown();
-            }
-        });
-
-        if (exception.get() != null) {
-            throw exception.get();
-        }
-
-        boolean requestTimedOut = latch.await(TIMEOUT_SECONDS, TimeUnit.SECONDS);
-        PostConnectorSecretResponse response = responseRef.get();
-
-        assertTrue("Timeout waiting for post request", requestTimedOut);
-        assertNotNull("Received null response from post request", response);
-
-        return response;
-    }
-
-    private GetConnectorSecretResponse awaitGetConnectorSecret(String connectorSecretId) throws Exception {
-        CountDownLatch latch = new CountDownLatch(1);
-        final AtomicReference<GetConnectorSecretResponse> resp = new AtomicReference<>(null);
-        final AtomicReference<Exception> exc = new AtomicReference<>(null);
-
-        connectorSecretsIndexService.getSecret(connectorSecretId, new ActionListener<GetConnectorSecretResponse>() {
-            @Override
-            public void onResponse(GetConnectorSecretResponse response) {
-                resp.set(response);
-                latch.countDown();
-            }
-
-            @Override
-            public void onFailure(Exception e) {
-                exc.set(e);
-                latch.countDown();
-            }
-        });
-
-        assertTrue("Timeout waiting for get request", latch.await(TIMEOUT_SECONDS, TimeUnit.SECONDS));
-        if (exc.get() != null) {
-            throw exc.get();
-        }
-        assertNotNull("Received null response from get request", resp.get());
-        return resp.get();
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/ConnectorSecretsTestUtils.java

@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets;
-
-import org.elasticsearch.xpack.application.connector.secrets.action.GetConnectorSecretRequest;
-import org.elasticsearch.xpack.application.connector.secrets.action.GetConnectorSecretResponse;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretRequest;
-import org.elasticsearch.xpack.application.connector.secrets.action.PostConnectorSecretResponse;
-
-import static org.elasticsearch.test.ESTestCase.randomAlphaOfLength;
-import static org.elasticsearch.test.ESTestCase.randomAlphaOfLengthBetween;
-
-public class ConnectorSecretsTestUtils {
-
-    public static GetConnectorSecretRequest getRandomGetConnectorSecretRequest() {
-        return new GetConnectorSecretRequest(randomAlphaOfLength(10));
-    }
-
-    public static GetConnectorSecretResponse getRandomGetConnectorSecretResponse() {
-        final String id = randomAlphaOfLength(10);
-        final String value = randomAlphaOfLength(10);
-        return new GetConnectorSecretResponse(id, value);
-    }
-
-    public static PostConnectorSecretRequest getRandomPostConnectorSecretRequest() {
-        return new PostConnectorSecretRequest(randomAlphaOfLengthBetween(0, 20));
-    }
-
-    public static PostConnectorSecretResponse getRandomPostConnectorSecretResponse() {
-        return new PostConnectorSecretResponse(randomAlphaOfLength(10));
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretActionTests.java

@@ -1,34 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionRequestValidationException;
-import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-
-import static org.hamcrest.Matchers.containsString;
-import static org.hamcrest.Matchers.notNullValue;
-import static org.hamcrest.Matchers.nullValue;
-
-public class GetConnectorSecretActionTests extends ESTestCase {
-
-    public void testValidate_WhenConnectorSecretIdIsPresent_ExpectNoValidationError() {
-        GetConnectorSecretRequest request = ConnectorSecretsTestUtils.getRandomGetConnectorSecretRequest();
-        ActionRequestValidationException exception = request.validate();
-
-        assertThat(exception, nullValue());
-    }
-
-    public void testValidate_WhenConnectorSecretIdIsEmpty_ExpectValidationError() {
-        GetConnectorSecretRequest requestWithMissingConnectorId = new GetConnectorSecretRequest("");
-        ActionRequestValidationException exception = requestWithMissingConnectorId.validate();
-
-        assertThat(exception, notNullValue());
-        assertThat(exception.getMessage(), containsString("id missing"));
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretRequestBWCSerializingTests.java

@@ -1,37 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.common.io.stream.Writeable;
-import org.elasticsearch.xpack.core.ml.AbstractBWCWireSerializationTestCase;
-
-import java.io.IOException;
-
-public class GetConnectorSecretRequestBWCSerializingTests extends AbstractBWCWireSerializationTestCase<GetConnectorSecretRequest> {
-
-    @Override
-    protected Writeable.Reader<GetConnectorSecretRequest> instanceReader() {
-        return GetConnectorSecretRequest::new;
-    }
-
-    @Override
-    protected GetConnectorSecretRequest createTestInstance() {
-        return new GetConnectorSecretRequest(randomAlphaOfLengthBetween(1, 10));
-    }
-
-    @Override
-    protected GetConnectorSecretRequest mutateInstance(GetConnectorSecretRequest instance) throws IOException {
-        return randomValueOtherThan(instance, this::createTestInstance);
-    }
-
-    @Override
-    protected GetConnectorSecretRequest mutateInstanceForVersion(GetConnectorSecretRequest instance, TransportVersion version) {
-        return new GetConnectorSecretRequest(instance.id());
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/GetConnectorSecretResponseBWCSerializingTests.java

@@ -1,46 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.common.io.stream.NamedWriteableRegistry;
-import org.elasticsearch.common.io.stream.Writeable;
-import org.elasticsearch.xpack.application.connector.Connector;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-import org.elasticsearch.xpack.core.ml.AbstractBWCWireSerializationTestCase;
-
-import java.io.IOException;
-import java.util.List;
-
-public class GetConnectorSecretResponseBWCSerializingTests extends AbstractBWCWireSerializationTestCase<GetConnectorSecretResponse> {
-
-    @Override
-    public NamedWriteableRegistry getNamedWriteableRegistry() {
-        return new NamedWriteableRegistry(List.of(new NamedWriteableRegistry.Entry(Connector.class, Connector.NAME, Connector::new)));
-    }
-
-    @Override
-    protected Writeable.Reader<GetConnectorSecretResponse> instanceReader() {
-        return GetConnectorSecretResponse::new;
-    }
-
-    @Override
-    protected GetConnectorSecretResponse createTestInstance() {
-        return ConnectorSecretsTestUtils.getRandomGetConnectorSecretResponse();
-    }
-
-    @Override
-    protected GetConnectorSecretResponse mutateInstance(GetConnectorSecretResponse instance) throws IOException {
-        return randomValueOtherThan(instance, this::createTestInstance);
-    }
-
-    @Override
-    protected GetConnectorSecretResponse mutateInstanceForVersion(GetConnectorSecretResponse instance, TransportVersion version) {
-        return instance;
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretActionTests.java

@@ -1,34 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionRequestValidationException;
-import org.elasticsearch.test.ESTestCase;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-
-import static org.hamcrest.Matchers.containsString;
-import static org.hamcrest.Matchers.notNullValue;
-import static org.hamcrest.Matchers.nullValue;
-
-public class PostConnectorSecretActionTests extends ESTestCase {
-
-    public void testValidate_WhenConnectorSecretIdIsPresent_ExpectNoValidationError() {
-        PostConnectorSecretRequest request = ConnectorSecretsTestUtils.getRandomPostConnectorSecretRequest();
-        ActionRequestValidationException exception = request.validate();
-
-        assertThat(exception, nullValue());
-    }
-
-    public void testValidate_WhenConnectorSecretIdIsEmpty_ExpectValidationError() {
-        PostConnectorSecretRequest requestWithMissingValue = new PostConnectorSecretRequest("");
-        ActionRequestValidationException exception = requestWithMissingValue.validate();
-
-        assertThat(exception, notNullValue());
-        assertThat(exception.getMessage(), containsString("value is missing"));
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretRequestBWCSerializingTests.java

@@ -1,38 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.common.io.stream.Writeable;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-import org.elasticsearch.xpack.core.ml.AbstractBWCWireSerializationTestCase;
-
-import java.io.IOException;
-
-public class PostConnectorSecretRequestBWCSerializingTests extends AbstractBWCWireSerializationTestCase<PostConnectorSecretRequest> {
-
-    @Override
-    protected Writeable.Reader<PostConnectorSecretRequest> instanceReader() {
-        return PostConnectorSecretRequest::new;
-    }
-
-    @Override
-    protected PostConnectorSecretRequest createTestInstance() {
-        return ConnectorSecretsTestUtils.getRandomPostConnectorSecretRequest();
-    }
-
-    @Override
-    protected PostConnectorSecretRequest mutateInstance(PostConnectorSecretRequest instance) throws IOException {
-        return randomValueOtherThan(instance, this::createTestInstance);
-    }
-
-    @Override
-    protected PostConnectorSecretRequest mutateInstanceForVersion(PostConnectorSecretRequest instance, TransportVersion version) {
-        return instance;
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/PostConnectorSecretResponseBWCSerializingTests.java

@@ -1,39 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.TransportVersion;
-import org.elasticsearch.common.io.stream.Writeable;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-import org.elasticsearch.xpack.core.ml.AbstractBWCWireSerializationTestCase;
-
-import java.io.IOException;
-
-public class PostConnectorSecretResponseBWCSerializingTests extends AbstractBWCWireSerializationTestCase<PostConnectorSecretResponse> {
-
-    @Override
-    protected Writeable.Reader<PostConnectorSecretResponse> instanceReader() {
-        return PostConnectorSecretResponse::new;
-    }
-
-    @Override
-    protected PostConnectorSecretResponse createTestInstance() {
-        return ConnectorSecretsTestUtils.getRandomPostConnectorSecretResponse();
-    }
-
-    @Override
-    protected PostConnectorSecretResponse mutateInstance(PostConnectorSecretResponse instance) throws IOException {
-        return randomValueOtherThan(instance, this::createTestInstance);
-    }
-
-    @Override
-    protected PostConnectorSecretResponse mutateInstanceForVersion(PostConnectorSecretResponse instance, TransportVersion version) {
-        return instance;
-    }
-
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/TransportGetConnectorSecretActionTests.java

@@ -1,72 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.tasks.Task;
-import org.elasticsearch.test.ESSingleNodeTestCase;
-import org.elasticsearch.threadpool.TestThreadPool;
-import org.elasticsearch.threadpool.ThreadPool;
-import org.elasticsearch.transport.Transport;
-import org.elasticsearch.transport.TransportService;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-import org.junit.Before;
-
-import java.util.Collections;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-
-import static org.mockito.Mockito.mock;
-
-public class TransportGetConnectorSecretActionTests extends ESSingleNodeTestCase {
-
-    private static final Long TIMEOUT_SECONDS = 10L;
-
-    private final ThreadPool threadPool = new TestThreadPool(getClass().getName());
-    private TransportGetConnectorSecretAction action;
-
-    @Before
-    public void setup() {
-        TransportService transportService = new TransportService(
-            Settings.EMPTY,
-            mock(Transport.class),
-            threadPool,
-            TransportService.NOOP_TRANSPORT_INTERCEPTOR,
-            x -> null,
-            null,
-            Collections.emptySet()
-        );
-
-        action = new TransportGetConnectorSecretAction(transportService, mock(ActionFilters.class), client());
-    }
-
-    @Override
-    public void tearDown() throws Exception {
-        super.tearDown();
-        ThreadPool.terminate(threadPool, TIMEOUT_SECONDS, TimeUnit.SECONDS);
-    }
-
-    public void testGetConnectorSecret_ExpectNoWarnings() throws InterruptedException {
-        GetConnectorSecretRequest request = ConnectorSecretsTestUtils.getRandomGetConnectorSecretRequest();
-
-        executeRequest(request);
-
-        ensureNoWarnings();
-    }
-
-    private void executeRequest(GetConnectorSecretRequest request) throws InterruptedException {
-        final CountDownLatch latch = new CountDownLatch(1);
-        action.doExecute(mock(Task.class), request, ActionListener.wrap(response -> latch.countDown(), exception -> latch.countDown()));
-
-        boolean requestTimedOut = latch.await(TIMEOUT_SECONDS, TimeUnit.SECONDS);
-
-        assertTrue("Timeout waiting for get request", requestTimedOut);
-    }
-}

x-pack/plugin/ent-search/src/test/java/org/elasticsearch/xpack/application/connector/secrets/action/TransportPostConnectorSecretActionTests.java

@@ -1,72 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-package org.elasticsearch.xpack.application.connector.secrets.action;
-
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.tasks.Task;
-import org.elasticsearch.test.ESSingleNodeTestCase;
-import org.elasticsearch.threadpool.TestThreadPool;
-import org.elasticsearch.threadpool.ThreadPool;
-import org.elasticsearch.transport.Transport;
-import org.elasticsearch.transport.TransportService;
-import org.elasticsearch.xpack.application.connector.secrets.ConnectorSecretsTestUtils;
-import org.junit.Before;
-
-import java.util.Collections;
-import java.util.concurrent.CountDownLatch;
-import java.util.concurrent.TimeUnit;
-
-import static org.mockito.Mockito.mock;
-
-public class TransportPostConnectorSecretActionTests extends ESSingleNodeTestCase {
-
-    private static final Long TIMEOUT_SECONDS = 10L;
-
-    private final ThreadPool threadPool = new TestThreadPool(getClass().getName());
-    private TransportPostConnectorSecretAction action;
-
-    @Before
-    public void setup() {
-        TransportService transportService = new TransportService(
-            Settings.EMPTY,
-            mock(Transport.class),
-            threadPool,
-            TransportService.NOOP_TRANSPORT_INTERCEPTOR,
-            x -> null,
-            null,
-            Collections.emptySet()
-        );
-
-        action = new TransportPostConnectorSecretAction(transportService, mock(ActionFilters.class), client());
-    }
-
-    @Override
-    public void tearDown() throws Exception {
-        super.tearDown();
-        ThreadPool.terminate(threadPool, TIMEOUT_SECONDS, TimeUnit.SECONDS);
-    }
-
-    public void testPostConnectorSecret_ExpectNoWarnings() throws InterruptedException {
-        PostConnectorSecretRequest request = ConnectorSecretsTestUtils.getRandomPostConnectorSecretRequest();
-
-        executeRequest(request);
-
-        ensureNoWarnings();
-    }
-
-    private void executeRequest(PostConnectorSecretRequest request) throws InterruptedException {
-        final CountDownLatch latch = new CountDownLatch(1);
-        action.doExecute(mock(Task.class), request, ActionListener.wrap(response -> latch.countDown(), exception -> latch.countDown()));
-
-        boolean requestTimedOut = latch.await(TIMEOUT_SECONDS, TimeUnit.SECONDS);
-
-        assertTrue("Timeout waiting for post request", requestTimedOut);
-    }
-}

x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java

@@ -138,8 +138,6 @@ public class Constants {
         "cluster:admin/xpack/connector/update_pipeline",
         "cluster:admin/xpack/connector/update_scheduling",
         "cluster:admin/xpack/connector/update_service_type",
-        "cluster:admin/xpack/connector/secret/get",
-        "cluster:admin/xpack/connector/secret/post",
         "cluster:admin/xpack/connector/sync_job/cancel",
         "cluster:admin/xpack/connector/sync_job/check_in",
         "cluster:admin/xpack/connector/sync_job/delete",

x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java

@@ -280,9 +280,7 @@ public class ServiceAccountIT extends ESRestTestCase {
         {
             "cluster": [
                 "manage",
-                "manage_security",
-                "read_connector_secrets",
-                "write_connector_secrets"
+                "manage_security"
             ],
             "indices": [
                 {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccounts.java

@@ -26,7 +26,7 @@ final class ElasticServiceAccounts {
         "enterprise-search-server",
         new RoleDescriptor(
             NAMESPACE + "/enterprise-search-server",
-            new String[] { "manage", "manage_security", "read_connector_secrets", "write_connector_secrets" },
+            new String[] { "manage", "manage_security" },
             new RoleDescriptor.IndicesPrivileges[] {
                 RoleDescriptor.IndicesPrivileges.builder()
                     .indices(

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/service/ElasticServiceAccountsTests.java

@@ -344,10 +344,6 @@ public class ElasticServiceAccountsTests extends ESTestCase {
         assertThat(role.cluster().check(GetLifecycleAction.NAME, request, authentication), is(true));
         assertThat(role.cluster().check(ILMActions.PUT.name(), request, authentication), is(true));
 
-        // Connector secrets. Enterprise Search has read and write access.
-        assertThat(role.cluster().check("cluster:admin/xpack/connector/secret/get", request, authentication), is(true));
-        assertThat(role.cluster().check("cluster:admin/xpack/connector/secret/post", request, authentication), is(true));
-
         List.of(
             "search-" + randomAlphaOfLengthBetween(1, 20),
             ".search-acl-filter-" + randomAlphaOfLengthBetween(1, 20),

x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml

@@ -15,5 +15,5 @@ setup:
   # This is fragile - it needs to be updated every time we add a new cluster/index privilege
   # I would much prefer we could just check that specific entries are in the array, but we don't have
   # an assertion for that
-  - length: { "cluster" : 55 }
+  - length: { "cluster" : 53 }
   - length: { "index" : 22 }