Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

Ensure new privs in API key update test (#88602)

This PR ensures that we pick new cluster privileges when making a
non-noop API key update in tests for auto updating user fields.

Closes #88596.
Nikolaj Volgushev 3 years ago
parent
d0250dd74d
commit
2605b9e121
1 changed files with 7 additions and 3 deletions
Split View Show Diff Stats
  1. 7 3
      x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java

+ 7 - 3
x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/ApiKeyIntegTests.java
View File 

@@ -1550,9 +1550,13 @@ public class ApiKeyIntegTests extends SecurityIntegTestCase {
 
         final String apiKeyId = createdApiKey.getId();
 
         expectRoleDescriptorsForApiKey("limited_by_role_descriptors", Set.of(roleDescriptorBeforeUpdate), getApiKeyDocument(apiKeyId));
 
 
-        final List<String> newClusterPrivileges = new ArrayList<>(randomSubsetOf(ClusterPrivilegeResolver.names()));
 
-        // At a minimum include privilege to manage own API key to ensure no 403
 
-        newClusterPrivileges.add(randomFrom("manage_api_key", "manage_own_api_key"));
 
+        final List<String> newClusterPrivileges = randomValueOtherThan(clusterPrivileges, () -> {
 
+            final List<String> privs = new ArrayList<>(randomSubsetOf(ClusterPrivilegeResolver.names()));
 
+            // At a minimum include privilege to manage own API key to ensure no 403
 
+            privs.add(randomFrom("manage_api_key", "manage_own_api_key"));
 
+            return privs;
 
+        });
 
+
 
         // Update user role
 
         final RoleDescriptor roleDescriptorAfterUpdate = putRoleWithClusterPrivileges(
 
             nativeRealmRole,