HLRest: refactor put_user to utilize `User` object (#35188)

This follows #33552 , when the `_authenticate` API added a new
`User` object for the API's response. This changes the `put_user`
API to also employ a `User` object in the request.
The User object changed slightly.
A bug with put_user only putting/updating enabled (but not disabled)
users has been fixed.

client/rest-high-level/src/main/java/org/elasticsearch/client/SecurityRequestConverters.java

@@ -63,7 +63,7 @@ final class SecurityRequestConverters {
     static Request putUser(PutUserRequest putUserRequest) throws IOException {
         String endpoint = new RequestConverters.EndpointBuilder()
             .addPathPartAsIs("_xpack/security/user")
-            .addPathPart(putUserRequest.getUsername())
+            .addPathPart(putUserRequest.getUser().getUsername())
             .build();
         Request request = new Request(HttpPut.METHOD_NAME, endpoint);
         request.setEntity(createEntity(putUserRequest, REQUEST_BODY_CONTENT_TYPE));

client/rest-high-level/src/main/java/org/elasticsearch/client/security/PutUserRequest.java

@@ -21,15 +21,14 @@ package org.elasticsearch.client.security;
 
 import org.elasticsearch.client.Validatable;
 import org.elasticsearch.client.ValidationException;
+import org.elasticsearch.client.security.user.User;
 import org.elasticsearch.common.CharArrays;
+import org.elasticsearch.common.Nullable;
 import org.elasticsearch.common.xcontent.ToXContentObject;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 
 import java.io.IOException;
 import java.util.Arrays;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
 
@@ -38,62 +37,33 @@ import java.util.Optional;
  */
 public final class PutUserRequest implements Validatable, ToXContentObject {
 
-    private final String username;
-    private final List<String> roles;
-    private final String fullName;
-    private final String email;
-    private final Map<String, Object> metadata;
-    private final char[] password;
+    private final User user;
+    private final @Nullable char[] password;
     private final boolean enabled;
     private final RefreshPolicy refreshPolicy;
 
     /**
      * Creates a new request that is used to create or update a user in the native realm.
      *
-     * @param username the username of the user to be created or updated
+     * @param user the user to be created or updated
      * @param password the password of the user. The password array is not modified by this class.
      *                 It is the responsibility of the caller to clear the password after receiving
      *                 a response.
-     * @param roles the roles that this user is assigned
-     * @param fullName the full name of the user that may be used for display purposes
-     * @param email the email address of the user
      * @param enabled true if the user is enabled and allowed to access elasticsearch
-     * @param metadata a map of additional user attributes that may be used in templating roles
      * @param refreshPolicy the refresh policy for the request.
      */
-    public PutUserRequest(String username, char[] password, List<String> roles, String fullName, String email, boolean enabled,
-                          Map<String, Object> metadata, RefreshPolicy refreshPolicy) {
-        this.username = Objects.requireNonNull(username, "username is required");
+    public PutUserRequest(User user, @Nullable char[] password, boolean enabled, @Nullable RefreshPolicy refreshPolicy) {
+        this.user = Objects.requireNonNull(user, "user is required, cannot be null");
         this.password = password;
-        this.roles = Collections.unmodifiableList(Objects.requireNonNull(roles, "roles must be specified"));
-        this.fullName = fullName;
-        this.email = email;
         this.enabled = enabled;
-        this.metadata = metadata == null ? Collections.emptyMap() : Collections.unmodifiableMap(metadata);
         this.refreshPolicy = refreshPolicy == null ? RefreshPolicy.getDefault() : refreshPolicy;
     }
 
-    public String getUsername() {
-        return username;
+    public User getUser() {
+        return user;
     }
 
-    public List<String> getRoles() {
-        return roles;
-    }
-
-    public String getFullName() {
-        return fullName;
-    }
-
-    public String getEmail() {
-        return email;
-    }
-
-    public Map<String, Object> getMetadata() {
-        return metadata;
-    }
-
-    public char[] getPassword() {
+    public @Nullable char[] getPassword() {
         return password;
     }
 
@@ -109,29 +79,25 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
     public boolean equals(Object o) {
         if (this == o) return true;
         if (o == null || getClass() != o.getClass()) return false;
-        PutUserRequest that = (PutUserRequest) o;
-        return enabled == that.enabled &&
-            Objects.equals(username, that.username) &&
-            Objects.equals(roles, that.roles) &&
-            Objects.equals(fullName, that.fullName) &&
-            Objects.equals(email, that.email) &&
-            Objects.equals(metadata, that.metadata) &&
-            Arrays.equals(password, that.password) &&
-            refreshPolicy == that.refreshPolicy;
+        final PutUserRequest that = (PutUserRequest) o;
+        return Objects.equals(user, that.user)
+                && Arrays.equals(password, that.password)
+                && enabled == that.enabled
+                && refreshPolicy == that.refreshPolicy;
     }
 
     @Override
     public int hashCode() {
-        int result = Objects.hash(username, roles, fullName, email, metadata, enabled, refreshPolicy);
+        int result = Objects.hash(user, enabled, refreshPolicy);
         result = 31 * result + Arrays.hashCode(password);
         return result;
     }
 
     @Override
     public Optional<ValidationException> validate() {
-        if (metadata != null && metadata.keySet().stream().anyMatch(s -> s.startsWith("_"))) {
+        if (user.getMetadata() != null && user.getMetadata().keySet().stream().anyMatch(s -> s.startsWith("_"))) {
             ValidationException validationException = new ValidationException();
-            validationException.addValidationError("metadata keys may not start with [_]");
+            validationException.addValidationError("user metadata keys may not start with [_]");
             return Optional.of(validationException);
         }
         return Optional.empty();
@@ -140,7 +106,7 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
     @Override
     public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
         builder.startObject();
-        builder.field("username", username);
+        builder.field("username", user.getUsername());
         if (password != null) {
             byte[] charBytes = CharArrays.toUtf8Bytes(password);
             try {
@@ -149,18 +115,15 @@ public final class PutUserRequest implements Validatable, ToXContentObject {
                 Arrays.fill(charBytes, (byte) 0);
             }
         }
-        if (roles != null) {
-            builder.field("roles", roles);
-        }
-        if (fullName != null) {
-            builder.field("full_name", fullName);
-        }
-        if (email != null) {
-            builder.field("email", email);
+        builder.field("roles", user.getRoles());
+        if (user.getFullName() != null) {
+            builder.field("full_name", user.getFullName());
         }
-        if (metadata != null) {
-            builder.field("metadata", metadata);
+        if (user.getEmail() != null) {
+            builder.field("email", user.getEmail());
         }
+        builder.field("metadata", user.getMetadata());
+        builder.field("enabled", enabled);
         return builder.endObject();
     }
 }

client/rest-high-level/src/main/java/org/elasticsearch/client/security/user/User.java

@@ -24,38 +24,59 @@ import org.elasticsearch.common.Strings;
 
 import java.util.Collection;
 import java.util.Collections;
+import java.util.HashSet;
 import java.util.Map;
 import java.util.Objects;
+import java.util.Set;
 
 
 /**
- * An authenticated user
+ * A user to be utilized with security APIs.
+ * Can be an existing authenticated user or it can be a new user to be enrolled to the native realm.
  */
 public final class User {
 
     private final String username;
-    private final Collection<String> roles;
+    private final Set<String> roles;
     private final Map<String, Object> metadata;
     @Nullable private final String fullName;
     @Nullable private final String email;
 
+    /**
+     * Builds the user to be utilized with security APIs.
+     *
+     * @param username the username, also known as the principal, unique for in the scope of a realm
+     * @param roles the roles that this user is assigned
+     * @param metadata a map of additional user attributes that may be used in templating roles
+     * @param fullName the full name of the user that may be used for display purposes
+     * @param email the email address of the user
+     */
     public User(String username, Collection<String> roles, Map<String, Object> metadata, @Nullable String fullName,
             @Nullable String email) {
-        Objects.requireNonNull(username, "`username` cannot be null");
-        Objects.requireNonNull(roles, "`roles` cannot be null. Pass an empty collection instead.");
-        Objects.requireNonNull(roles, "`metadata` cannot be null. Pass an empty map instead.");
-        this.username = username;
-        this.roles = roles;
-        this.metadata = Collections.unmodifiableMap(metadata);
+        this.username = username = Objects.requireNonNull(username, "`username` is required, cannot be null");
+        this.roles = Collections.unmodifiableSet(new HashSet<>(
+                Objects.requireNonNull(roles, "`roles` is required, cannot be null. Pass an empty Collection instead.")));
+        this.metadata = Collections
+                .unmodifiableMap(Objects.requireNonNull(metadata, "`metadata` is required, cannot be null. Pass an empty map instead."));
         this.fullName = fullName;
         this.email = email;
     }
 
+    /**
+     * Builds the user to be utilized with security APIs.
+     *
+     * @param username the username, also known as the principal, unique for in the scope of a realm
+     * @param roles the roles that this user is assigned
+     */
+    public User(String username, Collection<String> roles) {
+        this(username, roles, Collections.emptyMap(), null, null);
+    }
+
     /**
      * @return  The principal of this user - effectively serving as the
      *          unique identity of the user. Can never be {@code null}.
      */
-    public String username() {
+    public String getUsername() {
         return this.username;
     }
 
@@ -64,28 +85,28 @@ public final class User {
      *          identified by their unique names and each represents as
      *          set of permissions. Can never be {@code null}.
      */
-    public Collection<String> roles() {
+    public Set<String> getRoles() {
         return this.roles;
     }
 
     /**
      * @return  The metadata that is associated with this user. Can never be {@code null}.
      */
-    public Map<String, Object> metadata() {
+    public Map<String, Object> getMetadata() {
         return metadata;
     }
 
     /**
      * @return  The full name of this user. May be {@code null}.
      */
-    public @Nullable String fullName() {
+    public @Nullable String getFullName() {
         return fullName;
     }
 
     /**
      * @return  The email of this user. May be {@code null}.
      */
-    public @Nullable String email() {
+    public @Nullable String getEmail() {
         return email;
     }
 
@@ -103,28 +124,14 @@ public final class User {
 
     @Override
     public boolean equals(Object o) {
-        if (this == o) {
-            return true;
-        }
-        if (o instanceof User == false) {
-            return false;
-        }
-
-        final User user = (User) o;
-
-        if (!username.equals(user.username)) {
-            return false;
-        }
-        if (!roles.equals(user.roles)) {
-            return false;
-        }
-        if (!metadata.equals(user.metadata)) {
-            return false;
-        }
-        if (fullName != null ? !fullName.equals(user.fullName) : user.fullName != null) {
-            return false;
-        }
-        return !(email != null ? !email.equals(user.email) : user.email != null);
+        if (this == o) return true;
+        if (o == null || this.getClass() != o.getClass()) return false;
+        final User that = (User) o;
+        return Objects.equals(username, that.username)
+                && Objects.equals(roles, that.roles)
+                && Objects.equals(metadata, that.metadata)
+                && Objects.equals(fullName, that.fullName)
+                && Objects.equals(email, that.email);
     }
 
     @Override

client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityIT.java

@@ -25,6 +25,7 @@ import org.elasticsearch.client.security.AuthenticateResponse;
 import org.elasticsearch.client.security.PutUserRequest;
 import org.elasticsearch.client.security.PutUserResponse;
 import org.elasticsearch.client.security.RefreshPolicy;
+import org.elasticsearch.client.security.user.User;
 import org.elasticsearch.common.CharArrays;
 
 import java.util.Arrays;
@@ -34,12 +35,29 @@ import java.util.List;
 import java.util.Map;
 
 import static org.hamcrest.Matchers.is;
-import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.containsString;
-import static org.hamcrest.Matchers.empty;
 
 public class SecurityIT extends ESRestHighLevelClientTestCase {
 
+    public void testPutUser() throws Exception {
+        final SecurityClient securityClient = highLevelClient().security();
+        // create user
+        final PutUserRequest putUserRequest = randomPutUserRequest(randomBoolean());
+        final PutUserResponse putUserResponse = execute(putUserRequest, securityClient::putUser, securityClient::putUserAsync);
+        // assert user created
+        assertThat(putUserResponse.isCreated(), is(true));
+        // update user
+        final User updatedUser = randomUser(putUserRequest.getUser().getUsername());
+        final PutUserRequest updateUserRequest = randomPutUserRequest(updatedUser, randomBoolean());
+        final PutUserResponse updateUserResponse = execute(updateUserRequest, securityClient::putUser, securityClient::putUserAsync);
+        // assert user not created
+        assertThat(updateUserResponse.isCreated(), is(false));
+        // delete user
+        final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME,
+                "/_xpack/security/user/" + putUserRequest.getUser().getUsername());
+        highLevelClient().getLowLevelClient().performRequest(deleteUserRequest);
+    }
+
     public void testAuthenticate() throws Exception {
         final SecurityClient securityClient = highLevelClient().security();
         // test fixture: put enabled user
@@ -48,34 +66,30 @@ public class SecurityIT extends ESRestHighLevelClientTestCase {
         assertThat(putUserResponse.isCreated(), is(true));
 
         // authenticate correctly
-        final String basicAuthHeader = basicAuthHeader(putUserRequest.getUsername(), putUserRequest.getPassword());
+        final String basicAuthHeader = basicAuthHeader(putUserRequest.getUser().getUsername(), putUserRequest.getPassword());
         final AuthenticateResponse authenticateResponse = execute(securityClient::authenticate, securityClient::authenticateAsync,
                 authorizationRequestOptions(basicAuthHeader));
 
-        assertThat(authenticateResponse.getUser().username(), is(putUserRequest.getUsername()));
-        if (putUserRequest.getRoles().isEmpty()) {
-            assertThat(authenticateResponse.getUser().roles(), is(empty()));
-        } else {
-            assertThat(authenticateResponse.getUser().roles(), contains(putUserRequest.getRoles().toArray()));
-        }
-        assertThat(authenticateResponse.getUser().metadata(), is(putUserRequest.getMetadata()));
-        assertThat(authenticateResponse.getUser().fullName(), is(putUserRequest.getFullName()));
-        assertThat(authenticateResponse.getUser().email(), is(putUserRequest.getEmail()));
+        assertThat(authenticateResponse.getUser(), is(putUserRequest.getUser()));
         assertThat(authenticateResponse.enabled(), is(true));
 
         // delete user
-        final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME, "/_xpack/security/user/" + putUserRequest.getUsername());
+        final Request deleteUserRequest = new Request(HttpDelete.METHOD_NAME,
+                "/_xpack/security/user/" + putUserRequest.getUser().getUsername());
         highLevelClient().getLowLevelClient().performRequest(deleteUserRequest);
 
         // authentication no longer works
         ElasticsearchStatusException e = expectThrows(ElasticsearchStatusException.class, () -> execute(securityClient::authenticate,
                 securityClient::authenticateAsync, authorizationRequestOptions(basicAuthHeader)));
-        assertThat(e.getMessage(), containsString("unable to authenticate user [" + putUserRequest.getUsername() + "]"));
+        assertThat(e.getMessage(), containsString("unable to authenticate user [" + putUserRequest.getUser().getUsername() + "]"));
     }
 
-    private static PutUserRequest randomPutUserRequest(boolean enabled) {
+    private static User randomUser() {
         final String username = randomAlphaOfLengthBetween(1, 4);
-        final char[] password = randomAlphaOfLengthBetween(6, 10).toCharArray();
+        return randomUser(username);
+    }
+
+    private static User randomUser(String username) {
         final List<String> roles = Arrays.asList(generateRandomStringArray(3, 3, false, true));
         final String fullName = randomFrom(random(), null, randomAlphaOfLengthBetween(0, 3));
         final String email = randomFrom(random(), null, randomAlphaOfLengthBetween(0, 3));
@@ -91,15 +105,25 @@ public class SecurityIT extends ESRestHighLevelClientTestCase {
         } else {
             metadata.put("string_list", Arrays.asList(generateRandomStringArray(4, 4, false, true)));
         }
-        return new PutUserRequest(username, password, roles, fullName, email, enabled, metadata, RefreshPolicy.IMMEDIATE);
+        return new User(username, roles, metadata, fullName, email);
+    }
+
+    private static PutUserRequest randomPutUserRequest(boolean enabled) {
+        final User user = randomUser();
+        return randomPutUserRequest(user, enabled);
     }
-    
+
+    private static PutUserRequest randomPutUserRequest(User user, boolean enabled) {
+        final char[] password = randomAlphaOfLengthBetween(6, 10).toCharArray();
+        return new PutUserRequest(user, password, enabled, RefreshPolicy.IMMEDIATE);
+    }
+
     private static String basicAuthHeader(String username, char[] password) {
         final String concat = new StringBuilder().append(username).append(':').append(password).toString();
         final byte[] concatBytes = CharArrays.toUtf8Bytes(concat.toCharArray());
         return "Basic " + Base64.getEncoder().encodeToString(concatBytes);
     }
-    
+
     private static RequestOptions authorizationRequestOptions(String authorizationHeader) {
         final RequestOptions.Builder builder = RequestOptions.DEFAULT.toBuilder();
         builder.addHeader("Authorization", authorizationHeader);

client/rest-high-level/src/test/java/org/elasticsearch/client/SecurityRequestConvertersTests.java

@@ -36,6 +36,7 @@ import org.elasticsearch.client.security.RefreshPolicy;
 import org.elasticsearch.client.security.support.expressiondsl.RoleMapperExpression;
 import org.elasticsearch.client.security.support.expressiondsl.expressions.AnyRoleMapperExpression;
 import org.elasticsearch.client.security.support.expressiondsl.fields.FieldRoleMapperExpression;
+import org.elasticsearch.client.security.user.User;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.test.ESTestCase;
 
@@ -57,23 +58,21 @@ public class SecurityRequestConvertersTests extends ESTestCase {
         final String email = randomBoolean() ? null : randomAlphaOfLengthBetween(12, 24);
         final String fullName = randomBoolean() ? null : randomAlphaOfLengthBetween(7, 14);
         final boolean enabled = randomBoolean();
-        final Map<String, Object> metadata;
+        final Map<String, Object> metadata = new HashMap<>();
         if (randomBoolean()) {
-            metadata = new HashMap<>();
             for (int i = 0; i < randomIntBetween(0, 10); i++) {
                 metadata.put(String.valueOf(i), randomAlphaOfLengthBetween(1, 12));
             }
-        } else {
-            metadata = null;
         }
+        final User user = new User(username, roles, metadata, fullName, email);
 
         final RefreshPolicy refreshPolicy = randomFrom(RefreshPolicy.values());
         final Map<String, String> expectedParams = getExpectedParamsFromRefreshPolicy(refreshPolicy);
 
-        PutUserRequest putUserRequest = new PutUserRequest(username, password, roles, fullName, email, enabled, metadata, refreshPolicy);
+        PutUserRequest putUserRequest = new PutUserRequest(user, password, enabled, refreshPolicy);
         Request request = SecurityRequestConverters.putUser(putUserRequest);
         assertEquals(HttpPut.METHOD_NAME, request.getMethod());
-        assertEquals("/_xpack/security/user/" + putUserRequest.getUsername(), request.getEndpoint());
+        assertEquals("/_xpack/security/user/" + putUserRequest.getUser().getUsername(), request.getEndpoint());
         assertEquals(expectedParams, request.getParameters());
         assertToXContentBody(putUserRequest, request.getEntity());
     }

client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java

@@ -90,8 +90,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
         {
             //tag::put-user-execute
             char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
-            PutUserRequest request =
-                new PutUserRequest("example", password, Collections.singletonList("superuser"), null, null, true, null, RefreshPolicy.NONE);
+            User user = new User("example", Collections.singletonList("superuser"));
+            PutUserRequest request = new PutUserRequest(user, password, true, RefreshPolicy.NONE);
             PutUserResponse response = client.security().putUser(request, RequestOptions.DEFAULT);
             //end::put-user-execute
 
@@ -104,8 +104,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
 
         {
             char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
-            PutUserRequest request = new PutUserRequest("example2", password, Collections.singletonList("superuser"), null, null, true,
-                null, RefreshPolicy.NONE);
+            User user2 = new User("example2", Collections.singletonList("superuser"));
+            PutUserRequest request = new PutUserRequest(user2, password, true, RefreshPolicy.NONE);
             // tag::put-user-execute-listener
             ActionListener<PutUserResponse> listener = new ActionListener<PutUserResponse>() {
                 @Override
@@ -300,8 +300,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
     public void testEnableUser() throws Exception {
         RestHighLevelClient client = highLevelClient();
         char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
-        PutUserRequest putUserRequest = new PutUserRequest("enable_user", password, Collections.singletonList("superuser"), null,
-            null, true, null, RefreshPolicy.IMMEDIATE);
+        User enable_user = new User("enable_user", Collections.singletonList("superuser"));
+        PutUserRequest putUserRequest = new PutUserRequest(enable_user, password, true, RefreshPolicy.IMMEDIATE);
         PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
         assertTrue(putUserResponse.isCreated());
 
@@ -345,8 +345,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
     public void testDisableUser() throws Exception {
         RestHighLevelClient client = highLevelClient();
         char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
-        PutUserRequest putUserRequest = new PutUserRequest("disable_user", password, Collections.singletonList("superuser"), null,
-            null, true, null, RefreshPolicy.IMMEDIATE);
+        User disable_user = new User("disable_user", Collections.singletonList("superuser"));
+        PutUserRequest putUserRequest = new PutUserRequest(disable_user, password, true, RefreshPolicy.IMMEDIATE);
         PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
         assertTrue(putUserResponse.isCreated());
         {
@@ -398,11 +398,11 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
             boolean enabled = response.enabled(); // <2>
             //end::authenticate-response
 
-            assertThat(user.username(), is("test_user"));
-            assertThat(user.roles(), contains(new String[]{"superuser"}));
-            assertThat(user.fullName(), nullValue());
-            assertThat(user.email(), nullValue());
-            assertThat(user.metadata().isEmpty(), is(true));
+            assertThat(user.getUsername(), is("test_user"));
+            assertThat(user.getRoles(), contains(new String[] {"superuser"}));
+            assertThat(user.getFullName(), nullValue());
+            assertThat(user.getEmail(), nullValue());
+            assertThat(user.getMetadata().isEmpty(), is(true));
             assertThat(enabled, is(true));
         }
 
@@ -608,8 +608,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
         RestHighLevelClient client = highLevelClient();
         char[] password = new char[]{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
         char[] newPassword = new char[]{'n', 'e', 'w', 'p', 'a', 's', 's', 'w', 'o', 'r', 'd'};
-        PutUserRequest putUserRequest = new PutUserRequest("change_password_user", password, Collections.singletonList("superuser"),
-            null, null, true, null, RefreshPolicy.NONE);
+        User user = new User("change_password_user", Collections.singletonList("superuser"), Collections.emptyMap(), null, null);
+        PutUserRequest putUserRequest = new PutUserRequest(user, password, true, RefreshPolicy.NONE);
         PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
         assertTrue(putUserResponse.isCreated());
         {
@@ -774,8 +774,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
 
         {
             // Setup user
-            PutUserRequest putUserRequest = new PutUserRequest("token_user", "password".toCharArray(),
-                Collections.singletonList("kibana_user"), null, null, true, null, RefreshPolicy.IMMEDIATE);
+            User token_user = new User("token_user", Collections.singletonList("kibana_user"));
+            PutUserRequest putUserRequest = new PutUserRequest(token_user, "password".toCharArray(), true, RefreshPolicy.IMMEDIATE);
             PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
             assertTrue(putUserResponse.isCreated());
         }
@@ -852,8 +852,8 @@ public class SecurityDocumentationIT extends ESRestHighLevelClientTestCase {
         {
             // Setup user
             final char[] password = "password".toCharArray();
-            PutUserRequest putUserRequest = new PutUserRequest("invalidate_token", password,
-                Collections.singletonList("kibana_user"), null, null, true, null, RefreshPolicy.IMMEDIATE);
+            User invalidate_token_user = new User("invalidate_token", Collections.singletonList("kibana_user"));
+            PutUserRequest putUserRequest = new PutUserRequest(invalidate_token_user, password, true, RefreshPolicy.IMMEDIATE);
             PutUserResponse putUserResponse = client.security().putUser(putUserRequest, RequestOptions.DEFAULT);
             assertTrue(putUserResponse.isCreated());
 

client/rest-high-level/src/test/java/org/elasticsearch/client/security/AuthenticateResponseTests.java

@@ -77,14 +77,14 @@ public class AuthenticateResponseTests extends ESTestCase {
         final User user = response.getUser();
         final boolean enabled = response.enabled();
         builder.startObject();
-        builder.field(AuthenticateResponse.USERNAME.getPreferredName(), user.username());
-        builder.field(AuthenticateResponse.ROLES.getPreferredName(), user.roles());
-        builder.field(AuthenticateResponse.METADATA.getPreferredName(), user.metadata());
-        if (user.fullName() != null) {
-            builder.field(AuthenticateResponse.FULL_NAME.getPreferredName(), user.fullName());
+        builder.field(AuthenticateResponse.USERNAME.getPreferredName(), user.getUsername());
+        builder.field(AuthenticateResponse.ROLES.getPreferredName(), user.getRoles());
+        builder.field(AuthenticateResponse.METADATA.getPreferredName(), user.getMetadata());
+        if (user.getFullName() != null) {
+            builder.field(AuthenticateResponse.FULL_NAME.getPreferredName(), user.getFullName());
         }
-        if (user.email() != null) {
-            builder.field(AuthenticateResponse.EMAIL.getPreferredName(), user.email());
+        if (user.getEmail() != null) {
+            builder.field(AuthenticateResponse.EMAIL.getPreferredName(), user.getEmail());
         }
         builder.field(AuthenticateResponse.ENABLED.getPreferredName(), enabled);
         builder.endObject();
@@ -92,8 +92,8 @@ public class AuthenticateResponseTests extends ESTestCase {
 
     private AuthenticateResponse copy(AuthenticateResponse response) {
         final User originalUser = response.getUser();
-        final User copyUser = new User(originalUser.username(), originalUser.roles(), originalUser.metadata(), originalUser.fullName(),
-                originalUser.email());
+        final User copyUser = new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
+                originalUser.getFullName(), originalUser.getEmail());
         return new AuthenticateResponse(copyUser, response.enabled());
     }
 
@@ -101,27 +101,27 @@ public class AuthenticateResponseTests extends ESTestCase {
         final User originalUser = response.getUser();
         switch (randomIntBetween(1, 6)) {
             case 1:
-            return new AuthenticateResponse(new User(originalUser.username() + "wrong", originalUser.roles(), originalUser.metadata(),
-                    originalUser.fullName(), originalUser.email()), response.enabled());
+            return new AuthenticateResponse(new User(originalUser.getUsername() + "wrong", originalUser.getRoles(),
+                    originalUser.getMetadata(), originalUser.getFullName(), originalUser.getEmail()), response.enabled());
             case 2:
-                final Collection<String> wrongRoles = new ArrayList<>(originalUser.roles());
+                final Collection<String> wrongRoles = new ArrayList<>(originalUser.getRoles());
                 wrongRoles.add(randomAlphaOfLengthBetween(1, 4));
-                return new AuthenticateResponse(new User(originalUser.username(), wrongRoles, originalUser.metadata(),
-                        originalUser.fullName(), originalUser.email()), response.enabled());
+                return new AuthenticateResponse(new User(originalUser.getUsername(), wrongRoles, originalUser.getMetadata(),
+                        originalUser.getFullName(), originalUser.getEmail()), response.enabled());
             case 3:
-                final Map<String, Object> wrongMetadata = new HashMap<>(originalUser.metadata());
+                final Map<String, Object> wrongMetadata = new HashMap<>(originalUser.getMetadata());
                 wrongMetadata.put("wrong_string", randomAlphaOfLengthBetween(0, 4));
-                return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), wrongMetadata,
-                        originalUser.fullName(), originalUser.email()), response.enabled());
+                return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), wrongMetadata,
+                        originalUser.getFullName(), originalUser.getEmail()), response.enabled());
             case 4:
-                return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
-                        originalUser.fullName() + "wrong", originalUser.email()), response.enabled());
+                return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
+                        originalUser.getFullName() + "wrong", originalUser.getEmail()), response.enabled());
             case 5:
-                return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
-                        originalUser.fullName(), originalUser.email() + "wrong"), response.enabled());
+                return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
+                        originalUser.getFullName(), originalUser.getEmail() + "wrong"), response.enabled());
             case 6:
-                return new AuthenticateResponse(new User(originalUser.username(), originalUser.roles(), originalUser.metadata(),
-                        originalUser.fullName(), originalUser.email()), !response.enabled());
+                return new AuthenticateResponse(new User(originalUser.getUsername(), originalUser.getRoles(), originalUser.getMetadata(),
+                        originalUser.getFullName(), originalUser.getEmail()), !response.enabled());
         }
         throw new IllegalStateException("Bad random number");
     }