From 0215356f12c2d906b586bd22a9193d42022ef4ee Mon Sep 17 00:00:00 2001
From: Simon Willnauer <simonw@apache.org>
Date: Fri, 12 May 2017 10:19:21 +0200
Subject: [PATCH] Remove XPackDeleteByQueryAction BWC
 (elastic/x-pack-elasticsearch#1400)

5.5 will use delete by query from the module directly and has the
BWC layer in-place. This change therefore removes the BWC layer from 6.0

Relates to elastic/x-pack-elasticsearch#1378

Original commit: elastic/x-pack-elasticsearch@d4d4d6bc61832d17f313807005bdb5ba3d9f1d29
---
 .../org/elasticsearch/xpack/XPackPlugin.java  |  2 -
 .../action/XPackDeleteByQueryAction.java      | 76 -------------------
 .../security/authz/AuthorizationService.java  |  7 --
 .../authz/AuthorizationServiceTests.java      | 25 ------
 .../org/elasticsearch/transport/actions       |  1 -
 5 files changed, 111 deletions(-)
 delete mode 100644 plugin/src/main/java/org/elasticsearch/xpack/common/action/XPackDeleteByQueryAction.java

diff --git a/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java b/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
index 6664fcbfa87..4d92f7a52ed 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/XPackPlugin.java
@@ -56,7 +56,6 @@ import org.elasticsearch.xpack.action.TransportXPackInfoAction;
 import org.elasticsearch.xpack.action.TransportXPackUsageAction;
 import org.elasticsearch.xpack.action.XPackInfoAction;
 import org.elasticsearch.xpack.action.XPackUsageAction;
-import org.elasticsearch.xpack.common.action.XPackDeleteByQueryAction;
 import org.elasticsearch.xpack.common.http.HttpClient;
 import org.elasticsearch.xpack.common.http.HttpRequestTemplate;
 import org.elasticsearch.xpack.common.http.HttpSettings;
@@ -399,7 +398,6 @@ public class XPackPlugin extends Plugin implements ScriptPlugin, ActionPlugin, I
         List<ActionHandler<? extends ActionRequest, ? extends ActionResponse>> actions = new ArrayList<>();
         actions.add(new ActionHandler<>(XPackInfoAction.INSTANCE, TransportXPackInfoAction.class));
         actions.add(new ActionHandler<>(XPackUsageAction.INSTANCE, TransportXPackUsageAction.class));
-        actions.add(new ActionHandler<>(XPackDeleteByQueryAction.INSTANCE, XPackDeleteByQueryAction.TransportAction.class));
         actions.addAll(licensing.getActions());
         actions.addAll(monitoring.getActions());
         actions.addAll(security.getActions());
diff --git a/plugin/src/main/java/org/elasticsearch/xpack/common/action/XPackDeleteByQueryAction.java b/plugin/src/main/java/org/elasticsearch/xpack/common/action/XPackDeleteByQueryAction.java
deleted file mode 100644
index 6d43d35dfe3..00000000000
--- a/plugin/src/main/java/org/elasticsearch/xpack/common/action/XPackDeleteByQueryAction.java
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License;
- * you may not use this file except in compliance with the Elastic License.
- */
-package org.elasticsearch.xpack.common.action;
-
-import org.elasticsearch.action.Action;
-import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.index.reindex.BulkByScrollResponse;
-import org.elasticsearch.index.reindex.DeleteByQueryAction;
-import org.elasticsearch.index.reindex.DeleteByQueryRequest;
-import org.elasticsearch.index.reindex.DeleteByQueryRequestBuilder;
-import org.elasticsearch.action.support.ActionFilters;
-import org.elasticsearch.action.support.HandledTransportAction;
-import org.elasticsearch.action.support.IndicesOptions;
-import org.elasticsearch.client.Client;
-import org.elasticsearch.client.ElasticsearchClient;
-import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver;
-import org.elasticsearch.common.inject.Inject;
-import org.elasticsearch.common.settings.Settings;
-import org.elasticsearch.tasks.Task;
-import org.elasticsearch.threadpool.ThreadPool;
-import org.elasticsearch.transport.TransportService;
-
-public class XPackDeleteByQueryAction extends Action<DeleteByQueryRequest, BulkByScrollResponse,
-        DeleteByQueryRequestBuilder> {
-
-    public static final XPackDeleteByQueryAction INSTANCE = new XPackDeleteByQueryAction();
-    // Ideally we'd use an "internal" action here as we don't want transport client users running it
-    // but unfortunately the _xpack user is forbidden to run "internal" actions as these are really
-    // intended to be run as the system user
-    public static final String NAME = "indices:internal/data/write/xpackdeletebyquery";
-
-    private XPackDeleteByQueryAction() {
-        super(NAME);
-    }
-
-    @Override
-    public DeleteByQueryRequestBuilder newRequestBuilder(ElasticsearchClient client) {
-        return DeleteByQueryAction.INSTANCE.newRequestBuilder(client);
-    }
-
-    @Override
-    public BulkByScrollResponse newResponse() {
-        return DeleteByQueryAction.INSTANCE.newResponse();
-    }
-
-    public static class TransportAction extends HandledTransportAction<DeleteByQueryRequest, BulkByScrollResponse> {
-        private final Client client;
-
-        @Inject
-        public TransportAction(Settings settings, ThreadPool threadPool, ActionFilters actionFilters,
-                                            IndexNameExpressionResolver resolver, TransportService transportService, Client client) {
-            super(settings, XPackDeleteByQueryAction.NAME, threadPool, transportService, actionFilters, resolver, DeleteByQueryRequest::new);
-            this.client = client;
-        }
-
-        @Override
-        public void doExecute(Task task, DeleteByQueryRequest request, ActionListener<BulkByScrollResponse> listener) {
-            this.client.execute(DeleteByQueryAction.INSTANCE, request, listener);
-        }
-
-        @Override
-        protected void doExecute(DeleteByQueryRequest request, ActionListener<BulkByScrollResponse> listener) {
-            throw new UnsupportedOperationException("task required");
-        }
-    }
-
-    private static IndicesOptions addIgnoreUnavailable(IndicesOptions indicesOptions) {
-        return IndicesOptions.fromOptions(true, indicesOptions.allowNoIndices(),
-                indicesOptions.expandWildcardsOpen(), indicesOptions.expandWildcardsClosed(),
-                indicesOptions);
-    }
-
-}
diff --git a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
index 6afe343528d..44ee1c0d953 100644
--- a/plugin/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
+++ b/plugin/src/main/java/org/elasticsearch/xpack/security/authz/AuthorizationService.java
@@ -34,7 +34,6 @@ import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportActionProxy;
 import org.elasticsearch.transport.TransportRequest;
-import org.elasticsearch.xpack.common.action.XPackDeleteByQueryAction;
 import org.elasticsearch.xpack.security.SecurityLifecycleService;
 import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
 import org.elasticsearch.xpack.security.action.user.ChangePasswordAction;
@@ -201,12 +200,6 @@ public class AuthorizationService extends AbstractComponent {
             throw denial(authentication, action, request);
         }
 
-        // we only want the xpack user to use the xpack delete by query action
-        if (XPackDeleteByQueryAction.NAME.equals(action)
-                && XPackUser.is(authentication.getUser()) == false) {
-            throw denial(authentication, action, request);
-        }
-
         // some APIs are indices requests that are not actually associated with indices. For example,
         // search scroll request, is categorized under the indices context, but doesn't hold indices names
         // (in this case, the security check on the indices was done on the search request that initialized
diff --git a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java
index f7cf3d6ee71..fc8d8e90559 100644
--- a/plugin/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java
+++ b/plugin/src/test/java/org/elasticsearch/xpack/security/authz/AuthorizationServiceTests.java
@@ -81,7 +81,6 @@ import org.elasticsearch.license.GetLicenseAction;
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.threadpool.ThreadPool;
 import org.elasticsearch.transport.TransportRequest;
-import org.elasticsearch.xpack.common.action.XPackDeleteByQueryAction;
 import org.elasticsearch.xpack.security.SecurityLifecycleService;
 import org.elasticsearch.xpack.security.action.user.AuthenticateAction;
 import org.elasticsearch.xpack.security.action.user.AuthenticateRequest;
@@ -695,30 +694,6 @@ public class AuthorizationServiceTests extends ESTestCase {
         assertThat(request.indices(), arrayContaining(".security"));
     }
 
-    public void testOnlyXPackUserCanExecuteXPackDBQAction() {
-        final User superuser = new User("custom_admin", ReservedRolesStore.SUPERUSER_ROLE_DESCRIPTOR.getName());
-        roleMap.put(ReservedRolesStore.SUPERUSER_ROLE_DESCRIPTOR.getName(), ReservedRolesStore.SUPERUSER_ROLE_DESCRIPTOR);
-        ClusterState state = mock(ClusterState.class);
-        when(clusterService.state()).thenReturn(state);
-        when(state.metaData()).thenReturn(MetaData.builder()
-                .put(new IndexMetaData.Builder(SecurityLifecycleService.SECURITY_INDEX_NAME)
-                        .settings(Settings.builder().put("index.version.created", Version.CURRENT).build())
-                        .numberOfShards(1).numberOfReplicas(0).build(), true)
-                .build());
-
-        String action = XPackDeleteByQueryAction.NAME;
-        DeleteByQueryRequest request = new DeleteByQueryRequest(new SearchRequest("_all"));
-        authorize(createAuthentication(XPackUser.INSTANCE), action, request);
-        verify(auditTrail).accessGranted(XPackUser.INSTANCE, action, request);
-        assertThat(request.indices(), arrayContaining(".security"));
-
-        DeleteByQueryRequest request1 = new DeleteByQueryRequest(new SearchRequest("_all"));
-        assertThrowsAuthorizationException(
-                () -> authorize(createAuthentication(superuser), action, request1),
-                action, superuser.principal());
-        verify(auditTrail).accessDenied(superuser, action, request1);
-    }
-
     public void testAnonymousRolesAreAppliedToOtherUsers() {
         TransportRequest request = new ClusterHealthRequest();
         Settings settings = Settings.builder().put(AnonymousUser.ROLES_SETTING.getKey(), "anonymous_user_role").build();
diff --git a/plugin/src/test/resources/org/elasticsearch/transport/actions b/plugin/src/test/resources/org/elasticsearch/transport/actions
index 32073a986c5..5ecbb48ae2a 100644
--- a/plugin/src/test/resources/org/elasticsearch/transport/actions
+++ b/plugin/src/test/resources/org/elasticsearch/transport/actions
@@ -141,7 +141,6 @@ cluster:admin/xpack/ml/datafeed/stop
 cluster:admin/xpack/ml/datafeed/start
 cluster:admin/xpack/ml/job/open
 cluster:admin/xpack/ml/job/update
-indices:internal/data/write/xpackdeletebyquery
 cluster:internal/xpack/ml/job/update/process
 cluster:admin/xpack/ml/delete_expired_data
 cluster:admin/persistent/start