Merge pull request elastic/elasticsearch#2660 from jaymode/rest_test_teardown

test: move teardown logic into the rest tests

Original commit: elastic/x-pack-elasticsearch@81a273a4c7

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/authenticate/10_basic.yaml

@@ -1,3 +1,4 @@
+---
 setup:
   - skip:
       features: headers
@@ -16,6 +17,13 @@ setup:
             "full_name" : "Authenticate User"
           }
 
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "authenticate_user"
+        ignore: 404
+
 ---
 "Test authenticate api":
 

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/change_password/10_basic.yaml

@@ -1,12 +1,10 @@
 ---
-"Test changing users password":
+setup:
   - skip:
       features: headers
-
   - do:
       cluster.health:
         wait_for_status: yellow
-
   - do:
       xpack.security.put_user:
         username: "joe"
@@ -15,9 +13,46 @@
             "password": "s3krit",
             "roles" : [ "superuser" ]
           }
-  - match: { user: { created: true } }
+  - do:
+      xpack.security.put_role:
+        name: "user"
+        body:  >
+          {
+            "cluster": ["monitor"],
+            "indices": [
+              {
+                "names": "*",
+                "privileges": ["all"]
+              }
+            ]
+          }
+  - do:
+      xpack.security.put_user:
+        username: "unprivileged_user"
+        body:  >
+          {
+            "password": "s3krit",
+            "roles" : [ "user" ]
+          }
 
-# test that the role actually works
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+  - do:
+      xpack.security.delete_role:
+        name: "user"
+        ignore: 404
+  - do:
+      xpack.security.delete_user:
+        username: "unprivileged_user"
+        ignore: 404
+
+---
+"Test changing users password":
+# validate that the user actually works
   - do:
       headers:
         Authorization: "Basic am9lOnMza3JpdA=="
@@ -49,49 +84,17 @@
 
 ---
 "Test user changing their own password":
-  - skip:
-      features: headers
-
-  - do:
-      cluster.health:
-        wait_for_status: yellow
-
-  - do:
-      xpack.security.put_role:
-        name: "user"
-        body:  >
-            {
-              "cluster": ["monitor"],
-              "indices": [
-                {
-                  "names": "*",
-                  "privileges": ["all"]
-                }
-              ]
-            }
-  - match: { role: { created: true } }
-
-  - do:
-      xpack.security.put_user:
-        username: "joe"
-        body:  >
-            {
-              "password": "s3krit",
-              "roles" : [ "user" ]
-            }
-  - match: { user: { created: true } }
-
 # test that the role actually works
   - do:
       headers:
-        Authorization: "Basic am9lOnMza3JpdA=="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
       cluster.health: {}
   - match: { timed_out: false }
 
-# change password as the current user. the power_user role only grants the ability to change their own password
+# change password as the current user. the user role only grants the ability to change their own password
   - do:
       headers:
-        Authorization: "Basic am9lOnMza3JpdA=="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
       xpack.security.change_password:
         body:  >
             {
@@ -102,61 +105,29 @@
   - do:
       catch: request
       headers:
-        Authorization: "Basic am9lOnMza3JpdA=="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
       cluster.health: {}
 
 # login with new credentials
   - do:
       headers:
-        Authorization: "Basic am9lOnMza3JpdDI="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0Mg=="
       cluster.health: {}
   - match: { timed_out: false }
 
 ---
 "Test unauthorized user changing anothers password":
-  - skip:
-      features: headers
-
-  - do:
-      cluster.health:
-        wait_for_status: yellow
-
-  - do:
-      xpack.security.put_role:
-        name: "user"
-        body:  >
-            {
-              "cluster": ["monitor"],
-              "indices": [
-                {
-                  "names": "*",
-                  "privileges": ["all"]
-                }
-              ]
-            }
-  - match: { role: { created: true } }
-
-  - do:
-      xpack.security.put_user:
-        username: "joe"
-        body:  >
-            {
-              "password": "s3krit",
-              "roles" : [ "user" ]
-            }
-  - match: { user: { created: true } }
-
 # test that the role actually works
   - do:
       headers:
-        Authorization: "Basic am9lOnMza3JpdA=="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
       cluster.health: {}
   - match: { timed_out: false }
 
 # attempt to change another users password
   - do:
       headers:
-        Authorization: "Basic am9lOnMza3JpdA=="
+        Authorization: "Basic dW5wcml2aWxlZ2VkX3VzZXI6czNrcml0"
       catch: forbidden
       xpack.security.change_password:
         username: "anotheruser"

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/10_basic.yaml

@@ -1,12 +1,37 @@
 ---
-"Test put role api":
+setup:
   - skip:
       features: headers
 
   - do:
       cluster.health:
         wait_for_status: yellow
+  - do:
+      xpack.security.put_user:
+        username: "joe"
+        body:  >
+            {
+              "password": "s3krit",
+              "roles" : [ "admin_role" ]
+            }
 
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+  - do:
+      xpack.security.delete_role:
+        name: "admin_role"
+        ignore: 404
+  - do:
+      xpack.security.delete_role:
+        name: "backwards_role"
+        ignore: 404
+
+---
+"Test put role api":
   - do:
       xpack.security.put_role:
         name: "admin_role"
@@ -37,16 +62,6 @@
             }
   - match: { role: { created: true } }
 
-  - do:
-      xpack.security.put_user:
-        username: "joe"
-        body:  >
-            {
-              "password": "s3krit",
-              "roles" : [ "admin_role" ]
-            }
-  - match: { user: { created: true } }
-
 # test that the role actually works
   - do:
       headers:

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yaml

@@ -1,12 +1,33 @@
 ---
-"Test put role api using as array of index names":
+setup:
   - skip:
       features: headers
-
   - do:
       cluster.health:
         wait_for_status: yellow
 
+---
+teardown:
+  - do:
+      xpack.security.delete_role:
+        name: "admin_role2"
+        ignore: 404
+
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+
+  - do:
+      delete:
+        index: foo
+        type: doc
+        id: 1
+        ignore: 404
+
+---
+"Test put role api using as array of index names":
+
   - do:
       xpack.security.put_role:
         name: "admin_role2"
@@ -50,7 +71,6 @@
   - match: { _index: foo }
   - match: { _type: doc }
   - match: { _id: "1"}
-  - match: { _version: 1}
   - match: { _source: { foo: bar }}
 
 # test that the role works on the cluster level

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/10_basic.yaml

@@ -1,5 +1,5 @@
 ---
-"Test put user api":
+setup:
   - skip:
       features: headers
 
@@ -7,6 +7,15 @@
       cluster.health:
         wait_for_status: yellow
 
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+
+---
+"Test put user api":
   - do:
       xpack.security.put_user:
         username: "joe"

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yaml

@@ -1,5 +1,5 @@
 ---
-"Test overwriting a user":
+setup:
   - skip:
       features: headers
 
@@ -15,8 +15,16 @@
             "password": "s3krit",
             "roles" : [ "superuser" ]
           }
-  - match: { user: { created: true } }
 
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+
+---
+"Test overwriting a user":
   - do:
       xpack.security.get_user:
         username: "joe"

elasticsearch/x-pack/security/src/test/resources/rest-api-spec/test/users/16_update_user.yaml

@@ -1,24 +1,5 @@
 ---
-"Test creating a user without password":
+setup:
-  - do:
-      cluster.health:
-          wait_for_status: yellow
-
-  - do:
-      catch: request
-      xpack.security.put_user:
-        username: "joe"
-        body:  >
-            {
-              "roles" : [ "superuser" ]
-            }
-  - match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
-
----
-"Test create user and update without and with password":
-  - skip:
-      features: headers
-
   - do:
       cluster.health:
         wait_for_status: yellow
@@ -31,7 +12,30 @@
               "password": "s3krit",
               "roles" : [ "superuser" ]
             }
-  - match: { user: { created: true } }
+
+---
+teardown:
+  - do:
+      xpack.security.delete_user:
+        username: "joe"
+        ignore: 404
+
+---
+"Test creating a user without password":
+  - do:
+      catch: request
+      xpack.security.put_user:
+        username: "no_password_user"
+        body:  >
+            {
+              "roles" : [ "superuser" ]
+            }
+  - match: { error.root_cause.0.reason: 'Validation Failed: 1: password must be specified unless you are updating an existing user;' }
+
+---
+"Test create user and update without and with password":
+  - skip:
+      features: headers
 
 # test that the role actually works
   - do:

elasticsearch/x-pack/src/test/java/org/elasticsearch/xpack/test/rest/XPackRestTestCase.java

@@ -63,29 +63,6 @@ public abstract class XPackRestTestCase extends ESRestTestCase {
         }
     }
 
-    @After
-    public void clearUsersAndRoles() throws Exception {
-        // we cannot delete the .security index from a rest test since we aren't the internal user, lets wipe the data
-        // TODO remove this once the built-in SUPERUSER role is added that can delete the index and we use the built in admin user here
-        RestTestResponse response = getAdminExecutionContext().callApi("xpack.security.get_user", emptyMap(), emptyList(), emptyMap());
-        @SuppressWarnings("unchecked")
-        Map<String, Object> users = (Map<String, Object>) response.getBody();
-        for (String user: users.keySet()) {
-            if (ReservedRealm.isReserved(user) == false) {
-                getAdminExecutionContext().callApi("xpack.security.delete_user", singletonMap("username", user), emptyList(), emptyMap());
-            }
-        }
-
-        response = getAdminExecutionContext().callApi("xpack.security.get_role", emptyMap(), emptyList(), emptyMap());
-        @SuppressWarnings("unchecked")
-        Map<String, Object> roles = (Map<String, Object>) response.getBody();
-        for (String role: roles.keySet()) {
-            if (ReservedRolesStore.isReserved(role) == false) {
-                getAdminExecutionContext().callApi("xpack.security.delete_role", singletonMap("name", role), emptyList(), emptyMap());
-            }
-        }
-    }
-
     @Override
     protected Settings restClientSettings() {
         return Settings.builder()