From 45a55d16cf97160ae17e7b83a2f6deeda3975ec4 Mon Sep 17 00:00:00 2001
From: Ryan Ernst <ryan@iernst.net>
Date: Tue, 1 Aug 2017 15:48:04 -0400
Subject: [PATCH] Bump master version to 7.0.0-alpha1
 (elastic/x-pack-elasticsearch#2135)

This is the xpack side of
https://github.com/elastic/elasticsearch/pull/25876

Original commit: elastic/x-pack-elasticsearch@c86ea250093cf0204b514dc7872c15f39aa288b6
---
 .../plugin-metadata/plugin-security.policy    |  2 +-
 qa/rolling-upgrade/build.gradle               | 11 +++++--
 .../test/old_cluster/20_security.yml          |  8 -----
 .../test/upgraded_cluster/20_security.yml     | 30 -------------------
 .../SmokeTestMonitoringWithSecurityIT.java    |  1 +
 5 files changed, 10 insertions(+), 42 deletions(-)

diff --git a/plugin/src/main/plugin-metadata/plugin-security.policy b/plugin/src/main/plugin-metadata/plugin-security.policy
index 15a7f44f039..ba71c54ba92 100644
--- a/plugin/src/main/plugin-metadata/plugin-security.policy
+++ b/plugin/src/main/plugin-metadata/plugin-security.policy
@@ -32,7 +32,7 @@ grant {
   permission java.io.FilePermission "\\\\.\\pipe\\*", "read,write";
 };
 
-grant codeBase "${codebase.elasticsearch-rest-client-6.0.0-beta1-SNAPSHOT.jar}" {
+grant codeBase "${codebase.elasticsearch-rest-client-7.0.0-alpha1-SNAPSHOT.jar}" {
   // rest client uses system properties which gets the default proxy
   permission java.net.NetPermission "getProxySelector";
 };
diff --git a/qa/rolling-upgrade/build.gradle b/qa/rolling-upgrade/build.gradle
index 2364d704e76..6c6da27e0e3 100644
--- a/qa/rolling-upgrade/build.gradle
+++ b/qa/rolling-upgrade/build.gradle
@@ -127,12 +127,17 @@ subprojects {
       dependsOn copyTestNodeKeystore
       extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks')
       if (withSystemKey) {
-        if (version.onOrAfter('5.1.0')) {
+        if (version.onOrAfter('5.1.0') && version.before('6.0.0')) {
           // The setting didn't exist until 5.1.0
           setting 'xpack.security.system_key.required', 'true'
         }
-        extraConfigFile 'x-pack/system_key',
-            "${mainProject.projectDir}/src/test/resources/system_key"
+        if (version.onOrAfter('6.0.0')) {
+            setupCommand 'create-elasticsearch-keystore', 'bin/elasticsearch-keystore', 'create'
+            setupCommand 'add-key-elasticsearch-keystore', 'bin/elasticsearch-keystore', 'add-file', 'xpack.watcher.encryption_key',
+                    "${mainProject.projectDir}/src/test/resources/system_key"
+        } else {
+            extraConfigFile 'x-pack/system_key', "${mainProject.projectDir}/src/test/resources/system_key"
+        }
         setting 'xpack.watcher.encrypt_sensitive_data', 'true'
       }
     }
diff --git a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml
index 417332e7bcb..119f6f48749 100644
--- a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml
+++ b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml
@@ -73,11 +73,3 @@
       xpack.security.get_user:
         username: "logstash_system"
   - match: { logstash_system.enabled: true }
-
-  # run the upgrade API once all the old cluster actions are done,
-  # prior to moving to the mixed cluster
-  - do:
-      headers:
-        Authorization: "Basic ZWxhc3RpYzpjaGFuZ2VtZQ=="   # corresponds to elastic:changeme
-      xpack.migration.upgrade:
-        index: ".security"
diff --git a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml
index 4f17f7ba6df..9c709748391 100644
--- a/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml
+++ b/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/upgraded_cluster/20_security.yml
@@ -23,33 +23,3 @@
   - match: { native_role.indices.0.names.0: "test_index" }
   - match: { native_role.indices.0.privileges.0:  "all" }
 
----
-"Verify default password migration results in upgraded cluster":
-  - skip:
-      version: " - 5.1.1"
-      reason: "the rest enabled action used by the old cluster test trips an assertion. see https://github.com/elastic/x-pack/pull/4443"
-  - do:
-      headers:
-        Authorization: "Basic bmF0aXZlX3VzZXI6eC1wYWNrLXRlc3QtcGFzc3dvcmQ="
-      cluster.health:
-        wait_for_status: green
-        wait_for_nodes: 2
-        # wait for long enough that we give delayed unassigned shards to stop being delayed
-        timeout: 70s
-  - match: { timed_out: false }
-
-  - do:
-      get:
-        index: ".security"
-        type: "reserved-user"
-        id: "kibana"
-  - match: { _source.password: "" }
-  - match: { _source.enabled: false }
-
-  - do:
-      get:
-        index: ".security"
-        type: "reserved-user"
-        id: "logstash_system"
-  - match: { _source.password: "/^\\$2a\\$10\\$[a-zA-Z0-9/.]{53}$/" }
-  - match: { _source.enabled: true }
diff --git a/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java b/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
index ff509706717..6aebe61762b 100644
--- a/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
+++ b/qa/smoke-test-plugins-ssl/src/test/java/org/elasticsearch/smoketest/SmokeTestMonitoringWithSecurityIT.java
@@ -71,6 +71,7 @@ public class SmokeTestMonitoringWithSecurityIT extends ESIntegTestCase {
         assertAcked(client().admin().cluster().prepareUpdateSettings().setTransientSettings(exporterSettings));
     }
 
+    @AwaitsFix(bugUrl = "https://github.com/elastic/x-pack-elasticsearch/issues/2077")
     public void testHTTPExporterWithSSL() throws Exception {
         // Checks that the monitoring index templates have been installed
         assertBusy(() -> {