From c7ad6b98720f81397c392d40a8ba05906bd9b42b Mon Sep 17 00:00:00 2001
From: jaymode <jay.modi@elasticsearch.com>
Date: Mon, 25 Apr 2016 07:34:14 -0400
Subject: [PATCH 1/2] test: add a simple test for reserved realm authentication

See elastic/elasticsearch#2089

Original commit: elastic/x-pack-elasticsearch@1bede0a20626e1ac86cd5b56363b6b9b0fb67a17
---
 .../authc/esnative/ReservedRealmTests.java       | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
index 9baf301bba2..7a7f5500731 100644
--- a/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
+++ b/elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authc/esnative/ReservedRealmTests.java
@@ -131,4 +131,20 @@ public class ReservedRealmTests extends ESTestCase {
 
         assertThat(ReservedRealm.users(), containsInAnyOrder((User) XPackUser.INSTANCE, KibanaUser.INSTANCE));
     }
+
+    public void testFailedAuthentication() {
+        final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore);
+        // maybe cache a successful auth
+        if (randomBoolean()) {
+            User user = reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("changeme".toCharArray())));
+            assertThat(user, sameInstance(XPackUser.INSTANCE));
+        }
+
+        try {
+            reservedRealm.authenticate(new UsernamePasswordToken(XPackUser.NAME, new SecuredString("foobar".toCharArray())));
+            fail("authentication should throw an exception otherwise we may allow others to impersonate reserved users...");
+        } catch (ElasticsearchSecurityException e) {
+            assertThat(e.getMessage(), containsString("failed to authenticate"));
+        }
+    }
 }

From 91242f3a983b0224f478c4846e90ee4b8d01190c Mon Sep 17 00:00:00 2001
From: Alexander Reelsen <alexander@reelsen.net>
Date: Mon, 25 Apr 2016 17:45:22 +0200
Subject: [PATCH 2/2] Tests: Increase logging for tests for randomly failing
 tests

Relates elastic/elasticsearch#2090

Original commit: elastic/x-pack-elasticsearch@4051354f45e7bd247a79620393f4440072db0465
---
 elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle | 1 +
 1 file changed, 1 insertion(+)

diff --git a/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle b/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
index 1eb840cb977..85715ca77ce 100644
--- a/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
+++ b/elasticsearch/qa/smoke-test-monitoring-with-shield/build.gradle
@@ -15,6 +15,7 @@ integTest {
   dependsOn copyMonitoringRestTests
 
   cluster {
+    systemProperty 'es.logger.level', 'TRACE'
     plugin 'x-pack', project(':x-plugins:elasticsearch:x-pack')
     setting 'xpack.monitoring.agent.interval', '3s'
     extraConfigFile 'x-pack/roles.yml', 'roles.yml'