From bd522191b22177cf16a8e610248f917077f971b9 Mon Sep 17 00:00:00 2001
From: Jay Modi <jaymode@users.noreply.github.com>
Date: Mon, 7 Nov 2016 07:21:41 -0500
Subject: [PATCH] test: use toJSON inside a role

This commit adds a test that uses toJSON templating inside of a role with
an array defined in the user's metadata.

Originates from user discussion at:
https://discuss.elastic.co/t/x-pack-security-role-definition-query-template-with-terms/62790

Original commit: elastic/x-pack-elasticsearch@196f7f597c8a86f9764b115dcf9ffd8c5e525669
---
 .../10_templated_role_query.yaml              | 50 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 1 deletion(-)

diff --git a/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml b/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml
index a1e016aca5c..9d81d7381bb 100644
--- a/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml
+++ b/qa/smoke-test-security-with-mustache/src/test/resources/rest-api-spec/test/templated_role_query/10_templated_role_query.yaml
@@ -32,6 +32,17 @@ setup:
               "password": "changeme",
               "roles" : [ "file_template_role" ]
             }
+  - do:
+      xpack.security.put_user:
+        username: "terms_template_user"
+        body:  >
+            {
+              "password": "changeme",
+              "roles" : [ "terms_template_role" ],
+              "metadata": {
+                "groups": [ "inline_template_user", "file_template_user" ]
+              }
+            }
 
   - do:
       xpack.security.put_role:
@@ -53,6 +64,24 @@ setup:
               ]
             }
 
+  - do:
+      xpack.security.put_role:
+        name: "terms_template_role"
+        body:  >
+            {
+              "indices": [
+                {
+                  "names": "foobar",
+                  "privileges": ["all"],
+                  "query" : {
+                    "template" : {
+                      "inline" : "{\"terms\" : { \"username\" : {{#toJson}}_user.metadata.groups{{/toJson}} } }"
+                    }
+                  }
+                }
+              ]
+            }
+
   - do:
       xpack.security.put_role:
         name: "stored_template_role"
@@ -144,6 +173,10 @@ teardown:
       xpack.security.delete_user:
         username: "file_template_user"
         ignore: 404
+  - do:
+      xpack.security.delete_user:
+        username: "terms_template_user"
+        ignore: 404
   - do:
       xpack.security.delete_role:
         name: "inline_template_role"
@@ -156,7 +189,10 @@ teardown:
       xpack.security.delete_role:
         name: "file_template_role"
         ignore: 404
-
+  - do:
+      xpack.security.delete_role:
+        name: "terms_template_role"
+        ignore: 404
 ---
 "Test inline template":
   - do:
@@ -189,3 +225,15 @@ teardown:
         body: { "query" : { "match_all" : {} } }
   - match: { hits.total: 1}
   - match: { hits.hits.0._source.username: file_template_user}
+
+---
+"Test terms template":
+  - do:
+      headers:
+        Authorization: "Basic dGVybXNfdGVtcGxhdGVfdXNlcjpjaGFuZ2VtZQ=="
+      search:
+        index: foobar
+        body: { "query" : { "match_all" : {} } }
+  - match: { hits.total: 2}
+  - match: { hits.hits.0._source.username: inline_template_user}
+  - match: { hits.hits.1._source.username: file_template_user}