Test: specify a timeout for background operation

This commit adds a timeout for the expiration of invalidated tokens so that we can expect that the
requests will have been finished before we do the assertions on the internal test cluster.

Original commit: elastic/x-pack-elasticsearch@2928706224

plugin/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -452,6 +452,7 @@ public class Security implements ActionPlugin, IngestPlugin, NetworkPlugin {
         settingsList.add(TokenService.TOKEN_EXPIRATION);
         settingsList.add(TokenService.TOKEN_PASSPHRASE);
         settingsList.add(TokenService.DELETE_INTERVAL);
+        settingsList.add(TokenService.DELETE_TIMEOUT);
 
         // encryption settings
         CryptoService.addSettings(settingsList);

plugin/src/main/java/org/elasticsearch/xpack/security/authc/ExpiredTokenRemover.java

@@ -7,11 +7,11 @@ package org.elasticsearch.xpack.security.authc;
 
 import org.apache.logging.log4j.Logger;
 import org.elasticsearch.action.ActionListener;
-import org.elasticsearch.action.bulk.byscroll.BulkByScrollResponse;
 import org.elasticsearch.action.bulk.byscroll.DeleteByQueryRequest;
 import org.elasticsearch.action.search.SearchRequest;
 import org.elasticsearch.common.logging.Loggers;
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.common.unit.TimeValue;
 import org.elasticsearch.common.util.concurrent.AbstractRunnable;
 import org.elasticsearch.index.query.QueryBuilders;
 import org.elasticsearch.threadpool.ThreadPool;
@@ -33,16 +33,22 @@ final class ExpiredTokenRemover extends AbstractRunnable {
     private final InternalClient client;
     private final AtomicBoolean inProgress = new AtomicBoolean(false);
     private final Logger logger;
+    private final TimeValue timeout;
 
     ExpiredTokenRemover(Settings settings, InternalClient internalClient) {
         this.client = internalClient;
         this.logger = Loggers.getLogger(getClass(), settings);
+        this.timeout = TokenService.DELETE_TIMEOUT.get(settings);
     }
 
     @Override
     public void doRun() {
         SearchRequest searchRequest = new SearchRequest(TokenService.INDEX_NAME);
         DeleteByQueryRequest dbq = new DeleteByQueryRequest(searchRequest);
+        if (timeout != TimeValue.MINUS_ONE) {
+            dbq.setTimeout(timeout);
+            searchRequest.source().timeout(timeout);
+        }
         searchRequest.source()
                 .query(QueryBuilders.boolQuery()
                         .filter(QueryBuilders.termQuery("doc_type", TokenService.DOC_TYPE))

plugin/src/main/java/org/elasticsearch/xpack/security/authc/TokenService.java

@@ -101,6 +101,8 @@ public final class TokenService extends AbstractComponent {
             TimeValue.timeValueMinutes(20L), TimeValue.timeValueSeconds(1L), Property.NodeScope);
     public static final Setting<TimeValue> DELETE_INTERVAL = Setting.timeSetting("xpack.security.authc.token.delete.interval",
                     TimeValue.timeValueMinutes(30L), Property.NodeScope);
+    public static final Setting<TimeValue> DELETE_TIMEOUT = Setting.timeSetting("xpack.security.authc.token.delete.timeout",
+            TimeValue.MINUS_ONE, Property.NodeScope);
     public static final String DEFAULT_PASSPHRASE = "changeme is a terrible password, so let's not use it anymore!";
 
     static final String DOC_TYPE = "invalidated-token";

plugin/src/test/java/org/elasticsearch/xpack/security/authc/TokenAuthIntegTests.java

@@ -37,6 +37,7 @@ public class TokenAuthIntegTests extends SecurityIntegTestCase {
                 // turn down token expiration interval and crank up the deletion interval
                 .put(TokenService.TOKEN_EXPIRATION.getKey(), TimeValue.timeValueSeconds(1L))
                 .put(TokenService.DELETE_INTERVAL.getKey(), TimeValue.timeValueSeconds(1L))
+                .put(TokenService.DELETE_TIMEOUT.getKey(), TimeValue.timeValueSeconds(2L))
                 .build();
     }