From d2b909fe5ab58a31391d74355b09ddc6c9cb45e3 Mon Sep 17 00:00:00 2001
From: Jay Modi <jaymode@users.noreply.github.com>
Date: Mon, 24 Apr 2017 09:18:26 -0400
Subject: [PATCH] Test: remove roles from user on remote cluster
 (elastic/x-pack-elasticsearch#1144)

This change removes the roles from the user in the remote cluster to show that the roles passed
from the source cluster are used in evaluating the user's permissions during multi-cluster search.

Original commit: elastic/x-pack-elasticsearch@35658168fb04ed779a6e7057345dd60bc62384a9
---
 .../test/remote_cluster/10_basic.yaml             | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yaml b/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yaml
index e4f9298475a..587a67fba0c 100644
--- a/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yaml
+++ b/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yaml
@@ -86,3 +86,18 @@ setup:
   - match: { hits.total: 2 }
   - match: { hits.hits.0._source.filter_field: 1 }
   - match: { hits.hits.0._index: "test_index" }
+
+# The user is updated to remove its role mappings to show that we do not
+#  need the user to be assigned to a role on the remote cluster and that the
+#  roles sent with the user from the other cluster are used. The put user
+#  request clears the cached reference to the user so we do not need to do
+#  that manually
+  - do:
+      xpack.security.put_user:
+        username: "joe"
+        body:  >
+            {
+              "password": "s3krit",
+              "roles" : [ ]
+            }
+  - match: { user: { created: false } }