set the user header on new requests in IndexAuditTrail

The IndexAuditTrail was not setting the appropriate user header on requests to see if the index exists and
the mapping is updated. This did not fail in tests because we set shield.user, but fails during a normal
installation.

Closes elastic/elasticsearch#626

Original commit: elastic/x-pack-elasticsearch@3771612b20

shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java

@@ -10,6 +10,8 @@ import com.google.common.collect.ImmutableSet;
 import com.google.common.io.ByteStreams;
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
+import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest;
+import org.elasticsearch.action.admin.indices.mapping.put.PutMappingRequest;
 import org.elasticsearch.action.admin.indices.mapping.put.PutMappingResponse;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
@@ -760,13 +762,20 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
                 dateTime = DateTime.now(DateTimeZone.UTC);
             }
             String index = resolve(INDEX_NAME_PREFIX, dateTime, rollover);
-            if (client.admin().indices().prepareExists(index).get().isExists()) {
+            IndicesExistsRequest existsRequest = new IndicesExistsRequest(index);
+            // TODO need to clean this up so we don't forget to attach the header...
+            if (!indexToRemoteCluster) {
+                authenticationService.attachUserHeaderIfMissing(existsRequest, auditUser.user());
+            }
+
+            if (client.admin().indices().exists(existsRequest).get().isExists()) {
                 logger.debug("index [{}] exists so we need to update mappings", index);
-                PutMappingResponse putMappingResponse = client.admin().indices()
-                        .preparePutMapping(index)
-                        .setType(DOC_TYPE)
-                        .setSource(request.mappings().get(DOC_TYPE))
-                        .get();
+                PutMappingRequest putMappingRequest = new PutMappingRequest(index).type(DOC_TYPE).source(request.mappings().get(DOC_TYPE));
+                if (!indexToRemoteCluster) {
+                    authenticationService.attachUserHeaderIfMissing(putMappingRequest, auditUser.user());
+                }
+
+                PutMappingResponse putMappingResponse = client.admin().indices().putMapping(putMappingRequest).get();
                 if (!putMappingResponse.isAcknowledged()) {
                     throw new IllegalStateException("failed to put mappings for audit logging index [" + index + "]");
                 }

shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditUserHolder.java

@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.shield.audit.index;
 
+import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsAction;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction;
 import org.elasticsearch.action.bulk.BulkAction;
 import org.elasticsearch.shield.User;
@@ -24,6 +25,7 @@ public class IndexAuditUserHolder {
         .cluster(Privilege.Cluster.action(PutIndexTemplateAction.NAME))
         .add(Privilege.Index.CREATE_INDEX, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .add(Privilege.Index.INDEX, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
+        .add(Privilege.Index.action(IndicesExistsAction.NAME), IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .add(Privilege.Index.action(BulkAction.NAME), IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .build();