From d3ee0021800c226ad060d448f8834568990ce670 Mon Sep 17 00:00:00 2001
From: jaymode <jay.modi@elasticsearch.com>
Date: Fri, 11 Sep 2015 08:29:48 -0400
Subject: [PATCH] set the user header on new requests in IndexAuditTrail

The IndexAuditTrail was not setting the appropriate user header on requests to see if the index exists and
the mapping is updated. This did not fail in tests because we set shield.user, but fails during a normal
installation.

Closes elastic/elasticsearch#626

Original commit: elastic/x-pack-elasticsearch@3771612b20a0bc83ec5d007660cc14adb8db16c4
---
 .../shield/audit/index/IndexAuditTrail.java   | 21 +++++++++++++------
 .../audit/index/IndexAuditUserHolder.java     |  2 ++
 2 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
index 8bcaf2ac010..5c8b158f8c3 100644
--- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
+++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditTrail.java
@@ -10,6 +10,8 @@ import com.google.common.collect.ImmutableSet;
 import com.google.common.io.ByteStreams;
 import org.elasticsearch.ElasticsearchException;
 import org.elasticsearch.action.admin.cluster.state.ClusterStateResponse;
+import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsRequest;
+import org.elasticsearch.action.admin.indices.mapping.put.PutMappingRequest;
 import org.elasticsearch.action.admin.indices.mapping.put.PutMappingResponse;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateRequest;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateResponse;
@@ -760,13 +762,20 @@ public class IndexAuditTrail extends AbstractComponent implements AuditTrail, Cl
                 dateTime = DateTime.now(DateTimeZone.UTC);
             }
             String index = resolve(INDEX_NAME_PREFIX, dateTime, rollover);
-            if (client.admin().indices().prepareExists(index).get().isExists()) {
+            IndicesExistsRequest existsRequest = new IndicesExistsRequest(index);
+            // TODO need to clean this up so we don't forget to attach the header...
+            if (!indexToRemoteCluster) {
+                authenticationService.attachUserHeaderIfMissing(existsRequest, auditUser.user());
+            }
+
+            if (client.admin().indices().exists(existsRequest).get().isExists()) {
                 logger.debug("index [{}] exists so we need to update mappings", index);
-                PutMappingResponse putMappingResponse = client.admin().indices()
-                        .preparePutMapping(index)
-                        .setType(DOC_TYPE)
-                        .setSource(request.mappings().get(DOC_TYPE))
-                        .get();
+                PutMappingRequest putMappingRequest = new PutMappingRequest(index).type(DOC_TYPE).source(request.mappings().get(DOC_TYPE));
+                if (!indexToRemoteCluster) {
+                    authenticationService.attachUserHeaderIfMissing(putMappingRequest, auditUser.user());
+                }
+
+                PutMappingResponse putMappingResponse = client.admin().indices().putMapping(putMappingRequest).get();
                 if (!putMappingResponse.isAcknowledged()) {
                     throw new IllegalStateException("failed to put mappings for audit logging index [" + index + "]");
                 }
diff --git a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditUserHolder.java b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditUserHolder.java
index 6e347ad8d33..6f2de43494f 100644
--- a/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditUserHolder.java
+++ b/shield/src/main/java/org/elasticsearch/shield/audit/index/IndexAuditUserHolder.java
@@ -5,6 +5,7 @@
  */
 package org.elasticsearch.shield.audit.index;
 
+import org.elasticsearch.action.admin.indices.exists.indices.IndicesExistsAction;
 import org.elasticsearch.action.admin.indices.template.put.PutIndexTemplateAction;
 import org.elasticsearch.action.bulk.BulkAction;
 import org.elasticsearch.shield.User;
@@ -24,6 +25,7 @@ public class IndexAuditUserHolder {
         .cluster(Privilege.Cluster.action(PutIndexTemplateAction.NAME))
         .add(Privilege.Index.CREATE_INDEX, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .add(Privilege.Index.INDEX, IndexAuditTrail.INDEX_NAME_PREFIX + "*")
+        .add(Privilege.Index.action(IndicesExistsAction.NAME), IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .add(Privilege.Index.action(BulkAction.NAME), IndexAuditTrail.INDEX_NAME_PREFIX + "*")
         .build();