Enroll Node API doesn't return a cluster name (#74514)

During implementation we discovered that the clusters should not
necessarily have a unique name and thus we don't need to convey
this information in the response of the Enroll Node API.

Author: jkakavas

client/rest-high-level/src/main/java/org/elasticsearch/client/security/NodeEnrollmentResponse.java

@@ -23,16 +23,14 @@ public class NodeEnrollmentResponse {
     private final String httpCaCert;
     private final String transportKey;
     private final String transportCert;
-    private final String clusterName;
     private final List<String> nodesAddresses;
 
-    public NodeEnrollmentResponse(String httpCaKey, String httpCaCert, String transportKey, String transportCert, String clusterName,
+    public NodeEnrollmentResponse(String httpCaKey, String httpCaCert, String transportKey, String transportCert,
                                   List<String> nodesAddresses){
         this.httpCaKey = httpCaKey;
         this.httpCaCert = httpCaCert;
         this.transportKey = transportKey;
         this.transportCert = transportCert;
-        this.clusterName = clusterName;
         this.nodesAddresses = Collections.unmodifiableList(nodesAddresses);
     }
 
@@ -52,10 +50,6 @@ public String getTransportCert() {
         return transportCert;
     }
 
-    public String getClusterName() {
-        return clusterName;
-    }
-
     public List<String> getNodesAddresses() {
         return nodesAddresses;
     }
@@ -64,7 +58,6 @@ public List<String> getNodesAddresses() {
     private static final ParseField HTTP_CA_CERT = new ParseField("http_ca_cert");
     private static final ParseField TRANSPORT_KEY = new ParseField("transport_key");
     private static final ParseField TRANSPORT_CERT = new ParseField("transport_cert");
-    private static final ParseField CLUSTER_NAME = new ParseField("cluster_name");
     private static final ParseField NODES_ADDRESSES = new ParseField("nodes_addresses");
 
     @SuppressWarnings("unchecked")
@@ -75,17 +68,15 @@ public List<String> getNodesAddresses() {
             final String httpCaCert = (String) a[1];
             final String transportKey = (String) a[2];
             final String transportCert = (String) a[3];
-            final String clusterName = (String) a[4];
-            final List<String> nodesAddresses = (List<String>) a[5];
-            return new NodeEnrollmentResponse(httpCaKey, httpCaCert, transportKey, transportCert, clusterName, nodesAddresses);
+            final List<String> nodesAddresses = (List<String>) a[4];
+            return new NodeEnrollmentResponse(httpCaKey, httpCaCert, transportKey, transportCert, nodesAddresses);
         });
 
     static {
         PARSER.declareString(ConstructingObjectParser.constructorArg(), HTTP_CA_KEY);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), HTTP_CA_CERT);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), TRANSPORT_KEY);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), TRANSPORT_CERT);
-        PARSER.declareString(ConstructingObjectParser.constructorArg(), CLUSTER_NAME);
         PARSER.declareStringArray(ConstructingObjectParser.constructorArg(), NODES_ADDRESSES);
     }
 
@@ -98,11 +89,11 @@ public static NodeEnrollmentResponse fromXContent(XContentParser parser) throws
         if (o == null || getClass() != o.getClass()) return false;
         NodeEnrollmentResponse that = (NodeEnrollmentResponse) o;
         return httpCaKey.equals(that.httpCaKey) && httpCaCert.equals(that.httpCaCert) && transportKey.equals(that.transportKey)
-            && transportCert.equals(that.transportCert) && clusterName.equals(that.clusterName)
+            && transportCert.equals(that.transportCert)
             && nodesAddresses.equals(that.nodesAddresses);
     }
 
     @Override public int hashCode() {
-        return Objects.hash(httpCaKey, httpCaCert, transportKey, transportCert, clusterName, nodesAddresses);
+        return Objects.hash(httpCaKey, httpCaCert, transportKey, transportCert, nodesAddresses);
     }
 }

client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java

@@ -2881,8 +2881,7 @@ public void testNodeEnrollment() throws Exception {
             String httpCaCert = response.getHttpCaCert(); // <2>
             String transportKey = response.getTransportKey(); // <3>
             String transportCert = response.getTransportCert(); // <4>
-            String clusterName = response.getClusterName(); // <5>
-            List<String> nodesAddresses = response.getNodesAddresses();  // <6>
+            List<String> nodesAddresses = response.getNodesAddresses();  // <5>
             // end::node-enrollment-response
         }
 

docs/java-rest/high-level/cluster/enroll_node.asciidoc

@@ -37,8 +37,7 @@ for the HTTP layer, as a Base64 encoded string of the ASN.1 DER encoding of the
 encoded string of the ASN.1 DER encoding of the key.
 <4> The certificate that the node can use for  TLS for its transport layer, as a Base64
 encoded string of the ASN.1 DER encoding of the certificate.
-<5> The name of the cluster the new node is joining
-<6> A list of transport addresses in the form of `host:port` for the nodes that are already
+<5> A list of transport addresses in the form of `host:port` for the nodes that are already
 members of the cluster.
 
 

x-pack/docs/en/rest-api/security/enroll-node.asciidoc

@@ -39,8 +39,7 @@ The API returns a response such as
   "http_ca_cert" : "MIIJlAIBAzCCCVoGCSqGSIb3DQEHAaCCCUsEgglHMIIJQzCCA98GCSqGSIb3DQ....vsDfsA3UZBAjEPfhubpQysAICCAA=", <2>
   "transport_key" : "MIIEJgIBAzCCA98GCSqGSIb3DQEHAaCCA9AEggPMMIIDyDCCA8QGCSqGSIb3....YuEiOXvqZ6jxuVSQ0CAwGGoA==", <3>
   "transport_cert" : "MIIEJgIBAzCCA98GCSqGSIb3DQEHAaCCA9AEggPMMIIDyDCCA8QGCSqGSIb3....YuEiOXvqZ6jxuVSQ0CAwGGoA==", <4>
-  "cluster_name" : "cluster-name",               <5>
-  "nodes_addresses" : [                          <6>
+  "nodes_addresses" : [                          <5>
     "192.168.1.2:9300"
   ]
 }
@@ -53,6 +52,5 @@ The API returns a response such as
     string of the ASN.1 DER encoding of the key.
 <4> The certificate that the node can use for  TLS for its transport layer, as a Base64 encoded
     string of the ASN.1 DER encoding of the certificate.
-<5> The name of the cluster the new node is joining
-<6> A list of transport addresses in the form of `host:port` for the nodes that are already
+<5> A list of transport addresses in the form of `host:port` for the nodes that are already
     members of the cluster.

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/enrollment/NodeEnrollmentResponse.java

@@ -25,14 +25,12 @@ public final class NodeEnrollmentResponse extends ActionResponse implements ToXC
     private static final ParseField HTTP_CA_CERT = new ParseField("http_ca_cert");
     private static final ParseField TRANSPORT_KEY = new ParseField("transport_key");
     private static final ParseField TRANSPORT_CERT = new ParseField("transport_cert");
-    private static final ParseField CLUSTER_NAME = new ParseField("cluster_name");
     private static final ParseField NODES_ADDRESSES = new ParseField("nodes_addresses");
 
     private final String httpCaKey;
     private final String httpCaCert;
     private final String transportKey;
     private final String transportCert;
-    private final String clusterName;
     private final List<String> nodesAddresses;
 
     public NodeEnrollmentResponse(StreamInput in) throws IOException {
@@ -41,17 +39,15 @@ public NodeEnrollmentResponse(StreamInput in) throws IOException {
         httpCaCert = in.readString();
         transportKey = in.readString();
         transportCert = in.readString();
-        clusterName = in.readString();
         nodesAddresses = in.readStringList();
     }
 
-    public NodeEnrollmentResponse(String httpCaKey, String httpCaCert, String transportKey, String transportCert, String clusterName,
+    public NodeEnrollmentResponse(String httpCaKey, String httpCaCert, String transportKey, String transportCert,
                                   List<String> nodesAddresses) {
         this.httpCaKey = httpCaKey;
         this.httpCaCert = httpCaCert;
         this.transportKey = transportKey;
         this.transportCert = transportCert;
-        this.clusterName = clusterName;
         this.nodesAddresses = nodesAddresses;
     }
 
@@ -71,10 +67,6 @@ public String getTransportCert() {
         return transportCert;
     }
 
-    public String getClusterName() {
-        return clusterName;
-    }
-
     public List<String> getNodesAddresses() {
         return nodesAddresses;
     }
@@ -84,7 +76,6 @@ public List<String> getNodesAddresses() {
         out.writeString(httpCaCert);
         out.writeString(transportKey);
         out.writeString(transportCert);
-        out.writeString(clusterName);
         out.writeStringCollection(nodesAddresses);
     }
 
@@ -94,7 +85,6 @@ public List<String> getNodesAddresses() {
         builder.field(HTTP_CA_CERT.getPreferredName(), httpCaCert);
         builder.field(TRANSPORT_KEY.getPreferredName(), transportKey);
         builder.field(TRANSPORT_CERT.getPreferredName(), transportCert);
-        builder.field(CLUSTER_NAME.getPreferredName(), clusterName);
         builder.field(NODES_ADDRESSES.getPreferredName(), nodesAddresses);
         return builder.endObject();
     }
@@ -104,11 +94,11 @@ public List<String> getNodesAddresses() {
         if (o == null || getClass() != o.getClass()) return false;
         NodeEnrollmentResponse that = (NodeEnrollmentResponse) o;
         return httpCaKey.equals(that.httpCaKey) && httpCaCert.equals(that.httpCaCert) && transportKey.equals(that.transportKey)
-            && transportCert.equals(that.transportCert) && clusterName.equals(that.clusterName)
+            && transportCert.equals(that.transportCert)
             && nodesAddresses.equals(that.nodesAddresses);
     }
 
     @Override public int hashCode() {
-        return Objects.hash(httpCaKey, httpCaCert, transportKey, transportCert, clusterName, nodesAddresses);
+        return Objects.hash(httpCaKey, httpCaCert, transportKey, transportCert, nodesAddresses);
     }
 }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/enrollment/NodeEnrollementResponseTests.java

@@ -31,7 +31,6 @@ public void testSerialization() throws Exception {
                 assertThat(response.getHttpCaCert(), is(serialized.getHttpCaCert()));
                 assertThat(response.getTransportKey(), is(serialized.getTransportKey()));
                 assertThat(response.getTransportCert(), is(serialized.getTransportCert()));
-                assertThat(response.getClusterName(), is(serialized.getClusterName()));
                 assertThat(response.getNodesAddresses(), is(serialized.getNodesAddresses()));
             }
         }
@@ -43,7 +42,6 @@ public void testSerialization() throws Exception {
             randomAlphaOfLengthBetween(50, 100),
             randomAlphaOfLengthBetween(50, 100),
             randomAlphaOfLengthBetween(50, 100),
-            randomAlphaOfLength(10),
             randomList(10, () -> buildNewFakeTransportAddress().toString()));
     }
 
@@ -59,7 +57,6 @@ public void testSerialization() throws Exception {
     private static final ParseField HTTP_CA_CERT = new ParseField("http_ca_cert");
     private static final ParseField TRANSPORT_KEY = new ParseField("transport_key");
     private static final ParseField TRANSPORT_CERT = new ParseField("transport_cert");
-    private static final ParseField CLUSTER_NAME = new ParseField("cluster_name");
     private static final ParseField NODES_ADDRESSES = new ParseField("nodes_addresses");
 
     @SuppressWarnings("unchecked")
@@ -70,17 +67,15 @@ public void testSerialization() throws Exception {
             final String httpCaCert = (String) a[1];
             final String transportKey = (String) a[2];
             final String transportCert = (String) a[3];
-            final String clusterName = (String) a[4];
-            final List<String> nodesAddresses = (List<String>) a[5];
-            return new NodeEnrollmentResponse(httpCaKey, httpCaCert, transportKey, transportCert, clusterName, nodesAddresses);
+            final List<String> nodesAddresses = (List<String>) a[4];
+            return new NodeEnrollmentResponse(httpCaKey, httpCaCert, transportKey, transportCert, nodesAddresses);
         });
 
     static {
         PARSER.declareString(ConstructingObjectParser.constructorArg(), HTTP_CA_KEY);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), HTTP_CA_CERT);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), TRANSPORT_KEY);
         PARSER.declareString(ConstructingObjectParser.constructorArg(), TRANSPORT_CERT);
-        PARSER.declareString(ConstructingObjectParser.constructorArg(), CLUSTER_NAME);
         PARSER.declareStringArray(ConstructingObjectParser.constructorArg(), NODES_ADDRESSES);
     }
 }

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/action/enrollment/TransportNodeEnrollmentAction.java

@@ -15,7 +15,6 @@
 import org.elasticsearch.action.support.ActionFilters;
 import org.elasticsearch.action.support.HandledTransportAction;
 import org.elasticsearch.client.Client;
-import org.elasticsearch.cluster.service.ClusterService;
 import org.elasticsearch.core.Tuple;
 import org.elasticsearch.common.inject.Inject;
 import org.elasticsearch.transport.TransportInfo;
@@ -42,16 +41,14 @@
 
 public class TransportNodeEnrollmentAction extends HandledTransportAction<NodeEnrollmentRequest, NodeEnrollmentResponse> {
     private final Environment environment;
-    private final ClusterService clusterService;
     private final SSLService sslService;
     private final Client client;
 
     @Inject
-    public TransportNodeEnrollmentAction(TransportService transportService, ClusterService clusterService, SSLService sslService,
-                                         Client client, ActionFilters actionFilters, Environment environment) {
+    public TransportNodeEnrollmentAction(TransportService transportService, SSLService sslService, Client client,
+                                         ActionFilters actionFilters, Environment environment) {
         super(NodeEnrollmentAction.NAME, transportService, actionFilters, NodeEnrollmentRequest::new);
         this.environment = environment;
-        this.clusterService = clusterService;
         this.sslService = sslService;
         this.client = client;
     }
@@ -115,7 +112,6 @@ protected void doExecute(Task task, NodeEnrollmentRequest request, ActionListene
                 httpCaCert,
                 transportKey,
                 transportCert,
-                clusterService.getClusterName().value(),
                 nodeList));
         } catch (CertificateEncodingException e) {
             listener.onFailure(new ElasticsearchException("Unable to enroll node", e));

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/action/enrollment/TransportNodeEnrollmentActionTests.java

@@ -18,7 +18,7 @@
 import org.elasticsearch.client.Client;
 import org.elasticsearch.cluster.ClusterName;
 import org.elasticsearch.cluster.node.DiscoveryNode;
-import org.elasticsearch.cluster.service.ClusterService;
+import org.elasticsearch.common.settings.MockSecureSettings;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.transport.BoundTransportAddress;
 import org.elasticsearch.common.transport.TransportAddress;
@@ -75,21 +75,20 @@ public void testDoExecute() throws Exception {
         Files.copy(getDataPath("/org/elasticsearch/xpack/security/action/enrollment/transport.p12"), transportPath);
         when(env.configFile()).thenReturn(tempDir);
         final SSLService sslService = mock(SSLService.class);
+        final MockSecureSettings secureSettings = new MockSecureSettings();
+        secureSettings.setString("keystore.secure_password", "password");
         final Settings httpSettings = Settings.builder()
-            .put("keystore.path", "httpCa.p12")
-            .put("keystore.password", "password")
+            .put("keystore.path", httpCaPath)
+            .setSecureSettings(secureSettings)
             .build();
         final SSLConfiguration httpSslConfiguration = new SSLConfiguration(httpSettings);
         when(sslService.getHttpTransportSSLConfiguration()).thenReturn(httpSslConfiguration);
         final Settings transportSettings = Settings.builder()
-            .put("keystore.path", "transport.p12")
+            .put("keystore.path", transportPath)
             .put("keystore.password", "password")
             .build();
         final SSLConfiguration transportSslConfiguration = new SSLConfiguration(transportSettings);
         when(sslService.getTransportSSLConfiguration()).thenReturn(transportSslConfiguration);
-        final ClusterService clusterService = mock(ClusterService.class);
-        final String clusterName = randomAlphaOfLengthBetween(6, 10);
-        when(clusterService.getClusterName()).thenReturn(new ClusterName(clusterName));
         final ThreadContext threadContext = new ThreadContext(Settings.EMPTY);
         final ThreadPool threadPool = mock(ThreadPool.class);
         when(threadPool.getThreadContext()).thenReturn(threadContext);
@@ -132,12 +131,11 @@ public void testDoExecute() throws Exception {
             Collections.emptySet());
 
         final TransportNodeEnrollmentAction action =
-            new TransportNodeEnrollmentAction(transportService, clusterService, sslService, client, mock(ActionFilters.class), env);
+            new TransportNodeEnrollmentAction(transportService, sslService, client, mock(ActionFilters.class), env);
         final NodeEnrollmentRequest request = new NodeEnrollmentRequest();
         final PlainActionFuture<NodeEnrollmentResponse> future = new PlainActionFuture<>();
         action.doExecute(mock(Task.class), request, future);
         final NodeEnrollmentResponse response = future.get();
-        assertThat(response.getClusterName(), equalTo(clusterName));
         assertSameCertificate(response.getHttpCaCert(), httpCaPath, "password".toCharArray(), true);
         assertSameCertificate(response.getTransportCert(), transportPath, "password".toCharArray(), false);
         assertThat(response.getNodesAddresses().size(), equalTo(numberOfNodes));