From 6b89b7c41d0142c89964b90ac926d976ec358614 Mon Sep 17 00:00:00 2001
From: Nikolaj Volgushev <n1v0lg@users.noreply.github.com>
Date: Fri, 8 Dec 2023 12:31:05 +0100
Subject: [PATCH] Address review feedback

---
 .../test/cluster/local/AbstractLocalClusterFactory.java  | 5 ++++-
 .../test/cluster/local/DefaultLocalClusterHandle.java    | 4 ++--
 .../cluster/local/DefaultLocalElasticsearchCluster.java  | 4 ++--
 .../test/cluster/local/LocalClusterHandle.java           | 9 +++++++--
 .../xpack/security/authc/jwt/JwtRestIT.java              | 2 +-
 5 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/AbstractLocalClusterFactory.java b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/AbstractLocalClusterFactory.java
index 7ea2d68886857..e8a72042f7729 100644
--- a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/AbstractLocalClusterFactory.java
+++ b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/AbstractLocalClusterFactory.java
@@ -443,7 +443,10 @@ private void copyExtraConfigFiles() {
             });
         }
 
-        public void writeToKeystoreFile() {
+        public void updateStoredSecureSettings() {
+            if (usesSecureSecretsFile) {
+                throw new UnsupportedOperationException("updating stored secure settings is not supported in serverless test clusters");
+            }
             final Path keystoreFile = workingDir.resolve("config").resolve("elasticsearch.keystore");
             try {
                 Files.deleteIfExists(keystoreFile);
diff --git a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalClusterHandle.java b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalClusterHandle.java
index b0706c2a9c533..718c9c1bb0042 100644
--- a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalClusterHandle.java
+++ b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalClusterHandle.java
@@ -180,8 +180,8 @@ public InputStream getNodeLog(int index, LogType logType) {
     }
 
     @Override
-    public void writeToKeystoreFile() {
-        execute(() -> nodes.parallelStream().forEach(Node::writeToKeystoreFile));
+    public void updateStoredSecureSettings() {
+        execute(() -> nodes.parallelStream().forEach(Node::updateStoredSecureSettings));
     }
 
     protected void waitUntilReady() {
diff --git a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalElasticsearchCluster.java b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalElasticsearchCluster.java
index 4c605de5dd3d8..77b73e7b6ce86 100644
--- a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalElasticsearchCluster.java
+++ b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/DefaultLocalElasticsearchCluster.java
@@ -157,9 +157,9 @@ public InputStream getNodeLog(int index, LogType logType) {
     }
 
     @Override
-    public void writeToKeystoreFile() {
+    public void updateStoredSecureSettings() {
         checkHandle();
-        handle.writeToKeystoreFile();
+        handle.updateStoredSecureSettings();
     }
 
     protected H getHandle() {
diff --git a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterHandle.java b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterHandle.java
index af15ea415f719..7a95d682e9ddc 100644
--- a/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterHandle.java
+++ b/test/test-clusters/src/main/java/org/elasticsearch/test/cluster/local/LocalClusterHandle.java
@@ -10,6 +10,7 @@
 
 import org.elasticsearch.test.cluster.ClusterHandle;
 import org.elasticsearch.test.cluster.LogType;
+import org.elasticsearch.test.cluster.MutableSettingsProvider;
 import org.elasticsearch.test.cluster.util.Version;
 
 import java.io.InputStream;
@@ -95,7 +96,11 @@ public interface LocalClusterHandle extends ClusterHandle {
     InputStream getNodeLog(int index, LogType logType);
 
     /**
-     * Writes current keystore settings to keystore file on each node.
+     * Writes secure settings to the relevant secure config file on each node. Use this method if you are dynamically updating secure
+     * settings via a {@link MutableSettingsProvider} and need the update to be written to file, without a cluster restart.
+     *
+     * @throws UnsupportedOperationException if secure settings are stored in a secrets file, i.e., in serverless. Only keystore-based
+     * storage is currently supported
      */
-    void writeToKeystoreFile();
+    void updateStoredSecureSettings();
 }
diff --git a/x-pack/plugin/security/qa/jwt-realm/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/jwt/JwtRestIT.java b/x-pack/plugin/security/qa/jwt-realm/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/jwt/JwtRestIT.java
index 6e134a41565f4..5b9af5c585b0d 100644
--- a/x-pack/plugin/security/qa/jwt-realm/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/jwt/JwtRestIT.java
+++ b/x-pack/plugin/security/qa/jwt-realm/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/jwt/JwtRestIT.java
@@ -555,7 +555,7 @@ private void writeSettingToKeystoreThenReload(String setting, @Nullable String v
         } else {
             keystoreSettings.put(setting, value);
         }
-        cluster.writeToKeystoreFile();
+        cluster.updateStoredSecureSettings();
         assertOK(adminClient().performRequest(new Request("POST", "/_nodes/reload_secure_settings")));
     }