Watcher: Fix chain input toXcontent serialization (#31721)

The xcontent parameters were not passed to the xcontent serialization of the chain input for each chain. This could lead to wrongly stored watches, which did not contain passwords but only their redacted counterparts, when an input inside of a chain input contained a password.
elastic · Jul 2, 2018 · fffcf93 · fffcf93
1 parent 821a533
commit fffcf93
Show file tree

Hide file tree

Showing 3 changed files with 76 additions and 1 deletion.
diff --git a/...ck/plugin/src/test/resources/rest-api-spec/test/watcher/get_watch/30_with_chain_input.yml b/...ck/plugin/src/test/resources/rest-api-spec/test/watcher/get_watch/30_with_chain_input.yml
@@ -0,0 +1,51 @@
+---
+"Test get watch api with chained input and basic auth":
+  - do:
+      cluster.health:
+          wait_for_status: yellow
+
+  - do:
+      xpack.watcher.put_watch:
+        id: "my_watch"
+        body:  >
+          {
+            "trigger": {
+              "schedule": {
+                "cron": "0 0 0 1 * ? 2099"
+              }
+            },
+            "input": {
+              "chain": {
+                "inputs": [
+                  {
+                    "http": {
+                      "http": {
+                        "request": {
+                          "url" : "http://localhost/",
+                          "auth": {
+                            "basic": {
+                              "username": "Username123",
+                              "password": "Password123"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                ]
+              }
+            },
+            "actions": {
+              "logging": {
+                "logging": {
+                  "text": "logging statement here"
+                }
+              }
+            }
+          }
+
+  - do:
+      xpack.watcher.get_watch:
+        id: "my_watch"
+  - match: { found : true}
+  - match: { _id: "my_watch" }
diff --git a/.../plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ChainInput.java b/.../plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ChainInput.java
@@ -41,7 +41,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
         builder.startArray(INPUTS.getPreferredName());
         for (Tuple<String, Input> tuple : inputs) {
             builder.startObject().startObject(tuple.v1());
-            builder.field(tuple.v2().type(), tuple.v2());
+            builder.field(tuple.v2().type(), tuple.v2(), params);
             builder.endObject().endObject();
         }
         builder.endArray();

diff --git a/...in/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainInputTests.java b/...in/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainInputTests.java
@@ -9,6 +9,7 @@
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.bytes.BytesReference;
+import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.ToXContent;
 import org.elasticsearch.common.xcontent.XContentBuilder;
@@ -18,6 +19,7 @@
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.SecuritySettingsSourceField;
 import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext;
+import org.elasticsearch.xpack.core.watcher.input.Input;
 import org.elasticsearch.xpack.core.watcher.watch.Payload;
 import org.elasticsearch.xpack.watcher.common.http.HttpRequestTemplate;
 import org.elasticsearch.xpack.watcher.common.http.auth.basic.BasicAuth;
@@ -29,6 +31,7 @@
 import org.elasticsearch.xpack.watcher.input.simple.SimpleInputFactory;
 import org.elasticsearch.xpack.watcher.test.WatcherTestUtils;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -46,6 +49,7 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.sameInstance;
 
 public class ChainInputTests extends ESTestCase {
 
@@ -220,4 +224,24 @@ public void testParsingShouldBeStrictWhenStartingInputs() throws Exception {
                 expectThrows(ElasticsearchParseException.class, () -> chainInputFactory.parseInput("test", parser));
         assertThat(e.getMessage(), containsString("Expected starting JSON object after [first] in watch [test]"));
     }
+
+    public void testThatXContentParametersArePassedToInputs() throws Exception {
+        ToXContent.Params randomParams = new ToXContent.MapParams(Collections.singletonMap(randomAlphaOfLength(5), randomAlphaOfLength(5)));
+        ChainInput chainInput = new ChainInput(Collections.singletonList(Tuple.tuple("whatever", new Input() {
+            @Override
+            public String type() {
+                return "test";
+            }
+
+            @Override
+            public XContentBuilder toXContent(XContentBuilder builder, Params params) {
+                assertThat(params, sameInstance(randomParams));
+                return builder;
+            }
+        })));
+
+        try (XContentBuilder builder = jsonBuilder()) {
+            chainInput.toXContent(builder, randomParams);
+        }
+    }
 }