Watcher: Fix chain input toXcontent serialization (#31721)

spinscale · spinscale · commit fffcf9382a19 · 2018-07-02T20:36:25.000+02:00
The xcontent parameters were not passed to the xcontent serialization
of the chain input for each chain. This could lead to wrongly stored 
watches, which did not contain passwords but only their redacted counterparts, when an input inside of a chain input contained a password.
diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/test/watcher/get_watch/30_with_chain_input.yml b/x-pack/plugin/src/test/resources/rest-api-spec/test/watcher/get_watch/30_with_chain_input.yml
@@ -0,0 +1,51 @@
+---
+"Test get watch api with chained input and basic auth":
+  - do:
+      cluster.health:
+          wait_for_status: yellow
+
+  - do:
+      xpack.watcher.put_watch:
+        id: "my_watch"
+        body:  >
+          {
+            "trigger": {
+              "schedule": {
+                "cron": "0 0 0 1 * ? 2099"
+              }
+            },
+            "input": {
+              "chain": {
+                "inputs": [
+                  {
+                    "http": {
+                      "http": {
+                        "request": {
+                          "url" : "http://localhost/",
+                          "auth": {
+                            "basic": {
+                              "username": "Username123",
+                              "password": "Password123"
+                            }
+                          }
+                        }
+                      }
+                    }
+                  }
+                ]
+              }
+            },
+            "actions": {
+              "logging": {
+                "logging": {
+                  "text": "logging statement here"
+                }
+              }
+            }
+          }
+
+  - do:
+      xpack.watcher.get_watch:
+        id: "my_watch"
+  - match: { found : true}
+  - match: { _id: "my_watch" }
diff --git a/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ChainInput.java b/x-pack/plugin/watcher/src/main/java/org/elasticsearch/xpack/watcher/input/chain/ChainInput.java
@@ -41,7 +41,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws
         builder.startArray(INPUTS.getPreferredName());
         for (Tuple<String, Input> tuple : inputs) {
             builder.startObject().startObject(tuple.v1());
-            builder.field(tuple.v2().type(), tuple.v2());
+            builder.field(tuple.v2().type(), tuple.v2(), params);
             builder.endObject().endObject();
         }
         builder.endArray();
diff --git a/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainInputTests.java b/x-pack/plugin/watcher/src/test/java/org/elasticsearch/xpack/watcher/input/chain/ChainInputTests.java
@@ -9,6 +9,7 @@
 import org.elasticsearch.ElasticsearchParseException;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.bytes.BytesReference;
+import org.elasticsearch.common.collect.Tuple;
 import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.common.xcontent.ToXContent;
 import org.elasticsearch.common.xcontent.XContentBuilder;
@@ -18,6 +19,7 @@
 import org.elasticsearch.test.ESTestCase;
 import org.elasticsearch.test.SecuritySettingsSourceField;
 import org.elasticsearch.xpack.core.watcher.execution.WatchExecutionContext;
+import org.elasticsearch.xpack.core.watcher.input.Input;
 import org.elasticsearch.xpack.core.watcher.watch.Payload;
 import org.elasticsearch.xpack.watcher.common.http.HttpRequestTemplate;
 import org.elasticsearch.xpack.watcher.common.http.auth.basic.BasicAuth;
@@ -29,6 +31,7 @@
 import org.elasticsearch.xpack.watcher.input.simple.SimpleInputFactory;
 import org.elasticsearch.xpack.watcher.test.WatcherTestUtils;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
@@ -46,6 +49,7 @@
 import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.is;
+import static org.hamcrest.Matchers.sameInstance;
 
 public class ChainInputTests extends ESTestCase {
 
@@ -220,4 +224,24 @@ public void testParsingShouldBeStrictWhenStartingInputs() throws Exception {
                 expectThrows(ElasticsearchParseException.class, () -> chainInputFactory.parseInput("test", parser));
         assertThat(e.getMessage(), containsString("Expected starting JSON object after [first] in watch [test]"));
     }
+
+    public void testThatXContentParametersArePassedToInputs() throws Exception {
+        ToXContent.Params randomParams = new ToXContent.MapParams(Collections.singletonMap(randomAlphaOfLength(5), randomAlphaOfLength(5)));
+        ChainInput chainInput = new ChainInput(Collections.singletonList(Tuple.tuple("whatever", new Input() {
+            @Override
+            public String type() {
+                return "test";
+            }
+
+            @Override
+            public XContentBuilder toXContent(XContentBuilder builder, Params params) {
+                assertThat(params, sameInstance(randomParams));
+                return builder;
+            }
+        })));
+
+        try (XContentBuilder builder = jsonBuilder()) {
+            chainInput.toXContent(builder, randomParams);
+        }
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public XContentBuilder toXContent(XContentBuilder builder, Params params) throws`
`41`	`41`	`builder.startArray(INPUTS.getPreferredName());`
`42`	`42`	`for (Tuple<String, Input> tuple : inputs) {`
`43`	`43`	`builder.startObject().startObject(tuple.v1());`
`44`		`- builder.field(tuple.v2().type(), tuple.v2());`
	`44`	`+ builder.field(tuple.v2().type(), tuple.v2(), params);`
`45`	`45`	`builder.endObject().endObject();`
`46`	`46`	`}`
`47`	`47`	`builder.endArray();`