From 80981f5666fc83ef4e8569bc65db862e79bb4918 Mon Sep 17 00:00:00 2001
From: Luca Cavanna <javanna@users.noreply.github.com>
Date: Tue, 10 Mar 2020 22:06:06 +0100
Subject: [PATCH] Submit async search to work only with POST

Currently the submit async search API can be called using both GET and POST at REST, but given that it submits a call and creates internal state, POST should be the only allowed method.
---
 .../xpack/search/AsyncSearchSecurityIT.java       | 15 ++-------------
 .../xpack/search/RestSubmitAsyncSearchAction.java |  7 ++-----
 .../rest-api-spec/api/async_search.submit.json    |  2 --
 3 files changed, 4 insertions(+), 20 deletions(-)

diff --git a/x-pack/plugin/async-search/qa/security/src/test/java/org/elasticsearch/xpack/search/AsyncSearchSecurityIT.java b/x-pack/plugin/async-search/qa/security/src/test/java/org/elasticsearch/xpack/search/AsyncSearchSecurityIT.java
index bf063c4f8be0a..d1760acda2b8d 100644
--- a/x-pack/plugin/async-search/qa/security/src/test/java/org/elasticsearch/xpack/search/AsyncSearchSecurityIT.java
+++ b/x-pack/plugin/async-search/qa/security/src/test/java/org/elasticsearch/xpack/search/AsyncSearchSecurityIT.java
@@ -44,7 +44,7 @@ protected Settings restClientSettings() {
     }
 
     @Before
-    private void indexDocuments() throws IOException {
+    public void indexDocuments() throws IOException {
         createIndex("index", Settings.EMPTY);
         index("index", "0", "foo", "bar");
         refresh("index");
@@ -122,12 +122,8 @@ static Response get(String index, String id, String user) throws IOException {
         return client().performRequest(request);
     }
 
-    static Response submitAsyncSearch(String indexName, String query, String user) throws IOException {
-        return submitAsyncSearch(indexName, query, TimeValue.MINUS_ONE, user);
-    }
-
     static Response submitAsyncSearch(String indexName, String query, TimeValue waitForCompletion, String user) throws IOException {
-        final Request request = new Request("GET", indexName + "/_async_search");
+        final Request request = new Request("POST", indexName + "/_async_search");
         setRunAsHeader(request, user);
         request.addParameter("q", query);
         request.addParameter("wait_for_completion", waitForCompletion.toString());
@@ -136,13 +132,6 @@ static Response submitAsyncSearch(String indexName, String query, TimeValue wait
         return client().performRequest(request);
     }
 
-    static Response search(String indexName, String query, String user) throws IOException {
-        final Request request = new Request("GET", indexName + "/_search");
-        setRunAsHeader(request, user);
-        request.addParameter("q", query);
-        return client().performRequest(request);
-    }
-
     static Response getAsyncSearch(String id, String user) throws IOException {
         final Request request = new Request("GET",  "/_async_search/" + id);
         setRunAsHeader(request, user);
diff --git a/x-pack/plugin/async-search/src/main/java/org/elasticsearch/xpack/search/RestSubmitAsyncSearchAction.java b/x-pack/plugin/async-search/src/main/java/org/elasticsearch/xpack/search/RestSubmitAsyncSearchAction.java
index c1847bca7b69f..e1020f8e5a234 100644
--- a/x-pack/plugin/async-search/src/main/java/org/elasticsearch/xpack/search/RestSubmitAsyncSearchAction.java
+++ b/x-pack/plugin/async-search/src/main/java/org/elasticsearch/xpack/search/RestSubmitAsyncSearchAction.java
@@ -16,13 +16,12 @@
 
 import java.io.IOException;
 import java.util.Collections;
+import java.util.List;
 import java.util.Set;
 import java.util.function.IntConsumer;
-import java.util.List;
 
 import static java.util.Arrays.asList;
 import static java.util.Collections.unmodifiableList;
-import static org.elasticsearch.rest.RestRequest.Method.GET;
 import static org.elasticsearch.rest.RestRequest.Method.POST;
 import static org.elasticsearch.rest.action.search.RestSearchAction.parseSearchRequest;
 
@@ -34,9 +33,7 @@ public final class RestSubmitAsyncSearchAction extends BaseRestHandler {
     public List<Route> routes() {
         return unmodifiableList(asList(
             new Route(POST, "/_async_search"),
-            new Route(GET, "/_async_search"),
-            new Route(POST, "/{index}/_async_search"),
-            new Route(GET, "/{index}/_async_search")));
+            new Route(POST, "/{index}/_async_search")));
     }
 
     @Override
diff --git a/x-pack/plugin/src/test/resources/rest-api-spec/api/async_search.submit.json b/x-pack/plugin/src/test/resources/rest-api-spec/api/async_search.submit.json
index 3d057e2da0642..033939acf0703 100644
--- a/x-pack/plugin/src/test/resources/rest-api-spec/api/async_search.submit.json
+++ b/x-pack/plugin/src/test/resources/rest-api-spec/api/async_search.submit.json
@@ -9,14 +9,12 @@
         {
           "path":"/_async_search",
           "methods":[
-            "GET",
             "POST"
           ]
         },
         {
           "path":"/{index}/_async_search",
           "methods":[
-            "GET",
             "POST"
           ],
           "parts":{