Add 8.19 transport version for IdP Extension Attr (#129233)

This adds a new patch level TransportVersion in preparation for backporting #128805

Author: tvernum

server/src/main/java/org/elasticsearch/TransportVersions.java

@@ -195,6 +195,7 @@ static TransportVersion def(int id) {
  public static final TransportVersion ML_INFERENCE_MISTRAL_CHAT_COMPLETION_ADDED_8_19 = def(8_841_0_47);
  public static final TransportVersion ML_INFERENCE_ELASTIC_RERANK_ADDED_8_19 = def(8_841_0_48);
  public static final TransportVersion NONE_CHUNKING_STRATEGY_8_19 = def(8_841_0_49);
+ public static final TransportVersion IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19 = def(8_841_0_50);
  public static final TransportVersion V_9_0_0 = def(9_000_0_09);
  public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_1 = def(9_000_0_10);
  public static final TransportVersion INITIAL_ELASTICSEARCH_9_0_2 = def(9_000_0_11);

x-pack/plugin/identity-provider/src/main/java/org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderDocument.java

@@ -43,6 +43,7 @@
 import java.util.function.BiConsumer;
 
 import static org.elasticsearch.TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST;
+import static org.elasticsearch.TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19;
 
 /**
  * This class models the storage of a {@link SamlServiceProvider} as an Elasticsearch document.
@@ -276,7 +277,8 @@ public SamlServiceProviderDocument(StreamInput in) throws IOException {
  attributeNames.name = in.readOptionalString();
  attributeNames.roles = in.readOptionalString();
 
- if (in.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
+ if (in.getTransportVersion().isPatchFrom(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+ || in.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
  attributeNames.extensions = in.readCollectionAsImmutableSet(StreamInput::readString);
  }
 
@@ -305,7 +307,8 @@ public void writeTo(StreamOutput out) throws IOException {
  out.writeOptionalString(attributeNames.name);
  out.writeOptionalString(attributeNames.roles);
 
- if (out.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
+ if (out.getTransportVersion().isPatchFrom(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+ || out.getTransportVersion().onOrAfter(IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)) {
  out.writeStringCollection(attributeNames.extensions);
  }
 

x-pack/plugin/identity-provider/src/test/java/org/elasticsearch/xpack/idp/saml/sp/SamlServiceProviderDocumentTests.java

@@ -32,6 +32,7 @@
 import java.util.Set;
 
 import static org.elasticsearch.test.hamcrest.ElasticsearchAssertions.assertToXContentEquivalent;
+import static org.hamcrest.Matchers.empty;
 import static org.hamcrest.Matchers.emptyIterable;
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.not;
@@ -90,6 +91,31 @@ public void testStreamRoundTripWithAllFields() throws Exception {
  assertThat(assertSerializationRoundTrip(doc2), equalTo(doc1));
  }
 
+ public void testSerializationBeforeExtensionAttributes() throws Exception {
+ final SamlServiceProviderDocument original = createFullDocument();
+ final TransportVersion version = randomBoolean()
+ ? TransportVersionUtils.randomVersionBetween(
+ random(),
+ TransportVersions.V_9_0_0,
+ TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST)
+ )
+ : TransportVersionUtils.randomVersionBetween(
+ random(),
+ TransportVersions.V_8_0_0,
+ TransportVersionUtils.getPreviousVersion(TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST_8_19)
+ );
+ final SamlServiceProviderDocument copy = copyWriteable(
+ original,
+ new NamedWriteableRegistry(List.of()),
+ SamlServiceProviderDocument::new,
+ version
+ );
+ assertThat(copy.attributeNames.extensions, empty());
+
+ copy.attributeNames.setExtensions(original.attributeNames.extensions);
+ assertThat(copy, equalTo(original));
+ }
+
  private SamlServiceProviderDocument createFullDocument() throws GeneralSecurityException, IOException {
  final List<X509Credential> credentials = readCredentials();
  final List<X509Certificate> certificates = credentials.stream().map(X509Credential::getEntityCertificate).toList();
@@ -121,6 +147,7 @@ private SamlServiceProviderDocument createFullDocument() throws GeneralSecurityE
  doc1.attributeNames.setEmail("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
  doc1.attributeNames.setName("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
  doc1.attributeNames.setRoles("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8));
+ doc1.attributeNames.setExtensions(List.of("urn:" + randomAlphaOfLengthBetween(4, 8) + "." + randomAlphaOfLengthBetween(4, 8)));
  return doc1;
  }
 
@@ -162,7 +189,7 @@ private SamlServiceProviderDocument assertXContentRoundTrip(SamlServiceProviderD
  private SamlServiceProviderDocument assertSerializationRoundTrip(SamlServiceProviderDocument doc) throws IOException {
  final TransportVersion version = TransportVersionUtils.randomVersionBetween(
  random(),
- TransportVersions.V_8_0_0,
+ TransportVersions.IDP_CUSTOM_SAML_ATTRIBUTES_ALLOW_LIST,
  TransportVersion.current()
  );
  final SamlServiceProviderDocument read = copyWriteable(