fix license and test errors

client/rest-high-level/src/test/java/org/elasticsearch/client/documentation/SecurityDocumentationIT.java

@@ -200,11 +200,11 @@ public void testGetUsers() throws Exception {
             List<User> users = new ArrayList<>(3);
             users.addAll(response.getUsers());
             assertNotNull(response);
-            // 9 users are expected to be returned
+            // 10 users are expected to be returned
             // test_users (3): user1, user2, user3
-            // system_users (6): elastic, beats_system, apm_system, logstash_system, kibana, remote_monitoring_user
+            // system_users (6): elastic, beats_system, apm_system, logstash_system, kibana, kibana_system, remote_monitoring_user
             logger.info(users);
-            assertThat(users.size(), equalTo(9));
+            assertThat(users.size(), equalTo(10));
         }
 
         {

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/KibanaSystemUser.java

@@ -1,22 +1,3 @@
-/*
- * Licensed to Elasticsearch under one or more contributor
- * license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright
- * ownership. Elasticsearch licenses this file to you under
- * the Apache License, Version 2.0 (the "License"); you may
- * not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an
- * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
- * KIND, either express or implied.  See the License for the
- * specific language governing permissions and limitations
- * under the License.
- */
-
 /*
  * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
  * or more contributor license agreements. Licensed under the Elastic License;

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/user/KibanaUser.java

@@ -18,6 +18,7 @@ public class KibanaUser extends User {
     public static final String ROLE_NAME = UsernamesField.KIBANA_ROLE;
 
     public KibanaUser(boolean enabled) {
-        super(NAME, new String[]{ ROLE_NAME }, null, null, MetadataUtils.getDeprecatedReservedMetadata("Please use the [kibana_system] user instead."), enabled);
+        super(NAME, new String[]{ ROLE_NAME }, null, null,
+            MetadataUtils.getDeprecatedReservedMetadata("Please use the [kibana_system] user instead."), enabled);
     }
 }

x-pack/plugin/identity-provider/qa/idp-rest-tests/src/test/java/org/elasticsearch/xpack/idp/IdentityProviderAuthenticationIT.java

@@ -45,7 +45,7 @@ public class IdentityProviderAuthenticationIT extends IdpRestTestCase {
 
     @Before
     public void setupSecurityData() throws IOException {
-        setUserPassword("kibana", new SecureString("kibana".toCharArray()));
+        setUserPassword("kibana_system", new SecureString("kibana_system".toCharArray()));
         createApplicationPrivileges("elastic-cloud", Map.ofEntries(
             Map.entry("deployment_admin", Set.of("sso:admin")),
             Map.entry("deployment_viewer", Set.of("sso:viewer"))
@@ -113,7 +113,7 @@ private Map<String, Object> validateAuthnRequest(String entityId, String authnRe
     private SamlPrepareAuthenticationResponse generateSamlAuthnRequest(String realmName) throws Exception {
         final Request request = new Request("POST", "/_security/saml/prepare");
         request.setJsonEntity("{\"realm\":\"" + realmName + "\"}");
-        try (RestClient kibanaClient = restClientAsKibana()) {
+        try (RestClient kibanaClient = restClientAsKibanaSystem()) {
             final Response response = kibanaClient.performRequest(request);
             final Map<String, Object> map = entityAsMap(response);
             assertThat(ObjectPath.eval("realm", map), equalTo(realmName));
@@ -152,7 +152,7 @@ private void authenticateWithSamlResponse(String samlResponse, @Nullable String
             request.setJsonEntity("{\"content\":\"" + encodedResponse + "\", \"realm\":\"" + REALM_NAME + "\"}");
         }
         final String accessToken;
-        try (RestClient kibanaClient = restClientAsKibana()) {
+        try (RestClient kibanaClient = restClientAsKibanaSystem()) {
             final Response response = kibanaClient.performRequest(request);
             final Map<String, Object> map = entityAsMap(response);
             assertThat(ObjectPath.eval("username", map), instanceOf(String.class));
@@ -184,7 +184,7 @@ private RestClient restClientWithToken(String accessToken) throws IOException {
             getClusterHosts().toArray(new HttpHost[getClusterHosts().size()]));
     }
 
-    private RestClient restClientAsKibana() throws IOException {
+    private RestClient restClientAsKibanaSystem() throws IOException {
         return buildClient(
             Settings.builder().put(ThreadContext.PREFIX + ".Authorization", basicAuthHeaderValue("kibana",
                 new SecureString("kibana".toCharArray()))).build(),

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealm.java

@@ -234,10 +234,10 @@ private void getUserInfo(final String username, ActionListener<ReservedUserInfo>
 
     private void logDeprecatedUser(final User user){
         Map<String, Object> metadata = user.metadata();
-        boolean isDeprecatedUser = Boolean.TRUE.equals(metadata.get(MetadataUtils.DEPRECATED_METADATA_KEY));
-        if (isDeprecatedUser == true) {
+        if (Boolean.TRUE.equals(metadata.get(MetadataUtils.DEPRECATED_METADATA_KEY))) {
             deprecationLogger.deprecatedAndMaybeLog("deprecated_user-" + user.principal(), "The user [" + user.principal() +
-                "] is deprecated and will be removed in a future version of Elasticsearch. " + metadata.get(MetadataUtils.DEPRECATED_REASON_METADATA_KEY));
+                "] is deprecated and will be removed in a future version of Elasticsearch. " +
+                metadata.get(MetadataUtils.DEPRECATED_REASON_METADATA_KEY));
         }
     }
 

x-pack/plugin/security/src/test/java/org/elasticsearch/integration/KibanaSystemRoleIntegTests.java

@@ -27,13 +27,13 @@ public class KibanaSystemRoleIntegTests extends SecurityIntegTestCase {
     public String configUsers() {
         final String usersPasswdHashed = new String(getFastStoredHashAlgoForTests().hash(USERS_PASSWD));
         return super.configUsers() +
-            "kibana_system:" + usersPasswdHashed;
+            "my_kibana_system:" + usersPasswdHashed;
     }
 
     @Override
     public String configUsersRoles() {
         return super.configUsersRoles() +
-                "kibana_system:kibana_system";
+                "kibana_system:my_kibana_system";
     }
 
 
@@ -42,13 +42,14 @@ public void testCreateIndexDeleteInKibanaIndex() throws Exception {
 
         if (randomBoolean()) {
             CreateIndexResponse createIndexResponse = client().filterWithHeader(singletonMap("Authorization",
-                    UsernamePasswordToken.basicAuthHeaderValue("kibana_system", USERS_PASSWD)))
+                    UsernamePasswordToken.basicAuthHeaderValue("my_kibana_system", USERS_PASSWD)))
                     .admin().indices().prepareCreate(index).get();
             assertThat(createIndexResponse.isAcknowledged(), is(true));
         }
 
         IndexResponse response = client()
-                .filterWithHeader(singletonMap("Authorization", UsernamePasswordToken.basicAuthHeaderValue("kibana_system", USERS_PASSWD)))
+                .filterWithHeader(singletonMap("Authorization",
+                    UsernamePasswordToken.basicAuthHeaderValue("my_kibana_system", USERS_PASSWD)))
                 .prepareIndex()
                 .setIndex(index)
                 .setSource("foo", "bar")
@@ -57,7 +58,8 @@ public void testCreateIndexDeleteInKibanaIndex() throws Exception {
         assertEquals(DocWriteResponse.Result.CREATED, response.getResult());
 
         DeleteResponse deleteResponse = client()
-                .filterWithHeader(singletonMap("Authorization", UsernamePasswordToken.basicAuthHeaderValue("kibana_system", USERS_PASSWD)))
+                .filterWithHeader(singletonMap("Authorization",
+                    UsernamePasswordToken.basicAuthHeaderValue("my_kibana_system", USERS_PASSWD)))
                 .prepareDelete(index, response.getId())
                 .get();
         assertEquals(DocWriteResponse.Result.DELETED, deleteResponse.getResult());

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/esnative/ReservedRealmTests.java

@@ -86,8 +86,8 @@ public void testInvalidHashingAlgorithmFails() {
     }
 
     public void testReservedUserEmptyPasswordAuthenticationFails() throws Throwable {
-        final String principal = randomFrom(UsernamesField.ELASTIC_NAME, UsernamesField.KIBANA_NAME, UsernamesField.LOGSTASH_NAME,
-            UsernamesField.BEATS_NAME);
+        final String principal = randomFrom(UsernamesField.ELASTIC_NAME, UsernamesField.DEPRECATED_KIBANA_NAME, UsernamesField.KIBANA_NAME,
+            UsernamesField.LOGSTASH_NAME, UsernamesField.BEATS_NAME);
 
         final ReservedRealm reservedRealm = new ReservedRealm(mock(Environment.class), Settings.EMPTY, usersStore,
             new AnonymousUser(Settings.EMPTY), securityIndex, threadPool);
@@ -297,6 +297,10 @@ public void testFailedAuthentication() throws Exception {
         assertFailedAuthentication(future, ElasticUser.NAME);
     }
 
+    public void testLogDeprecatedUser() {
+
+    }
+
     private void assertFailedAuthentication(PlainActionFuture<AuthenticationResult> future, String principal) throws Exception {
         final AuthenticationResult result = future.get();
         assertThat(result.getStatus(), is(AuthenticationResult.Status.TERMINATE));

x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authc/pki/PkiAuthDelegationIntegTests.java

@@ -83,7 +83,7 @@ protected String configUsers() {
             "user_manage_security:" + usersPasswdHashed + "\n" +
             "user_delegate_pki:" + usersPasswdHashed + "\n" +
             "user_all:" + usersPasswdHashed + "\n" +
-            "kibana_system:" + usersPasswdHashed + "\n";
+            "my_kibana_system:" + usersPasswdHashed + "\n";
     }
 
     @Override
@@ -109,7 +109,7 @@ protected String configUsersRoles() {
                 "role_manage_security:user_manage_security\n" +
                 "role_delegate_pki:user_delegate_pki\n" +
                 "role_all:user_all\n" +
-                "kibana_system:kibana_system\n";
+                "kibana_system:my_kibana_system\n";
     }
 
     @Override
@@ -140,7 +140,7 @@ public void testDelegateThenAuthenticate() throws Exception {
         }
 
         try (RestHighLevelClient restClient = new TestRestHighLevelClient()) {
-            for (String delegateeUsername : Arrays.asList("user_all", "user_delegate_pki", "kibana_system")) {
+            for (String delegateeUsername : Arrays.asList("user_all", "user_delegate_pki", "my_kibana_system")) {
                 // delegate
                 RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
                 optionsBuilder.addHeader("Authorization",
@@ -177,7 +177,7 @@ public void testTokenInvalidate() throws Exception {
         }
 
         try (RestHighLevelClient restClient = new TestRestHighLevelClient()) {
-            String delegateeUsername = randomFrom("user_all", "user_delegate_pki", "kibana_system");
+            String delegateeUsername = randomFrom("user_all", "user_delegate_pki", "my_kibana_system");
             // delegate
             RequestOptions.Builder optionsBuilder = RequestOptions.DEFAULT.toBuilder();
             optionsBuilder.addHeader("Authorization",