From 03a5b6139345f941febaf42336e1869427827f6a Mon Sep 17 00:00:00 2001
From: Nikolaj Volgushev <n1v0lg@users.noreply.github.com>
Date: Tue, 8 Aug 2023 11:50:13 +0200
Subject: [PATCH] Test 403

---
 .../xpack/security/apikey/GetApiKeysRestIT.java            | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/GetApiKeysRestIT.java b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/GetApiKeysRestIT.java
index 22f35578ff99a..a27458914d6d3 100644
--- a/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/GetApiKeysRestIT.java
+++ b/x-pack/plugin/security/qa/security-trial/src/javaRestTest/java/org/elasticsearch/xpack/security/apikey/GetApiKeysRestIT.java
@@ -11,6 +11,7 @@
 import org.apache.http.util.EntityUtils;
 import org.elasticsearch.client.Request;
 import org.elasticsearch.client.Response;
+import org.elasticsearch.client.ResponseException;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.core.TimeValue;
 import org.elasticsearch.test.XContentTestUtils;
@@ -36,6 +37,7 @@
 
 import static org.hamcrest.Matchers.containsInAnyOrder;
 import static org.hamcrest.Matchers.emptyArray;
+import static org.hamcrest.Matchers.equalTo;
 
 public class GetApiKeysRestIT extends SecurityOnTrialLicenseRestTestCase {
     private static final SecureString END_USER_PASSWORD = new SecureString("end-user-password".toCharArray());
@@ -145,6 +147,11 @@ public void testGetApiKeysWithActiveOnlyFlagAndMultipleUsers() throws Exception
             ).getApiKeyInfos(),
             emptyArray()
         );
+        var ex = expectThrows(
+            ResponseException.class,
+            () -> getApiKeysWithRequestParams(MANAGE_OWN_API_KEY_USER, Map.of("active_only", "true", "owner", "false"))
+        );
+        assertThat(ex.getResponse().getStatusLine().getStatusCode(), equalTo(403));
         assertResponseContainsApiKeyIds(
             getApiKeysWithRequestParams(randomBoolean() ? Map.of() : Map.of("active_only", "false")),
             manageOwnApiKeyUserApiKeyId,