Service Accounts - renaming refactor (#71917) (#71994)

This PR renames classes relevant to the following names for accuracy
and consistency:
* Rename GetServiceAccountTokens to GetServiceAccountCredentials
* Rename ServiceAccountsTokenStore to ServiceAccountTokenStore

Co-authored-by: Tim Vernum <tim@adjective.org>

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountTokensAction.java → x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountCredentialsAction.java

@@ -9,12 +9,12 @@
 
 import org.elasticsearch.action.ActionType;
 
-public class GetServiceAccountTokensAction extends ActionType<GetServiceAccountTokensResponse> {
+public class GetServiceAccountCredentialsAction extends ActionType<GetServiceAccountCredentialsResponse> {
 
-    public static final String NAME = "cluster:admin/xpack/security/service_account/token/get";
-    public static final GetServiceAccountTokensAction INSTANCE = new GetServiceAccountTokensAction();
+    public static final String NAME = "cluster:admin/xpack/security/service_account/credential/get";
+    public static final GetServiceAccountCredentialsAction INSTANCE = new GetServiceAccountCredentialsAction();
 
-    public GetServiceAccountTokensAction() {
-        super(NAME, GetServiceAccountTokensResponse::new);
+    public GetServiceAccountCredentialsAction() {
+        super(NAME, GetServiceAccountCredentialsResponse::new);
     }
 }

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountTokensRequest.java → x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountCredentialsRequest.java

@@ -18,17 +18,17 @@
 
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 
-public class GetServiceAccountTokensRequest extends ActionRequest {
+public class GetServiceAccountCredentialsRequest extends ActionRequest {
 
     private final String namespace;
     private final String serviceName;
 
-    public GetServiceAccountTokensRequest(String namespace, String serviceName) {
+    public GetServiceAccountCredentialsRequest(String namespace, String serviceName) {
         this.namespace = namespace;
         this.serviceName = serviceName;
     }
 
-    public GetServiceAccountTokensRequest(StreamInput in) throws IOException {
+    public GetServiceAccountCredentialsRequest(StreamInput in) throws IOException {
         super(in);
         this.namespace = in.readString();
         this.serviceName = in.readString();
@@ -48,7 +48,7 @@ public boolean equals(Object o) {
             return true;
         if (o == null || getClass() != o.getClass())
             return false;
-        GetServiceAccountTokensRequest that = (GetServiceAccountTokensRequest) o;
+        GetServiceAccountCredentialsRequest that = (GetServiceAccountCredentialsRequest) o;
         return Objects.equals(namespace, that.namespace) && Objects.equals(serviceName, that.serviceName);
     }
 

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountTokensResponse.java → x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountCredentialsResponse.java

@@ -22,21 +22,21 @@
 
 import static java.util.stream.Collectors.groupingBy;
 
-public class GetServiceAccountTokensResponse extends ActionResponse implements ToXContentObject {
+public class GetServiceAccountCredentialsResponse extends ActionResponse implements ToXContentObject {
 
     private final String principal;
     private final String nodeName;
     private final List<TokenInfo> tokenInfos;
 
-    public GetServiceAccountTokensResponse(String principal, String nodeName, Collection<TokenInfo> tokenInfos) {
+    public GetServiceAccountCredentialsResponse(String principal, String nodeName, Collection<TokenInfo> tokenInfos) {
         this.principal = principal;
         this.nodeName = nodeName;
         this.tokenInfos = tokenInfos == null ?
             org.elasticsearch.common.collect.List.of() :
             org.elasticsearch.common.collect.List.copyOf(tokenInfos.stream().sorted().collect(Collectors.toList()));
     }
 
-    public GetServiceAccountTokensResponse(StreamInput in) throws IOException {
+    public GetServiceAccountCredentialsResponse(StreamInput in) throws IOException {
         super(in);
         this.principal = in.readString();
         this.nodeName = in.readString();
@@ -88,7 +88,7 @@ public boolean equals(Object o) {
             return true;
         if (o == null || getClass() != o.getClass())
             return false;
-        GetServiceAccountTokensResponse that = (GetServiceAccountTokensResponse) o;
+        GetServiceAccountCredentialsResponse that = (GetServiceAccountCredentialsResponse) o;
         return Objects.equals(principal, that.principal) && Objects.equals(nodeName, that.nodeName) && Objects.equals(
             tokenInfos, that.tokenInfos);
     }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountTokensRequestTests.java → x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountCredentialsRequestTests.java

@@ -15,31 +15,31 @@
 
 import static org.hamcrest.Matchers.containsString;
 
-public class GetServiceAccountTokensRequestTests extends AbstractWireSerializingTestCase<GetServiceAccountTokensRequest> {
+public class GetServiceAccountCredentialsRequestTests extends AbstractWireSerializingTestCase<GetServiceAccountCredentialsRequest> {
 
     @Override
-    protected Writeable.Reader<GetServiceAccountTokensRequest> instanceReader() {
-        return GetServiceAccountTokensRequest::new;
+    protected Writeable.Reader<GetServiceAccountCredentialsRequest> instanceReader() {
+        return GetServiceAccountCredentialsRequest::new;
     }
 
     @Override
-    protected GetServiceAccountTokensRequest createTestInstance() {
+    protected GetServiceAccountCredentialsRequest createTestInstance() {
         final String namespace = randomAlphaOfLengthBetween(3, 8);
         final String serviceName = randomAlphaOfLengthBetween(3, 8);
-        return new GetServiceAccountTokensRequest(namespace, serviceName);
+        return new GetServiceAccountCredentialsRequest(namespace, serviceName);
     }
 
     @Override
-    protected GetServiceAccountTokensRequest mutateInstance(GetServiceAccountTokensRequest instance) throws IOException {
+    protected GetServiceAccountCredentialsRequest mutateInstance(GetServiceAccountCredentialsRequest instance) throws IOException {
         switch (randomIntBetween(0, 2)) {
             case 0:
-                return new GetServiceAccountTokensRequest(
+                return new GetServiceAccountCredentialsRequest(
                     randomValueOtherThan(instance.getNamespace(), () -> randomAlphaOfLengthBetween(3, 8)), instance.getServiceName());
             case 1:
-                return new GetServiceAccountTokensRequest(
+                return new GetServiceAccountCredentialsRequest(
                     instance.getNamespace(), randomValueOtherThan(instance.getServiceName(), () -> randomAlphaOfLengthBetween(3, 8)));
             default:
-                return new GetServiceAccountTokensRequest(
+                return new GetServiceAccountCredentialsRequest(
                     randomValueOtherThan(instance.getNamespace(), () -> randomAlphaOfLengthBetween(3, 8)),
                     randomValueOtherThan(instance.getServiceName(), () -> randomAlphaOfLengthBetween(3, 8)));
         }
@@ -48,13 +48,13 @@ protected GetServiceAccountTokensRequest mutateInstance(GetServiceAccountTokensR
     public void testValidate() {
         assertNull(createTestInstance().validate());
 
-        final GetServiceAccountTokensRequest request1 =
-            new GetServiceAccountTokensRequest(randomFrom("", null), randomAlphaOfLengthBetween(3, 8));
+        final GetServiceAccountCredentialsRequest request1 =
+            new GetServiceAccountCredentialsRequest(randomFrom("", null), randomAlphaOfLengthBetween(3, 8));
         final ActionRequestValidationException e1 = request1.validate();
         assertThat(e1.getMessage(), containsString("service account namespace is required"));
 
-        final GetServiceAccountTokensRequest request2 =
-            new GetServiceAccountTokensRequest(randomAlphaOfLengthBetween(3, 8), randomFrom("", null));
+        final GetServiceAccountCredentialsRequest request2 =
+            new GetServiceAccountCredentialsRequest(randomAlphaOfLengthBetween(3, 8), randomFrom("", null));
         final ActionRequestValidationException e2 = request2.validate();
         assertThat(e2.getMessage(), containsString("service account service-name is required"));
     }

x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountTokensResponseTests.java → x-pack/plugin/core/src/test/java/org/elasticsearch/xpack/core/security/action/service/GetServiceAccountCredentialsResponseTests.java

@@ -28,33 +28,33 @@
 import static org.hamcrest.Matchers.equalTo;
 import static org.hamcrest.Matchers.is;
 
-public class GetServiceAccountTokensResponseTests extends AbstractWireSerializingTestCase<GetServiceAccountTokensResponse> {
+public class GetServiceAccountCredentialsResponseTests extends AbstractWireSerializingTestCase<GetServiceAccountCredentialsResponse> {
 
     @Override
-    protected Writeable.Reader<GetServiceAccountTokensResponse> instanceReader() {
-        return GetServiceAccountTokensResponse::new;
+    protected Writeable.Reader<GetServiceAccountCredentialsResponse> instanceReader() {
+        return GetServiceAccountCredentialsResponse::new;
     }
 
     @Override
-    protected GetServiceAccountTokensResponse createTestInstance() {
+    protected GetServiceAccountCredentialsResponse createTestInstance() {
         final String principal = randomAlphaOfLengthBetween(3, 8) + "/" + randomAlphaOfLengthBetween(3, 8);
         final String nodeName = randomAlphaOfLengthBetween(3, 8);
         final List<TokenInfo> tokenInfos = IntStream.range(0, randomIntBetween(0, 10))
             .mapToObj(i -> randomTokenInfo())
             .collect(Collectors.toList());
-        return new GetServiceAccountTokensResponse(principal, nodeName, tokenInfos);
+        return new GetServiceAccountCredentialsResponse(principal, nodeName, tokenInfos);
     }
 
     @Override
-    protected GetServiceAccountTokensResponse mutateInstance(GetServiceAccountTokensResponse instance) throws IOException {
+    protected GetServiceAccountCredentialsResponse mutateInstance(GetServiceAccountCredentialsResponse instance) throws IOException {
 
         switch (randomIntBetween(0, 2)) {
             case 0:
-                return new GetServiceAccountTokensResponse(randomValueOtherThan(instance.getPrincipal(),
+                return new GetServiceAccountCredentialsResponse(randomValueOtherThan(instance.getPrincipal(),
                     () -> randomAlphaOfLengthBetween(3, 8) + "/" + randomAlphaOfLengthBetween(3, 8)),
                     instance.getNodeName(), instance.getTokenInfos());
             case 1:
-                return new GetServiceAccountTokensResponse(instance.getPrincipal(),
+                return new GetServiceAccountCredentialsResponse(instance.getPrincipal(),
                     randomValueOtherThan(instance.getNodeName(), () -> randomAlphaOfLengthBetween(3, 8)),
                     instance.getTokenInfos());
             default:
@@ -80,21 +80,22 @@ protected GetServiceAccountTokensResponse mutateInstance(GetServiceAccountTokens
                             tokenInfos.add(randomTokenInfo());
                         }
                 }
-                return new GetServiceAccountTokensResponse(instance.getPrincipal(), instance.getNodeName(), new ArrayList<>(tokenInfos));
+                return new GetServiceAccountCredentialsResponse(instance.getPrincipal(), instance.getNodeName(),
+                    new ArrayList<>(tokenInfos));
         }
     }
 
     public void testEquals() {
-        final GetServiceAccountTokensResponse response = createTestInstance();
+        final GetServiceAccountCredentialsResponse response = createTestInstance();
         final ArrayList<TokenInfo> tokenInfos = new ArrayList<>(response.getTokenInfos());
         Collections.shuffle(tokenInfos, random());
-        assertThat(new GetServiceAccountTokensResponse(
+        assertThat(new GetServiceAccountCredentialsResponse(
             response.getPrincipal(), response.getNodeName(), new ArrayList<>(tokenInfos)),
             equalTo(response));
     }
 
     public void testToXContent() throws IOException {
-        final GetServiceAccountTokensResponse response = createTestInstance();
+        final GetServiceAccountCredentialsResponse response = createTestInstance();
         final Map<String, TokenInfo> nameToTokenInfos = response.getTokenInfos().stream()
             .collect(Collectors.toMap(TokenInfo::getName, Function.identity()));
         XContentBuilder builder = XContentFactory.jsonBuilder();

x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java

@@ -193,9 +193,9 @@ public class Constants {
         "cluster:admin/xpack/security/saml/logout",
         "cluster:admin/xpack/security/saml/prepare",
         "cluster:admin/xpack/security/service_account/get",
+        "cluster:admin/xpack/security/service_account/credential/get",
         "cluster:admin/xpack/security/service_account/token/create",
         "cluster:admin/xpack/security/service_account/token/delete",
-        "cluster:admin/xpack/security/service_account/token/get",
         "cluster:admin/xpack/security/token/create",
         "cluster:admin/xpack/security/token/invalidate",
         "cluster:admin/xpack/security/token/refresh",

x-pack/plugin/security/qa/service-account/src/javaRestTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountIT.java

@@ -30,7 +30,6 @@
 import java.util.Locale;
 import java.util.Map;
 
-import static org.elasticsearch.xpack.core.security.authc.support.UsernamePasswordToken.basicAuthHeaderValue;
 import static org.hamcrest.Matchers.anEmptyMap;
 import static org.hamcrest.Matchers.containsString;
 import static org.hamcrest.Matchers.equalTo;
@@ -282,7 +281,7 @@ public void testNoDuplicateApiServiceAccountToken() throws IOException {
         assertThat(e.getMessage(), containsString("document already exists"));
     }
 
-    public void testGetServiceAccountTokens() throws IOException {
+    public void testGetServiceAccountCredentials() throws IOException {
         final Request getTokensRequest = new Request("GET", "_security/service/elastic/fleet-server/credential");
         final Response getTokensResponse1 = client().performRequest(getTokensRequest);
         assertOK(getTokensResponse1);

x-pack/plugin/security/src/internalClusterTest/java/org/elasticsearch/xpack/security/authc/service/ServiceAccountSingleNodeTests.java

@@ -76,8 +76,8 @@ public void testAuthenticateWithServiceFileToken() {
     }
 
     public void testApiServiceAccountToken() {
-        final IndexServiceAccountsTokenStore store = node().injector().getInstance(IndexServiceAccountsTokenStore.class);
-        final Cache<String, ListenableFuture<CachingServiceAccountsTokenStore.CachedResult>> cache = store.getCache();
+        final IndexServiceAccountTokenStore store = node().injector().getInstance(IndexServiceAccountTokenStore.class);
+        final Cache<String, ListenableFuture<CachingServiceAccountTokenStore.CachedResult>> cache = store.getCache();
         final CreateServiceAccountTokenRequest createServiceAccountTokenRequest =
             new CreateServiceAccountTokenRequest("elastic", "fleet-server", "api-token-1");
         final CreateServiceAccountTokenResponse createServiceAccountTokenResponse =
@@ -103,8 +103,8 @@ public void testApiServiceAccountToken() {
     }
 
     public void testClearCache() {
-        final IndexServiceAccountsTokenStore indexStore = node().injector().getInstance(IndexServiceAccountsTokenStore.class);
-        final Cache<String, ListenableFuture<CachingServiceAccountsTokenStore.CachedResult>> cache = indexStore.getCache();
+        final IndexServiceAccountTokenStore indexStore = node().injector().getInstance(IndexServiceAccountTokenStore.class);
+        final Cache<String, ListenableFuture<CachingServiceAccountTokenStore.CachedResult>> cache = indexStore.getCache();
         final SecureString secret1 = createApiServiceToken("api-token-1");
         final SecureString secret2 = createApiServiceToken("api-token-2");
         assertThat(cache.count(), equalTo(0));