From 131a357cdd0ab69a3790197f7c55b744c960aa99 Mon Sep 17 00:00:00 2001
From: Tim Vernum <tim@adjective.org>
Date: Mon, 14 Aug 2023 21:00:15 +1000
Subject: [PATCH] Add YAML test for authentication without user API

Adds a test for the security.authenticate (/_security/_authenticate)
API that doesn't depend on the native realm being available

Relates: #98429
---
 .../test/authenticate/11_admin_user.yml       | 46 +++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/authenticate/11_admin_user.yml

diff --git a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/authenticate/11_admin_user.yml b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/authenticate/11_admin_user.yml
new file mode 100644
index 0000000000000..8d4fe213c8f06
--- /dev/null
+++ b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/authenticate/11_admin_user.yml
@@ -0,0 +1,46 @@
+####
+# These tests verify the authenticate API functionality without using any create user/role features
+####
+---
+setup:
+  - skip:
+      features: headers
+---
+"Test authenticate as admin user":
+
+  - do:
+      security.authenticate: {}
+
+  - is_true: username
+  - match: { authentication_type: "realm" }
+  - match: { api_key: null }
+  - match: { enabled: true }
+
+---
+"Test authenticate with token":
+
+  - do:
+      security.get_token:
+        body:
+          grant_type: "client_credentials"
+
+  - is_true: access_token
+  - set:
+      access_token: token
+
+  - do:
+      security.authenticate: {}
+  - set:
+      username: token_owner
+      authentication_realm.name: realm_name
+
+  - do:
+      headers:
+        Authorization: "Bearer ${token}"
+      security.authenticate: {}
+
+  - match: { username: "$token_owner" }
+  - match: { authentication_realm.name: "$realm_name" }
+  - match: { authentication_type: "token" }
+  - match: { enabled: true }
+  - match: { api_key: null }