Fix username rule when returned as array (#6110)

stevejgordon · web-flow · commit 0f3d57136d65 · 2022-02-02T14:17:27.000Z
diff --git a/src/Nest/XPack/Security/RoleMapping/Rules/Field/FieldRuleBase.cs b/src/Nest/XPack/Security/RoleMapping/Rules/Field/FieldRuleBase.cs
@@ -59,6 +59,13 @@ protected string Username
 			set => BackingDictionary.Add("username", value);
 		}
 
+		[IgnoreDataMember]
+		protected IEnumerable<string> Usernames
+		{
+			get => BackingDictionary.TryGetValue("username", out var o) ? (IEnumerable<string>)o : null;
+			set => BackingDictionary.Add("username", value);
+		}
+
 		public static AnyRoleMappingRule operator |(FieldRuleBase leftContainer, FieldRuleBase rightContainer) =>
 			new AnyRoleMappingRule(new FieldRoleMappingRule(leftContainer), new FieldRoleMappingRule(rightContainer));
 
diff --git a/src/Nest/XPack/Security/RoleMapping/Rules/Field/FieldRuleBaseFormatter.cs b/src/Nest/XPack/Security/RoleMapping/Rules/Field/FieldRuleBaseFormatter.cs
@@ -39,6 +39,13 @@ public FieldRuleBase Deserialize(ref JsonReader reader, IJsonFormatterResolver f
 					switch (value)
 					{
 						case 0:
+							if (reader.GetCurrentJsonToken() == JsonToken.BeginArray)
+							{
+								var fm = formatterResolver.GetFormatter<IEnumerable<string>>();
+								var dns = fm.Deserialize(ref reader, formatterResolver);
+								fieldRule = new UsernameRule(dns);
+								break;
+							}
 							var username = reader.ReadString();
 							fieldRule = new UsernameRule(username);
 							break;
diff --git a/src/Nest/XPack/Security/RoleMapping/Rules/Field/UsernameRule.cs b/src/Nest/XPack/Security/RoleMapping/Rules/Field/UsernameRule.cs
@@ -2,10 +2,14 @@
 // Elasticsearch B.V licenses this file to you under the Apache 2.0 License.
 // See the LICENSE file in the project root for more information
 
+using System.Collections.Generic;
+
 namespace Nest
 {
 	public class UsernameRule : FieldRuleBase
 	{
 		public UsernameRule(string username) => Username = username;
+
+		public UsernameRule(IEnumerable<string> usernames) => Usernames = usernames;
 	}
 }
diff --git a/src/Nest/XPack/Security/RoleMapping/Rules/Role/RoleMappingRulesDescriptor.cs b/src/Nest/XPack/Security/RoleMapping/Rules/Role/RoleMappingRulesDescriptor.cs
@@ -24,6 +24,8 @@ private RoleMappingRulesDescriptor Add(RoleMappingRuleBase m)
 
 		public RoleMappingRulesDescriptor DistinguishedName(string name) => Add(new DistinguishedNameRule(name));
 
+		public RoleMappingRulesDescriptor Username(IEnumerable<string> usernames) => Add(new UsernameRule(usernames));
+
 		public RoleMappingRulesDescriptor Username(string username) => Add(new UsernameRule(username));
 
 		public RoleMappingRulesDescriptor Groups(params string[] groups) => Add(new GroupsRule(groups));
diff --git a/tests/Tests.Reproduce/GitHubIssue5270.cs b/tests/Tests.Reproduce/GitHubIssue5270.cs
@@ -67,4 +67,58 @@ private static void Assert(GetRoleMappingResponse roleResponse) =>
 				.Subject["dn"].Should().BeAssignableTo<IEnumerable<string>>()
 				.Subject.Count().Should().Be(2);
 	}
+
+	public class GitHubIssue5270PartTwo
+	{
+		private static readonly byte[] ResponseBytes = Encoding.UTF8.GetBytes(@"{
+  ""test admin role mapping"" : {
+    ""enabled"" : true,
+    ""roles"" : [
+      ""apm_user""
+    ],
+    ""rules"" : {
+      ""any"" : [
+        {
+          ""field"" : {
+            ""username"" : [
+              ""admin1"",
+              ""admin2""
+            ]
+          }
+        }
+      ]
+    },
+    ""metadata"" : { }
+  }
+}");
+
+		[U]
+		public async Task GetRoleMappings()
+		{
+			var pool = new SingleNodeConnectionPool(new Uri($"http://localhost:9200"));
+			var settings = new ConnectionSettings(pool, new InMemoryConnection(ResponseBytes));
+			var client = new ElasticClient(settings);
+
+			// ReSharper disable once MethodHasAsyncOverload
+			var roleResponse = client.Security.GetRoleMapping();
+			roleResponse.RoleMappings.Count.Should().Be(1);
+			Assert(roleResponse);
+
+			roleResponse = await client.Security.GetRoleMappingAsync();
+			roleResponse.RoleMappings.Count.Should().Be(1);
+			Assert(roleResponse);
+		}
+
+		private static void Assert(GetRoleMappingResponse roleResponse) =>
+			roleResponse.RoleMappings["test admin role mapping"]
+				.Rules.Should()
+				.BeAssignableTo<AnyRoleMappingRule>()
+				.Subject.Any.First()
+				.Should()
+				.BeAssignableTo<FieldRoleMappingRule>()
+				.Subject.Field.Should()
+				.BeAssignableTo<UsernameRule>()
+				.Subject["username"].Should().BeAssignableTo<IEnumerable<string>>()
+				.Subject.Count().Should().Be(2);
+	}
 }

Original file line number	Diff line number	Diff line change
`@@ -2,10 +2,14 @@`
`2`	`2`	`// Elasticsearch B.V licenses this file to you under the Apache 2.0 License.`
`3`	`3`	`// See the LICENSE file in the project root for more information`
`4`	`4`
	`5`	`+using System.Collections.Generic;`
	`6`	`+`
`5`	`7`	`namespace Nest`
`6`	`8`	`{`
`7`	`9`	`public class UsernameRule : FieldRuleBase`
`8`	`10`	`{`
`9`	`11`	`public UsernameRule(string username) => Username = username;`
	`12`	`+`
	`13`	`+ public UsernameRule(IEnumerable<string> usernames) => Usernames = usernames;`
`10`	`14`	`}`
`11`	`15`	`}`