Retain reference to stdout for exceptional cases

qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveGenerateInitialPasswordTests.java

@@ -65,7 +65,35 @@ public void test30NoAutoGenerationWhenAutoConfigurationDisabled() throws Excepti
         assertThat(usersAndPasswords.isEmpty(), is(true));
     }
 
-    public void test40VerifyAutogeneratedCredentials() throws Exception {
+    public void test40NoAutogenerationWhenDaemonizedWithTty() throws Exception {
+        /* Windows issue awaits fix: https://github.com/elastic/elasticsearch/issues/49340 */
+        assumeTrue("expect command isn't on Windows", distribution.platform != Distribution.Platform.WINDOWS);
+        stopElasticsearch();
+        ServerUtils.enableSecurityAutoConfiguration(installation);
+        Shell.Result result = runElasticsearchStartCommand(null, true, true);
+        Map<String, String> usersAndPasswords = parseUsersAndPasswords(result.stdout);
+        assertThat(usersAndPasswords.isEmpty(), is(true));
+    }
+
+    public void test50NoAutogenerationWhenNotDaemonizedWithoutTty() throws Exception {
+        /* Windows issue awaits fix: https://github.com/elastic/elasticsearch/issues/49340 */
+        assumeTrue("expect command isn't on Windows", distribution.platform != Distribution.Platform.WINDOWS);
+        stopElasticsearch();
+        Shell.Result result = runElasticsearchStartCommand(null, false, false);
+        Map<String, String> usersAndPasswords = parseUsersAndPasswords(result.stdout);
+        assertThat(usersAndPasswords.isEmpty(), is(true));
+    }
+
+    public void test60NoAutogenerationWhenDaemonizedWithoutTty() throws Exception {
+        /* Windows issue awaits fix: https://github.com/elastic/elasticsearch/issues/49340 */
+        assumeTrue("expect command isn't on Windows", distribution.platform != Distribution.Platform.WINDOWS);
+        stopElasticsearch();
+        Shell.Result result = runElasticsearchStartCommand(null, true, false);
+        Map<String, String> usersAndPasswords = parseUsersAndPasswords(result.stdout);
+        assertThat(usersAndPasswords.isEmpty(), is(true));
+    }
+
+    public void test70VerifyAutogeneratedCredentials() throws Exception {
         /* Windows issue awaits fix: https://github.com/elastic/elasticsearch/issues/49340 */
         assumeTrue("expect command isn't on Windows", distribution.platform != Distribution.Platform.WINDOWS);
         stopElasticsearch();
@@ -81,7 +109,7 @@ public void test40VerifyAutogeneratedCredentials() throws Exception {
         }
     }
 
-    public void test50PasswordAutogenerationOnlyOnce() throws Exception {
+    public void test80PasswordAutogenerationOnlyOnce() throws Exception {
         /* Windows issue awaits fix: https://github.com/elastic/elasticsearch/issues/49340 */
         assumeTrue("expect command isn't on Windows", distribution.platform != Distribution.Platform.WINDOWS);
         stopElasticsearch();

server/src/main/java/org/elasticsearch/bootstrap/Bootstrap.java

@@ -316,7 +316,7 @@ static void init(
             final Environment initialEnv) throws BootstrapException, NodeValidationException, UserException {
         // force the class initializer for BootstrapInfo to run before
         // the security manager is installed
-        BootstrapInfo.init();
+        BootstrapInfo.init(System.out);
 
         INSTANCE = new Bootstrap();
 

server/src/main/java/org/elasticsearch/bootstrap/BootstrapInfo.java

@@ -10,6 +10,7 @@
 
 import org.elasticsearch.core.SuppressForbidden;
 
+import java.io.PrintStream;
 import java.util.Dictionary;
 import java.util.Enumeration;
 
@@ -19,6 +20,8 @@
 @SuppressForbidden(reason = "exposes read-only view of system properties")
 public final class BootstrapInfo {
 
+    private static PrintStream originalStandardOut;
+
     /** no instantiation */
     private BootstrapInfo() {}
 
@@ -46,6 +49,11 @@ public static boolean isSystemCallFilterInstalled() {
         return Natives.isSystemCallFilterInstalled();
     }
 
+    /**
+     * Returns a reference to the original System.out
+     */
+    public static PrintStream getOriginalStandardOut() { return originalStandardOut; }
+
     /**
      * codebase location for untrusted scripts (provide some additional safety)
      * <p>
@@ -110,7 +118,8 @@ public static Dictionary<Object,Object> getSystemProperties() {
         return SYSTEM_PROPERTIES;
     }
 
-    public static void init() {
+    public static void init(PrintStream originalStandardOut) {
+        BootstrapInfo.originalStandardOut = originalStandardOut;
     }
 
 }

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/GenerateInitialBuiltinUsersPasswordListener.java

@@ -12,13 +12,15 @@
 import org.elasticsearch.action.ActionListener;
 import org.elasticsearch.action.DocWriteRequest;
 import org.elasticsearch.action.support.WriteRequest;
+import org.elasticsearch.bootstrap.BootstrapInfo;
 import org.elasticsearch.common.settings.SecureString;
 import org.elasticsearch.index.engine.VersionConflictEngineException;
 import org.elasticsearch.xpack.core.security.user.ElasticUser;
 import org.elasticsearch.xpack.core.security.user.KibanaSystemUser;
 import org.elasticsearch.xpack.security.authc.esnative.NativeUsersStore;
 import org.elasticsearch.xpack.security.support.SecurityIndexManager;
 
+import java.io.PrintStream;
 import java.util.function.BiConsumer;
 
 import static org.elasticsearch.xpack.security.tool.CommandUtils.generatePassword;
@@ -36,6 +38,11 @@ public GenerateInitialBuiltinUsersPasswordListener(NativeUsersStore nativeUsersS
 
     @Override
     public void accept(SecurityIndexManager.State previousState, SecurityIndexManager.State currentState) {
+        final PrintStream out = BootstrapInfo.getOriginalStandardOut();
+        if (null == out) {
+            outputOnError(new IllegalStateException("Stashed standard output stream is not available."));
+            return;
+        }
         if (previousState.equals(SecurityIndexManager.State.UNRECOVERED_STATE)
             && currentState.equals(SecurityIndexManager.State.UNRECOVERED_STATE) == false
             && securityIndexManager.indexExists() == false) {
@@ -57,7 +64,7 @@ public void accept(SecurityIndexManager.State previousState, SecurityIndexManage
                                 WriteRequest.RefreshPolicy.IMMEDIATE,
                                 ActionListener.wrap(
                                     r -> {
-                                        outputOnSuccess(elasticPassword, kibanaSystemPassword);
+                                        outputOnSuccess(elasticPassword, kibanaSystemPassword, out);
                                     }, this::outputOnError
                                 )
                             );
@@ -66,32 +73,25 @@ public void accept(SecurityIndexManager.State previousState, SecurityIndexManage
         }
     }
 
-    private void outputOnSuccess(SecureString elasticPassword, SecureString kibanaSystemPassword) {
-        LOGGER.info("");
-        LOGGER.info("-----------------------------------------------------------------");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("Password for the elastic user is: " + elasticPassword);
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("Password for the kibana_system user is: " + kibanaSystemPassword);
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("Please note these down as they will not be shown again.");
-        LOGGER.info("");
-        LOGGER.info("You can use 'bin/elasticsearch-reset-elastic-password' at any time");
-        LOGGER.info("in order to reset the password for the elastic user.");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("You can use 'bin/elasticsearch-reset-kibana-system-password' at any time");
-        LOGGER.info("in order to reset the password for the kibana_system user.");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("");
-        LOGGER.info("-----------------------------------------------------------------");
-        LOGGER.info("");
+    private void outputOnSuccess(SecureString elasticPassword, SecureString kibanaSystemPassword, PrintStream out) {
+        out.println();
+        out.println("-----------------------------------------------------------------");
+        out.println();
+        out.println("Password for the elastic user is: " + elasticPassword);
+        out.println();
+        out.println("Password for the kibana_system user is: " + kibanaSystemPassword);
+        out.println();
+        out.println("Please note these down as they will not be shown again.");
+        out.println();
+        out.println();
+        out.println("You can use 'bin/elasticsearch-reset-elastic-password' at any time");
+        out.println("in order to reset the password for the elastic user.");
+        out.println();
+        out.println("You can use 'bin/elasticsearch-reset-kibana-system-password' at any time");
+        out.println("in order to reset the password for the kibana_system user.");
+        out.println();
+        out.println("-----------------------------------------------------------------");
+        out.println();
     }
 
     private void outputOnError(Exception e) {