address feedback

Author: rjernst

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java

@@ -789,14 +789,20 @@ private static void addTribeSettings(Settings settings, Settings.Builder setting
             // we passed all the checks now we need to copy in all of the x-pack security settings
             SecureSettings secureSettings = Settings.builder().put(settings).getSecureSettings(); // hack to get at secure settings...
             Set<String> secureSettingKeys = secureSettings == null ? Collections.emptySet() : secureSettings.getSettingNames();
+            List<String> invalidSettings = new ArrayList<>();
             for (String k : settings.keySet()) {
                 if (k.startsWith("xpack.security.")) {
                     if (secureSettingKeys.contains(k)) {
-                        throw new IllegalArgumentException("Secure setting [" + k + "] cannot be used with tribe client node");
+                        invalidSettings.add(k);
+                    } else {
+                        settingsBuilder.copy(tribePrefix + k, k, settings);
                     }
-                    settingsBuilder.copy(tribePrefix + k, k, settings);
                 }
             }
+            if (invalidSettings.isEmpty() == false) {
+                throw new IllegalArgumentException("Secure settings " + invalidSettings.toString() +
+                                                   " cannot be used with tribe client node");
+            }
         }
 
         Map<String, Settings> realmsSettings = settings.getGroups(SecurityField.setting("authc.realms"), true);

x-pack/qa/tribe-tests-with-security/src/test/java/org/elasticsearch/xpack/security/SecurityTribeTests.java

@@ -560,14 +560,16 @@ public void testNoTribeSecureSettings() throws Exception {
         MockSecureSettings secureSettings = new MockSecureSettings();
         Path home = createTempDir();
         secureSettings.setString("xpack.security.http.ssl.keystore.secure_password", "dummypass");
+        secureSettings.setString("xpack.security.authc.token.passphrase", "dummypass");
         Settings settings = Settings.builder().setSecureSettings(secureSettings)
             .put("path.home", home)
             .put("tribe.t1.cluster.name", "foo")
             .put("xpack.security.enabled", true).build();
         Security security = new Security(settings, home.resolve("config"));
         IllegalArgumentException e = expectThrows(IllegalArgumentException.class, security::additionalSettings);
-        assertThat(e.getMessage(),
-            equalTo("Secure setting [xpack.security.http.ssl.keystore.secure_password] cannot be used with tribe client node"));
+        // can't rely on order of the strings printed in the exception message
+        assertThat(e.getMessage(), containsString("xpack.security.http.ssl.keystore.secure_password"));
+        assertThat(e.getMessage(), containsString("xpack.security.authc.token.passphrase"));
     }
 
     private void assertTribeNodeHasAllIndices() throws Exception {