Spec for the new Query Role API

[albertzaharovits]

The rest specs for the new query role API in 8.15 https://github.com/elastic/elasticsearch/pull/108733 . The docs for it are at https://github.com/elastic/elasticsearch/pull/110473 .

[l-trotta]

is there no json spec for this in the server code? we cannot validate this nor generate the output without that at the moment nevermind it's because of the plural thing, @albertzaharovits the endpoint names should all match, like query_api_keys is plural everywhere. I'd change everything to be query_role (so just the folder should be changed)

[albertzaharovits]

Thanks @l-trotta . I've addressed your review. Please take another look.

[l-trotta]

following what the validator is saying, description should also be added as property to RoleDescriptorRead

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:orange_circle:	Missing type	Missing type
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:red_circle:	3/3	0/3
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[l-trotta]

we're missing the name field from the query role response, should it be added in QueryRole? because in the server I see that's in RoleDescriptor, but then when that class is deserialized the name is usually lifted in the response map

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:orange_circle:	Missing type	Missing type
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:green_circle:	3/3	3/3
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[github-actions[bot]]

The backport to 8.15 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-8.15 8.15
# Navigate to the new working tree
cd .worktrees/backport-8.15
# Create a new branch
git switch --create backport-2676-to-8.15
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 e021a35cc234a48828c43e61621ad2c6e99ea625
# Push it to GitHub
git push --set-upstream origin backport-2676-to-8.15
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-8.15

Then, create a pull request where the base branch is 8.15 and the compare/head branch is backport-2676-to-8.15.

[albertzaharovits]

Thank you for your help on this @l-trotta ! Much appreciated.