Add spec for bulk put roles

[jfreden]

This adds a new spec for the bulk put roles API added in 8.15 in https://github.com/elastic/elasticsearch/pull/109339.

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.bulk_put_role	:red_circle:	0/1	1/1

You can validate these APIs yourself by using the make validate target.

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.bulk_put_role	:red_circle:	0/1	1/1

You can validate these APIs yourself by using the make validate target.

[jfreden]

Hey @pquentin ! I've created a new PR here and can't run the failing validation locally because I don't have the needed vault permissions. Thanks!

[pquentin]

Hey @jfreden, I'll reach to you privately about this. In the meantime, I can tell you that the error is that Elasticsearch YAML tests call the bulk put role API with a description but that field is missing from the RoleDescriptor class.

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:green_circle:	1/1	1/1
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:orange_circle:	Missing type	Missing type
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[jfreden]

Great success! Thanks @pquentin ! I was able to run this locally too. 👍

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:green_circle:	1/1	1/1
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:orange_circle:	Missing type	Missing type
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:green_circle:	1/1	1/1
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:orange_circle:	Missing type	Missing type
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[pquentin]

(Sorry for the noise, I've been testing credential changes with this pull request.)

[l-trotta]

sorry I know this is again something not strictly related to the PR, but since the cluster field in RoleDescriptor only accepts cluster privilege values, should we change it from string[] to ClusterPrivilege[]?

[l-trotta]

other than that, LGTM!

[github-actions[bot]]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	:green_circle:	9/9	9/9
security.authenticate	:green_circle:	30/30	30/30
security.bulk_delete_role	:orange_circle:	Missing type	Missing type
security.bulk_put_role	:green_circle:	1/1	1/1
security.bulk_update_api_keys	:orange_circle:	Missing type	Missing type
security.change_password	:green_circle:	9/9	9/9
security.clear_api_key_cache	:green_circle:	13/13	13/13
security.clear_cached_privileges	:green_circle:	3/3	3/3
security.clear_cached_realms	:green_circle:	1/1	1/1
security.clear_cached_roles	:green_circle:	2/2	2/2
security.clear_cached_service_tokens	:green_circle:	4/4	4/4
security.create_api_key	:red_circle:	67/69	60/60
security.create_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.create_service_token	:green_circle:	3/3	3/3
security.delete_privileges	:green_circle:	6/6	6/6
security.delete_role_mapping	:green_circle:	9/9	9/9
security.delete_role	:green_circle:	8/8	8/8
security.delete_service_token	:white_circle:	Missing test	Missing test
security.delete_user	:green_circle:	9/9	9/9
security.disable_user_profile	:green_circle:	1/1	1/1
security.disable_user	:green_circle:	3/3	3/3
security.enable_user_profile	:green_circle:	1/1	1/1
security.enable_user	:green_circle:	4/4	4/4
security.enroll_kibana	:white_circle:	Missing test	Missing test
security.enroll_node	:white_circle:	Missing test	Missing test
security.get_api_key	:red_circle:	38/38	15/38
security.get_builtin_privileges	:red_circle:	2/2	1/2
security.get_privileges	:green_circle:	12/12	12/12
security.get_role_mapping	:red_circle:	18/18	10/18
security.get_role	:red_circle:	24/24	21/24
security.get_service_accounts	:white_circle:	Missing test	Missing test
security.get_service_credentials	:green_circle:	1/1	1/1
security.get_settings	:orange_circle:	Missing type	Missing type
security.get_token	:green_circle:	25/25	24/24
security.get_user_privileges	:red_circle:	8/8	7/8
security.get_user_profile	:green_circle:	8/8	8/8
security.get_user	:green_circle:	25/25	25/25
security.grant_api_key	:green_circle:	7/7	7/7
security.has_privileges_user_profile	:green_circle:	3/3	3/3
security.has_privileges	:green_circle:	24/24	24/24
security.invalidate_api_key	:green_circle:	12/12	12/12
security.invalidate_token	:green_circle:	11/11	11/11
security.oidc_authenticate	:orange_circle:	Missing type	Missing type
security.oidc_logout	:orange_circle:	Missing type	Missing type
security.oidc_prepare_authentication	:orange_circle:	Missing type	Missing type
security.put_privileges	:green_circle:	10/10	10/10
security.put_role_mapping	:red_circle:	2/11	11/11
security.put_role	:red_circle:	38/40	39/39
security.put_user	:green_circle:	49/49	48/48
security.query_api_keys	:red_circle:	14/14	1/14
security.query_role	:green_circle:	3/3	3/3
security.query_user	:orange_circle:	Missing type	Missing type
security.saml_authenticate	:white_circle:	Missing test	Missing test
security.saml_complete_logout	:white_circle:	Missing test	Missing test
security.saml_invalidate	:white_circle:	Missing test	Missing test
security.saml_logout	:white_circle:	Missing test	Missing test
security.saml_prepare_authentication	:white_circle:	Missing test	Missing test
security.saml_service_provider_metadata	:white_circle:	Missing test	Missing test
security.suggest_user_profiles	:green_circle:	1/1	1/1
security.update_api_key	:green_circle:	5/5	5/5
security.update_cross_cluster_api_key	:orange_circle:	Missing type	Missing type
security.update_settings	:orange_circle:	Missing type	Missing type
security.update_user_profile_data	:green_circle:	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[jfreden]

Thanks for the review @l-trotta ! I've updated the RoleDescriptor to use the enum for ClusterPrivilege.