[Roles API] Change Kibana Role API to have consistent ingest/export

[EthanStrider]

Describe the feature:

Right now, if you use the Kibana Role API to export a role, it outputs a format that is not immediately ingestable by the same Kibana Role API.

In other words, it you do a GET on the API, you cannot use the resulting JSON to do a PUT. The outputted role (json) requires manual adjustments.

Specifically, you have to manually remove the following keys: name, transient_metadata, transform_error and unrecognized_applications.

Example error from curl PUT command:

{
  "statusCode": 400,
  "error": "Bad Request",
  "message": "\"name\" is not allowed. \"transient_metadata\" is not allowed. \"_transform_error\" is not allowed. \"_unrecognized_applications\" is not allowed",
  "validation": {
    "source": "payload",
    "keys": [
      "name",
      "transient_metadata",
      "_transform_error",
      "_unrecognized_applications"
    ]
  }
}

The API should either output in a format that is immediately ingestable, or it should ignore any unnecessary fields that are included in default output.

@kobelb Thanks for the help!

[elasticmachine]

Pinging @elastic/kibana-security (Team:Security)

[legrego]

Thank you for contributing to this issue, however, we are closing this issue due to inactivity as part of a backlog grooming effort. If you believe this feature/bug should still be considered, please reopen with a comment.

[GeorgeGkinis]

I just stumbled across this issue.

We cannot just GET the roles and then PUT them as the following JSON fields are unsupported by PUT but returned by GET: "_transform_error": [], "_unrecognized_applications": [] "name":"role-name" "transient_metadata": { "enabled": true },

[GeorgeGkinis]

@legrego Could we reopen this please?