[Question/RFC] Clarification of REST API responses

[willyborankin]

Observed here: https://github.com/opensearch-project/security/issues/4393

The reason of a such behave is that we do not set default values for newly created configuration entities.

Example: HTTP GET result for roles:

 "testadmin": {
    "hash": "",
    "reserved": true,
    "hidden": false,
    "backend_roles": [],
    "attributes": {},
    "description": "Maps admin user 'osfarm_admin' custom role",
    "opendistro_security_roles": [
      "osfarm_admin",
      "internal_index_manager",
      "security_rest_api_full_access"
    ],
    "static": false
  },

but in the index we store only fields which were set by the end user and do not save default values for missing fields. As result of such logic the end user usually misunderstand why add and replace are diff operations in case of PATCH when it tries to change fields which are not part of the existing configuration entity.

Possible solutions:

• Set default values and store them in the index. The problem in this case that it will work only for new configuration entities
• Return not default values but nulls for missing fields.

[scrawfor99]

[Triage] Hi @willyborankin, thank you for filing this issue. This sounds like something where some input from people may be helpful. I am going to tag this with the RFC tag just to try to get more input. Otherwise sounds good.