[8.19] Return failure store privileges via get built-in privileges API (#125852) (#126019)

* Return failure store privileges via get built-in privileges API (#125852)

Return `read_failure_store` and `manage_failure_store` via 
`GET /_security/privilege/_builtin` API.

* add failure store privileges to get-builtin-privileges API docs

docs/reference/rest-api/security/get-builtin-privileges.asciidoc

@@ -148,6 +148,7 @@ A successful call returns an object with "cluster", "index", and "remote_cluster
     "maintenance",
     "manage",
     "manage_data_stream_lifecycle",
+    "manage_failure_store",
     "manage_follow_index",
     "manage_ilm",
     "manage_leader_index",
@@ -155,6 +156,7 @@ A successful call returns an object with "cluster", "index", and "remote_cluster
     "none",
     "read",
     "read_cross_cluster",
+    "read_failure_store",
     "view_index_metadata",
     "write"
   ],

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/privilege/RestGetBuiltinPrivilegesAction.java

@@ -28,9 +28,7 @@ import org.elasticsearch.xpack.security.authz.store.NativeRolesStore;
 import org.elasticsearch.xpack.security.rest.action.SecurityBaseRestHandler;
 
 import java.io.IOException;
-import java.util.Arrays;
 import java.util.List;
-import java.util.Set;
 
 import static org.elasticsearch.rest.RestRequest.Method.GET;
 
@@ -41,8 +39,6 @@ import static org.elasticsearch.rest.RestRequest.Method.GET;
 public class RestGetBuiltinPrivilegesAction extends SecurityBaseRestHandler {
 
     private static final Logger logger = LogManager.getLogger(RestGetBuiltinPrivilegesAction.class);
-    // TODO remove this once we can update docs tests again
-    private static final Set<String> FAILURE_STORE_PRIVILEGES_TO_EXCLUDE = Set.of("read_failure_store", "manage_failure_store");
     private final GetBuiltinPrivilegesResponseTranslator responseTranslator;
 
     public RestGetBuiltinPrivilegesAction(
@@ -75,7 +71,7 @@ public class RestGetBuiltinPrivilegesAction extends SecurityBaseRestHandler {
                     final var translatedResponse = responseTranslator.translate(response);
                     builder.startObject();
                     builder.array("cluster", translatedResponse.getClusterPrivileges());
-                    builder.array("index", filterOutFailureStorePrivileges(translatedResponse));
+                    builder.array("index", translatedResponse.getIndexPrivileges());
                     String[] remoteClusterPrivileges = translatedResponse.getRemoteClusterPrivileges();
                     if (remoteClusterPrivileges.length > 0) { // remote clusters are not supported in stateless mode, so hide entirely
                         builder.array("remote_cluster", remoteClusterPrivileges);
@@ -83,12 +79,6 @@ public class RestGetBuiltinPrivilegesAction extends SecurityBaseRestHandler {
                     builder.endObject();
                     return new RestResponse(RestStatus.OK, builder);
                 }
-
-                private static String[] filterOutFailureStorePrivileges(GetBuiltinPrivilegesResponse translatedResponse) {
-                    return Arrays.stream(translatedResponse.getIndexPrivileges())
-                        .filter(p -> false == FAILURE_STORE_PRIVILEGES_TO_EXCLUDE.contains(p))
-                        .toArray(String[]::new);
-                }
             }
         );
     }

x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml

@@ -16,4 +16,4 @@ setup:
   # I would much prefer we could just check that specific entries are in the array, but we don't have
   # an assertion for that
   - length: { "cluster" : 62 }
-  - length: { "index" : 22 }
+  - length: { "index" : 24 }