User Profile - Add rest spec files and tests (#83307)

This PR adds rest spec files and tests for existing user profile APIs.
It also includes stub doc pages so that it does not build doc builds.
But the actual content of docs will be handled in a separate PR.

docs/changelog/83307.yaml

@@ -0,0 +1,5 @@
+pr: 83307
+summary: User Profile - Add rest spec files and tests
+area: Security
+type: enhancement
+issues: []

rest-api-spec/src/main/resources/rest-api-spec/api/security.activate_user_profile.json

@@ -0,0 +1,28 @@
+{
+  "security.activate_user_profile":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-activate-user-profile.html",
+      "description":"Creates or updates the user profile on behalf of another user."
+    },
+    "stability":"experimental",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/profile/_activate",
+          "methods":[
+            "POST"
+          ]
+        }
+      ]
+    },
+    "body":{
+      "description":"The grant type and user's credential",
+      "required":true
+    }
+  }
+}

rest-api-spec/src/main/resources/rest-api-spec/api/security.get_user_profile.json

@@ -0,0 +1,35 @@
+{
+  "security.get_user_profile":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-get-user-profile.html",
+      "description":"Retrieves user profile for the given unique ID."
+    },
+    "stability":"experimental",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/profile/{uid}",
+          "methods":[
+            "GET"
+          ],
+          "parts":{
+            "uid":{
+              "type":"string",
+              "description":"An unique identifier of the user profile"
+            }
+          }
+        }
+      ]
+    },
+    "params":{
+      "data":{
+        "type":"list",
+        "description":"A comma-separated list of keys for which the corresponding application data are retrieved."
+      }
+    }
+  }
+}

rest-api-spec/src/main/resources/rest-api-spec/api/security.update_user_profile_data.json

@@ -0,0 +1,53 @@
+{
+  "security.update_user_profile_data":{
+    "documentation":{
+      "url":"https://www.elastic.co/guide/en/elasticsearch/reference/current/security-api-update-user-profile-data.html",
+      "description":"Update application specific data for the user profile of the given unique ID."
+    },
+    "stability":"experimental",
+    "visibility":"public",
+    "headers":{
+      "accept": [ "application/json"],
+      "content_type": ["application/json"]
+    },
+    "url":{
+      "paths":[
+        {
+          "path":"/_security/profile/_data/{uid}",
+          "methods":[
+            "POST"
+          ],
+          "parts":{
+            "uid":{
+              "type":"string",
+              "description":"An unique identifier of the user profile"
+            }
+          }
+        }
+      ]
+    },
+    "params":{
+      "if_seq_no":{
+        "type":"number",
+        "description":"only perform the update operation if the last operation that has changed the document has the specified sequence number"
+      },
+      "if_primary_term":{
+        "type":"number",
+        "description":"only perform the update operation if the last operation that has changed the document has the specified primary term"
+      },
+      "refresh":{
+        "type":"enum",
+        "options":[
+          "true",
+          "false",
+          "wait_for"
+        ],
+        "description":"If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes."
+      }
+    },
+    "body":{
+      "description":"The application data to update",
+      "required":true
+    }
+  }
+}

x-pack/docs/en/rest-api/security.asciidoc

@@ -181,3 +181,6 @@ include::security/saml-invalidate-api.asciidoc[]
 include::security/saml-complete-logout-api.asciidoc[]
 include::security/saml-sp-metadata.asciidoc[]
 include::security/ssl.asciidoc[]
+include::security/get-user-profile.asciidoc[]
+include::security/activate-user-profile.asciidoc[]
+include::security/update-user-profile-data.asciidoc[]

x-pack/docs/en/rest-api/security/activate-user-profile.asciidoc

@@ -0,0 +1,10 @@
+[role="xpack"]
+[[security-api-activiate-user-profile]]
+=== Activate user profile API
+++++
+<titleabbrev>Activate user profile</titleabbrev>
+++++
+
+Creates or updates the user profile on behalf of another user
+
+coming::[8.2.0]

x-pack/docs/en/rest-api/security/get-user-profile.asciidoc

@@ -0,0 +1,10 @@
+[role="xpack"]
+[[security-api-get-user-profile]]
+=== Get user profile API
+++++
+<titleabbrev>Get user profile</titleabbrev>
+++++
+
+Retrieves a user's profile given the unique profile ID
+
+coming::[8.2.0]

x-pack/docs/en/rest-api/security/update-user-profile-data.asciidoc

@@ -0,0 +1,10 @@
+[role="xpack"]
+[[security-api-update-user-profile-data]]
+=== Activate user profile data API
+++++
+<titleabbrev>Update user profile data</titleabbrev>
+++++
+
+Update application specific data for the user profile of the given unique ID.
+
+coming::[8.2.0]

x-pack/plugin/build.gradle

@@ -153,6 +153,7 @@ testClusters.configureEach {
 
   if (BuildParams.isSnapshotBuild() == false) {
     systemProperty 'es.index_mode_feature_flag_registered', 'true'
+    systemProperty 'es.user_profile_feature_flag_enabled', 'true'
   }
 }
 

x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/user_profile/10_basic.yml

@@ -0,0 +1,112 @@
+---
+setup:
+  - skip:
+      features: stash_in_key
+
+  - do:
+      cluster.health:
+        wait_for_status: yellow
+
+  - do:
+      security.put_user:
+        username: "joe"
+        body:  >
+          {
+            "password" : "s3krit-password",
+            "roles" : [ "superuser" ],
+            "full_name" : "Bazooka Joe",
+            "email" : "joe@bazooka.gum"
+          }
+
+---
+teardown:
+  - do:
+      security.delete_user:
+        username: "joe"
+        ignore: 404
+
+---
+"Test user profile apis":
+  - do:
+      security.activate_user_profile:
+        body: >
+          {
+            "grant_type": "password",
+            "username": "joe",
+            "password" : "s3krit-password"
+          }
+  - is_true: uid
+  - match: { "user.username" : "joe" }
+  - match: { "user.roles" : [ "superuser" ] }
+  - match: { "user.full_name" : "Bazooka Joe" }
+  - is_true: _doc
+  - set: { uid: profile_uid }
+
+  - do:
+      security.get_user_profile:
+        uid: "$profile_uid"
+
+  - length: { $body: 1 }
+  - is_true: "$profile_uid"
+  - set: { $profile_uid: profile }
+  - match: { $profile.uid : "$profile_uid" }
+  - match: { $profile.user.username : "joe" }
+  - match: { $profile.data : {} }
+
+  - do:
+      security.update_user_profile_data:
+        uid: "$profile_uid"
+        body: >
+          {
+            "data": {
+              "app1": {
+                "theme": "default"
+              },
+              "app2": {
+                "theme": "dark"
+              }
+            }
+          }
+
+  - is_true: acknowledged
+
+  # Get the update profile with application data
+  - do:
+      security.get_user_profile:
+        uid: "$profile_uid"
+        data: "app1"
+
+  - length: { $body: 1 }
+  - is_true: "$profile_uid"
+  - set: { $profile_uid: profile }
+  - match: { $profile.data: { "app1": { "theme": "default" } } }
+
+  # Activate again should get the same profile
+  - do:
+      security.activate_user_profile:
+        body: >
+          {
+            "grant_type": "password",
+            "username": "joe",
+            "password" : "s3krit-password"
+          }
+  - match: { "uid" : "$profile_uid" }
+
+  # Data should be preserved
+  - do:
+      security.get_user_profile:
+        uid: "$profile_uid"
+        data: "*"
+
+  - length: { $body: 1 }
+  - is_true: "$profile_uid"
+  - set: { $profile_uid: profile }
+  - match: { $profile.data: { "app1": { "theme": "default" }, "app2": { "theme": "dark"} } }
+
+  # Attempting to get a non-existing profile leads to 404
+  - do:
+      catch: missing
+      security.get_user_profile:
+        uid: no_such_profile_uid
+
+  - length: { $body: 0 }