MB-65045: New Query List Index role

This adds the "Query List Index" role which has the same permissions
as the "Query Manage Index" role except it can only list indexes (cannot
manage indexes).

Change-Id: Ibe094c160553a5cbbd3717180592d3fdb078a0ec
Reviewed-on: https://review.couchbase.org/c/ns_server/+/223852
Reviewed-by: Peter Searby <[email protected]>
Tested-by: Build Bot <[email protected]>

Author: stevewatanabe

apps/ns_server/src/menelaus_roles.erl

@@ -494,6 +494,21 @@ roles() ->
        {[settings, indexes], [read]},
        {[ui], [read]},
        {[pools], [read]}]},
+     {query_list_index, ?RBAC_COLLECTION_PARAMS,
+      [{name, <<"Query List Index">>},
+       {folder, 'query'},
+       {desc, <<"Can list indexes for a given bucket, scope or collection. "
+                "This user can access the web console, can read statistics "
+                "for a given bucket, scope or collection. This user cannot "
+                "read data.">>
+       }],
+      [{[{collection, ?RBAC_COLLECTION_PARAMS}, n1ql, index], [list]},
+       {[{collection, ?RBAC_COLLECTION_PARAMS}, collections], [read]},
+       {[{bucket, bucket_name}, settings], [read]},
+       {[{bucket, bucket_name}, stats], [read]},
+       {[settings, indexes], [read]},
+       {[ui], [read]},
+       {[pools], [read]}]},
      {query_system_catalog, [],
       [{name, <<"Query System Catalog">>},
        {folder, 'query'},
@@ -2254,7 +2269,8 @@ produce_roles_by_permission_test_() ->
                             data_backup, data_dcp_reader,
                             data_monitoring, data_writer, data_reader,
                             fts_admin, fts_searcher, query_delete,
-                            query_insert, query_manage_index, query_select,
+                            query_insert, query_manage_index,
+                            query_list_index, query_select,
                             query_update, replication_target,
                             mobile_sync_gateway],
                            [[any], [TestBucket]]),