Fix more tests

n1v0lg · n1v0lg · commit 0be2246f5bf0 · 2025-02-07T13:40:39.000+01:00
diff --git a/docs/reference/rest-api/security/get-builtin-privileges.asciidoc b/docs/reference/rest-api/security/get-builtin-privileges.asciidoc
@@ -155,6 +155,7 @@ A successful call returns an object with "cluster", "index", and "remote_cluster
     "none",
     "read",
     "read_cross_cluster",
+    "read_failures",
     "view_index_metadata",
     "write"
   ],
diff --git a/x-pack/plugin/security/qa/multi-cluster/src/javaRestTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityFcActionAuthorizationIT.java b/x-pack/plugin/security/qa/multi-cluster/src/javaRestTest/java/org/elasticsearch/xpack/remotecluster/RemoteClusterSecurityFcActionAuthorizationIT.java
@@ -428,14 +428,15 @@ public void testUpdateCrossClusterApiKey() throws Exception {
                 ElasticsearchSecurityException.class,
                 () -> executeRemote(remoteClusterClient, TransportFieldCapabilitiesAction.REMOTE_TYPE, request)
             );
+            // TODO why did privilege order change?
             assertThat(
                 e1.getMessage(),
                 containsString(
                     "action [indices:data/read/field_caps] towards remote cluster is unauthorized "
                         + "for user [foo] with assigned roles [role] authenticated by API key id ["
                         + apiKeyId
                         + "] of user [test_user] on indices [index], this action is granted by the index privileges "
-                        + "[view_index_metadata,manage,read,all]"
+                        + "[read,view_index_metadata,manage,all]"
                 )
             );
 
@@ -483,7 +484,7 @@ public void testUpdateCrossClusterApiKey() throws Exception {
                         + "for user [foo] with assigned roles [role] authenticated by API key id ["
                         + apiKeyId
                         + "] of user [test_user] on indices [index], this action is granted by the index privileges "
-                        + "[view_index_metadata,manage,read,all]"
+                        + "[read,view_index_metadata,manage,all]"
                 )
             );
         }
diff --git a/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java b/x-pack/plugin/security/src/test/java/org/elasticsearch/xpack/security/authz/RBACEngineTests.java
@@ -1770,7 +1770,7 @@ public void testGetRoleDescriptorsForRemoteClusterForReservedRoles() {
                                 IndicesPrivileges.builder().indices("*").privileges("all").allowRestrictedIndices(false).build(),
                                 IndicesPrivileges.builder()
                                     .indices("*")
-                                    .privileges("monitor", "read", "read_cross_cluster", "view_index_metadata")
+                                    .privileges("monitor", "read", "read_cross_cluster", "read_failures", "view_index_metadata")
                                     .allowRestrictedIndices(true)
                                     .build() },
                             null,
diff --git a/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml b/x-pack/plugin/src/yamlRestTest/resources/rest-api-spec/test/privileges/11_builtin.yml
@@ -16,4 +16,4 @@ setup:
   # I would much prefer we could just check that specific entries are in the array, but we don't have
   # an assertion for that
   - length: { "cluster" : 62 }
-  - length: { "index" : 22 }
+  - length: { "index" : 23 }
