Only include settings file for working ES versions (#116250)

To avoid failed cluster starts due to
#91939 in upgrade tests,
we should only include `settings.json` file if we are above the buggy
version. I missed "forward-porting" this to main. 

A follow-up PR will port the suite over to the new parametrized upgrade
test class and remove the settings file from the generic upgrade test
flow altogether.

Author: n1v0lg

x-pack/qa/rolling-upgrade/build.gradle

@@ -88,7 +88,14 @@ BuildParams.bwcVersions.withWireCompatible { bwcVersion, baseName ->
     keystore 'xpack.watcher.encryption_key', file("${project.projectDir}/src/test/resources/system_key")
     setting 'xpack.watcher.encrypt_sensitive_data', 'true'
 
-    extraConfigFile 'operator/settings.json', file("${project.projectDir}/src/test/resources/operator_defined_role_mappings.json")
+    // file-based settings processing had a bug around applying role mappings on an unrecovered index
+    // this was fixed in 8.7.0 (https://github.com/elastic/elasticsearch/pull/92173). To avoid flakiness
+    // in the test, we only set a role mappings file for higher versions.
+    // TODO move this out into a separate test suite, since operator settings are not relevant for most BWC tests
+    // and have some side-effects
+    if (bwcVersion.onOrAfter('8.7.0')) {
+      extraConfigFile 'operator/settings.json', file("${project.projectDir}/src/test/resources/operator_defined_role_mappings.json")
+    }
 
     // Old versions of the code contain an invalid assertion that trips
     // during tests.  Versions 5.6.9 and 6.2.4 have been fixed by removing

x-pack/qa/rolling-upgrade/src/test/java/org/elasticsearch/upgrades/SecurityIndexRoleMappingCleanupIT.java

@@ -6,6 +6,7 @@
  */
 package org.elasticsearch.upgrades;
 
+import org.elasticsearch.Version;
 import org.elasticsearch.client.Request;
 import org.elasticsearch.client.Response;
 import org.elasticsearch.client.RestClient;
@@ -24,8 +25,14 @@
 import static org.hamcrest.Matchers.containsInAnyOrder;
 
 public class SecurityIndexRoleMappingCleanupIT extends AbstractUpgradeTestCase {
+    private static final Version UPGRADE_FROM_VERSION = Version.fromString(System.getProperty("tests.upgrade_from_version"));
 
     public void testCleanupDuplicateMappings() throws Exception {
+        // see build.gradle where we set operator/settings.json for more details on this skip
+        assumeTrue(
+            "Cluster requires version higher than since operator/settings.json is only set then: " + Version.V_8_7_0,
+            UPGRADE_FROM_VERSION.onOrAfter(Version.V_8_7_0)
+        );
         if (CLUSTER_TYPE == ClusterType.OLD) {
             // If we're in a state where the same operator-defined role mappings can exist both in cluster state and the native store
             // (V_8_15_0 transport added to security.role_mapping_cleanup feature added), create a state