[backport] Testing queryable built-in role synchronization (#119178)

Backport of #118964

Author: slobodanadamovic

muted-tests.yml

@@ -317,9 +317,6 @@ tests:
 - class: org.elasticsearch.xpack.inference.DefaultEndPointsIT
   method: testMultipleInferencesTriggeringDownloadAndDeploy
   issue: https://github.com/elastic/elasticsearch/issues/117208
-- class: org.elasticsearch.xpack.security.QueryableReservedRolesIT
-  method: testDeletingAndCreatingSecurityIndexTriggersSynchronization
-  issue: https://github.com/elastic/elasticsearch/issues/118806
 
 # Examples:
 #
@@ -438,4 +435,4 @@ tests:
   issue: https://github.com/elastic/elasticsearch/issues/119159
 - class: org.elasticsearch.versioning.ConcurrentSeqNoVersioningIT
   method: testSeqNoCASLinearizability
-  issue: https://github.com/elastic/elasticsearch/issues/117249
+  issue: https://github.com/elastic/elasticsearch/issues/117249

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/QueryableBuiltInRolesSynchronizer.java

@@ -201,20 +201,33 @@ public void clusterChanged(ClusterChangedEvent event) {
         }
     }
 
+    /**
+     * @return {@code true} if the synchronization of built-in roles is in progress, {@code false} otherwise
+     */
+    public boolean isSynchronizationInProgress() {
+        return synchronizationInProgress.get();
+    }
+
     private void syncBuiltInRoles(final QueryableBuiltInRoles roles) {
         if (synchronizationInProgress.compareAndSet(false, true)) {
-            final Map<String, String> indexedRolesDigests = readIndexedBuiltInRolesDigests(clusterService.state());
-            if (roles.rolesDigest().equals(indexedRolesDigests)) {
-                logger.debug("Security index already contains the latest built-in roles indexed, skipping synchronization");
-                return;
-            }
-            executor.execute(() -> doSyncBuiltinRoles(indexedRolesDigests, roles, ActionListener.wrap(v -> {
-                logger.info("Successfully synced [" + roles.roleDescriptors().size() + "] built-in roles to .security index");
-                synchronizationInProgress.set(false);
-            }, e -> {
-                handleException(e);
+            try {
+                final Map<String, String> indexedRolesDigests = readIndexedBuiltInRolesDigests(clusterService.state());
+                if (roles.rolesDigest().equals(indexedRolesDigests)) {
+                    logger.debug("Security index already contains the latest built-in roles indexed, skipping roles synchronization");
+                    synchronizationInProgress.set(false);
+                } else {
+                    executor.execute(() -> doSyncBuiltinRoles(indexedRolesDigests, roles, ActionListener.wrap(v -> {
+                        logger.info("Successfully synced [" + roles.roleDescriptors().size() + "] built-in roles to .security index");
+                        synchronizationInProgress.set(false);
+                    }, e -> {
+                        handleException(e);
+                        synchronizationInProgress.set(false);
+                    })));
+                }
+            } catch (Exception e) {
+                logger.error("Failed to sync built-in roles", e);
                 synchronizationInProgress.set(false);
-            })));
+            }
         }
     }
 
@@ -466,6 +479,10 @@ static class MarkRolesAsSyncedTask implements ClusterStateTaskListener {
             this.newRoleDigests = newRoleDigests;
         }
 
+        public Map<String, String> getNewRoleDigests() {
+            return newRoleDigests;
+        }
+
         Tuple<ClusterState, Map<String, String>> execute(ClusterState state) {
             IndexMetadata indexMetadata = state.metadata().index(concreteSecurityIndexName);
             if (indexMetadata == null) {

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/support/QueryableReservedRolesProvider.java

@@ -23,7 +23,7 @@
  * The reserved roles are static and do not change during runtime, hence this provider will never notify any listeners.
  * </p>
  */
-public final class QueryableReservedRolesProvider implements QueryableBuiltInRoles.Provider {
+public class QueryableReservedRolesProvider implements QueryableBuiltInRoles.Provider {
 
     private final Supplier<QueryableBuiltInRoles> reservedRolesSupplier;