Revert "Restrict Connector APIs to manage/monitor_connector privileges (#119389)" (#119833)

This reverts commit c88eef3.

Author: jedrazb

docs/changelog/119389.yaml

@@ -4,12 +4,13 @@ admin:
     - manage_behavioral_analytics
     - manage
     - monitor
-    - manage_connector
   indices:
     - names: [
         # indices and search applications
         "test-*",
         "another-test-search-application",
+        ".elastic-connectors-v1",
+        ".elastic-connectors-sync-jobs-v1"
     ]
       privileges: [ "manage", "write", "read" ]
 
@@ -19,15 +20,16 @@ user:
     - manage_api_key
     - read_connector_secrets
     - write_connector_secrets
-    - monitor_connector
   indices:
     - names: [
       "test-index1",
       "test-search-application",
       "test-search-application-1",
       "test-search-application-with-aggs",
       "test-search-application-with-list",
-      "test-search-application-with-list-invalid"
+      "test-search-application-with-list-invalid",
+      ".elastic-connectors-v1",
+      ".elastic-connectors-sync-jobs-v1"
     ]
       privileges: [ "read" ]
 

x-pack/plugin/ent-search/qa/rest/roles.yml

@@ -9,19 +9,23 @@
 
 import org.elasticsearch.action.ActionRequest;
 import org.elasticsearch.action.ActionRequestValidationException;
+import org.elasticsearch.action.IndicesRequest;
+import org.elasticsearch.action.support.IndicesOptions;
 import org.elasticsearch.cluster.metadata.MetadataCreateIndexService;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.indices.InvalidIndexNameException;
+import org.elasticsearch.xpack.application.connector.ConnectorTemplateRegistry;
 
 import java.io.IOException;
 
 import static org.elasticsearch.action.ValidateActions.addValidationError;
 import static org.elasticsearch.xpack.application.connector.ConnectorTemplateRegistry.MANAGED_CONNECTOR_INDEX_PREFIX;
 
 /**
- * Abstract base class for action requests targeting the connectors index.
+ * Abstract base class for action requests targeting the connectors index. Implements {@link org.elasticsearch.action.IndicesRequest}
+ * to ensure index-level privilege support. This class defines the connectors index as the target for all derived action requests.
  */
-public abstract class ConnectorActionRequest extends ActionRequest {
+public abstract class ConnectorActionRequest extends ActionRequest implements IndicesRequest {
 
     public ConnectorActionRequest() {
         super();
@@ -74,4 +78,14 @@ public ActionRequestValidationException validateManagedConnectorIndexPrefix(
         }
         return validationException;
     }
+
+    @Override
+    public String[] indices() {
+        return new String[] { ConnectorTemplateRegistry.CONNECTOR_INDEX_NAME_PATTERN };
+    }
+
+    @Override
+    public IndicesOptions indicesOptions() {
+        return IndicesOptions.lenientExpandHidden();
+    }
 }

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/ConnectorIndexService.java

@@ -18,6 +18,7 @@
 import org.elasticsearch.xcontent.ToXContentObject;
 import org.elasticsearch.xcontent.XContentBuilder;
 import org.elasticsearch.xcontent.XContentParser;
+import org.elasticsearch.xpack.application.connector.ConnectorTemplateRegistry;
 
 import java.io.IOException;
 import java.util.Objects;
@@ -27,7 +28,7 @@
 
 public class DeleteConnectorAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/delete";
+    public static final String NAME = "indices:data/write/xpack/connector/delete";
     public static final ActionType<AcknowledgedResponse> INSTANCE = new ActionType<>(NAME);
 
     private DeleteConnectorAction() {/* no instances */}
@@ -70,6 +71,14 @@ public boolean shouldDeleteSyncJobs() {
             return deleteSyncJobs;
         }
 
+        @Override
+        public String[] indices() {
+            // When deleting a connector, corresponding sync jobs can also be deleted
+            return new String[] {
+                ConnectorTemplateRegistry.CONNECTOR_SYNC_JOBS_INDEX_NAME_PATTERN,
+                ConnectorTemplateRegistry.CONNECTOR_INDEX_NAME_PATTERN };
+        }
+
         @Override
         public void writeTo(StreamOutput out) throws IOException {
             super.writeTo(out);

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/action/ConnectorActionRequest.java

@@ -28,7 +28,7 @@
 
 public class GetConnectorAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/get";
+    public static final String NAME = "indices:data/read/xpack/connector/get";
     public static final ActionType<GetConnectorAction.Response> INSTANCE = new ActionType<>(NAME);
 
     private GetConnectorAction() {/* no instances */}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/action/DeleteConnectorAction.java

@@ -34,7 +34,7 @@
 
 public class ListConnectorAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/list";
+    public static final String NAME = "indices:data/read/xpack/connector/list";
     public static final ActionType<ListConnectorAction.Response> INSTANCE = new ActionType<>(NAME);
 
     private ListConnectorAction() {/* no instances */}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/action/GetConnectorAction.java

@@ -25,7 +25,7 @@
 
 public class PostConnectorAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/post";
+    public static final String NAME = "indices:data/write/xpack/connector/post";
     public static final ActionType<ConnectorCreateActionResponse> INSTANCE = new ActionType<>(NAME);
 
     private PostConnectorAction() {/* no instances */}

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/action/ListConnectorAction.java

@@ -9,6 +9,7 @@
 
 import org.elasticsearch.action.ActionRequestValidationException;
 import org.elasticsearch.action.ActionType;
+import org.elasticsearch.action.IndicesRequest;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
@@ -26,12 +27,12 @@
 
 public class PutConnectorAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/put";
+    public static final String NAME = "indices:data/write/xpack/connector/put";
     public static final ActionType<ConnectorCreateActionResponse> INSTANCE = new ActionType<>(NAME);
 
     private PutConnectorAction() {/* no instances */}
 
-    public static class Request extends ConnectorActionRequest implements ToXContentObject {
+    public static class Request extends ConnectorActionRequest implements IndicesRequest, ToXContentObject {
 
         @Nullable
         private final String connectorId;

x-pack/plugin/ent-search/src/main/java/org/elasticsearch/xpack/application/connector/action/PostConnectorAction.java

@@ -22,7 +22,7 @@
 
 public class UpdateConnectorActiveFilteringAction {
 
-    public static final String NAME = "cluster:admin/xpack/connector/update_filtering/activate";
+    public static final String NAME = "indices:data/write/xpack/connector/update_filtering/activate";
     public static final ActionType<ConnectorUpdateActionResponse> INSTANCE = new ActionType<>(NAME);
 
     private UpdateConnectorActiveFilteringAction() {/* no instances */}