Batch retrieval endpoint doesn't fail when only a subset of secrets can't be retrieved

[izgeri]

Is your feature request related to a problem? Please describe.

At current, if any secret in the list of secrets I send in a batch secrets retrieval request doesn't exist, doesn't have the correct permissions, or doesn't have a value, the whole request gets a 404 response.

You can see this in the cucumber tests here:

conjur/cucumber/api/features/secrets_batch.feature

Lines 59 to 66 in ec5f88a

	Scenario: Fails with 404 if a resource doesn't exist
	When I GET "/secrets?variable_ids=cucumber:variable:secret1,cucumber:variable:not-a-secret"
	Then the HTTP response status code is 404
	Scenario: Fails with 404 if a resource doesn't have a value
	Given I create a new "variable" resource called "secret-no-value"
	When I GET "/secrets?variable_ids=cucumber:variable:secret1,cucumber:variable:secret-no-value"
	Then the HTTP response status code is 404

Describe the solution you would like

Rather than failing the whole request if a subset of variables aren't available, the UX would be better if the response included a list of all of the variables requested and their individual response codes.

An example design for how this might work is here; please note that @rafis3 had feedback that:

• I am not in favor of using POST for an API that doesn't change the state of the server.
• I would challenge the returned structure of a variable. I would return an array of list. A list contains a list of items that would be generic to any bulk API we provide, which will contain a structure that holds the error message, return code and the requested resource itself. The requested resource object would be a secret in this case, that would contain its id and value

Describe alternatives you have considered

n/a

Additional context

n/a