Add cross cluster security APIs

[lcawl]

The create and update cross cluster key APIs were not appearing in the OpenAPI output, so I've created an initial pass at the necessary files per https://github.com/elastic/elasticsearch-specification/blob/main/docs/add-new-api.md

The descriptions are copied from https://www.elastic.co/guide/en/elasticsearch/reference/master/security-api-update-cross-cluster-api-key.html and

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.update_cross_cluster_api_key	🔴	1/2	2/2

You can validate these APIs yourself by using the make validate target.

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.create_cross_cluster_api_key	🔴	0/3	3/3
security.update_cross_cluster_api_key	🔴	1/2	2/2

You can validate these APIs yourself by using the make validate target.

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.create_cross_cluster_api_key	🔴	0/3	3/3
security.update_cross_cluster_api_key	🔴	1/2	2/2

You can validate these APIs yourself by using the make validate target.

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	🟢	9/9	9/9
security.authenticate	🟢	30/30	30/30
security.bulk_delete_role	🟢	1/1	1/1
security.bulk_put_role	🔴	0/1	1/1
security.bulk_update_api_keys	🟠	Missing type	Missing type
security.change_password	🟢	9/9	9/9
security.clear_api_key_cache	🟢	13/13	13/13
security.clear_cached_privileges	🟢	3/3	3/3
security.clear_cached_realms	🟢	1/1	1/1
security.clear_cached_roles	🟢	2/2	2/2
security.clear_cached_service_tokens	🟢	4/4	4/4
security.create_api_key	🔴	66/68	59/59
security.create_cross_cluster_api_key	🔴	0/3	3/3
security.create_service_token	🟢	3/3	3/3
security.delete_privileges	🟢	6/6	6/6
security.delete_role_mapping	🟢	9/9	9/9
security.delete_role	🟢	8/8	8/8
security.delete_service_token	⚪	Missing test	Missing test
security.delete_user	🟢	9/9	9/9
security.disable_user_profile	🟢	1/1	1/1
security.disable_user	🟢	3/3	3/3
security.enable_user_profile	🟢	1/1	1/1
security.enable_user	🟢	4/4	4/4
security.enroll_kibana	⚪	Missing test	Missing test
security.enroll_node	⚪	Missing test	Missing test
security.get_api_key	🔴	38/38	15/38
security.get_builtin_privileges	🔴	2/2	1/2
security.get_privileges	🟢	12/12	12/12
security.get_role_mapping	🔴	18/18	10/18
security.get_role	🔴	24/24	21/24
security.get_service_accounts	⚪	Missing test	Missing test
security.get_service_credentials	🟢	1/1	1/1
security.get_settings	🟠	Missing type	Missing type
security.get_token	🟢	25/25	24/24
security.get_user_privileges	🔴	8/8	7/8
security.get_user_profile	🟢	8/8	8/8
security.get_user	🟢	25/25	25/25
security.grant_api_key	🟢	7/7	7/7
security.has_privileges_user_profile	🟢	3/3	3/3
security.has_privileges	🟢	24/24	24/24
security.invalidate_api_key	🟢	12/12	12/12
security.invalidate_token	🟢	11/11	11/11
security.oidc_authenticate	🟠	Missing type	Missing type
security.oidc_logout	🟠	Missing type	Missing type
security.oidc_prepare_authentication	🟠	Missing type	Missing type
security.put_privileges	🟢	10/10	10/10
security.put_role_mapping	🔴	2/11	11/11
security.put_role	🔴	31/39	38/38
security.put_user	🟢	48/48	47/47
security.query_api_keys	🔴	14/14	1/14
security.query_role	🟢	2/2	2/2
security.query_user	🟢	4/4	4/4
security.saml_authenticate	⚪	Missing test	Missing test
security.saml_complete_logout	⚪	Missing test	Missing test
security.saml_invalidate	⚪	Missing test	Missing test
security.saml_logout	⚪	Missing test	Missing test
security.saml_prepare_authentication	⚪	Missing test	Missing test
security.saml_service_provider_metadata	⚪	Missing test	Missing test
security.suggest_user_profiles	🟢	1/1	1/1
security.update_api_key	🟢	5/5	5/5
security.update_cross_cluster_api_key	🟢	2/2	2/2
security.update_settings	🟠	Missing type	Missing type
security.update_user_profile_data	🟢	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	🟢	9/9	9/9
security.authenticate	🟢	30/30	30/30
security.bulk_delete_role	🟢	1/1	1/1
security.bulk_put_role	🔴	0/1	1/1
security.bulk_update_api_keys	🟠	Missing type	Missing type
security.change_password	🟢	9/9	9/9
security.clear_api_key_cache	🟢	13/13	13/13
security.clear_cached_privileges	🟢	3/3	3/3
security.clear_cached_realms	🟢	1/1	1/1
security.clear_cached_roles	🟢	2/2	2/2
security.clear_cached_service_tokens	🟢	4/4	4/4
security.create_api_key	🔴	66/68	59/59
security.create_cross_cluster_api_key	🔴	0/3	3/3
security.create_service_token	🟢	3/3	3/3
security.delete_privileges	🟢	6/6	6/6
security.delete_role_mapping	🟢	9/9	9/9
security.delete_role	🟢	8/8	8/8
security.delete_service_token	⚪	Missing test	Missing test
security.delete_user	🟢	9/9	9/9
security.disable_user_profile	🟢	1/1	1/1
security.disable_user	🟢	3/3	3/3
security.enable_user_profile	🟢	1/1	1/1
security.enable_user	🟢	4/4	4/4
security.enroll_kibana	⚪	Missing test	Missing test
security.enroll_node	⚪	Missing test	Missing test
security.get_api_key	🔴	38/38	15/38
security.get_builtin_privileges	🔴	2/2	1/2
security.get_privileges	🟢	12/12	12/12
security.get_role_mapping	🔴	18/18	10/18
security.get_role	🔴	24/24	21/24
security.get_service_accounts	⚪	Missing test	Missing test
security.get_service_credentials	🟢	1/1	1/1
security.get_settings	🟠	Missing type	Missing type
security.get_token	🟢	25/25	24/24
security.get_user_privileges	🔴	8/8	7/8
security.get_user_profile	🟢	8/8	8/8
security.get_user	🟢	25/25	25/25
security.grant_api_key	🟢	7/7	7/7
security.has_privileges_user_profile	🟢	3/3	3/3
security.has_privileges	🟢	24/24	24/24
security.invalidate_api_key	🟢	12/12	12/12
security.invalidate_token	🟢	11/11	11/11
security.oidc_authenticate	🟠	Missing type	Missing type
security.oidc_logout	🟠	Missing type	Missing type
security.oidc_prepare_authentication	🟠	Missing type	Missing type
security.put_privileges	🟢	10/10	10/10
security.put_role_mapping	🔴	2/11	11/11
security.put_role	🔴	31/39	38/38
security.put_user	🟢	48/48	47/47
security.query_api_keys	🔴	14/14	1/14
security.query_role	🟢	2/2	2/2
security.query_user	🟢	4/4	4/4
security.saml_authenticate	⚪	Missing test	Missing test
security.saml_complete_logout	⚪	Missing test	Missing test
security.saml_invalidate	⚪	Missing test	Missing test
security.saml_logout	⚪	Missing test	Missing test
security.saml_prepare_authentication	⚪	Missing test	Missing test
security.saml_service_provider_metadata	⚪	Missing test	Missing test
security.suggest_user_profiles	🟢	1/1	1/1
security.update_api_key	🟢	5/5	5/5
security.update_cross_cluster_api_key	🟢	2/2	2/2
security.update_settings	🟠	Missing type	Missing type
security.update_user_profile_data	🟢	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	🟢	9/9	9/9
security.authenticate	🟢	30/30	30/30
security.bulk_delete_role	🟢	1/1	1/1
security.bulk_put_role	🔴	0/1	1/1
security.bulk_update_api_keys	🟠	Missing type	Missing type
security.change_password	🟢	9/9	9/9
security.clear_api_key_cache	🟢	13/13	13/13
security.clear_cached_privileges	🟢	3/3	3/3
security.clear_cached_realms	🟢	1/1	1/1
security.clear_cached_roles	🟢	2/2	2/2
security.clear_cached_service_tokens	🟢	4/4	4/4
security.create_api_key	🔴	66/68	59/59
security.create_cross_cluster_api_key	🔴	0/3	3/3
security.create_service_token	🟢	3/3	3/3
security.delete_privileges	🟢	6/6	6/6
security.delete_role_mapping	🟢	9/9	9/9
security.delete_role	🟢	8/8	8/8
security.delete_service_token	⚪	Missing test	Missing test
security.delete_user	🟢	9/9	9/9
security.disable_user_profile	🟢	1/1	1/1
security.disable_user	🟢	3/3	3/3
security.enable_user_profile	🟢	1/1	1/1
security.enable_user	🟢	4/4	4/4
security.enroll_kibana	⚪	Missing test	Missing test
security.enroll_node	⚪	Missing test	Missing test
security.get_api_key	🔴	38/38	15/38
security.get_builtin_privileges	🔴	2/2	1/2
security.get_privileges	🟢	12/12	12/12
security.get_role_mapping	🔴	18/18	10/18
security.get_role	🔴	24/24	21/24
security.get_service_accounts	⚪	Missing test	Missing test
security.get_service_credentials	🟢	1/1	1/1
security.get_settings	🟠	Missing type	Missing type
security.get_token	🟢	25/25	24/24
security.get_user_privileges	🔴	8/8	7/8
security.get_user_profile	🟢	8/8	8/8
security.get_user	🟢	25/25	25/25
security.grant_api_key	🟢	7/7	7/7
security.has_privileges_user_profile	🟢	3/3	3/3
security.has_privileges	🟢	24/24	24/24
security.invalidate_api_key	🟢	12/12	12/12
security.invalidate_token	🟢	11/11	11/11
security.oidc_authenticate	🟠	Missing type	Missing type
security.oidc_logout	🟠	Missing type	Missing type
security.oidc_prepare_authentication	🟠	Missing type	Missing type
security.put_privileges	🟢	10/10	10/10
security.put_role_mapping	🔴	2/11	11/11
security.put_role	🔴	31/39	38/38
security.put_user	🟢	48/48	47/47
security.query_api_keys	🔴	14/14	1/14
security.query_role	🟢	2/2	2/2
security.query_user	🟢	4/4	4/4
security.saml_authenticate	⚪	Missing test	Missing test
security.saml_complete_logout	⚪	Missing test	Missing test
security.saml_invalidate	⚪	Missing test	Missing test
security.saml_logout	⚪	Missing test	Missing test
security.saml_prepare_authentication	⚪	Missing test	Missing test
security.saml_service_provider_metadata	⚪	Missing test	Missing test
security.suggest_user_profiles	🟢	1/1	1/1
security.update_api_key	🟢	5/5	5/5
security.update_cross_cluster_api_key	🟢	2/2	2/2
security.update_settings	🟠	Missing type	Missing type
security.update_user_profile_data	🟢	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[n1v0lg]

Thanks for picking this up! I have a high-level comment on the Access model -- we want a new SearchAccess model there, instead of re-using RemoteIndicesPrivileges since those are subtly different (see my inline comment).

[github-actions]

Following you can find the validation results for the APIs you have changed.

API	Status	Request	Response
security.activate_user_profile	🟢	9/9	9/9
security.authenticate	🟢	30/30	30/30
security.bulk_delete_role	🟢	1/1	1/1
security.bulk_put_role	🔴	0/1	1/1
security.bulk_update_api_keys	🟠	Missing type	Missing type
security.change_password	🟢	9/9	9/9
security.clear_api_key_cache	🟢	13/13	13/13
security.clear_cached_privileges	🟢	3/3	3/3
security.clear_cached_realms	🟢	1/1	1/1
security.clear_cached_roles	🟢	2/2	2/2
security.clear_cached_service_tokens	🟢	4/4	4/4
security.create_api_key	🔴	66/68	59/59
security.create_cross_cluster_api_key	🔴	2/3	3/3
security.create_service_token	🟢	3/3	3/3
security.delete_privileges	🟢	6/6	6/6
security.delete_role_mapping	🟢	9/9	9/9
security.delete_role	🟢	8/8	8/8
security.delete_service_token	⚪	Missing test	Missing test
security.delete_user	🟢	9/9	9/9
security.disable_user_profile	🟢	1/1	1/1
security.disable_user	🟢	3/3	3/3
security.enable_user_profile	🟢	1/1	1/1
security.enable_user	🟢	4/4	4/4
security.enroll_kibana	⚪	Missing test	Missing test
security.enroll_node	⚪	Missing test	Missing test
security.get_api_key	🔴	38/38	15/38
security.get_builtin_privileges	🔴	2/2	1/2
security.get_privileges	🟢	12/12	12/12
security.get_role_mapping	🔴	18/18	10/18
security.get_role	🔴	24/24	21/24
security.get_service_accounts	⚪	Missing test	Missing test
security.get_service_credentials	🟢	1/1	1/1
security.get_settings	🟠	Missing type	Missing type
security.get_token	🟢	25/25	24/24
security.get_user_privileges	🔴	8/8	7/8
security.get_user_profile	🟢	8/8	8/8
security.get_user	🟢	25/25	25/25
security.grant_api_key	🟢	7/7	7/7
security.has_privileges_user_profile	🟢	3/3	3/3
security.has_privileges	🟢	24/24	24/24
security.invalidate_api_key	🟢	12/12	12/12
security.invalidate_token	🟢	11/11	11/11
security.oidc_authenticate	🟠	Missing type	Missing type
security.oidc_logout	🟠	Missing type	Missing type
security.oidc_prepare_authentication	🟠	Missing type	Missing type
security.put_privileges	🟢	10/10	10/10
security.put_role_mapping	🔴	2/11	11/11
security.put_role	🔴	31/39	38/38
security.put_user	🟢	48/48	47/47
security.query_api_keys	🔴	14/14	1/14
security.query_role	🟢	2/2	2/2
security.query_user	🟢	4/4	4/4
security.saml_authenticate	⚪	Missing test	Missing test
security.saml_complete_logout	⚪	Missing test	Missing test
security.saml_invalidate	⚪	Missing test	Missing test
security.saml_logout	⚪	Missing test	Missing test
security.saml_prepare_authentication	⚪	Missing test	Missing test
security.saml_service_provider_metadata	⚪	Missing test	Missing test
security.suggest_user_profiles	🟢	1/1	1/1
security.update_api_key	🟢	5/5	5/5
security.update_cross_cluster_api_key	🟢	2/2	2/2
security.update_settings	🟠	Missing type	Missing type
security.update_user_profile_data	🟢	1/1	1/1

You can validate these APIs yourself by using the make validate target.

[n1v0lg]

LGTM!