[BUG] Few SecurityClient actions require "request body", whereas spec says "body" is optional.

[saimedhi]

What is the bug?

• The below SecurityClient APIs require "request body", whereas spec says "body" is optional.
• create_action_group, patch_action_group, patch_action_groups, create_tenant, update_distinguished_names
• When making requests without a body, I am getting an error as seen in the screenshot

What is the expected behavior?

This issue aims to update the API specifications to indicate that a request body is mandatory for these APIs.

Do you have any screenshots?

[saimedhi]

I verified for create_action_group, patch_action_group, patch_action_groups, create_tenant.
But I couldn't verify for update_distinguished_names.
Getting no handler found for uri [/_plugins/_security/api/nodesdn] when using get_distinguished_names

[Xtansia]

I verified for create_action_group, patch_action_group, patch_action_groups, create_tenant. But I couldn't verify for update_distinguished_names. Getting no handler found for uri [/_plugins/_security/api/nodesdn] when using get_distinguished_names

The distinguished names api requires enabling in config: https://opensearch.org/docs/latest/security/access-control/api/#distinguished-names

[saimedhi]

I verified for create_action_group, patch_action_group, patch_action_groups, create_tenant. But I couldn't verify for update_distinguished_names. Getting no handler found for uri [/_plugins/_security/api/nodesdn] when using get_distinguished_names

The distinguished names api requires enabling in config: https://opensearch.org/docs/latest/security/access-control/api/#distinguished-names

I did it then getting

{
   "status": "FORBIDDEN",
   "message": "API allowed only for admin."
}

I may have to make few other changes to config file.

Please confirm if spec needs to be changed or not?

[Xtansia]

I verified for create_action_group, patch_action_group, patch_action_groups, create_tenant. But I couldn't verify for update_distinguished_names. Getting no handler found for uri [/_plugins/_security/api/nodesdn] when using get_distinguished_names

The distinguished names api requires enabling in config: https://opensearch.org/docs/latest/security/access-control/api/#distinguished-names

I did it then getting

{
   "status": "FORBIDDEN",
   "message": "API allowed only for admin."
}

I may have to make few other changes to config file.

Please confirm if spec needs to be changed or not?

I believe the API is only accessible to the "super-admin" or users which have been granted the correct permission. The super-admin in the demo config is authenticated via certificates, it's different to the admin:admin user.

[nhtruong]

@Tokesh @aabeshov Would you mind taking a look at this?

[Tokesh]

@Tokesh @aabeshov Would you mind taking a look at this?

If all goes well, we'll check it out over the weekend.

[Tokesh]

I have now tried to run this update_distinguished_names API. I got the same answer.
I can suggest that I update the rest of the specs that you have already checked (create_action_group, patch_action_group, patch_action_groups, create_tenant)

[nhtruong]

closed by #149