From c960c3c3e11af0f577d16f1bcc8c8020d738d9f6 Mon Sep 17 00:00:00 2001
From: Keith Massey <keith.massey@elastic.co>
Date: Mon, 6 Nov 2023 17:33:57 -0600
Subject: [PATCH] cleanup

---
 docs/reference/ingest/apis/simulate-ingest.asciidoc       | 4 ++--
 .../org/elasticsearch/action/bulk/SimulateBulkAction.java | 2 +-
 .../elasticsearch/action/bulk/TransportBulkAction.java    | 7 +++++++
 .../action/bulk/TransportSimulateBulkAction.java          | 8 ++++++++
 .../core/security/authz/privilege/IndexPrivilege.java     | 6 ++++--
 .../elasticsearch/xpack/security/operator/Constants.java  | 3 +--
 6 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/docs/reference/ingest/apis/simulate-ingest.asciidoc b/docs/reference/ingest/apis/simulate-ingest.asciidoc
index ec75ab618012d..1444264161fb1 100644
--- a/docs/reference/ingest/apis/simulate-ingest.asciidoc
+++ b/docs/reference/ingest/apis/simulate-ingest.asciidoc
@@ -97,8 +97,8 @@ POST /_ingest/_simulate
 ==== {api-prereq-title}
 
 * If the {es} {security-features} are enabled, you must have the
-`read_pipeline`, `manage_pipeline`, `manage_ingest_pipelines`, or `manage`
-<<privileges-list-cluster,cluster privilege>> to use this API.
+`index` or `create` <<privileges-list-indices,index privileges>>
+to use this API.
 
 [[simulate-ingest-api-desc]]
 ==== {api-description-title}
diff --git a/server/src/main/java/org/elasticsearch/action/bulk/SimulateBulkAction.java b/server/src/main/java/org/elasticsearch/action/bulk/SimulateBulkAction.java
index 0e933ac50e27e..d7c4a67b1bd2e 100644
--- a/server/src/main/java/org/elasticsearch/action/bulk/SimulateBulkAction.java
+++ b/server/src/main/java/org/elasticsearch/action/bulk/SimulateBulkAction.java
@@ -13,7 +13,7 @@
 public class SimulateBulkAction extends ActionType<BulkResponse> {
 
     public static final SimulateBulkAction INSTANCE = new SimulateBulkAction();
-    public static final String NAME = "indices:admin/simulate/bulk";
+    public static final String NAME = "indices:data/simulate/bulk";
 
     private SimulateBulkAction() {
         super(NAME, BulkResponse::new);
diff --git a/server/src/main/java/org/elasticsearch/action/bulk/TransportBulkAction.java b/server/src/main/java/org/elasticsearch/action/bulk/TransportBulkAction.java
index a71bd2b9205c8..453785f0142f9 100644
--- a/server/src/main/java/org/elasticsearch/action/bulk/TransportBulkAction.java
+++ b/server/src/main/java/org/elasticsearch/action/bulk/TransportBulkAction.java
@@ -372,6 +372,9 @@ protected void doInternalExecute(Task task, BulkRequest bulkRequest, String exec
         indexData(task, bulkRequest, executorName, listener, autoCreateIndices, indicesThatCannotBeCreated, startTime);
     }
 
+    /*
+     * This method is responsible for creating any missing indices and indexing the data in the BulkRequest
+     */
     protected void indexData(
         Task task,
         BulkRequest bulkRequest,
@@ -432,6 +435,10 @@ protected void doRun() {
         }
     }
 
+    /*
+     * This returns the IngestService to be used for the given request. The default implementation ignores the request and always returns
+     * the same ingestService, but child classes might use information in the request in creating an IngestService specific to that request.
+     */
     protected IngestService getIngestService(BulkRequest request) {
         return ingestService;
     }
diff --git a/server/src/main/java/org/elasticsearch/action/bulk/TransportSimulateBulkAction.java b/server/src/main/java/org/elasticsearch/action/bulk/TransportSimulateBulkAction.java
index 63a8ead99960e..1cded75cceaa5 100644
--- a/server/src/main/java/org/elasticsearch/action/bulk/TransportSimulateBulkAction.java
+++ b/server/src/main/java/org/elasticsearch/action/bulk/TransportSimulateBulkAction.java
@@ -59,6 +59,10 @@ public TransportSimulateBulkAction(
         );
     }
 
+    /*
+     * This overrides indexData in TransportBulkAction in order to _not_ actually create any indices or index any data. Instead, each
+     * request gets a corresponding CREATE response, using information from the request.
+     */
     @Override
     protected void indexData(
         Task task,
@@ -92,6 +96,10 @@ protected void indexData(
         listener.onResponse(new BulkResponse(responses.toArray(new BulkItemResponse[responses.length()]), buildTookInMillis(startTime)));
     }
 
+    /*
+     * This overrides TransportSimulateBulkAction's getIngestService to allow us to provide an IngestService that handles pipeline
+     * substitutions defined in the request.
+     */
     @Override
     protected IngestService getIngestService(BulkRequest request) {
         IngestService rawIngestService = super.getIngestService(request);
diff --git a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
index b091f3bc9f894..4bbce410539cc 100644
--- a/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
+++ b/x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/authz/privilege/IndexPrivilege.java
@@ -85,12 +85,14 @@ public final class IndexPrivilege extends Privilege {
         "indices:data/write/index",
         "indices:data/write/index[*",
         "indices:data/write/index:op_type/create",
-        "indices:data/write/bulk*"
+        "indices:data/write/bulk*",
+        "indices:data/simulate/bulk*"
     );
     private static final Automaton INDEX_AUTOMATON = patterns(
         "indices:data/write/index*",
         "indices:data/write/bulk*",
-        "indices:data/write/update*"
+        "indices:data/write/update*",
+        "indices:data/simulate/bulk*"
     );
     private static final Automaton DELETE_AUTOMATON = patterns("indices:data/write/delete*", "indices:data/write/bulk*");
     private static final Automaton WRITE_AUTOMATON = patterns("indices:data/write/*", AutoPutMappingAction.NAME);
diff --git a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
index e36a79fcf0c6f..cba23bf5fdda8 100644
--- a/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
+++ b/x-pack/plugin/security/qa/operator-privileges-tests/src/javaRestTest/java/org/elasticsearch/xpack/security/operator/Constants.java
@@ -75,7 +75,6 @@ public class Constants {
         "cluster:admin/synonym_rules/get",
         "cluster:admin/synonym_rules/put",
         "cluster:admin/settings/update",
-        "indices:admin/simulate/bulk",
         "cluster:admin/slm/delete",
         "cluster:admin/slm/execute",
         "cluster:admin/slm/execute/get_expired_snapshots",
@@ -473,7 +472,6 @@ public class Constants {
         "indices:admin/seq_no/remove_retention_lease",
         "indices:admin/seq_no/renew_retention_lease",
         "indices:admin/settings/update",
-        "indices:admin/simulate/bulk",
         "indices:admin/shards/search_shards",
         "indices:admin/search/search_shards",
         "indices:admin/template/delete",
@@ -523,6 +521,7 @@ public class Constants {
         "indices:data/read/xpack/rollup/get/index/caps",
         "indices:data/read/xpack/rollup/search",
         "indices:data/read/xpack/termsenum/list",
+        "indices:data/simulate/bulk",
         "indices:data/write/bulk",
         "indices:data/write/bulk[s]",
         "indices:data/write/bulk_shard_operations[s]",