Security: remove wrapping in put user response (#33512)

This change removes the wrapping of the created field in the put user
response. The created field was added as a top level field in #32332,
while also still being wrapped within the `user` object of the
response. Since the value is available in both formats in 6.x, we can
remove the wrapped version for 7.0.

docs/reference/migration/migrate_7_0/api.asciidoc

@@ -87,3 +87,9 @@ depending on whether {security} is enabled. Previously a
 404 - NOT FOUND (IndexNotFoundException) could be returned in case the
 current user was not authorized for any alias. An empty response with
 status 200 - OK is now returned instead at all times.
+
+==== Put User API response no longer has `user` object
+
+The Put User API response was changed in 6.5.0 to add the `created` field
+outside of the user object where it previously had been. In 7.0.0 the user
+object has been removed in favor of the top level `created` field.

x-pack/docs/en/rest-api/security/create-users.asciidoc

@@ -90,9 +90,6 @@ created or updated.
 [source,js]
 --------------------------------------------------
 {
-  "user": {
-    "created" : true
-  },
   "created": true <1>
 }
 --------------------------------------------------

x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/security/action/user/PutUserResponse.java

@@ -9,7 +9,7 @@ package org.elasticsearch.xpack.core.security.action.user;
 import org.elasticsearch.action.ActionResponse;
 import org.elasticsearch.common.io.stream.StreamInput;
 import org.elasticsearch.common.io.stream.StreamOutput;
-import org.elasticsearch.common.xcontent.ToXContentFragment;
+import org.elasticsearch.common.xcontent.ToXContentObject;
 import org.elasticsearch.common.xcontent.XContentBuilder;
 
 import java.io.IOException;
@@ -18,7 +18,7 @@ import java.io.IOException;
  * Response when adding a user to the security index. Returns a
  * single boolean field for whether the user was created or updated.
  */
-public class PutUserResponse extends ActionResponse implements ToXContentFragment {
+public class PutUserResponse extends ActionResponse implements ToXContentObject {
 
     private boolean created;
 
@@ -47,6 +47,8 @@ public class PutUserResponse extends ActionResponse implements ToXContentFragmen
 
     @Override
     public XContentBuilder toXContent(XContentBuilder builder, Params params) throws IOException {
-        return builder.field("created", created);
+        return builder.startObject()
+            .field("created", created)
+            .endObject();
     }
 }

x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/rest/action/user/RestPutUserAction.java

@@ -58,13 +58,8 @@ public class RestPutUserAction extends SecurityBaseRestHandler implements RestRe
         return channel -> requestBuilder.execute(new RestBuilderListener<PutUserResponse>(channel) {
             @Override
             public RestResponse buildResponse(PutUserResponse putUserResponse, XContentBuilder builder) throws Exception {
-                builder.startObject()
-                    .startObject("user"); // TODO in 7.0 remove wrapping of response in the user object and just return the object
                 putUserResponse.toXContent(builder, request);
-                builder.endObject();
+                return new BytesRestResponse(RestStatus.OK, builder);
-
-                putUserResponse.toXContent(builder, request);
-                return new BytesRestResponse(RestStatus.OK, builder.endObject());
             }
         });
     }

x-pack/plugin/src/test/resources/rest-api-spec/test/roles/11_idx_arrays.yml

@@ -51,7 +51,7 @@ teardown:
               "password": "s3krit",
               "roles" : [ "admin_role2" ]
             }
-  - match: { user: { created: true } }
+  - match: { created: true }
 
   - do:
       index:

x-pack/plugin/src/test/resources/rest-api-spec/test/users/10_basic.yml

@@ -30,7 +30,7 @@ teardown:
                 "key2" : "val2"
               }
             }
-  - match: { user: { created: true } }
+  - match: { created: true }
 
   - do:
       headers:
@@ -65,7 +65,7 @@ teardown:
                 "key2" : "val2"
               }
             }
-  - match: { user: { created: true } }
+  - match: { created: true }
 
   - do:
       headers:

x-pack/plugin/src/test/resources/rest-api-spec/test/users/15_overwrite_user.yml

@@ -51,7 +51,7 @@ teardown:
                 "key2" : "val2"
               }
             }
-  - match: { user: { created: false } }
+  - match: { created: false }
 
   - do:
       xpack.security.get_user:

x-pack/plugin/src/test/resources/rest-api-spec/test/users/16_update_user.yml

@@ -66,7 +66,7 @@ teardown:
                 "key2" : "val2"
               }
             }
-  - match: { user: { created: false } }
+  - match: { created: false }
 
 # validate existing password works
   - do:
@@ -103,7 +103,7 @@ teardown:
                 "key3" : "val3"
               }
             }
-  - match: { user: { created: false } }
+  - match: { created: false }
 
 # validate old password doesn't work
   - do:

x-pack/qa/multi-cluster-search-security/src/test/resources/rest-api-spec/test/remote_cluster/10_basic.yml

@@ -195,4 +195,4 @@ setup:
               "password": "s3krit",
               "roles" : [ ]
             }
-  - match: { user: { created: false } }
+  - match: { created: false }

x-pack/qa/rolling-upgrade/src/test/resources/rest-api-spec/test/old_cluster/20_security.yml

@@ -9,7 +9,7 @@
              "password" : "x-pack-test-password",
              "roles" : [ "native_role" ]
            }
-  - match: { user: { created: true } }
+  - match: { created: true }
 
   - do:
       xpack.security.put_role: