Added `manage_pipeline` privilege and `ingest_admin` default role for the ingest feature.

Closes elastic/elasticsearch#1367

Original commit: elastic/x-pack-elasticsearch@a4c9e22203

elasticsearch/x-pack/shield/config/xpack/roles.yml

@@ -66,4 +66,8 @@ remote_monitoring_agent:
   cluster: indices:admin/template/put, indices:admin/template/get
   indices:
     '.monitoring-es-*':
-      privileges: all
+      privileges: all
+
+# Allows all operations required to manage ingest pipelines
+ingest_admin:
+  cluster: manage_pipeline

elasticsearch/x-pack/shield/src/main/java/org/elasticsearch/shield/authz/privilege/ClusterPrivilege.java

@@ -24,6 +24,7 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege<ClusterPrivileg
     public static final ClusterPrivilege ALL = new ClusterPrivilege(Name.ALL, "cluster:*", "indices:admin/template/*");
     public static final ClusterPrivilege MONITOR = new ClusterPrivilege("monitor", "cluster:monitor/*");
     public static final ClusterPrivilege MANAGE_SHIELD = new ClusterPrivilege("manage_shield", "cluster:admin/shield/*");
+    public static final ClusterPrivilege MANAGE_PIPELINE = new ClusterPrivilege("manage_pipeline", "cluster:admin/ingest/pipeline/*");
 
     public final static Predicate<String> ACTION_MATCHER = ClusterPrivilege.ALL.predicate();
 
@@ -34,6 +35,7 @@ public class ClusterPrivilege extends AbstractAutomatonPrivilege<ClusterPrivileg
         values.add(ALL);
         values.add(MONITOR);
         values.add(MANAGE_SHIELD);
+        values.add(MANAGE_PIPELINE);
     }
 
     static Set<ClusterPrivilege> values() {

elasticsearch/x-pack/shield/src/test/java/org/elasticsearch/shield/authz/privilege/PrivilegeTests.java

@@ -7,6 +7,10 @@ package org.elasticsearch.shield.authz.privilege;
 
 import org.elasticsearch.action.get.GetAction;
 import org.elasticsearch.action.get.MultiGetAction;
+import org.elasticsearch.action.ingest.DeletePipelineAction;
+import org.elasticsearch.action.ingest.GetPipelineAction;
+import org.elasticsearch.action.ingest.PutPipelineAction;
+import org.elasticsearch.action.ingest.SimulatePipelineAction;
 import org.elasticsearch.action.search.MultiSearchAction;
 import org.elasticsearch.action.search.SearchAction;
 import org.elasticsearch.action.suggest.SuggestAction;
@@ -73,6 +77,16 @@ public class PrivilegeTests extends ESTestCase {
         assertThat(cluster, is(cluster2));
     }
 
+    public void testIngestPrivilege() throws Exception {
+        Privilege.Name name = new Privilege.Name("manage_pipeline");
+        ClusterPrivilege cluster = ClusterPrivilege.get(name);
+        assertThat(cluster, is(ClusterPrivilege.MANAGE_PIPELINE));
+        assertThat(cluster.predicate().test(PutPipelineAction.NAME), is(true));
+        assertThat(cluster.predicate().test(DeletePipelineAction.NAME), is(true));
+        assertThat(cluster.predicate().test(GetPipelineAction.NAME), is(true));
+        assertThat(cluster.predicate().test(SimulatePipelineAction.NAME), is(true));
+    }
+
     public void testClusterTemplateActions() throws Exception {
         Privilege.Name name = new Privilege.Name("indices:admin/template/delete");
         ClusterPrivilege cluster = ClusterPrivilege.get(name);