Add render search template as a cluster permission (opensearch-project#3689)

Companion PRs in core:

- opensearch-project/OpenSearch#11170
- opensearch-project/OpenSearch#11591

This PR adds render search template as a cluster perm so that its
separately permissioned from a SearchTemplateRequest which needs a set
of indices to authorize the request. The companion PR in core separates
the transport actions that handle search template request and render
search template request so that they can be authorized separately.

I am opening this in Draft until the core PR is merged because this PR
depends on the core PR.

* Category (Enhancement, New feature, Bug fix, Test fix, Refactoring,
Maintenance, Documentation)

Bug fix

- opensearch-project#3672

- [ ] New functionality includes testing
- [ ] New functionality has been documented
- [ ] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and
signing off your commits, please check
[here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

---------

Signed-off-by: Craig Perkins <[email protected]>
(cherry picked from commit cc57710)

Author: cwperks

src/integrationTest/java/org/opensearch/security/privileges/PrivilegesEvaluatorTest.java

@@ -18,6 +18,7 @@
 import org.junit.runner.RunWith;
 
 import org.opensearch.script.mustache.MustachePlugin;
+import org.opensearch.script.mustache.RenderSearchTemplateAction;
 import org.opensearch.test.framework.TestSecurityConfig;
 import org.opensearch.test.framework.TestSecurityConfig.Role;
 import org.opensearch.test.framework.cluster.ClusterManager;
@@ -49,15 +50,25 @@ public class PrivilegesEvaluatorTest {
         new Role("search_template_role").indexPermissions("read").on("services").clusterPermissions("cluster_composite_ops")
     );
 
+    protected final static TestSecurityConfig.User RENDER_SEARCH_TEMPLATE = new TestSecurityConfig.User("render_search_template_user")
+        .roles(
+            new Role("render_search_template_role").indexPermissions("read")
+                .on("services")
+                .clusterPermissions(RenderSearchTemplateAction.NAME)
+        );
+
     private String TEST_QUERY =
         "{\"source\":{\"query\":{\"match\":{\"service\":\"{{service_name}}\"}}},\"params\":{\"service_name\":\"Oracle\"}}";
 
     private String TEST_DOC = "{\"source\": {\"title\": \"Spirited Away\"}}";
 
+    private String TEST_RENDER_SEARCH_TEMPLATE_QUERY =
+        "{\"params\":{\"status\":[\"pending\",\"published\"]},\"source\":\"{\\\"query\\\": {\\\"terms\\\": {\\\"status\\\": [\\\"{{#status}}\\\",\\\"{{.}}\\\",\\\"{{/status}}\\\"]}}}\"}";
+
     @ClassRule
     public static LocalCluster cluster = new LocalCluster.Builder().clusterManager(ClusterManager.THREE_CLUSTER_MANAGERS)
         .authc(AUTHC_HTTPBASIC_INTERNAL)
-        .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX, SEARCH_TEMPLATE, TestSecurityConfig.User.USER_ADMIN)
+        .users(NEGATIVE_LOOKAHEAD, NEGATED_REGEX, SEARCH_TEMPLATE, RENDER_SEARCH_TEMPLATE, TestSecurityConfig.User.USER_ADMIN)
         .plugin(MustachePlugin.class)
         .build();
 
@@ -118,4 +129,28 @@ public void testSearchTemplateRequestUnauthorizedAllIndices() {
             assertThat(searchOnAllIndicesResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
         }
     }
+
+    @Test
+    public void testRenderSearchTemplateRequestFailure() {
+        try (TestRestClient client = cluster.getRestClient(SEARCH_TEMPLATE)) {
+            final String renderSearchTemplate = "_render/template";
+            final TestRestClient.HttpResponse renderSearchTemplateResponse = client.postJson(
+                renderSearchTemplate,
+                TEST_RENDER_SEARCH_TEMPLATE_QUERY
+            );
+            assertThat(renderSearchTemplateResponse.getStatusCode(), equalTo(HttpStatus.SC_FORBIDDEN));
+        }
+    }
+
+    @Test
+    public void testRenderSearchTemplateRequestSuccess() {
+        try (TestRestClient client = cluster.getRestClient(RENDER_SEARCH_TEMPLATE)) {
+            final String renderSearchTemplate = "_render/template";
+            final TestRestClient.HttpResponse renderSearchTemplateResponse = client.postJson(
+                renderSearchTemplate,
+                TEST_RENDER_SEARCH_TEMPLATE_QUERY
+            );
+            assertThat(renderSearchTemplateResponse.getStatusCode(), equalTo(HttpStatus.SC_OK));
+        }
+    }
 }

src/main/java/org/opensearch/security/privileges/PrivilegesEvaluator.java

@@ -81,6 +81,7 @@
 import org.opensearch.core.common.transport.TransportAddress;
 import org.opensearch.core.xcontent.NamedXContentRegistry;
 import org.opensearch.index.reindex.ReindexAction;
+import org.opensearch.script.mustache.RenderSearchTemplateAction;
 import org.opensearch.security.auditlog.AuditLog;
 import org.opensearch.security.configuration.ClusterInfoHolder;
 import org.opensearch.security.configuration.ConfigurationRepository;
@@ -697,8 +698,7 @@ public static boolean isClusterPerm(String action0) {
             || (action0.startsWith(MultiSearchAction.NAME))
             || (action0.equals(MultiTermVectorsAction.NAME))
             || (action0.equals(ReindexAction.NAME))
-
-        );
+            || (action0.equals(RenderSearchTemplateAction.NAME)));
     }
 
     @SuppressWarnings("unchecked")