kuzzleio · scottinet · Jul 7, 2020 · Apr 28, 2020 · May 9, 2020 · May 9, 2020
diff --git a/doc/2/api/controllers/auth/update-self/index.md b/doc/2/api/controllers/auth/update-self/index.md
@@ -6,8 +6,6 @@ title: updateSelf
 
 # updateSelf
 
-
-
 Updates the currently logged in user information.
 
 This route cannot update the list of associated security profiles. To change a user's security profiles, the route [security:updateUser](/core/2/api/controllers/security/update-user) must be used instead.
@@ -19,7 +17,7 @@ This route cannot update the list of associated security profiles. To change a u
 ### HTTP
 
 ```http
-URL: http://kuzzle:7512/_updateSelf
+URL: http://kuzzle:7512/_updateSelf[?refresh=wait_for][?retryOnConflict=10]
 Method: PUT
 Headers: Authorization: "Bearer <authentication token>"
 Body:
@@ -42,7 +40,10 @@ Body:
   "body": {
     "foo": "bar",
     "name": "Walter Smith"
-  }
+  },
+  // Optional
+  "refresh": "wait_for",
+  "retryOnConflict": 10
 }
 ```
 
@@ -52,6 +53,11 @@ Body:
 
 - `jwt`: valid authentication token (for the HTTP protocol, the token is to be passed to the `Authorization` header instead)
 
+### Optional arguments
+
+- `refresh`: if set to `wait_for`, Kuzzle will not respond until the user changes are indexed (default: `"wait_for"`)
+- `retryOnConflict`: in case of an update conflict in Elasticsearch, the number of retries before aborting the operation (default: `10`)
+
 ---
 
 ## Body properties

diff --git a/doc/2/api/controllers/security/create-first-admin/index.md b/doc/2/api/controllers/security/create-first-admin/index.md
@@ -6,8 +6,6 @@ title: createFirstAdmin
 
 # createFirstAdmin
 
-
-
 Creates a Kuzzle administrator account, only if none exist.
 
 ---
@@ -25,8 +23,8 @@ Body:
 
 ```js
 {
+  // administrator additional information (optional)
   "content": {
-    // administrator information (optional)
   },
   "credentials": {
     // for example, with the "local" authentication strategy:
@@ -75,7 +73,7 @@ Body:
 
 ## Body properties
 
-- `content`: administrator additional information. Can be left empty.
+- `content`: optional additional information
 - `credentials`: describe how the new administrator can be authenticated. This object must contain one or multiple properties, named after the target authentication strategy to use. Each one of these properties are objects containing the credentials information, corresponding to that authentication strategy
 
 ---

diff --git a/doc/2/api/controllers/security/create-restricted-user/index.md b/doc/2/api/controllers/security/create-restricted-user/index.md
@@ -27,8 +27,8 @@ Body:
 
 ```js
 {
+  // user additional information (optional)
   "content": {
-    // user additional information (optional)
     "fullname": "John Doe"
   },
   "credentials": {
@@ -48,6 +48,7 @@ Body:
   "controller": "security",
   "action": "createRestrictedUser",
   "body": {
+    // optional
     "content": {
       "fullname": "John Doe"
     },
@@ -70,7 +71,7 @@ Body:
 
 ## Arguments
 
-### Optional:
+### Optional
 
 - `_id`: user [kuid](/core/2/guides/kuzzle-depth/authentication#the-kuzzle-user-identifier). An error is returned if the provided identifier already exists. If not provided, a random kuid is automatically generated.
 - `refresh`: if set to `wait_for`, Kuzzle will not respond until the newly created user is indexed (default: `"wait_for"`)
@@ -79,7 +80,7 @@ Body:
 
 ## Body properties
 
-- `content`: user additional information. Can be left empty.
+- `content`: optional user additional information.
 - `credentials`: describe how the new user can be authenticated. This object contains any number of properties, named after the target authentication strategy to use. Each one of these properties are objects containing the credentials information, corresponding to that authentication strategy. If left empty, the new user is created but cannot be authenticated.
 
 ---

diff --git a/doc/2/api/controllers/security/update-profile/index.md b/doc/2/api/controllers/security/update-profile/index.md
@@ -17,7 +17,7 @@ Updates a security profile definition.
 ### HTTP
 
 ```http
-URL: http://kuzzle:7512/profiles/<_id>/_update[?refresh=wait_for]
+URL: http://kuzzle:7512/profiles/<_id>/_update[?refresh=wait_for][&retryOnConflict=10]
 Method: PUT
 Body:
 ```
@@ -77,7 +77,10 @@ Body:
         ]
       }
     ]
-  }
+  },
+  // Optional
+  "refresh": "wait_for",
+  "retryOnConflict": 10
 }
 ```
 
@@ -87,9 +90,10 @@ Body:
 
 - `_id`: profile identifier
 
-### Optional:
+### Optional arguments
 
-- `refresh`: if set to `wait_for`, Kuzzle will not respond until the profile changes are indexed (default: `"wait_for"`)
+- `refresh`: if set to `wait_for`, Kuzzle will not respond until the user changes are indexed (default: `"wait_for"`)
+- `retryOnConflict`: in case of an update conflict in Elasticsearch, the number of retries before aborting the operation (default: `10`)
 
 ---
 

diff --git a/doc/2/api/controllers/security/update-role/index.md b/doc/2/api/controllers/security/update-role/index.md
@@ -6,8 +6,6 @@ title: updateRole
 
 # updateRole
 
-
-
 Updates a security role definition.
 
 **Note:** partial updates are not supported for roles, this API route will replace the entire role content with the provided one.
@@ -19,7 +17,7 @@ Updates a security role definition.
 ### HTTP
 
 ```http
-URL: http://kuzzle:7512/roles/<_id>/_update[?refresh=wait_for][&force]
+URL: http://kuzzle:7512/roles/<_id>/_update[?refresh=wait_for][&force][&retryOnConflict=10]
 Method: PUT
 Body:
 ```
@@ -51,7 +49,11 @@ Body:
         }
       }
     }
-  }
+  },
+  // Optional
+  "force": false,
+  "refresh": "wait_for",
+  "retryOnConflict": 10
 }
 ```
 
@@ -61,11 +63,11 @@ Body:
 
 - `_id`: role identifier
 
-### Optional:
-
-- `refresh`: if set to `wait_for`, Kuzzle will not respond until the role changes are indexed (default: `"wait_for"`)
+### Optional arguments
 
-- `force`: if set to `true`, updates the role even if it gives access to non-existent plugins API routes.
+- `force`: if set to `true`, updates the role even if it gives access to non-existent plugins API routes (default: `false`)
+- `refresh`: if set to `wait_for`, Kuzzle will not respond until the user changes are indexed (default: `"wait_for"`)
+- `retryOnConflict`: in case of an update conflict in Elasticsearch, the number of retries before aborting the operation (default: `10`)
 
 ---
 

diff --git a/doc/2/api/controllers/security/update-user/index.md b/doc/2/api/controllers/security/update-user/index.md
@@ -6,8 +6,6 @@ title: updateUser
 
 # updateUser
 
-
-
 Updates a user definition.
 
 ---
@@ -17,7 +15,7 @@ Updates a user definition.
 ### HTTP
 
 ```http
-URL: http://kuzzle:7512/users/<_id>/_update[?refresh=wait_for]
+URL: http://kuzzle:7512/users/<_id>/_update[?refresh=wait_for][&retryOnConflict=10]
 Method: PUT
 Body:
 ```
@@ -37,7 +35,10 @@ Body:
   "_id": "<kuid>",
   "body": {
     "fullname": "Walter Smith"
-  }
+  },
+  // Optional
+  "refresh": "wait_for",
+  "retryOnConflict": 10
 }
 ```
 
@@ -47,9 +48,10 @@ Body:
 
 - `_id`: user [kuid](/core/2/guides/kuzzle-depth/authentication#the-kuzzle-user-identifier)
 
-### Optional:
+### Optional arguments
 
 - `refresh`: if set to `wait_for`, Kuzzle will not respond until the user changes are indexed (default: `"wait_for"`)
+- `retryOnConflict`: in case of an update conflict in Elasticsearch, the number of retries before aborting the operation (default: `10`)
 
 ---
 

diff --git a/doc/2/api/essentials/error-codes/api/index.md b/doc/2/api/essentials/error-codes/api/index.md
@@ -43,5 +43,6 @@ description: Error codes definitions
 | api.process.incompatible_sdk_version<br/><pre>0x02020006</pre>  | [BadRequestError](/core/2/api/essentials/error-handling#badrequesterror) <pre>(400)</pre> | Incompatible SDK client. Your SDK version (%s) does not match Kuzzle requirement (%s). | SDK is incompatible with the current Kuzzle version |
 | api.process.shutting_down<br/><pre>0x02020007</pre>  | [ServiceUnavailableError](/core/2/api/essentials/error-handling#serviceunavailableerror) <pre>(503)</pre> | Rejected: this node is shutting down. | This Kuzzle node is shutting down and refuses new requests |
 | api.process.too_many_requests<br/><pre>0x02020008</pre>  | [TooManyRequestsError](/core/2/api/essentials/error-handling#toomanyrequestserror) <pre>(429)</pre> | Rejected: requests rate limit exceeded for this user. | The request has been refused because a rate limit has been exceeded for this user |
+| api.process.admin_exists<br/><pre>0x02020009</pre>  | [PreconditionError](/core/2/api/essentials/error-handling#preconditionerror) <pre>(412)</pre> | Admin user is already set. | Attempted to create the first administrator, when one already exists |
 
 ---
diff --git a/doc/2/api/essentials/error-codes/security/index.md b/doc/2/api/essentials/error-codes/security/index.md
@@ -58,6 +58,7 @@ description: Error codes definitions
 | security.user.cannot_hydrate<br/><pre>0x07040004</pre>  | [InternalError](/core/2/api/essentials/error-handling#internalerror) <pre>(500)</pre> | Unable to hydrate the user "%s": missing profile(s) in the database | Database inconsistency error: a user is referencing non-existing profiles |
 | security.user.uninitialized<br/><pre>0x07040005</pre>  | [InternalError](/core/2/api/essentials/error-handling#internalerror) <pre>(500)</pre> | Cannot get profiles for uninitialized user "%s" | Attempted to access to an unitialized User object |
 | security.user.prevent_overwrite<br/><pre>0x07040006</pre>  | [BadRequestError](/core/2/api/essentials/error-handling#badrequesterror) <pre>(400)</pre> | Cannot overwrite existing users. | Attempted to overwrite existing users. Change "onExistingUsers" params to modify this method behavior. |
+| security.user.no_profile<br/><pre>0x07040007</pre>  | [InternalError](/core/2/api/essentials/error-handling#internalerror) <pre>(500)</pre> | Cannot load user "%s": there is no security profiles associated to it | Database inconsistency error: a user does not have profiles associated to it |
 
 ---
 

diff --git a/features-sdk/step_definitions/security-steps.js b/features-sdk/step_definitions/security-steps.js
@@ -59,7 +59,7 @@ Then('I am able to find {int} roles by searching controller:', async function (c
 Then('I am able to mGet roles and get {int} roles with the following ids:', async function (count, dataTable) {
   const data = this.parseObject(dataTable);
   const roleIds = [];
-  for (const role of Object.entries(data.ids)) {
+  for (const role of Object.values(data.ids)) {
     roleIds.push(role);
   }
 

diff --git a/lib/api/controller/admin.js b/lib/api/controller/admin.js
@@ -48,7 +48,7 @@ class AdminController extends NativeController {
   /**
    * Reset Redis cache
    */
-  resetCache (request) {
+  async resetCache (request) {
     const database = this.getString(request, 'database');
 
     let cacheEngine;
@@ -64,38 +64,33 @@ class AdminController extends NativeController {
       throw kerror.get('services', 'cache', 'database_not_found', database);
     }
 
-    cacheEngine.flushdb(); // NOSONAR
+    cacheEngine.flushdb();
 
-    return Bluebird.resolve({ acknowledge: true });
+    return { acknowledge: true };
   }
 
   /**
    * Reset all roles, profiles and users
    */
   async resetSecurity (request) {
-    this._lockAction(
-      request,
-      'Kuzzle is already reseting roles, profiles and users.');
+    this._lockAction(request, 'Kuzzle is already reseting roles, profiles and users.');
 
     const result = {};
 
     try {
-      const repositories = this.kuzzle.repositories;
-
       const options = { refresh: 'wait_for' };
 
-      result.deletedUsers = await repositories.user.truncate(options);
-      result.deletedProfiles = await repositories.profile.truncate(options);
-      result.deletedRoles = await repositories.role.truncate(options);
-
-      const { profileIds, roleIds } = await this.kuzzle.internalIndex
-        .bootstrap
-        .createInitialSecurities();
-
-      await Bluebird.all([
-        repositories.profile.loadProfiles(profileIds, { resetCache: true }),
-        repositories.role.loadRoles(roleIds, { resetCache: true })
-      ]);
+      result.deletedUsers = await this.ask(
+        'core:security:user:truncate',
+        options);
+      result.deletedProfiles = await this.ask(
+        'core:security:profile:truncate',
+        options);
+      result.deletedRoles = await this.ask(
+        'core:security:role:truncate',
+        options);
+
+      await this.kuzzle.internalIndex.bootstrap.createInitialSecurities();
     }
     finally {
       delete _locks.resetSecurity;
@@ -172,9 +167,11 @@ class AdminController extends NativeController {
     const force = this.getBoolean(request, 'force');
     const waitForRefresh = this.getRefresh(request, 'true');
 
-    const promise = this.kuzzle.repositories.loadSecurities(
-      securities,
-      { force, onExistingUsers, user });
+    const promise = this.ask('core:security:load', securities, {
+      force,
+      onExistingUsers,
+      user,
+    });
 
     return this._waitForAction(waitForRefresh, promise);
   }