[FEATURE] Endpoint to purge cache entries for specific users

[leongshengmin]

Is your feature request related to a problem?
As a user's backend roles may change, the user's restRoleCache entries may become stale. We want to invalidate stale cache items without affecting other users' cached entries. Currently there's only a single endpoint to invalidate user authentication caches DELETE _opendistro/_security/api/cache but this invalidates the entire cache rather than individual cache entries and so there may be many cache misses when doing that.

What solution would you like?
Additional endpoint to invalidate user authentication caches on a per user level.

What alternatives have you considered?
Cache TTL plugins.security.cache.ttl_minutes was considered but if a user's backend role changes prior to the expiration of cached entry then cached entry will be stale.

Do you have any additional context?
Add any other context or screenshots about the feature request here.

[stephen-crawford]

[Triage] Hi @leongshengmin, thank you for filing this issue. This sounds like a great idea for a feature. I will mark this issue as help wanted to indicate we are happy to review any PRs towards addressing this issue.

[dlin2028]

working on this

[prabhask5]

Since this issue is almost done but has not been able to be worked on in a while, is it fine if I finish up what @dlin2028 is doing?

[dlin2028]

Go ahead, I'm not working on it anymore. Lmk if you have any questions