Description
PR #52636 introduces validation for role template scripts. The validation is done by attempting to execute the scripts with an empty input. If no error is encountered, the script is considered to be valid. This approach is chosen under the assumption that all scripts are Mustache. However this is true only for inline scripts. Stored scripts on the other hand can be in painless.
Unlike Mustache, which is very lenient for empty variables, Painless can throw NEP on empty variables if not guarded properly. It feels too aggressive asking user to always perform null checking in Painless just for validation purpose because some of the input parameters are guaranteed to be non-empty, e.g. username.
In summary, we need to relax the validation for Painless scripts. Possible options are:
- Just skip the validation for Painless. Since it is a stored script, it is better that the script is checked when it is stored and in this case, role template can just assume it is valid. (Note this is not true currently, we have no checking for scripts when they are stored)
- Use compilation instead of execution as validation to avoid having to pass empty input.
Relates: #48773