fix(#27319): Add /search endpoint for Roles (#27335)

* fix(#27319): Add DB-backed /search endpoint for Roles and Teams

Add generic search infrastructure that enables server-side name/displayName
search via SQL LIKE queries, eliminating the need for large limit workarounds
in role/team selection dropdowns.

- EntityDAO: searchByNameAndDisplayName() with MySQL/Postgres support
- EntityRepository: search() with offset pagination and field resolution
- EntityResource: searchInternal() reusable by any entity resource
- RoleResource: GET /v1/roles/search?q=&limit=&offset=
- TeamResource: GET /v1/teams/search?q=&limit=&offset=

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* test(#27319): Add integration tests for /search endpoint on Roles and Teams

Tests cover:
- Search by name (exact substring match)
- Search by displayName
- No results for non-matching query
- Offset-based pagination (page1, page2, page3)
- Empty query fallback to list

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* test(#27319): Rewrite search integration tests as thorough end-to-end scenarios

Replace shallow per-behavior unit tests with comprehensive integration tests
that exercise the full search API in a single realistic flow:

- Create roles/teams with distinct name vs displayName to verify both paths
- Verify search finds matches by name AND displayName in one query
- Verify result ordering (by name)
- Verify no-match returns empty (not error)
- Walk full pagination (pages of 2 across 6 results, verify no duplicates)
- Verify fields param populates requested fields (policies, users)
- Verify soft-deleted entities are excluded from results
- Verify empty query falls back to listing

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* test(#27319): Add case-insensitive search verification to integration tests

Verify that UPPERCASE, lowercase, and MiXeD case queries all return the
same results, ensuring the LOWER() SQL matching works correctly end-to-end.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix(#27319): Address review feedback — escape LIKE wildcards, remove empty-query branching

1. Escape SQL LIKE wildcards (%, _) in search term using ListFilter.escape()
   to prevent unintended wildcard matching from user input.

2. Remove if/else branching in searchInternal — null/empty query now flows
   through the same search() path (%% matches everything), so offset is
   always respected. No separate fallback to listAfter needed.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix(#27319): Address Copilot review — domain filter, ResourceContext, ORDER BY tie-breaker

1. Use filter.getResourceContext() instead of bare ResourceContext for
   consistent auth behavior with listInternal.
2. Add EntityUtil.addDomainQueryParam() so search respects domain restrictions.
3. Add id tie-breaker to ORDER BY (name, id) for deterministic pagination
   when entities share the same name.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* refactor(#27319): Use ListFilter nameFilter instead of custom DAO query

Removes the custom searchByNameAndDisplayName SQL method from EntityDAO
and the search() method from EntityRepository. Instead, adds a
nameFilter condition to ListFilter.getCondition() — the LIKE clause
flows through the existing listAfter SQL, same as every other filter.

searchInternal now just sets filter.addQueryParam("nameFilter", query)
and delegates to listWithOffset, following the same offset-based
pagination pattern as GlossaryTermResource /search.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix(#27319): Remove duplicate addHref call in listWithOffset

listWithOffset was calling withHref on each entity, but the caller
(searchInternal) already calls addHref on the ResultList. Removed
the redundant call from listWithOffset.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix(#27319): Use dao.listCount for real total instead of approximate knownTotal

Same pattern as listAfter — one COUNT query per request gives the
exact total matching the filter, consistent with all other list endpoints.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix(#27319): Use unqualified name and json columns in nameFilter condition

Consistent with how other ListFilter conditions (getCreatedByCondition,
getEntityStatusCondition, getAgentTypeCondition) reference columns —
no table qualification needed for single-table queries.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* refactor: Extract shared listInternal in EntityRepository, fix GlossaryTerm offset pagination bug

- Extract listInternal() from listAfter() to share deserialize + setFieldsInBulk +
  withHref logic between cursor-based and offset-based listing methods
- Add listAfterWithOffset() using the shared listInternal() for offset-based pagination
- Fix GlossaryTerm searchGlossaryTermsInternal: replace broken offset-to-cursor
  conversion (raw offset passed to base64 cursor-based listAfter would crash for
  offset > 0) with listAfterWithOffset
- searchInternal in EntityResource delegates to listAfterWithOffset
- Add integration test for GlossaryTerm /search with offset > 0 pagination

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix: Use offset-based ResultList constructor and strengthen test assertions

- listAfterWithOffset uses ResultList(data, offset, limit, total) instead of
  cursor-based constructor that was Base64-encoding offsets
- Paging response now returns plain offset/limit/total integers, consistent
  with other offset-based APIs (e.g. listFromSearchWithOffset)
- Tests assert paging.offset and paging.total instead of paging.after
- TeamResourceIT creates team with users and policies to properly verify
  fields param populates requested fields

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* scope: Remove teams /search endpoint — this PR is roles only

Teams search will be added in a follow-up PR. Removed /search endpoint
from TeamResource and all search-related tests from TeamResourceIT.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

* fix: Remove unnecessary limit+1 fetch in listAfterWithOffset

Since listCount already provides exact total, we don't need to fetch
an extra row to detect has-more. Just fetch exactly limit rows.

Co-Authored-By: sonika-shah <sonika-shah@users.noreply.github.com>

---------

Co-authored-by: sonika-shah <sonika-shah@users.noreply.github.com>
(cherry picked from commit e49b572)

Author: sonika-shah

openmetadata-integration-tests/src/test/java/org/openmetadata/it/tests/GlossaryTermResourceIT.java

@@ -2667,6 +2667,57 @@ private ResultList<GlossaryTerm> searchGlossaryTerms(
   /** Result list type for deserializing glossary term search results. */
   private static class GlossaryTermResultList extends ResultList<GlossaryTerm> {}
 
+  @Test
+  void test_searchGlossaryTermsWithOffsetPagination(TestNamespace ns) {
+    OpenMetadataClient client = SdkClients.adminClient();
+
+    // Create a dedicated glossary for this test
+    CreateGlossary createGlossary =
+        new CreateGlossary()
+            .withName(ns.prefix("offset_glossary"))
+            .withDescription("Glossary for offset pagination test");
+    Glossary glossary = client.glossaries().create(createGlossary);
+
+    // Create 5 terms
+    for (int i = 0; i < 5; i++) {
+      CreateGlossaryTerm create =
+          new CreateGlossaryTerm()
+              .withName(ns.prefix("offsetTerm" + i))
+              .withGlossary(glossary.getFullyQualifiedName())
+              .withDescription("Term for offset test");
+      createEntity(create);
+    }
+
+    // Search with no query (empty query path) — page 1
+    ResultList<GlossaryTerm> page1 =
+        searchGlossaryTerms(client, null, glossary.getFullyQualifiedName(), null, 2, 0);
+    assertNotNull(page1.getData());
+    assertEquals(2, page1.getData().size());
+    assertEquals(5, page1.getPaging().getTotal());
+    assertEquals(0, page1.getPaging().getOffset());
+
+    // Offset=2 skips first 2 rows — this was the bug: offset > 0 with empty query would crash
+    ResultList<GlossaryTerm> page2 =
+        searchGlossaryTerms(client, null, glossary.getFullyQualifiedName(), null, 2, 2);
+    assertNotNull(page2.getData());
+    assertEquals(2, page2.getData().size());
+    assertEquals(2, page2.getPaging().getOffset());
+
+    // Offset=4 skips first 4 rows — only 1 remaining
+    ResultList<GlossaryTerm> page3 =
+        searchGlossaryTerms(client, null, glossary.getFullyQualifiedName(), null, 2, 4);
+    assertNotNull(page3.getData());
+    assertEquals(1, page3.getData().size());
+    assertEquals(4, page3.getPaging().getOffset());
+
+    // Verify no duplicates across pages
+    List<UUID> allIds = new ArrayList<>();
+    page1.getData().forEach(t -> allIds.add(t.getId()));
+    page2.getData().forEach(t -> allIds.add(t.getId()));
+    page3.getData().forEach(t -> allIds.add(t.getId()));
+    assertEquals(5, new java.util.HashSet<>(allIds).size(), "No duplicates across pages");
+  }
+
   @Test
   void test_listGlossaryTermsWithEntityStatusFilter(TestNamespace ns) {
     OpenMetadataClient client = SdkClients.adminClient();

openmetadata-integration-tests/src/test/java/org/openmetadata/it/tests/RoleResourceIT.java

@@ -30,9 +30,12 @@
 import org.openmetadata.schema.entity.teams.Role;
 import org.openmetadata.schema.type.EntityHistory;
 import org.openmetadata.schema.type.EntityReference;
+import org.openmetadata.schema.utils.ResultList;
 import org.openmetadata.sdk.client.OpenMetadataClient;
 import org.openmetadata.sdk.models.ListParams;
 import org.openmetadata.sdk.models.ListResponse;
+import org.openmetadata.sdk.network.HttpMethod;
+import org.openmetadata.sdk.network.RequestOptions;
 
 /**
  * Integration tests for Role entity operations.
@@ -370,6 +373,171 @@ void test_listRolesWithPoliciesField(TestNamespace ns) {
     }
   }
 
+  // ===================================================================
+  // SEARCH ENDPOINT TESTS
+  // ===================================================================
+
+  @Test
+  void test_searchRolesEndpoint(TestNamespace ns) {
+    OpenMetadataClient client = SdkClients.adminClient();
+
+    List<String> policyFqns =
+        dataStewardRole().getPolicies().stream()
+            .map(EntityReference::getFullyQualifiedName)
+            .toList();
+
+    String uniqueToken = ns.prefix("srch");
+
+    // Create roles with distinct names and display names to test both search paths
+    Role roleByName =
+        createEntity(
+            new CreateRole()
+                .withName(uniqueToken + "ByNameOnly")
+                .withPolicies(policyFqns)
+                .withDescription("Role findable by name"));
+
+    Role roleByDisplay =
+        createEntity(
+            new CreateRole()
+                .withName(ns.prefix("hiddenName"))
+                .withPolicies(policyFqns)
+                .withDisplayName(uniqueToken + " Visible Display")
+                .withDescription("Role findable by display name, not by name token"));
+
+    // Create additional roles for pagination testing
+    for (int i = 0; i < 4; i++) {
+      createEntity(
+          new CreateRole()
+              .withName(uniqueToken + "Paged" + i)
+              .withPolicies(policyFqns)
+              .withDescription("Role for pagination"));
+    }
+
+    // -- Search by shared token should return both name-match and displayName-match roles --
+    ResultList<Role> allMatches = searchRoles(client, uniqueToken, 50, 0);
+    assertNotNull(allMatches.getData());
+
+    // Should find roleByName (name contains token) AND roleByDisplay (displayName contains token)
+    // plus the 4 paged roles = 6 total
+    assertEquals(6, allMatches.getData().size(), "Should find all 6 roles matching the token");
+
+    assertTrue(
+        allMatches.getData().stream().anyMatch(r -> r.getId().equals(roleByName.getId())),
+        "Should find role matched by name");
+    assertTrue(
+        allMatches.getData().stream().anyMatch(r -> r.getId().equals(roleByDisplay.getId())),
+        "Should find role matched by displayName");
+
+    // -- Verify results are ordered by name --
+    List<String> names = allMatches.getData().stream().map(Role::getName).toList();
+    List<String> sorted = names.stream().sorted().toList();
+    assertEquals(sorted, names, "Search results should be ordered by name");
+
+    // -- Case-insensitive search: uppercase, lowercase, mixed case all return same results --
+    ResultList<Role> upperCase = searchRoles(client, uniqueToken.toUpperCase(), 50, 0);
+    assertEquals(
+        allMatches.getData().size(),
+        upperCase.getData().size(),
+        "UPPERCASE query should return same results as original");
+
+    ResultList<Role> lowerCase = searchRoles(client, uniqueToken.toLowerCase(), 50, 0);
+    assertEquals(
+        allMatches.getData().size(),
+        lowerCase.getData().size(),
+        "lowercase query should return same results as original");
+
+    String mixedCase =
+        uniqueToken.substring(0, 1).toUpperCase() + uniqueToken.substring(1).toLowerCase();
+    ResultList<Role> mixedCaseResults = searchRoles(client, mixedCase, 50, 0);
+    assertEquals(
+        allMatches.getData().size(),
+        mixedCaseResults.getData().size(),
+        "MiXeD case query should return same results as original");
+
+    // -- Search with no matches returns empty, not an error --
+    ResultList<Role> noMatches =
+        searchRoles(client, "nonExistentRoleXyz" + System.nanoTime(), 50, 0);
+    assertNotNull(noMatches.getData());
+    assertEquals(0, noMatches.getData().size());
+
+    // -- Offset-based pagination: walk through all 6 results in pages of 2 --
+    ResultList<Role> page1 = searchRoles(client, uniqueToken, 2, 0);
+    assertEquals(2, page1.getData().size());
+    assertEquals(6, page1.getPaging().getTotal());
+    assertEquals(0, page1.getPaging().getOffset());
+
+    ResultList<Role> page2 = searchRoles(client, uniqueToken, 2, 2);
+    assertEquals(2, page2.getData().size());
+    assertEquals(6, page2.getPaging().getTotal());
+    assertEquals(2, page2.getPaging().getOffset());
+
+    ResultList<Role> page3 = searchRoles(client, uniqueToken, 2, 4);
+    assertEquals(2, page3.getData().size());
+    assertEquals(4, page3.getPaging().getOffset());
+
+    // Verify no duplicates across pages
+    List<UUID> allPagedIds = new java.util.ArrayList<>();
+    page1.getData().forEach(r -> allPagedIds.add(r.getId()));
+    page2.getData().forEach(r -> allPagedIds.add(r.getId()));
+    page3.getData().forEach(r -> allPagedIds.add(r.getId()));
+    assertEquals(6, new java.util.HashSet<>(allPagedIds).size(), "No duplicates across pages");
+
+    // -- Empty query falls back to listing all roles --
+    ResultList<Role> emptyQuery = searchRoles(client, null, 10, 0);
+    assertNotNull(emptyQuery.getData());
+    assertTrue(emptyQuery.getData().size() > 0, "Empty query should return roles");
+
+    // -- Search with fields param returns requested fields --
+    ResultList<Role> withPolicies = searchRoles(client, uniqueToken, 10, 0, "policies");
+    assertNotNull(withPolicies.getData());
+    assertFalse(withPolicies.getData().isEmpty());
+    for (Role role : withPolicies.getData()) {
+      assertNotNull(role.getPolicies(), "Policies field should be populated when requested");
+      assertFalse(role.getPolicies().isEmpty());
+    }
+
+    // -- Verify soft-deleted roles are excluded by default --
+    deleteEntity(roleByName.getId().toString());
+
+    ResultList<Role> afterDelete = searchRoles(client, uniqueToken, 50, 0);
+    assertFalse(
+        afterDelete.getData().stream().anyMatch(r -> r.getId().equals(roleByName.getId())),
+        "Soft-deleted role should not appear in search results");
+    assertEquals(5, afterDelete.getData().size(), "Should have one fewer result after soft delete");
+
+    // Restore for cleanup
+    restoreEntity(roleByName.getId().toString());
+  }
+
+  private ResultList<Role> searchRoles(
+      OpenMetadataClient client, String query, Integer limit, Integer offset) {
+    return searchRoles(client, query, limit, offset, null);
+  }
+
+  private ResultList<Role> searchRoles(
+      OpenMetadataClient client, String query, Integer limit, Integer offset, String fields) {
+    RequestOptions.Builder optionsBuilder = RequestOptions.builder();
+    if (query != null) {
+      optionsBuilder.queryParam("q", query);
+    }
+    if (limit != null) {
+      optionsBuilder.queryParam("limit", limit.toString());
+    }
+    if (offset != null) {
+      optionsBuilder.queryParam("offset", offset.toString());
+    }
+    if (fields != null) {
+      optionsBuilder.queryParam("fields", fields);
+    }
+
+    return client
+        .getHttpClient()
+        .execute(
+            HttpMethod.GET, "/v1/roles/search", null, RoleResultList.class, optionsBuilder.build());
+  }
+
+  private static class RoleResultList extends ResultList<Role> {}
+
   // ===================================================================
   // VERSION HISTORY SUPPORT
   // ===================================================================

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java

@@ -1981,16 +1981,7 @@ public ResultList<T> listAfter(
       String afterId = cursorMap.get("id");
       List<String> jsons = dao.listAfter(filter, limitParam + 1, afterName, afterId);
 
-      try (var ignored = phase("jsonDeserialize")) {
-        for (String json : jsons) {
-          T entity = JsonUtils.readValue(json, entityClass);
-          entities.add(entity);
-        }
-      }
-      try (var ignored = phase("setFieldsBulk")) {
-        setFieldsInBulk(fields, entities);
-      }
-      entities.forEach(entity -> withHref(uriInfo, entity));
+      entities = listInternal(jsons, fields, uriInfo);
 
       String beforeCursor;
       String afterCursor = null;
@@ -2007,6 +1998,28 @@ public ResultList<T> listAfter(
     }
   }
 
+  public ResultList<T> listAfterWithOffset(
+      UriInfo uriInfo, Fields fields, ListFilter filter, int limit, int offset) {
+    int total = dao.listCount(filter);
+    List<String> jsons = dao.listAfter(filter, limit, offset);
+
+    List<T> entities = listInternal(jsons, fields, uriInfo);
+
+    return new ResultList<>(entities, offset, limit, total);
+  }
+
+  private List<T> listInternal(List<String> jsons, Fields fields, UriInfo uriInfo) {
+    List<T> entities;
+    try (var ignored = phase("jsonDeserialize")) {
+      entities = JsonUtils.readObjects(jsons, entityClass);
+    }
+    try (var ignored = phase("setFieldsBulk")) {
+      setFieldsInBulk(fields, entities);
+    }
+    entities.forEach(entity -> withHref(uriInfo, entity));
+    return entities;
+  }
+
   public ResultList<T> listAfterKeyset(
       ListFilter filter,
       int limitParam,

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/GlossaryTermRepository.java

@@ -2486,7 +2486,7 @@ private ResultList<GlossaryTerm> searchGlossaryTermsInternal(
     // Build the parent hash for filtering
     String parentHash = parentFqn != null ? FullyQualifiedName.buildHash(parentFqn) + ".%" : "%";
 
-    // If no search query, use regular listing
+    // If no search query, use regular listing with offset-based pagination
     if (query == null || query.trim().isEmpty()) {
       ListFilter filter = new ListFilter(include);
       if (parentFqn != null) {
@@ -2496,21 +2496,7 @@ private ResultList<GlossaryTerm> searchGlossaryTermsInternal(
         filter.addQueryParam("entityStatus", entityStatus);
       }
 
-      // Use cursor-based pagination with limit and convert offset to cursor
-      String afterCursor = offset > 0 ? String.valueOf(offset) : null;
-      ResultList<GlossaryTerm> result =
-          listAfter(null, getFields(fieldsParam), filter, limit, afterCursor);
-
-      // Convert pagination info
-      String before = offset > 0 ? String.valueOf(Math.max(0, offset - limit)) : null;
-      String after =
-          result.getPaging() != null && result.getPaging().getAfter() != null
-              ? String.valueOf(offset + limit)
-              : null;
-      int total =
-          result.getPaging() != null ? result.getPaging().getTotal() : result.getData().size();
-
-      return new ResultList<>(result.getData(), before, after, total);
+      return listAfterWithOffset(null, getFields(fieldsParam), filter, limit, offset);
     }
 
     // For search queries, fetch limit+1 to determine if there are more pages

openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/ListFilter.java

@@ -73,6 +73,7 @@ public String getCondition(String tableName) {
     conditions.add(getProviderCondition(tableName));
     conditions.add(getEntityStatusCondition(tableName));
     conditions.add(getServerIdCondition(tableName));
+    conditions.add(getNameFilterCondition());
     String condition = addCondition(conditions);
     return condition.isEmpty() ? "WHERE TRUE" : "WHERE " + condition;
   }
@@ -755,6 +756,22 @@ protected String addCondition(List<String> conditions) {
     return condition.toString();
   }
 
+  private String getNameFilterCondition() {
+    String nameFilter = queryParams.get("nameFilter");
+    if (nullOrEmpty(nameFilter)) {
+      return "";
+    }
+    String escaped = "%" + escape(nameFilter.trim()) + "%";
+    queryParams.put("nameFilterParam", escaped);
+    if (Boolean.TRUE.equals(DatasourceConfig.getInstance().isMySQL())) {
+      return "(LOWER(name) LIKE LOWER(:nameFilterParam) "
+          + "OR LOWER(COALESCE(JSON_UNQUOTE(JSON_EXTRACT(json, '$.displayName')), '')) LIKE LOWER(:nameFilterParam))";
+    } else {
+      return "(LOWER(name) LIKE LOWER(:nameFilterParam) "
+          + "OR LOWER(COALESCE(json->>'displayName', '')) LIKE LOWER(:nameFilterParam))";
+    }
+  }
+
   public static String escapeApostrophe(String name) {
     // Escape string to be using in LIKE clause
     // "'" is used for indicated start and end of the string. Use "''" to escape it.

openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java

@@ -242,6 +242,30 @@ public ResultList<T> listInternal(
     return addHref(uriInfo, resultList);
   }
 
+  protected ResultList<T> searchInternal(
+      UriInfo uriInfo,
+      SecurityContext securityContext,
+      String fieldsParam,
+      ListFilter filter,
+      String query,
+      int limit,
+      int offset) {
+    Fields fields = getFields(fieldsParam);
+    OperationContext operationContext = new OperationContext(entityType, getViewOperations(fields));
+    ResourceContextInterface resourceContext = filter.getResourceContext(entityType);
+    authorizer.authorize(securityContext, operationContext, resourceContext);
+
+    EntityUtil.addDomainQueryParam(securityContext, filter, entityType);
+
+    if (!nullOrEmpty(query)) {
+      filter.addQueryParam("nameFilter", query);
+    }
+
+    ResultList<T> resultList =
+        repository.listAfterWithOffset(uriInfo, fields, filter, limit, offset);
+    return addHref(uriInfo, resultList);
+  }
+
   public ResultList<T> listInternalFromSearch(
       UriInfo uriInfo,
       SecurityContext securityContext,