add skeleton for the security-analytics plugin (#3)

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# This should match the owning team set up in https://github.com/orgs/opensearch-project/teams
+*   @opensearch-project/security-analytics

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,31 @@
+---
+name: 🐛 Bug report
+about: Create a report to help us improve
+title: '[BUG]'
+labels: 'bug, untriaged'
+assignees: ''
+---
+
+**What is the bug?**
+A clear and concise description of the bug.
+
+**How can one reproduce the bug?**
+Steps to reproduce the behavior:
+1. Go to '...'
+2. Click on '....'
+3. Scroll down to '....'
+4. See error
+
+**What is the expected behavior?**
+A clear and concise description of what you expected to happen.
+
+**What is your host/environment?**
+ - OS: [e.g. iOS]
+ - Version [e.g. 22]
+ - Plugins
+
+**Do you have any screenshots?**
+If applicable, add screenshots to help explain your problem.
+
+**Do you have any additional context?**
+Add any other context about the problem.

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,7 @@
+contact_links:
+  - name: OpenSearch Community Support
+    url: https://discuss.opendistrocommunity.dev/
+    about: Please ask and answer questions here.
+  - name: AWS/Amazon Security
+    url: https://aws.amazon.com/security/vulnerability-reporting/
+    about: Please report security vulnerabilities here.

.github/ISSUE_TEMPLATE/documentation.md

@@ -0,0 +1,11 @@
+**Is your feature request related to a problem?**
+A new feature has been added.
+
+**What solution would you like?**
+Document the usage of the new feature.
+
+**What alternatives have you considered?**
+N/A
+
+**Do you have any additional context?**
+_Add any other context or screenshots about the feature request here._

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,18 @@
+---
+name: 🎆 Feature request
+about: Request a feature in this project
+title: '[FEATURE]'
+labels: 'enhancement, untriaged'
+assignees: ''
+---
+**Is your feature request related to a problem?**
+A clear and concise description of what the problem is, e.g. _I'm always frustrated when [...]_
+
+**What solution would you like?**
+A clear and concise description of what you want to happen.
+
+**What alternatives have you considered?**
+A clear and concise description of any alternative solutions or features you've considered.
+
+**Do you have any additional context?**
+Add any other context or screenshots about the feature request here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,15 @@
+### Description
+[Describe what this change achieves]
+
+### Issues Resolved
+[List any issues this PR will resolve]
+
+### Check List
+- [ ] New functionality includes testing.
+  - [ ] All tests pass
+- [ ] New functionality has been documented.
+  - [ ] New functionality has javadoc added
+- [ ] Commits are signed per the DCO using --signoff 
+
+By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
+For more information on following Developer Certificate of Origin and signing off your commits, please check [here](https://github.com/opensearch-project/OpenSearch/blob/main/CONTRIBUTING.md#developer-certificate-of-origin).

.github/workflows/ci.yml

@@ -0,0 +1,40 @@
+name: Build and Test
+on:
+  push:
+    branches:
+      - "*"
+  pull_request:
+    branches:
+      - "*"
+
+jobs:
+  build:
+    strategy:
+      matrix:
+        java: [11, 17]
+
+    name: Build and Test
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup Java ${{ matrix.java }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+
+      - name: Build and Test
+        run: |
+          ./gradlew build
+
+      - name: Publish to Maven Local
+        run: |
+          ./gradlew publishToMavenLocal
+          
+      - name: Upload Coverage Report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+

.github/workflows/dco.yml

@@ -0,0 +1,18 @@
+name: Developer Certificate of Origin Check
+
+on: [pull_request]
+
+jobs:
+  check:
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Get PR Commits
+      id: 'get-pr-commits'
+      uses: tim-actions/[email protected]
+      with:
+        token: ${{ secrets.GITHUB_TOKEN }}
+    - name: DCO Check
+      uses: tim-actions/[email protected]
+      with:
+        commits: ${{ steps.get-pr-commits.outputs.commits }}

.github/workflows/version.yml

@@ -0,0 +1,53 @@
+name: Increment Version
+
+on:
+  push:
+    tags:
+      - '*.*.*.*'
+
+jobs:  
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: GitHub App token
+        id: github_app_token
+        uses: tibdex/[email protected]
+        with:
+          app_id: ${{ secrets.APP_ID }}
+          private_key: ${{ secrets.APP_PRIVATE_KEY }}
+          installation_id: 22958780
+
+      - uses: actions/checkout@v2
+      - name: Fetch Tag and Version Information
+        run: |
+          TAG=$(echo "${GITHUB_REF#refs/*/}")
+          CURRENT_VERSION_ARRAY=($(echo "$TAG" | tr . '\n'))
+          BASE=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:2}")
+          CURRENT_VERSION=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:3}")
+          CURRENT_VERSION_ARRAY[2]=$((CURRENT_VERSION_ARRAY[2]+1))
+          NEXT_VERSION=$(IFS=. ; echo "${CURRENT_VERSION_ARRAY[*]:0:3}")
+          echo "TAG=$TAG" >> $GITHUB_ENV
+          echo "BASE=$BASE" >> $GITHUB_ENV
+          echo "CURRENT_VERSION=$CURRENT_VERSION" >> $GITHUB_ENV
+          echo "NEXT_VERSION=$NEXT_VERSION" >> $GITHUB_ENV
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ env.BASE }}
+          token: ${{ steps.github_app_token.outputs.token }}
+
+      - name: Increment Version
+        run: |
+          echo Incrementing $CURRENT_VERSION to $NEXT_VERSION
+          sed -i "s/$CURRENT_VERSION-SNAPSHOT/$NEXT_VERSION-SNAPSHOT/g" build.gradle
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ steps.github_app_token.outputs.token }}
+          base: ${{ env.BASE }}
+          commit-message: Incremented version to ${{ env.NEXT_VERSION }}
+          signoff: true
+          delete-branch: true
+          title: '[AUTO] Incremented version to ${{ env.NEXT_VERSION }}.'
+          body: |
+            I've noticed that a new tag ${{ env.TAG }} was pushed, and incremented the version from ${{ env.CURRENT_VERSION }} to ${{ env.NEXT_VERSION }}.

.gitignore

@@ -0,0 +1,11 @@
+buildSrc/libs
+.gradle/
+build/
+.idea/
+!.idea/codeStyles/codeStyleConfig.xml
+.DS_Store
+*.log
+out/
+.project
+.settings
+.vscode

build-tools/opensearchplugin-coverage.gradle

@@ -0,0 +1,49 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * OpenSearch Plugin build tools don't work with the Gradle Jacoco Plugin to report coverage out of the box.
+ * https://github.com/elastic/elasticsearch/issues/28867.
+ *
+ * This code sets up coverage reporting manually for OpenSearch plugin tests. This is complicated because:
+ *  1. The OpenSearch integTest Task doesn't implement Gradle's JavaForkOptions so we have to manually start the jacoco agent with the test JVM
+ *  2. The cluster nodes are stopped using 'kill -9' which means jacoco can't dump it's execution output to a file on VM shutdown
+ *  3. The Java Security Manager prevents JMX from writing execution output to the file.
+ *
+ *  To workaround these we start the cluster with jmx enabled and then use Jacoco's JMX MBean to get the execution data before the
+ *  cluster is stopped and dump it to a file. Luckily our current security policy seems to allow this. This will also probably
+ *  break if there are multiple nodes in the integTestCluster. But for now... it sorta works. 
+ */
+apply plugin: 'jacoco'
+
+// Get gradle to generate the required jvm agent arg for us using a dummy tasks of type Test. Unfortunately Elastic's
+// testing tasks don't derive from Test so the jacoco plugin can't do this automatically.
+def jacocoDir = "${buildDir}/jacoco"
+task dummyTest(type: Test) {
+    enabled = false
+    workingDir = file("/") // Force absolute path to jacoco agent jar
+    jacoco {
+        destinationFile = file("${jacocoDir}/test.exec")
+        destinationFile.parentFile.mkdirs()
+        jmx = true
+    }
+}
+
+jacocoTestReport {
+    dependsOn test
+    executionData dummyTest.jacoco.destinationFile
+    getSourceDirectories().from(sourceSets.main.allSource)
+    getClassDirectories().from(sourceSets.main.output)
+    reports {
+        html.enabled = true // human readable
+        xml.enabled = true // for coverlay
+    }
+}
+
+project.gradle.projectsEvaluated {
+    jacocoTestReport.dependsOn test
+}
+
+check.dependsOn jacocoTestReport

build-tools/repositories.gradle

@@ -0,0 +1,8 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+repositories {
+    mavenCentral()
+}