[DRAFT] [Feature]Introduces ability to control access to and share resources

[DarshitChanpura]

Work in Progress.

companion PR: opensearch-project/security#4746

Description

This PR introduces a new capability to enable access-control and sharing of resources. This PR introduces:

1. Interfaces to be extended by security plugin for concrete implementation, and to be used by plugins when authorizing the requested resources.
2. Adds a No-op implementation when security plugin is not enabled.

At present, plugins have implemented in-house authorization mechanisms to control access to their resources. This framework enables capability to have a centralized resource-authorization framework.

Please review feature proposal here that discusses the problem-statement and design approach. opensearch-project/security#4500

Plugins will leverage the APIs introduced here to check user access to resources.

To-do items:

• Add integration tests
• Add end-to-end tests

Documentation website will follow.

Related Issues

• Related to [Proposal] Resource Permissions and Sharing security#4500

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

❌ Gradle check result for fba48ab: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 6a6e6f7: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for 566913a: SUCCESS

[codecov]

Codecov Report

Attention: Patch coverage is 5.24017% with 217 lines in your changes missing coverage. Please review.

Project coverage is 72.04%. Comparing base (c82cd2e) to head (37cacf0).
Report is 2 commits behind head on main.

Files with missing lines	Patch %	Lines
...earch/accesscontrol/resources/SharedWithScope.java	0.00%	78 Missing ⚠️
...earch/accesscontrol/resources/ResourceSharing.java	0.00%	68 Missing ⚠️
.../opensearch/accesscontrol/resources/ShareWith.java	0.00%	25 Missing ⚠️
.../opensearch/accesscontrol/resources/CreatedBy.java	0.00%	24 Missing ⚠️
...opensearch/accesscontrol/resources/EntityType.java	0.00%	8 Missing ⚠️
...earch/accesscontrol/resources/ResourceService.java	42.85%	7 Missing and 1 partial ⚠️
...earch/plugins/NoOpResourceAccessControlPlugin.java	14.28%	6 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #16030      +/-   ##
============================================
- Coverage     72.51%   72.04%   -0.48%     
+ Complexity    65562    65225     -337     
============================================
  Files          5318     5325       +7     
  Lines        303945   304173     +228     
  Branches      43976    44010      +34     
============================================
- Hits         220413   219143    -1270     
- Misses        65798    67082    +1284     
- Partials      17734    17948     +214     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

❌ Gradle check result for 0eb47ac: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

✅ Gradle check result for e313071: SUCCESS

[opensearch-trigger-bot]

This PR is stalled because it has been open for 30 days with no activity.

[github-actions]

✅ Gradle check result for 37cacf0: SUCCESS