Refactor IdentityAwarePlugin interface to be assigned a client for executing actions

[cwperks]

Description

Opening up this PR for discussion about a change in the interface that was introduced to formalize how plugins should interact with their own System Indices.

In the previous PR, there was a concept of a PluginSubject that was introduced that was assigned to IdentityAwarePlugins that could be used as a drop in replacement for try (ThreadContext.StoredContext ctx = threadContext.stashContext()) { ... } which is the pattern prevalently used for programmatic system index access.

There was discussion on that PR against introducing a separate client to make calls that execute actions in the context of the plugin's identity vs the authenticated user context. i.e. stashContext is a method to effectively switch contexts where plugins behave as the system and run without authz checks which allows access to a system index. There is an effort to put stronger mechanisms in place to perform authz checks when plugins switch context to better sandbox plugins and empower system administrators with information at installation-time with access that a plugin needs to operate normally.

Opening up this PR in response to a review comment that brings up reasons to pursue a solution with a separate client. This PR creates a subclass of FilterClient (called RunAsClient) that stashes the context prior to execution and action and restoring the original context before delegating back to the corresponding ActionListener's onResponse or onFailure method.

Related Issues

Related to opensearch-project/security#4439

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

This is the main reason for introducing this PR, to ensure that the original context is restored when an action is completed.

When the Security Plugin provides its implementation of a RunAsClient, it would inject a user corresponding to the plugin before doExecute and restore the original context (including authenticated user info) before calling the original actionListener's onResponse or onFailure.

[cwperks]

I created a PR on my own fork of the security plugin to demonstrate how the changes would be integrated into a sample plugin: cwperks/security#40

[github-actions]

❌ Gradle check result for 2765e88: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[cwperks]

This isn't an instance of a new client, its a wrapper around that local node client initialized in Node.java that overrides the doExecute method.

In particular, this is the default implementation that stashes the context prior to executing an action and restores it prior to delegating back to the original actionListener's onResponse or onFailure.

[github-actions]

❕ Gradle check result for be4b7a5: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[codecov]

Codecov Report

Attention: Patch coverage is 74.07407% with 7 lines in your changes missing coverage. Please review.

Project coverage is 72.15%. Comparing base (d7641ca) to head (9439a0e).
Report is 6 commits behind head on main.

Files with missing lines	Patch %	Lines
...opensearch/identity/shiro/ShiroIdentityPlugin.java	0.00%	2 Missing ⚠️
.../java/org/opensearch/identity/IdentityService.java	60.00%	2 Missing ⚠️
...g/opensearch/identity/noop/NoopIdentityPlugin.java	66.66%	1 Missing ⚠️
...va/org/opensearch/plugins/IdentityAwarePlugin.java	0.00%	1 Missing ⚠️
...in/java/org/opensearch/plugins/PluginsService.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #16976      +/-   ##
============================================
+ Coverage     72.11%   72.15%   +0.03%     
- Complexity    65151    65161      +10     
============================================
  Files          5299     5297       -2     
  Lines        303534   303537       +3     
  Branches      43941    43941              
============================================
+ Hits         218900   219017     +117     
+ Misses        66648    66499     -149     
- Partials      17986    18021      +35     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

❕ Gradle check result for 7a20d21: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

❕ Gradle check result for ad3fbb6: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

✅ Gradle check result for 9439a0e: SUCCESS

[cwperks]

@reta I raised this PR based on a review comment when implementing this interface in the security plugin. I know we discussed the 2 client approach previously, but I think @nibix raises a good point about restoring the context in the action listener. By using the FilterClient it wraps the existing client passed to plugins in createComponents so it really is a wrapper around the client that ensures that the security plugin can inject an identity after stashing the ThreadContext and then restoring before onResponse or onFailure is called.

[reta]

@reta I raised this PR based on a review comment when implementing this interface in the security plugin. I know we discussed the 2 client approach previously, but I think @nibix raises a good point about restoring the context in the action listener.

@cwperks thanks for continue working on it, I sadly don't have much time this week for reviews but will try to get to it asap, thanks