Merge branch 'main' into upgradeBackport

Signed-off-by: Chase <[email protected]>

.github/CODEOWNERS

@@ -1 +1 @@
-* @amsiglan @awshurneyt @getsaurabh02 @lezzago @praveensameneni @sbcd90 @eirsep
+* @amsiglan @AWSHurneyt @getsaurabh02 @lezzago @praveensameneni @sbcd90 @eirsep @jowg-amazon @engechas @goyamegh @riysaxen-amzn

.github/ISSUE_TEMPLATE/config.yml

@@ -4,4 +4,4 @@ contact_links:
     about: Please ask and answer questions here.
   - name: AWS/Amazon Security
     url: https://aws.amazon.com/security/vulnerability-reporting/
-    about: Please report security vulnerabilities here.
+    about: Please report security vulnerabilities here.

.github/workflows/add-untriaged.yml

@@ -1,19 +1,19 @@
-name: Apply 'untriaged' label during issue lifecycle
-
-on:
-  issues:
-    types: [opened, reopened, transferred]
-
-jobs:
-  apply-label:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/github-script@v6
-        with:
-          script: |
-            github.rest.issues.addLabels({
-              issue_number: context.issue.number,
-              owner: context.repo.owner,
-              repo: context.repo.repo,
-              labels: ['untriaged']
-            })
+name: Apply 'untriaged' label during issue lifecycle
+
+on:
+  issues:
+    types: [opened, reopened, transferred]
+
+jobs:
+  apply-label:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v6
+        with:
+          script: |
+            github.rest.issues.addLabels({
+              issue_number: context.issue.number,
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              labels: ['untriaged']
+            })

.github/workflows/backport.yml

@@ -28,4 +28,4 @@ jobs:
           github_token: ${{ steps.github_app_token.outputs.token }}
           branch_name: backport/backport-${{ github.event.number }}
           labels_template: "<%= JSON.stringify([...labels, 'autocut']) %>"
-          failure_labels: "failed backport"
+          failure_labels: "failed backport"

.github/workflows/ci.yml

@@ -8,21 +8,78 @@ on:
       - "*"
 
 jobs:
-  build:
+  Get-CI-Image-Tag:
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
+    with:
+      product: opensearch
+
+  build-linux:
+    needs: Get-CI-Image-Tag
+    strategy:
+      matrix:
+        java: [11, 17]
+        os: [ ubuntu-latest ]
+    name: Build and Test security-analytics with JDK ${{ matrix.java }} on ${{ matrix.os }}
+    runs-on: ${{ matrix.os }}
+    container:
+      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
+      # this image tag is subject to change as more dependencies and updates will arrive over time
+      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
+      # need to switch to root so that github actions can install runner binary on container without permission issues.
+      options: --user root
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Setup Java ${{ matrix.java }}
+        uses: actions/setup-java@v1
+        with:
+          java-version: ${{ matrix.java }}
+
+      - name: Build and Test
+        run: |
+          chown -R 1000:1000 `pwd`
+          su `id -un 1000` -c "whoami && java -version && ./gradlew build"
+
+      - name: Create Artifact Path
+        run: |
+          mkdir -p security-analytics-artifacts
+          cp ./build/distributions/*.zip security-analytics-artifacts
+
+      - name: Upload Coverage Report
+        uses: codecov/codecov-action@v1
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+
+      - name: Upload failed logs
+        uses: actions/upload-artifact@v2
+        if: failure()
+        with:
+          name: logs-ubuntu
+          path: build/testclusters/integTest-*/logs/*
+
+      - name: Upload Artifacts
+        uses: actions/upload-artifact@v1
+        with:
+          name: security-analytics-plugin-${{ matrix.os }}
+          path: security-analytics-artifacts
+
+  build-windows-macos:
     env:
       BUILD_ARGS: ${{ matrix.os_build_args }}
       WORKING_DIR: ${{ matrix.working_directory }}.
     strategy:
       matrix:
         java: [11, 17]
-        os: [ ubuntu-latest, windows-latest, macos-latest ]
+        os: [ windows-latest, macos-latest ]
         include:
           - os: windows-latest
-            os_build_args: -x integTest -x jacocoTestReport
+            os_build_args: -x jacocoTestReport
             working_directory: X:\
             os_java_options: -Xmx4096M
           - os: macos-latest
-            os_build_args: -x integTest -x jacocoTestReport
+            os_build_args: -x jacocoTestReport
 
     name: Build and Test security-analytics with JDK ${{ matrix.java }} on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
@@ -53,19 +110,6 @@ jobs:
           mkdir -p security-analytics-artifacts
           cp ./build/distributions/*.zip security-analytics-artifacts
 
-      - name: Upload Coverage Report
-        if: ${{ matrix.os == 'ubuntu-latest' }}
-        uses: codecov/codecov-action@v1
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-
-      - name: Upload failed logs
-        uses: actions/upload-artifact@v2
-        if: ${{ failure() && matrix.os == 'ubuntu-latest' }}
-        with:
-          name: logs-ubuntu
-          path: build/testclusters/integTest-*/logs/*
-
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: ${{ failure() && matrix.os == 'macos-latest' }}
@@ -84,4 +128,4 @@ jobs:
         uses: actions/upload-artifact@v1
         with:
           name: security-analytics-plugin-${{ matrix.os }}
-          path: security-analytics-artifacts
+          path: security-analytics-artifacts

.github/workflows/delete_backport_branch.yml

@@ -17,4 +17,4 @@ jobs:
       - name: Delete merged branch
         uses: SvanBoxel/delete-merged-branch@main
         env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/multi-node-test-workflow.yml

@@ -9,14 +9,27 @@ on:
       - "*"
 
 jobs:
-  build:
+  Get-CI-Image-Tag:
+    uses: opensearch-project/opensearch-build/.github/workflows/get-ci-image-tag.yml@main
+    with:
+      product: opensearch
+
+  build-linux:
+    needs: Get-CI-Image-Tag
     strategy:
       matrix:
-        java: [ 11, 17 ]
+        java: [ 11, 17, 21 ]
     # Job name
-    name: Build and test Security Analytics
+    name: Build and test Security Analytics on linux
     # This job runs on Linux
     runs-on: ubuntu-latest
+    container:
+      # using the same image which is used by opensearch-build team to build the OpenSearch Distribution
+      # this image tag is subject to change as more dependencies and updates will arrive over time
+      image: ${{ needs.Get-CI-Image-Tag.outputs.ci-image-version-linux }}
+      # need to switch to root so that github actions can install runner binary on container without permission issues.
+      options: --user root
+
     steps:
       # This step uses the setup-java Github action: https://github.com/actions/setup-java
       - name: Set Up JDK ${{ matrix.java }}
@@ -27,10 +40,12 @@ jobs:
       - name: Checkout Branch
         uses: actions/checkout@v2
       - name: Run integration tests with multi node config
-        run: ./gradlew integTest -PnumNodes=3
+        run: |
+          chown -R 1000:1000 `pwd`
+          su `id -un 1000` -c "./gradlew integTest -PnumNodes=3"
       - name: Upload failed logs
         uses: actions/upload-artifact@v2
         if: failure()
         with:
           name: logs
-          path: build/testclusters/integTest-*/logs/*
+          path: build/testclusters/integTest-*/logs/*

.github/workflows/security-test-workflow.yml

@@ -7,12 +7,14 @@ on:
   push:
     branches:
       - "*"
+env:
+  OPENSEARCH_INITIAL_ADMIN_PASSWORD: myStrongPassword123!
 
 jobs:
   build:
     strategy:
       matrix:
-        java: [ 11, 17 ]
+        java: [ 11, 17, 21 ]
     # Job name
     name: Build and test SecurityAnalytics
     # This job runs on Linux
@@ -69,20 +71,20 @@ jobs:
         if: env.imagePresent == 'true'
         run: |
           cd ..
-          docker run -p 9200:9200 -d -p 9600:9600 -e "discovery.type=single-node" opensearch-security-analytics:test
+          docker run -p 9200:9200 -d -p 9600:9600 -e OPENSEARCH_INITIAL_ADMIN_PASSWORD=${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} -e "discovery.type=single-node" opensearch-security-analytics:test
           sleep 120
 
       - name: Run SecurityAnalytics Test for security enabled test cases
         if: env.imagePresent == 'true'
         run: |
-          cluster_running=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure`
+          cluster_running=`curl -XGET https://localhost:9200/_cat/plugins -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure`
           echo $cluster_running
-          security=`curl -XGET https://localhost:9200/_cat/plugins -u admin:admin --insecure |grep opensearch-security|wc -l`
+          security=`curl -XGET https://localhost:9200/_cat/plugins -u admin:${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }} --insecure |grep opensearch-security|wc -l`
           echo $security
           if [ $security -gt 0 ]
           then
             echo "Security plugin is available"
-            ./gradlew :integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dhttps=true -Duser=admin -Dpassword=admin          
+            ./gradlew :integTest -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername=docker-cluster -Dhttps=true -Duser=admin -Dpassword=${{ env.OPENSEARCH_INITIAL_ADMIN_PASSWORD }}
           else
             echo "Security plugin is NOT available skipping this run as tests without security have already been run"
           fi

.github/workflows/version.yml

@@ -5,7 +5,7 @@ on:
     tags:
       - '*.*.*.*'
 
-jobs:  
+jobs:
   build:
     runs-on: ubuntu-latest
     steps:
@@ -50,4 +50,4 @@ jobs:
           delete-branch: true
           title: '[AUTO] Incremented version to ${{ env.NEXT_VERSION }}.'
           body: |
-            I've noticed that a new tag ${{ env.TAG }} was pushed, and incremented the version from ${{ env.CURRENT_VERSION }} to ${{ env.NEXT_VERSION }}.
+            I've noticed that a new tag ${{ env.TAG }} was pushed, and incremented the version from ${{ env.CURRENT_VERSION }} to ${{ env.NEXT_VERSION }}.

DEVELOPER_GUIDE.md

@@ -0,0 +1,64 @@
+- [Developer Guide](#developer-guide)
+  - [Forking and Cloning](#forking-and-cloning)
+  - [Install Prerequisites](#install-prerequisites)
+    - [JDK 11](#jdk-11)
+    - [JDK 14](#jdk-14)
+  - [Setup](#setup)
+  - [Build](#build)
+    - [Building from the command line](#building-from-the-command-line)
+    - [Building from the IDE](#building-from-the-ide)
+
+## Developer Guide
+
+### Forking and Cloning
+
+Fork this repository on GitHub, and clone locally with `git clone`.
+
+### Install Prerequisites
+
+#### JDK 11
+
+OpenSearch builds using Java 11 at a minimum, using the Adoptium distribution. This means you must have a JDK 11 installed with the environment variable `JAVA_HOME` referencing the path to Java home for your JDK 11 installation, e.g. `JAVA_HOME=/usr/lib/jvm/jdk-11`. This is configured in [buildSrc/build.gradle](buildSrc/build.gradle) and [distribution/tools/java-version-checker/build.gradle](distribution/tools/java-version-checker/build.gradle).
+
+```
+allprojects {
+  targetCompatibility = JavaVersion.VERSION_11
+  sourceCompatibility = JavaVersion.VERSION_11
+}
+```
+
+```
+sourceCompatibility = JavaVersion.VERSION_11
+targetCompatibility = JavaVersion.VERSION_11
+```
+
+Download Java 11 from [here](https://adoptium.net/releases.html?variant=openjdk11).
+
+#### JDK 14
+
+To run the full suite of tests, download and install [JDK 14](https://jdk.java.net/archive/) and set `JAVA11_HOME`, and `JAVA14_HOME`.
+
+### Setup
+
+1. Clone the repository (see [Forking and Cloning](#forking-and-cloning))
+2. Make sure `JAVA_HOME` is pointing to a Java 11 JDK (see [Install Prerequisites](#install-prerequisites))
+3. Launch Intellij IDEA, Choose Import Project and select the settings.gradle file in the root of this package.
+
+### Build
+
+This package uses the [Gradle](https://docs.gradle.org/current/userguide/userguide.html) build system. Gradle comes with excellent documentation that should be your first stop when trying to figure out how to operate or modify the build. We also use the OpenSearch build tools for Gradle. These tools are idiosyncratic and don't always follow the conventions and instructions for building regular Java code using Gradle. Not everything in this package will work the way it's described in the Gradle documentation. If you encounter such a situation, the OpenSearch build tools [source code](https://github.com/opensearch-project/OpenSearch/tree/main/buildSrc/src/main/groovy/org/opensearch/gradle) is your best bet for figuring out what's going on.
+
+#### Building from the command line
+
+1. `./gradlew build` builds and tests all subprojects.
+2. `./gradlew run` launches a single node cluster with the security analytics plugin installed.
+
+When launching a cluster using one of the above commands, logs are placed in `build/testclusters/integTest-0/logs/`. Though the logs are teed to the console, in practice it's best to check the actual log file.
+
+#### Building from the IDE
+
+Currently, the only IDE we support is IntelliJ IDEA.  It's free, it's open source, it works. The gradle tasks above can also be launched from IntelliJ's Gradle toolbar and the extra parameters can be passed in via the Launch Configurations VM arguments.
+
+### Backport
+
+- [Link to backport documentation](https://github.com/opensearch-project/opensearch-plugins/blob/main/BACKPORT.md)

MAINTAINERS.md

@@ -4,12 +4,16 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
 
 ## Current Maintainers
 
-| Maintainer       | GitHub ID                                             | Affiliation |
-| ---------------- | ----------------------------------------------------- | ----------- |
-| Ashish Agrawal   | [lezzago](https://github.com/lezzago)                 | Amazon      |
-| Subhobrata Dey   | [sbcd90](https://github.com/sbcd90)                   | Amazon      |
-| Thomas Hurney    | [awshurneyt](https://github.com/AWSHurneyt)       | Amazon      |
-| Surya Sashank Nistala    | [eirsep](https://github.com/eirsep)       | Amazon      |
-| Praveen Sameneni | [praveensameneni](https://github.com/praveensameneni) | Amazon      |
-| Amardeepsingh Siglani    | [amsiglan](https://github.com/amsiglan)       | Amazon      |
-| Saurabh Singh    | [getsaurabh02](https://github.com/getsaurabh02)       | Amazon      |
+| Maintainer            | GitHub ID                                             | Affiliation |
+|-----------------------|-------------------------------------------------------| ----------- |
+| Ashish Agrawal        | [lezzago](https://github.com/lezzago)                 | Amazon      |
+| Subhobrata Dey        | [sbcd90](https://github.com/sbcd90)                   | Amazon      |
+| Thomas Hurney         | [AWSHurneyt](https://github.com/AWSHurneyt)           | Amazon      |
+| Surya Sashank Nistala | [eirsep](https://github.com/eirsep)                   | Amazon      |
+| Praveen Sameneni      | [praveensameneni](https://github.com/praveensameneni) | Amazon      |
+| Amardeepsingh Siglani | [amsiglan](https://github.com/amsiglan)               | Amazon      |
+| Saurabh Singh         | [getsaurabh02](https://github.com/getsaurabh02)       | Amazon      |
+| Joanne Wang           | [jowg-amazon](https://github.com/jowg-amazon)         | Amazon      |
+| Chase Engelbrecht     | [engechas](https://github.com/engechas)               | Amazon      |
+| Megha Goyal           | [goyamegh](https://github.com/goyamegh)               | Amazon      |
+| Riya Saxena           | [riysaxen-amzn](https://github.com/riysaxen-amzn)     | Amazon      |