[Manual Backport 2.x] Manually backports auth tokens, service accounts, and multi tenancy changes

[stephen-crawford]

Description

Manually backports #2716, #2594, and #2758

PRs #2716 and #2594 were directly related with the former building off of the latter.
#2758 is a patch for the failing CI which is required for the CI to pass for this backport. There are a few dependencies on code from #2716 in #2758 so meshing the backports together is probably the most efficient way to move the code.

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

Are we backporting auth token related changes to 2.x?

nit: Can you fix the formatting related changes that were pushed?

[stephen-crawford]

@DarshitChanpura yeah, we have to. The changes are aiming for 2.9 latest.

[codecov-commenter]

Codecov Report

Merging #2737 (dff0140) into 2.x (dae8f76) will decrease coverage by 0.18%.
The diff coverage is 56.80%.

@@             Coverage Diff              @@
##                2.x    #2737      +/-   ##
============================================
- Coverage     61.27%   61.09%   -0.18%     
+ Complexity     3308     3300       -8     
============================================
  Files           268      263       -5     
  Lines         18342    18431      +89     
  Branches       3245     3259      +14     
============================================
+ Hits          11239    11261      +22     
- Misses         5527     5591      +64     
- Partials       1576     1579       +3     

Impacted Files	Coverage Δ
...g/opensearch/security/support/ConfigConstants.java	94.44% <ø> (ø)
.../security/securityconf/impl/v7/InternalUserV7.java	67.18% <21.05%> (-15.80%)	⬇️
...security/dlic/rest/api/InternalUsersApiAction.java	58.51% <26.19%> (-25.28%)	⬇️
...java/org/opensearch/security/user/UserService.java	47.57% <47.57%> (ø)
...ity/dlic/rest/api/MultiTenancyConfigApiAction.java	88.23% <88.23%> (ø)
.../opensearch/security/OpenSearchSecurityPlugin.java	80.11% <100.00%> (+0.03%)	⬆️
...security/dlic/rest/api/SecurityRestApiActions.java	95.00% <100.00%> (+0.26%)	⬆️
...c/rest/validation/MultiTenancyConfigValidator.java	100.00% <100.00%> (ø)
...opensearch/security/user/UserServiceException.java	100.00% <100.00%> (ø)

... and 3 files with indirect coverage changes

[peternied]

@scrawfor99 Can you look into the random failure? Might be related to an issue @willyborankin is looking into

I played a bit with tests and found out that if you run first TenancyDefaultTenantTests and after that TenancyPrivateTenantEnabledTests the second one will fail in JetBrains. If you re-run tests afterwards they all green. It looks like a bug in the SingleClusterTest class I will try to take a look deeper.

#2557 (comment)

[stephen-crawford]

@peternied no problem.

[willyborankin]

@scrawfor99 yes 10 seconds tiemouts in some of tests. I checked you branch there is no fix in it .

[willyborankin]

TransportUserInjectorIntegTest is a flaky test. TBH I do not know how to fix it.

[stephen-crawford]

TransportUserInjectorIntegTest is a flaky test. TBH I do not know how to fix it.

Hi @willyborankin, yeah I know that test is an issue. I am not sure the solution for fixing it off the top of my head either. For the meaintime, this PR should backport your tenancy fix as well my code changes. There were some cross dependencies which made it easier to move things back as a group.

Edit: Did not mean to close.