Run IT tests with security plugin (#335)

[Yury-Fridlyand]

Description

This PR adds a new IT gradle task: integTestWithSecurity. It starts a cluster with security plugin installed (it takes latest snapshot), configures cluster, http client for tests and runs one test which required to be run with security plugin.
A new GHA is added which runs this test task.

Please, see team review and discussion in Bit-Quill#335.

Issues Resolved

fixes #1713

Check List

• New functionality includes testing.
  • All tests pass, including unit test, integration test and doctest
• New functionality has been documented.
  • New functionality has javadoc added
  • New functionality has user manual doc added
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Merging #1986 (600cbde) into main (bb3c340) will decrease coverage by 0.20%.
Report is 2 commits behind head on main.
The diff coverage is n/a.

@@             Coverage Diff              @@
##               main    #1986      +/-   ##
============================================
- Coverage     97.52%   97.33%   -0.20%     
- Complexity     4655     4656       +1     
============================================
  Files           408      408              
  Lines         11952    12063     +111     
  Branches        829      829              
============================================
+ Hits          11656    11741      +85     
- Misses          289      315      +26     
  Partials          7        7              

Flag	Coverage Δ
sql-engine	97.33% <ø> (-0.20%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 51 files with indirect coverage changes

[acarbonetto]

do we need this?

[Yury-Fridlyand]

This is a part of demo configuration, I replated it with example from docs. Not sure how/whether it works.

[cwperks]

This is the subject of the admin certificate. You most likely will not need it for doing testing using testClusters.

You would need it if you plan to use securityadmin. Copying the demo config should be fine.

[Yury-Fridlyand]

Thank you @cwperks!
I updated config and added a comment in 23c83ec.

[acarbonetto]

can you explain why this is here?

[Yury-Fridlyand]

To remove hundreds of

warning: unknown enum constant Status.STABLE

from log. Nice to have in general.

[seankao-az]

With this change, can we now safely remove this line or not?
https://github.com/opensearch-project/sql/pull/1986/files#diff-862918fc998b069454d1afe817b72a1765ad64633f8e726ef74d6517f93fda5fL309
Can we add a condition to exclude it only if security plugin is enabled

[Yury-Fridlyand]

With this change, can we now safely remove this line or not? https://github.com/opensearch-project/sql/pull/1986/files#diff-862918fc998b069454d1afe817b72a1765ad64633f8e726ef74d6517f93fda5fL309 Can we add a condition to exclude it only if security plugin is enabled

I moved this test to another directory, so it won't be executed as part of main IT task.
integTestWithSecurity runs it with security plugin on every push/PR.

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/sql/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/sql/backport-2.x
# Create a new branch
git switch --create backport/backport-1986-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 7e3a718f1b7d9100fbac2ee8317fd35042b63b39
# Push it to GitHub
git push --set-upstream origin backport/backport-1986-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/sql/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-1986-to-2.x.

[vamsimanohar]

@Yury-Fridlyand Will the integTestWithSecurity get triggered during build pipeline steps?

[Yury-Fridlyand]

@vamsi-amazon,
By jenkins? No. Should be?

[vamsimanohar]

https://github.com/opensearch-project/opensearch-build/blob/main/scripts/default/integtest.sh
Integ tests in release pipeline are triggered using above script.
Instead of having a separate command, can we use Security Enabled flag.?
Cc: @seankao-az

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/sql/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/sql/backport-2.x
# Create a new branch
git switch --create backport/backport-1986-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 7e3a718f1b7d9100fbac2ee8317fd35042b63b39
# Push it to GitHub
git push --set-upstream origin backport/backport-1986-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/sql/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-1986-to-2.x.