Security Workflow

[bowenlan-amzn]

Issue #, if available:
#612

Description of changes:

During 2.4 release, we only caught this bug #608 until Infra runs security test. A code change was made in security enabled code path, but we don't have security test running along with each PR.

This PR dives deep into the way of running security test using github workflow and resolve the long standing problem of SSL connection error when directly run security test using integTest task.

• after we can consume Add a super admin client builder w/ hosts params common-utils#322 (available in 2.5.0), we can update the security workflow to directly run ./gradlew integTest -Dsecurity=true.
  • Update .github/workflows/security-test-workflow.yml
  • Update https://github.com/opensearch-project/index-management/pull/611/files?show-viewed-files=true&file-filters%5B%5D=#diff-321cef475aabba0368bf73c4d871df50685b7d0be7159373f278dbdcaa3fe889R53-R55

CheckList:

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov-commenter]

Codecov Report

Merging #611 (d65b85e) into main (a21e4a6) will decrease coverage by 0.07%.
The diff coverage is 50.00%.

@@             Coverage Diff              @@
##               main     #611      +/-   ##
============================================
- Coverage     75.32%   75.24%   -0.08%     
+ Complexity     2605     2588      -17     
============================================
  Files           330      330              
  Lines         15111    15115       +4     
  Branches       2337     2338       +1     
============================================
- Hits          11382    11374       -8     
+ Misses         2397     2396       -1     
- Partials       1332     1345      +13     

Impacted Files	Coverage Δ
...transport/action/explain/TransportExplainAction.kt	70.75% <0.00%> (ø)
.../rollup/action/index/TransportIndexRollupAction.kt	72.09% <0.00%> (ø)
...agement/indexstatemanagement/ManagedIndexRunner.kt	47.13% <60.00%> (+1.35%)	⬆️
...ensearch/indexmanagement/util/JobSchedulerUtils.kt	73.91% <100.00%> (ø)
...statemanagement/validation/ValidateReplicaCount.kt	0.00% <0.00%> (-32.15%)	⬇️
...nt/indexstatemanagement/model/destination/Slack.kt	55.55% <0.00%> (-22.23%)	⬇️
...ndexstatemanagement/validation/ActionValidation.kt	86.66% <0.00%> (-13.34%)	⬇️
...ndexstatemanagement/validation/ValidateRollover.kt	66.66% <0.00%> (-9.53%)	⬇️
...dexmanagement/transform/model/TransformMetadata.kt	83.49% <0.00%> (-8.74%)	⬇️
.../indexstatemanagement/validation/ValidateDelete.kt	47.05% <0.00%> (-5.89%)	⬇️
... and 15 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[opensearch-trigger-bot]

The backport to 2.4 failed:

The process '/usr/bin/git' failed with exit code 1

To backport manually, run these commands in your terminal:

# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add .worktrees/backport-2.4 2.4
# Navigate to the new working tree
cd .worktrees/backport-2.4
# Create a new branch
git switch --create backport/backport-611-to-2.4
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 f2a9fa6ef05227f3c048b5e59a5852b18c1e98e1
# Push it to GitHub
git push --set-upstream origin backport/backport-611-to-2.4
# Go back to the original working tree
cd ../..
# Delete the working tree
git worktree remove .worktrees/backport-2.4

Then, create a pull request where the base branch is 2.4 and the compare/head branch is backport/backport-611-to-2.4.