[Feature/Identity] Prototype Internal IdP (#4659)

* Experiment with creating internal realm in OS

Signed-off-by: Craig Perkins <cwperx@amazon.com>

CHANGELOG.md

@@ -35,6 +35,7 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Identity] Add detail to identity roadmap items ([#4641](https://github.com/opensearch-project/OpenSearch/pull/4641))
 - [Identity] Switch to smaller license header for all identity files ([#4657](https://github.com/opensearch-project/OpenSearch/pull/4657))
 - [Identity] Include scrawfor99 to the identity team ([#4658](https://github.com/opensearch-project/OpenSearch/pull/4658))
+- [Identity] Prototype Internal IdP ([#4659](https://github.com/opensearch-project/OpenSearch/pull/4659))
 
 ### Dependencies
 - Bumps `log4j-core` from 2.18.0 to 2.19.0
@@ -125,11 +126,8 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 - [Bug]: Alias filter lost after rollover ([#4499](https://github.com/opensearch-project/OpenSearch/pull/4499))
 - Attempt to fix Github workflow for Gradle Check job ([#4679](https://github.com/opensearch-project/OpenSearch/pull/4679))
 - Fix flaky DecommissionControllerTests.testTimesOut ([4683](https://github.com/opensearch-project/OpenSearch/pull/4683))
-<<<<<<< HEAD
-=======
 - Fix new race condition in DecommissionControllerTests ([4688](https://github.com/opensearch-project/OpenSearch/pull/4688))
 - Fix SearchStats (de)serialization (caused by https://github.com/opensearch-project/OpenSearch/pull/4616) ([#4697](https://github.com/opensearch-project/OpenSearch/pull/4697))
->>>>>>> origin/main
 
 ### Security
 

distribution/tools/plugin-cli/build.gradle

@@ -33,11 +33,15 @@ apply plugin: 'opensearch.build'
 archivesBaseName = 'opensearch-plugin-cli'
 
 dependencies {
-  compileOnly project(":server")
+  compileOnly(project(":server")) {
+    exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+  }
   compileOnly project(":libs:opensearch-cli")
   api "org.bouncycastle:bcpg-fips:1.0.5.1"
   api "org.bouncycastle:bc-fips:1.0.2.3"
-  testImplementation project(":test:framework")
+  testImplementation(project(":test:framework")) {
+    exclude group: 'org.bouncycastle', module: 'bcprov-jdk15on'
+  }
   testImplementation 'com.google.jimfs:jimfs:1.2'
   testRuntimeOnly 'com.google.guava:guava:31.1-jre'
 }
@@ -78,3 +82,5 @@ thirdPartyAudit.ignoreViolations(
   'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator',
   'org.bouncycastle.jcajce.provider.ProvSunTLSKDF$TLSExtendedMasterSecretGenerator$2'
 )
+
+jarHell.enabled = false

gradle.properties

@@ -34,3 +34,5 @@ systemProp.jdk.tls.client.protocols=TLSv1.2
 
 # jvm args for faster test execution by default
 systemProp.tests.jvm.argline=-XX:TieredStopAtLevel=1 -XX:ReservedCodeCacheSize=64m
+
+systemProp.sandbox.enabled=true

gradle/missing-javadoc.gradle

@@ -105,6 +105,7 @@ configure([
   project(":libs:opensearch-secure-sm"),
   project(":libs:opensearch-ssl-config"),
   project(":libs:opensearch-x-content"),
+  project(":sandbox:libs:opensearch-authn"),
   project(":modules:aggs-matrix-stats"),
   project(":modules:analysis-common"),
   project(":modules:geo"),

modules/transport-netty4/build.gradle

@@ -176,13 +176,6 @@ thirdPartyAudit {
     'org.jboss.marshalling.MarshallingConfiguration',
     'org.jboss.marshalling.Unmarshaller',
 
-    // from io.netty.util.internal.logging.InternalLoggerFactory (netty) - it's optional
-    'org.slf4j.helpers.FormattingTuple',
-    'org.slf4j.helpers.MessageFormatter',
-    'org.slf4j.Logger',
-    'org.slf4j.LoggerFactory',
-    'org.slf4j.spi.LocationAwareLogger',
-
     'com.github.luben.zstd.Zstd',
     'com.google.protobuf.ExtensionRegistryLite',
     'com.google.protobuf.MessageLiteOrBuilder',

plugins/transport-nio/build.gradle

@@ -64,7 +64,7 @@ thirdPartyAudit {
     'com.aayushatharva.brotli4j.encoder.Encoders',
     'com.aayushatharva.brotli4j.encoder.Encoder$Mode',
     'com.aayushatharva.brotli4j.encoder.Encoder$Parameters',
-    
+
     // from io.netty.handler.codec.protobuf.ProtobufDecoder (netty)
     'com.google.protobuf.ExtensionRegistry',
     'com.google.protobuf.MessageLite$Builder',
@@ -103,13 +103,6 @@ thirdPartyAudit {
     'org.jboss.marshalling.MarshallingConfiguration',
     'org.jboss.marshalling.Unmarshaller',
 
-    // from io.netty.util.internal.logging.InternalLoggerFactory (netty) - it's optional
-    'org.slf4j.helpers.FormattingTuple',
-    'org.slf4j.helpers.MessageFormatter',
-    'org.slf4j.Logger',
-    'org.slf4j.LoggerFactory',
-    'org.slf4j.spi.LocationAwareLogger',
-
     'com.github.luben.zstd.Zstd',
     'com.google.protobuf.ExtensionRegistryLite',
     'com.google.protobuf.MessageLiteOrBuilder',

sandbox/libs/authn/build.gradle

@@ -0,0 +1,69 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ *
+ * Modifications Copyright OpenSearch Contributors. See
+ * GitHub history for details.
+ */
+
+apply plugin: 'opensearch.build'
+apply plugin: 'opensearch.publish'
+
+dependencies {
+  implementation "com.fasterxml.jackson.core:jackson-core:${versions.jackson}"
+  implementation "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:${versions.jackson}"
+  implementation "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
+  implementation "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}"
+
+  implementation 'org.apache.shiro:shiro-core:1.9.1'
+  // Needed for shiro
+  implementation "org.slf4j:slf4j-api:${versions.slf4j}"
+  implementation "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
+
+  testImplementation(project(":test:framework")) {
+    exclude group: 'org.opensearch.sandbox', module: 'opensearch-authn'
+  }
+}
+
+tasks.named('forbiddenApisMain').configure {
+  replaceSignatureFiles 'jdk-signatures'
+}
+
+tasks.named("dependencyLicenses").configure {
+  mapping from: /jackson-.*/, to: 'jackson'
+}
+
+thirdPartyAudit.ignoreMissingClasses(
+  'org.apache.commons.beanutils.BeanUtilsBean',
+  'org.apache.commons.beanutils.ConvertUtilsBean',
+  'org.apache.commons.beanutils.PropertyUtilsBean',
+  'org.apache.commons.beanutils.SuppressPropertiesBeanIntrospector',
+  'org.apache.commons.configuration2.interpol.ConfigurationInterpolator',
+  'org.slf4j.impl.StaticLoggerBinder',
+  'org.slf4j.impl.StaticMDCBinder',
+  'org.slf4j.impl.StaticMarkerBinder',
+  'org.yaml.snakeyaml.DumperOptions',
+  'org.yaml.snakeyaml.DumperOptions$FlowStyle',
+  'org.yaml.snakeyaml.DumperOptions$LineBreak',
+  'org.yaml.snakeyaml.DumperOptions$ScalarStyle',
+  'org.yaml.snakeyaml.DumperOptions$Version',
+  'org.yaml.snakeyaml.emitter.Emitter',
+  'org.yaml.snakeyaml.error.Mark',
+  'org.yaml.snakeyaml.error.MarkedYAMLException',
+  'org.yaml.snakeyaml.error.YAMLException',
+  'org.yaml.snakeyaml.events.AliasEvent',
+  'org.yaml.snakeyaml.events.CollectionStartEvent',
+  'org.yaml.snakeyaml.events.Event',
+  'org.yaml.snakeyaml.events.Event$ID',
+  'org.yaml.snakeyaml.events.ImplicitTuple',
+  'org.yaml.snakeyaml.events.MappingStartEvent',
+  'org.yaml.snakeyaml.events.NodeEvent',
+  'org.yaml.snakeyaml.events.ScalarEvent',
+  'org.yaml.snakeyaml.nodes.NodeId',
+  'org.yaml.snakeyaml.nodes.Tag',
+  'org.yaml.snakeyaml.parser.ParserImpl',
+  'org.yaml.snakeyaml.resolver.Resolver',
+)

plugins/ingest-attachment/licenses/bcprov-jdk15on-LICENSE.txt → sandbox/libs/authn/licenses/bcprov-jdk15on-LICENSE.txt

@@ -20,4 +20,3 @@ AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 THE SOFTWARE.
-

sandbox/libs/authn/licenses/jackson-core-2.13.4.jar.sha1

@@ -0,0 +1 @@
+0cf934c681294b97ef6d80082faeefbe1edadf56