Merge branch 'format-feature-extensions-apply' into feature/extensions

.github/CODEOWNERS

@@ -1 +1 @@
-* @cliu123 @cwperks @DarshitChanpura @davidlago @peternied @RyanL1997 @scrawfor99 @reta
+* @cliu123 @cwperks @DarshitChanpura @davidlago @peternied @RyanL1997 @scrawfor99 @reta @willyborankin

.github/actions/create-bwc-build/action.yaml

@@ -5,7 +5,7 @@ inputs:
   plugin-branch:
     description: 'The branch of the plugin that should be built, e.g "2.2", "1.x"'
     required: true
-  
+
 outputs:
   built-version:
     description: 'The version of OpenSearch that was associated with this branch'

.github/actions/start-opensearch-with-one-plugin/action.yml

@@ -70,7 +70,7 @@ runs:
     # Run any configuration scripts
     - name: Run Setup Script for Linux
       if: ${{ runner.os == 'Linux' && inputs.setup-script-name != '' }}
-      run: | 
+      run: |
         echo "running linux setup"
         chmod +x ./${{ inputs.setup-script-name }}.sh
         ./${{ inputs.setup-script-name }}.sh

.github/workflows/delete_backport_branch.yml

@@ -1,9 +1,9 @@
 name: Delete merged branch of the backport PRs
-on: 
+on:
   pull_request:
     types:
       - closed
-  
+
 jobs:
   delete-branch:
     runs-on: ubuntu-latest

.github/workflows/plugin_install.yml

@@ -38,7 +38,7 @@ jobs:
         if: ${{ runner.os == 'Linux' }}
         run: |
           cat > setup.sh <<'EOF'
-          chmod +x  ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh 
+          chmod +x  ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh
           /bin/bash -c "yes | ./opensearch-${{ env.OPENSEARCH_VERSION }}-SNAPSHOT/plugins/${{ env.PLUGIN_NAME }}/tools/install_demo_configuration.sh"
           EOF
 

CONTRIBUTING.md

@@ -5,7 +5,7 @@
 OpenSearch is a community project that is built and maintained by people just like **you**.
 [This document](https://github.com/opensearch-project/.github/blob/main/CONTRIBUTING.md) explains how you can contribute to this and related projects.
 
-Visit the following link(s) for more information on specific practices: 
+Visit the following link(s) for more information on specific practices:
 
 - [Triaging](./TRIAGING.md)
 

DEVELOPER_GUIDE.md

@@ -48,9 +48,9 @@ The `curl localhost:9200` call should succeed again. Kill the server with `Ctrl+
 
 >Worth noting:\
 > The version of OpenSearch and the security plugin must match as there is an explicit version check at startup. This can be a bit confusing as, for example, at the time of writing this guide, the `main` branch of this security plugin builds version `3.0.0.0-SNAPSHOT` compatible with OpenSearch `3.0.0`. Check the expected compatible version in `build.gradle` file [here](https://github.com/opensearch-project/security/blob/main/build.gradle) and make sure you get the correct branch from OpenSearch when building that project.
-> 
+>
 > The line to look for: `opensearch_version = System.getProperty("opensearch.version", "x")`
-> 
+>
 > Alternatively, you can find the compatible version of OpenSearch by running in project root folder
 > ```
 > ./gradlew properties -q | grep -E '^version:' | awk '{print $2}'
@@ -164,7 +164,7 @@ Checkstyle enforces several rules within this codebase. Sometimes it will be nec
 
 *Execute Checkstyle*
 ```
-./gradlew checkstyleMain checkstyleTest 
+./gradlew checkstyleMain checkstyleTest
 ```
 
 *Example violation*

DEVELOPING_WITH_DOCKER.md

@@ -1,40 +1,40 @@
 # Developing with Docker
 
-Docker is a powerful tool that can be used to quickly spin up an OpenSearch cluster. When you follow the steps to run [OpenSearch with Docker](https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/), you will find the Security Plugin already included in the basic distribution. 
+Docker is a powerful tool that can be used to quickly spin up an OpenSearch cluster. When you follow the steps to run [OpenSearch with Docker](https://opensearch.org/docs/latest/install-and-configure/install-opensearch/docker/), you will find the Security Plugin already included in the basic distribution.
 
 - [Developing with Docker](#developing-with-docker)
     - [Configuring Security](#configuring-security)
     - [Mounting Local Volumes](#mounting-local-volumes)
     - [Example docker-compose](#example-docker-compose)
-
 
-## Configuring Security 
 
-By default, the Docker installation of OpenSearch does not enable the Security plugin. In order to enable Security development, you will need set `DISABLE_SECURITY_PLUGIN=false`, as well as change `DISABLE_INSTALL_DEMO_CONFIG` and `DISABLE_SECURITY_DASHBOARDS_PLUGIN`. This will install the demo certificates, and allow you to develop with realistic Security configurations. An example of a completely configured docker-compose file is shown below. 
+## Configuring Security
+
+By default, the Docker installation of OpenSearch does not enable the Security plugin. In order to enable Security development, you will need set `DISABLE_SECURITY_PLUGIN=false`, as well as change `DISABLE_INSTALL_DEMO_CONFIG` and `DISABLE_SECURITY_DASHBOARDS_PLUGIN`. This will install the demo certificates, and allow you to develop with realistic Security configurations. An example of a completely configured docker-compose file is shown below.
 
 > Warning: You should never use the demo certificates for a production environment. Instead, you will need to follow the steps on [configuring security](https://opensearch.org/docs/latest/security/configuration/index/) before using the cluster for production.
 
-### Mounting Local Volumes 
+### Mounting Local Volumes
 
-In order to test development changes with an OpenSearch Docker-installation, you will need to mount the volumes in your docker-compose file.  
+In order to test development changes with an OpenSearch Docker-installation, you will need to mount the volumes in your docker-compose file.
 
-To update your cluster to have local changes, follow these steps: 
+To update your cluster to have local changes, follow these steps:
 
 1. First you will need to make changes in your local `opensearch-project/security` repository. For this example, assume your fork is cloned into a directory called `security`.
-2. After you make changes to your cloned repository, you will need to run `./gradlew assemble`. This will create a `.jar` file you can mount into the Docker container. The file will be located at `./security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar`, where the `<OPENSEARCH_VERSION>` field is simply the OpenSearch distribution. 
-3. You will then need to navigate to your `docker-compose.yml` file where you are running you OpenSearch cluster from. For this example, let us assume this is in another directory called `opensearch-docker`. 
-4. Modify the compose file, so that in the `volumes:` section of each node configuration (the default configuration will have `opensearch-node1` and `opensearch-node2`), you have a new line which reads `~/security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-<OPENSEARCH_VERSION>.0.jar`. This line should be added to the volumes section of all nodes in the compose file. You will not need to add it to the `opensearch-dashboards` section. 
-5. You can now restart the Docker container by running `docker-compose down -v` and `docker-compose up`. Your changes will now be live in the OpenSearch cluster instance. 
+2. After you make changes to your cloned repository, you will need to run `./gradlew assemble`. This will create a `.jar` file you can mount into the Docker container. The file will be located at `./security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar`, where the `<OPENSEARCH_VERSION>` field is simply the OpenSearch distribution.
+3. You will then need to navigate to your `docker-compose.yml` file where you are running you OpenSearch cluster from. For this example, let us assume this is in another directory called `opensearch-docker`.
+4. Modify the compose file, so that in the `volumes:` section of each node configuration (the default configuration will have `opensearch-node1` and `opensearch-node2`), you have a new line which reads `~/security/build/distributions/opensearch-security-<OPENSEARCH_VERSION>.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-<OPENSEARCH_VERSION>.0.jar`. This line should be added to the volumes section of all nodes in the compose file. You will not need to add it to the `opensearch-dashboards` section.
+5. You can now restart the Docker container by running `docker-compose down -v` and `docker-compose up`. Your changes will now be live in the OpenSearch cluster instance.
 
-### Example docker-compose 
+### Example docker-compose
 
-This is an example of a completely configured docker-compose file for a local installation of the 2.5.0 version of OpenSearch. 
+This is an example of a completely configured docker-compose file for a local installation of the 2.5.0 version of OpenSearch.
 
 ```
 version: '3'
 services:
   opensearch-node1:
-    image: opensearchstaging/opensearch:2.5.0 # This is a image of the 2.5.0 distribution 
+    image: opensearchstaging/opensearch:2.5.0 # This is a image of the 2.5.0 distribution
     environment:
       - cluster.name=opensearch-cluster
       - node.name=opensearch-node1
@@ -58,7 +58,7 @@ services:
   #   - ./config/opensearch.yml:/usr/share/opensearch/config/opensearch.yml # These paths are relative to the location of the docker-compose file
   #   - ./config/esnode.pem:/usr/share/opensearch/config/esnode.pem
   #   - ./config/esnode-key.pem:/usr/share/opensearch/config/esnode-key.pem
-  #   - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem 
+  #   - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
   #   - ./config/opensearch-security/audit.yml:/usr/share/opensearch/config/opensearch-security/audit.yml
   #   - ./config/opensearch-security/tenants.yml:/usr/share/opensearch/config/opensearch-security/tenants.yml
   #   - /OpenSearch-Snapshots:/mnt/snapshots # This is where your snapshots would be stored
@@ -86,8 +86,8 @@ services:
    #  - ./config/root-ca.pem:/usr/share/opensearch/config/root-ca.pem
    #  - ./config/opensearch-security/audit.yml:/usr/share/opensearch/config/opensearch-security/audit.yml
    #  - ./config/opensearch-security/tenants.yml:/usr/share/opensearch/config/opensearch-security/tenants.yml
-   #  - /OpenSearch-Snapshots:/mnt/snapshots  
-   #  - /security/build/distributions/opensearch-security-2.5.0.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-2.5.0.0.jar  
+   #  - /OpenSearch-Snapshots:/mnt/snapshots
+   #  - /security/build/distributions/opensearch-security-2.5.0.0-SNAPSHOT.jar:/usr/share/opensearch/plugins/opensearch-security/opensearch-security-2.5.0.0.jar
     networks:
       - opensearch-net
   opensearch-dashboards:

MAINTAINERS.md

@@ -22,6 +22,7 @@ This document contains a list of maintainers in this repo. See [opensearch-proje
 | Ryan Liang       | [RyanL1997](https://github.com/RyanL1997)             | Amazon      |
 | Stephen Crawford | [scrawfor99](https://github.com/scrawfor99)           | Amazon      |
 | Andriy Redko     | [reta](https://github.com/reta)                       | Aiven       |
+| Andrey Pleskach  | [willyborankin](https://github.com/willyborankin)     | Aiven       |
 
 ## Practices
 

README.md

@@ -1,10 +1,10 @@
-[![CI](https://github.com/opensearch-project/security/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security/actions) [![](https://img.shields.io/github/issues/opensearch-project/security/untriaged?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"untriaged") [![](https://img.shields.io/github/issues/opensearch-project/security/security%20vulnerability?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"security%20vulnerability") [![](https://img.shields.io/github/issues/opensearch-project/security)](https://github.com/opensearch-project/security/issues) [![](https://img.shields.io/github/issues-pr/opensearch-project/security)](https://github.com/opensearch-project/security/pulls) 
+[![CI](https://github.com/opensearch-project/security/workflows/CI/badge.svg?branch=main)](https://github.com/opensearch-project/security/actions) [![](https://img.shields.io/github/issues/opensearch-project/security/untriaged?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"untriaged") [![](https://img.shields.io/github/issues/opensearch-project/security/security%20vulnerability?labelColor=red)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"security%20vulnerability") [![](https://img.shields.io/github/issues/opensearch-project/security)](https://github.com/opensearch-project/security/issues) [![](https://img.shields.io/github/issues-pr/opensearch-project/security)](https://github.com/opensearch-project/security/pulls)
 [![](https://img.shields.io/codecov/c/gh/opensearch-project/security)](https://app.codecov.io/gh/opensearch-project/security) [![](https://img.shields.io/github/issues/opensearch-project/security/v2.4.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v2.4.0") [![](https://img.shields.io/github/issues/opensearch-project/security/v3.0.0)](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3A"v3.0.0")
 [![Slack](https://img.shields.io/badge/Slack-4A154B?&logo=slack&logoColor=white)](https://opensearch.slack.com/archives/C051Y637FKK)
 
 
 
-## Announcement: The Slack workspace is live! Please join the [conversation](https://opensearch.slack.com/archives/C051Y637FKK). 
+## Announcement: The Slack workspace is live! Please join the [conversation](https://opensearch.slack.com/archives/C051Y637FKK).
 
 <img src="https://opensearch.org/assets/img/opensearch-logo-themed.svg" height="64px">
 
@@ -37,7 +37,7 @@ OpenSearch Security is a plugin for OpenSearch that offers encryption, authentic
 * Full data in transit encryption
 * Node-to-node encryption
 * Certificate revocation lists
-* Hot Certificate renewal 
+* Hot Certificate renewal
 
 ### Authentication
 * Internal user database
@@ -60,7 +60,7 @@ OpenSearch Security is a plugin for OpenSearch that offers encryption, authentic
 * REST management API
 
 ### Audit/Compliance logging
-* Audit logging 
+* Audit logging
 * Compliance logging for GDPR, HIPAA, PCI, SOX and ISO compliance
 
 ### OpenSearch Dashboards multi-tenancy
@@ -126,7 +126,7 @@ sequenceDiagram
     participant OpenSearch
     participant SecurityPlugin
     participant Cluster as Plugin
-    
+
     Client->>OpenSearch: Request
     OpenSearch->>SecurityPlugin: Request
     SecurityPlugin->>SecurityPlugin: Add Auth information to request context
@@ -188,7 +188,7 @@ If you discover a potential security issue in this project we ask that you notif
 
 ## License
 
-This code is licensed under the Apache 2.0 License. 
+This code is licensed under the Apache 2.0 License.
 
 ## Copyright
 

TRIAGING.md

@@ -20,7 +20,7 @@ If you have an issue you'd like to bring forth please consider getting a link to
 
 ### Is there an agenda for each week?
 
-Meetings are lightly structured as follows: 
+Meetings are lightly structured as follows:
 
 1. Announcements: If there are any announcements to be made they will happen at the start of the meeting.
 2. Review of new issues: The meetings always start with reviewing all untriaged [issues](https://github.com/search?q=label%3Auntriaged+is%3Aopen++repo%3Aopensearch-project%2Fsecurity+repo%3Aopensearch-project%2Fsecurity-dashboards-plugin&type=issues&ref=advsearch&s=created&o=desc) for the security and security-dashboards repositories.
@@ -53,7 +53,7 @@ There you can find answers to many common questions as well as speak with implem
 
 ### What if my issue is critical to OpenSearch operations, do I have to wait for the weekly meeting for it to be addressed?
 
-All new issues for the [security](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3Auntriaged) repo and [security-dashboards](https://github.com/opensearch-project/security-dashboards-plugin/issues?q=is%3Aissue+is%3Aopen+-label%3Atriaged) repo are reviewed daily to check for critical issues which require immediate triaging. If an issue relates to a severe concern for OpenSearch operation, it will be triaged by a maintainer mid-week. You can still come to discuss an issue at the following meeting even if it has already been triaged during the week. 
+All new issues for the [security](https://github.com/opensearch-project/security/issues?q=is%3Aissue+is%3Aopen+label%3Auntriaged) repo and [security-dashboards](https://github.com/opensearch-project/security-dashboards-plugin/issues?q=is%3Aissue+is%3Aopen+-label%3Atriaged) repo are reviewed daily to check for critical issues which require immediate triaging. If an issue relates to a severe concern for OpenSearch operation, it will be triaged by a maintainer mid-week. You can still come to discuss an issue at the following meeting even if it has already been triaged during the week.
 
 ### Is this where I should bring up potential security vulnerabilities?