Remove support for v6 configuration

[nibix]

Description

This solves #4493 and removes support for v6 configuration. On master, v6 configuration is not usable any more anyway, see #4745 for the verification.

As an additional benefit, this makes it possible to use SecurityDynamicConfiguration<> instances in a generically type-safe manner. So far, one usually needs to use SecurityDynamicConfiguration<?> instances and do unsafe casts.

If it is desired to continue supporting v6 configuration for OpenSearch 2.x, there's the PR #4753 for that.

• Category: Refactoring
• Why these changes are required? - Minimize duplicate logic for privilege evaluation, remove unnecessary code
• What is the old behavior before changes and new behavior after changes? - Any try to use v6 configuration is now fail-fast

Issues Resolved

• Solves [RFC] Retire support for V6 configuration #4493

Check List

• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[DarshitChanpura]

Changes look good to me @nibix. Could you please check and resolve the conflict?

[nibix]

BTW, I felt that I should describe the idea of the change a bit more in detail. See the updated description of this PR.

[cwperks]

With this change, would a user still be able to use the Migrate API to change the documents stored in the security index to the V7 format?

If a user uses securityadmin to export the security index, what format will the generated yml files be in?

[nibix]

@cwperks

With this change, would a user still be able to use the Migrate API to change the documents stored in the security index to the V7 format?
If a user uses securityadmin to export the security index, what format will the generated yml files be in?

In the end, it is up to us to define these behaviors. I would expect that both functionalities remain unaffected. Thus, exporting the configuratin will yield v6/v1 configuration files. Also, the migrate API and the migrate command continue to work as before.

[cwperks]

In the end, it is up to us to define these behaviors. I would expect that both functionalities remain unaffected. Thus, exporting the configuratin will yield v6/v1 configuration files. Also, the migrate API and the migrate command continue to work as before.

Sounds good. What work is remaining on this PR in order to flip it from Draft?

[nibix]

@cwperks

What work is remaining on this PR in order to flip it from Draft?

Mainly reviewing test failures and reviewing the special cases, like migration and API - as mentioned above.

So, I would then focus on this again?

[cwperks]

If its an enabler for #4380, then IMO I think we should move this forward

[codecov]

Codecov Report

Attention: Patch coverage is 66.51376% with 73 lines in your changes missing coverage. Please review.

Project coverage is 67.97%. Comparing base (a62e99a) to head (5ebe500).
Report is 6 commits behind head on main.

Files with missing lines	Patch %	Lines
...a/org/opensearch/security/tools/SecurityAdmin.java	23.07%	30 Missing and 10 partials ⚠️
...ch/security/securityconf/DynamicConfigFactory.java	60.00%	10 Missing and 6 partials ⚠️
...a/org/opensearch/security/DefaultObjectMapper.java	0.00%	6 Missing ⚠️
...earch/security/configuration/ConfigurationMap.java	84.00%	2 Missing and 2 partials ⚠️
...g/opensearch/security/securityconf/impl/CType.java	92.30%	2 Missing and 1 partial ⚠️
...ecurityconf/impl/SecurityDynamicConfiguration.java	84.21%	0 Missing and 3 partials ⚠️
...ecurity/configuration/ConfigurationRepository.java	93.33%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4546      +/-   ##
==========================================
+ Coverage   65.59%   67.97%   +2.38%     
==========================================
  Files         319      310       -9     
  Lines       22470    20924    -1546     
  Branches     3604     3318     -286     
==========================================
- Hits        14739    14224     -515     
+ Misses       5921     4952     -969     
+ Partials     1810     1748      -62     

Files with missing lines	Coverage Δ
...ty/configuration/ConfigurationLoaderSecurity7.java	70.00% <100.00%> (+0.70%)	⬆️
...arch/security/dlic/rest/api/AbstractApiAction.java	83.33% <ø> (ø)
...earch/security/dlic/rest/api/AccountApiAction.java	60.56% <ø> (ø)
.../security/dlic/rest/api/ActionGroupsApiAction.java	78.18% <ø> (ø)
...rch/security/dlic/rest/api/AllowlistApiAction.java	89.47% <ø> (ø)
...nsearch/security/dlic/rest/api/AuditApiAction.java	90.76% <ø> (-3.08%)	⬇️
...curity/dlic/rest/api/AuthTokenProcessorAction.java	90.90% <ø> (ø)
.../security/dlic/rest/api/CertificatesApiAction.java	35.13% <ø> (ø)
...security/dlic/rest/api/ConfigUpgradeApiAction.java	72.97% <100.00%> (ø)
...ch/security/dlic/rest/api/FlushCacheApiAction.java	64.00% <100.00%> (-1.39%)	⬇️
... and 30 more

... and 13 files with indirect coverage changes

[cwperks]

Left one minor comment. This change LGTM!

[nibix]

@willyborankin @cwperks I did one more minor commit: 5ebe500 ... could you please re-approve?

[cwperks]

@willyborankin @cwperks I did one more minor commit: 5ebe500 ... could you please re-approve?

Done