[FEATURE] Broaden SecureSettingsFactory to include http transports

[reta]

Description

The further integration with transport plugins and security plugin revealed a couple of areas of improvements:

• split SecureTransportSettingsProvider into SecureTransportSettingsProvider (native transport) and SecureHttpTransportSettingsProvider (HTTP transport): some transport plugins only provide one kind of transport, having fine grained control of the security settings only for particular transport would simplify the configuration
• support TransportAdapterProvider<?> abstraction to alter the transport specific processing pipelines: the use cases here are primarily driven by security plugin which adds header verifier and decompressor, since every transport has pretty much independent implementation, it becomes the responsibility of the SecureTransportSettingsProvider and SecureHttpTransportSettingsProvider providers to supply the right one for a particular transport

Related Issues

Resolves #12903

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Failing checks are inspected and point to the corresponding known issue(s) (See: Troubleshooting Failing Builds)
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)
• Public documentation issue/PR created

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Compatibility status:

Checks if related components are compatible with change fdba4b7

Incompatible components

Incompatible components: [https://github.com/opensearch-project/security.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/flow-framework.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/k-nn.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/neural-search.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/sql.git]

[github-actions]

✅ Gradle check result for efdc334: SUCCESS

[codecov]

Codecov Report

Attention: Patch coverage is 90.00000% with 5 lines in your changes are missing coverage. Please review.

Project coverage is 71.41%. Comparing base (b15cb0c) to head (fdba4b7).
Report is 104 commits behind head on main.

Files	Patch %	Lines
...tp/netty4/ssl/SecureNetty4HttpServerTransport.java	88.88%	2 Missing and 1 partial ⚠️
...a/org/opensearch/common/network/NetworkModule.java	94.11%	0 Missing and 1 partial ⚠️
...earch/plugins/SecureTransportSettingsProvider.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #12907      +/-   ##
============================================
- Coverage     71.42%   71.41%   -0.01%     
- Complexity    59978    60239     +261     
============================================
  Files          4985     5017      +32     
  Lines        282275   283902    +1627     
  Branches      40946    41149     +203     
============================================
+ Hits         201603   202737    +1134     
- Misses        63999    64292     +293     
- Partials      16673    16873     +200     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[github-actions]

✅ Gradle check result for cac3d99: SUCCESS

[github-actions]

❕ Gradle check result for 6eb644e: UNSTABLE

• TEST FAILURES:

      1 org.opensearch.cluster.allocation.ClusterRerouteIT.testDelayWithALargeAmountOfShards
      1 org.opensearch.cluster.MinimumClusterManagerNodesIT.testThreeNodesNoClusterManagerBlock

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

✅ Gradle check result for 3632744: SUCCESS

[reta]

@peternied @cwperks would appreciate if you folks have time to look, pretty small change in scope, the accompanying OpenSearch security change is here: opensearch-project/security#4179

[dblock]

Looks pretty straightforward.

[stephen-crawford]

Two small notes but looks good.

[reta]

Two small notes but looks good.

Thanks @scrawfor99 , added more tests to cover configuration time exceptions

[github-actions]

✅ Gradle check result for fdba4b7: SUCCESS

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-12907-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 a103b84e157a12f8217e34fa41260de7ce13969f
# Push it to GitHub
git push --set-upstream origin backport/backport-12907-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-12907-to-2.x.

[peternied]

@reta Could you manually perform the backport?