Extracted ActionPrivileges interface and created RoleBasedActionPrivileges implementation and SubjectBasedActionPrivileges implementation

[nibix]

Description

This is a refactoring of the ActionPrivileges class: Its interface is decoupled from the implementation. ActionPrivileges is not the interface, RoleBasedActionPrivileges contains the actual implementation.

Additionally, a new class SubjectBasedActionPrivileges was introduced which provides an alternative mode of privilege evaluation; SubjectBasedActionPrivileges does not consider mapped roles. A single instance of SubjectBasedActionPrivileges is meant for a single subject. This is useful for providing privileges for plugins (see #5341 ) and will be also useful for API tokens.

• Category: Refactoring
• Why these changes are required?: For Create a mechanism for plugins to explicitly declare actions they need to perform with their assigned PluginSubject #5341, we needed a new way to define privileges for plugins. As plugins do not have roles, a decoupling of the RoleBasedActionPrivileges seemed sensible. This principle can be also used for API tokens.
• What is the old behavior before changes and new behavior after changes?: No behavioral changes

Testing

• New unit test SubjectBasedActionPrivilegesTest

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Attention: Patch coverage is 96.32353% with 20 lines in your changes missing coverage. Please review.

Project coverage is 72.37%. Comparing base (9981bc2) to head (7931ab2).
Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
...vileges/actionlevel/RoleBasedActionPrivileges.java	95.37%	7 Missing and 7 partials ⚠️
...earch/security/privileges/PrivilegesEvaluator.java	90.90%	1 Missing and 1 partial ⚠️
...eges/actionlevel/SubjectBasedActionPrivileges.java	98.00%	1 Missing and 1 partial ⚠️
...ensearch/security/securityconf/impl/v7/RoleV7.java	66.66%	2 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5374      +/-   ##
==========================================
+ Coverage   72.27%   72.37%   +0.10%     
==========================================
  Files         381      384       +3     
  Lines       23714    23819     +105     
  Branches     3655     3669      +14     
==========================================
+ Hits        17139    17239     +100     
- Misses       4772     4779       +7     
+ Partials     1803     1801       -2     

Files with missing lines	Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java	84.57% <100.00%> (-0.02%)	⬇️
...rity/configuration/SystemIndexSearcherWrapper.java	91.52% <100.00%> (ø)
...org/opensearch/security/filter/SecurityFilter.java	66.51% <ø> (+0.15%)	⬆️
...ensearch/security/privileges/ActionPrivileges.java	100.00% <100.00%> (+5.28%)	⬆️
...g/opensearch/security/privileges/IndexPattern.java	96.70% <100.00%> (+1.09%)	⬆️
...curity/privileges/PrivilegesEvaluationContext.java	97.43% <100.00%> (+0.13%)	⬆️
...urity/privileges/RestLayerPrivilegesEvaluator.java	93.75% <100.00%> (ø)
.../actionlevel/RuntimeOptimizedActionPrivileges.java	100.00% <100.00%> (ø)
...urity/privileges/actionlevel/WellKnownActions.java	85.71% <100.00%> (ø)
...earch/security/privileges/PrivilegesEvaluator.java	75.00% <90.90%> (-0.08%)	⬇️
... and 3 more

... and 7 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[nibix]

@willyborankin @cwperks I needed to resolve a merge conflict. Can you approve again, please? :)