Replace AccessController and remove restriction on word Extension (opensearch-project#5750)

Signed-off-by: Craig Perkins <[email protected]>

Author: cwperks

CHANGELOG.md

@@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - [Resource Sharing] Make migrate api require default access level to be supplied and updates documentations + tests ([#5717](https://github.com/opensearch-project/security/pull/5717))
 - [Resource Sharing] Removes share and revoke java APIs ([#5718](https://github.com/opensearch-project/security/pull/5718))
 - Fix build failure in SecurityFilterTests ([#5736](https://github.com/opensearch-project/security/pull/5736))
+- Replace AccessController and remove restriction on word Extension ([#5750](https://github.com/opensearch-project/security/pull/5750))
 - Add security provider earlier in bootstrap process ([#5749](https://github.com/opensearch-project/security/pull/5749))
 
 ### Maintenance

checkstyle/checkstyle.xml

@@ -228,20 +228,13 @@
     <property name="severity" value="error"/>
   </module>
 
-  <module name="RegexpSingleline">
-    <property name="format" value="extension"/>
-    <property name="ignoreCase" value="true"/>
-    <property name="message" value="Extension should only be used sparingly to keep implementations as generic as possible" />
-    <property name="severity" value="error"/>
-  </module>
-
   <module name="SuppressWithPlainTextCommentFilter">
-    <property name="offCommentFormat" value="CS-SUPPRESS-ALL: .+"/> <!-- Require an explaination after surpressing -->
+    <property name="offCommentFormat" value="CS-SUPPRESS-ALL: .+"/> <!-- Require an explanation after suppressing -->
     <property name="onCommentFormat" value="CS-ENFORCE-ALL"/>
   </module>
 
   <module name="SuppressWithPlainTextCommentFilter">
-    <property name="offCommentFormat" value="CS-SUPPRESS-SINGLE\: ([\w\|]+) .+"/> <!-- Require an explaination after surpressing -->
+    <property name="offCommentFormat" value="CS-SUPPRESS-SINGLE\: ([\w\|]+) .+"/> <!-- Require an explanation after suppressing -->
     <property name="onCommentFormat" value="CS-ENFORCE-SINGLE()"/>
     <property name="checkFormat" value="$1"/>
   </module>

src/integrationTest/java/org/opensearch/security/SnapshotSteps.java

@@ -41,14 +41,11 @@ public SnapshotSteps(RestHighLevelClient restHighLevelClient) {
         this.snapshotClient = requireNonNull(restHighLevelClient, "Rest high level client is required.").snapshot();
     }
 
-    // CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
     public org.opensearch.action.support.clustermanager.AcknowledgedResponse createSnapshotRepository(
         String repositoryName,
         String snapshotDirPath,
         String type
-    )
-        // CS-ENFORCE-SINGLE
-        throws IOException {
+    ) throws IOException {
         PutRepositoryRequest createRepositoryRequest = new PutRepositoryRequest().name(repositoryName)
             .type(type)
             .settings(Map.of("location", snapshotDirPath));
@@ -77,18 +74,14 @@ public int waitForSnapshotCreation(String repositoryName, String snapshotName) {
         return count.get();
     }
 
-    // CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
     public org.opensearch.action.support.clustermanager.AcknowledgedResponse deleteSnapshotRepository(String repositoryName)
         throws IOException {
-        // CS-ENFORCE-SINGLE
         DeleteRepositoryRequest request = new DeleteRepositoryRequest(repositoryName);
         return snapshotClient.deleteRepository(request, DEFAULT);
     }
 
-    // CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
     public org.opensearch.action.support.clustermanager.AcknowledgedResponse deleteSnapshot(String repositoryName, String snapshotName)
         throws IOException {
-        // CS-ENFORCE-SINGLE
         return snapshotClient.delete(new DeleteSnapshotRequest(repositoryName, snapshotName), DEFAULT);
     }
 

src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/IndexDocumentIntoSystemIndexAction.java

@@ -10,10 +10,8 @@
 
 package org.opensearch.security.systemindex.sampleplugin;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
 import org.opensearch.action.ActionType;
 import org.opensearch.action.support.clustermanager.AcknowledgedResponse;
-// CS-ENFORCE-SINGLE
 
 public class IndexDocumentIntoSystemIndexAction extends ActionType<AcknowledgedResponse> {
     public static final IndexDocumentIntoSystemIndexAction INSTANCE = new IndexDocumentIntoSystemIndexAction();

src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/RunClusterHealthAction.java

@@ -10,10 +10,8 @@
 
 package org.opensearch.security.systemindex.sampleplugin;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
 import org.opensearch.action.ActionType;
 import org.opensearch.action.support.clustermanager.AcknowledgedResponse;
-// CS-ENFORCE-SINGLE
 
 public class RunClusterHealthAction extends ActionType<AcknowledgedResponse> {
     public static final RunClusterHealthAction INSTANCE = new RunClusterHealthAction();

src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportIndexDocumentIntoSystemIndexAction.java

@@ -10,7 +10,6 @@
 
 package org.opensearch.security.systemindex.sampleplugin;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
 import org.opensearch.action.admin.indices.create.CreateIndexRequest;
 import org.opensearch.action.index.IndexRequest;
 import org.opensearch.action.support.ActionFilters;
@@ -23,7 +22,6 @@
 import org.opensearch.tasks.Task;
 import org.opensearch.transport.TransportService;
 import org.opensearch.transport.client.Client;
-// CS-ENFORCE-SINGLE
 
 public class TransportIndexDocumentIntoSystemIndexAction extends HandledTransportAction<
     IndexDocumentIntoSystemIndexRequest,

src/integrationTest/java/org/opensearch/security/systemindex/sampleplugin/TransportRunClusterHealthAction.java

@@ -10,7 +10,6 @@
 
 package org.opensearch.security.systemindex.sampleplugin;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline It is not possible to use phrase "cluster manager" instead of master here
 import org.opensearch.action.admin.cluster.health.ClusterHealthRequest;
 import org.opensearch.action.admin.cluster.health.ClusterHealthResponse;
 import org.opensearch.action.support.ActionFilters;
@@ -21,7 +20,6 @@
 import org.opensearch.tasks.Task;
 import org.opensearch.transport.TransportService;
 import org.opensearch.transport.client.Client;
-// CS-ENFORCE-SINGLE
 
 public class TransportRunClusterHealthAction extends HandledTransportAction<RunClusterHealthRequest, AcknowledgedResponse> {
 

src/integrationTest/java/org/opensearch/test/framework/certificate/CertificateMetadata.java

@@ -9,7 +9,6 @@
 */
 package org.opensearch.test.framework.certificate;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline Extension is used to refer to certificate extensions, keeping this rule disable for the whole file
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
@@ -217,4 +216,3 @@ ExtendedKeyUsage getExtendedKeyUsage() {
         return new ExtendedKeyUsage(usages);
     }
 }
-// CS-ENFORCE-SINGLE

src/integrationTest/java/org/opensearch/test/framework/certificate/CertificatesIssuer.java

@@ -26,7 +26,6 @@
 
 package org.opensearch.test.framework.certificate;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline Extension is used to refer to certificate extensions, keeping this rule disable for the whole file
 import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.NoSuchAlgorithmException;
@@ -238,4 +237,3 @@ private BigInteger generateNextCertificateSerialNumber() {
         return BigInteger.valueOf(ID_COUNTER.incrementAndGet());
     }
 }
-// CS-ENFORCE-SINGLE

src/integrationTest/java/org/opensearch/test/framework/certificate/PublicKeyUsage.java

@@ -14,7 +14,6 @@
 import org.bouncycastle.asn1.x509.KeyPurposeId;
 import org.bouncycastle.asn1.x509.KeyUsage;
 
-// CS-SUPPRESS-SINGLE: RegexpSingleline Extension is used to refer to certificate extensions
 /**
 * The class is associated with certificate extensions related to key usages. These extensions are defined by
 * <a href="https://www.rfc-editor.org/rfc/rfc5280.html">RFC 5280</a> and describes allowed usage of public kay which is embedded in
@@ -26,7 +25,6 @@
 *
 * @see <a href="https://www.rfc-editor.org/rfc/rfc5280.html">RFC 5280</a>
 */
-// CS-ENFORCE-SINGLE
 enum PublicKeyUsage {
     DIGITAL_SIGNATURE(KeyUsage.digitalSignature),
     KEY_CERT_SIGN(KeyUsage.keyCertSign),