Create equivalents of JSM's AccessController in the java agent

[cwperks]

Description

The classes in this PR were on a former iteration of #17894

This PR creates replacements for JSM's AccessController which is marked for removal from the JDK. While JSM was replaced with the java agent in 3.0.0, the logic to extract the ProtectionDomains from the call stack relies on the AccessController to limit the frames when examining the stack. The java agent needs to retain this code marker to know when to stop walking the stack and this PR creates OpenSearch equivalents to the AccessController which is a simple wrapper around a runnable block of code.

Related Issues

Resolves #18339

Check List

• Functionality includes testing.
• API changes companion pull request created, if applicable.
• Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[cwperks]

I don't know the right module for this code. The server has a dependency on this lib, but its marked as compileOnly. How are the other classes in this module (like AgentPolicy) available at runtime?

[andrross]

I believe jars passed to the JVM via -javaagent are available on the classpath, so the compileOnly dependency is making the assumption this will be provided at runtime via a -javaagent.

[github-actions]

✅ Gradle check result for 366406f: SUCCESS

[codecov]

Codecov Report

Attention: Patch coverage is 50.00000% with 14 lines in your changes missing coverage. Please review.

Project coverage is 72.62%. Comparing base (a8bd494) to head (e7270f7).
Report is 6 commits behind head on main.

Files with missing lines	Patch %	Lines
...va/org/opensearch/ingest/geoip/GeoIpProcessor.java	44.44%	10 Missing ⚠️
...ent/StackCallerProtectionDomainChainExtractor.java	0.00%	4 Missing ⚠️

Additional details and impacted files

@@             Coverage Diff              @@
##               main   #18346      +/-   ##
============================================
- Coverage     72.81%   72.62%   -0.19%     
+ Complexity    68209    68113      -96     
============================================
  Files          5541     5542       +1     
  Lines        313390   313396       +6     
  Branches      45472    45472              
============================================
- Hits         228196   227608     -588     
- Misses        66671    67247     +576     
- Partials      18523    18541      +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[github-actions]

❕ Gradle check result for 53be672: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

❌ Gradle check result for 00c22c7: null

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for d79bdc1: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 9cfa314: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[cwperks]

@andrross All comments have been addressed. Can you re-review this PR?

[github-actions]

✅ Gradle check result for 9a3f3f2: SUCCESS

[kumargu]

This is going to need changing the imports across multiple plugins?

[andrross]

This is going to need changing the imports across multiple plugins?

@kumargu We'll continue to support both the JDK-based access controller and the new version as long as the JDK still contains those classes. Plugins should have a long time to make the update (likely the entire 3.x series at least).

[kumargu]

This is going to need changing the imports across multiple plugins?

@kumargu We'll continue to support both the JDK-based access controller and the new version as long as the JDK still contains those classes. Plugins should have a long time to make the update (likely the entire 3.x series at least).

Gotcha. makes sense.

[github-actions]

✅ Gradle check result for 8950858: SUCCESS

[github-actions]

❌ Gradle check result for c6a61fc: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❌ Gradle check result for 5c32ba2: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

[github-actions]

❕ Gradle check result for 5c32ba2: UNSTABLE

Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[github-actions]

✅ Gradle check result for e7270f7: SUCCESS