Ensure that dual mode enabled flag from cluster settings can get propagated to core

[cwperks]

Description

Companion core PR: opensearch-project/OpenSearch#16387

Overrides a new method in the SecureTransportSettingsProvider interface to allow the security plugin to feed this value to core. This is required since the security plugin has a listener on cluster settings and allows this setting to be changed dynamically irrespective of the value in opensearch.yml

• Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Bug fix

Testing

latest-dual-mode.zip

^ Attached above is a sample docker configuration for a 3 node cluster. node1 is commented out originally. All paths in the volumes are paths on my local machine and would need to change for a reproduction.

1. Apply this change and companion core change on top of 2.17 branches of respective repos
   • For core repo run ./gradlew localDistro to create local snapshot jars for your distro
   • For security run ./gradlew assemble to create snapshot jars that get placed in build/distributions/ directory
2. Update all volume mounts to reference the location of the snapshot jars on your local machine.
3. Spin up nodes 2 and 3 from the attached config using docker compose down -v && docker compose up
   • These nodes come up with:

plugins.security_config.ssl_dual_mode_enabled: true
plugins.security.ssl_only: true

5. Ensure that nodes come up successfully
6. Dynamically change DualMode from true to false

curl -XPUT https://localhost:9201/_cluster/settings -k -H "Content-Type: application/json" -d '{"persistent": {"plugins.security_config.ssl_dual_mode_enabled": false}}'

7. Uncomment node 1 and bring it up in a new terminal window: docker compose up opensearch-node1
8. OpenSearch node 1 should successfully join the cluster with this change and companion PR applied

Check List

• New functionality includes testing
• New functionality has been documented
• New Roles/Permissions have a corresponding security dashboards plugin PR
• API changes companion pull request created
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Attention: Patch coverage is 83.33333% with 1 line in your changes missing coverage. Please review.

Project coverage is 70.77%. Comparing base (703d40f) to head (73d3a25).
Report is 5 commits behind head on main.

Files with missing lines	Patch %	Lines
...arch/security/ssl/OpenSearchSecuritySSLPlugin.java	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4820      +/-   ##
==========================================
- Coverage   70.99%   70.77%   -0.22%     
==========================================
  Files         310      310              
  Lines       20938    20942       +4     
  Branches     3326     3326              
==========================================
- Hits        14865    14822      -43     
- Misses       4325     4374      +49     
+ Partials     1748     1746       -2     

Files with missing lines	Coverage Δ
.../opensearch/security/OpenSearchSecurityPlugin.java	84.97% <100.00%> (+0.02%)	⬆️
.../security/ssl/OpenSearchSecureSettingsFactory.java	81.25% <100.00%> (+1.93%)	⬆️
...arch/security/ssl/OpenSearchSecuritySSLPlugin.java	86.30% <0.00%> (ø)

... and 9 files with indirect coverage changes