[DRAFT] Add a new sandbox module to provide system index protection from the core

cwperks commented 1 day ago

Description

Opening this PR to demonstrate the challenges of porting system index protection to the core repo. System index protection is provided by the security plugin and protects system indices in the following 2 ways:

Admin operations on the indices are forbidden
- These indices cannot be deleted
- These indices cannot be written to with a REST Request, they can only be programmatically accessed
  - For cluster operators needing direct system index access they can present the admin certificate (security plugin concept w/o core analog).
Search requests on system indices get their results scrubbed.
- Rationale is that system indices can contain sensitive data so while search would give a 200 response, the security plugin clears the result set (search is possible if done with the admin certificate)

This PR provides a crude implementation of system index protection in the core for #1. This PR does not include a core analog of the admin certificate so it would only permit programmatic access to system indices.

One of the biggest challenges implementing system index protection as an Action Filter, is resolving a generic ActionRequest to a list of concrete indices. This PR borrows the IndexResolverReplacer from the security plugin to resolve a generic ActionRequest to a resolved request that contains a list of concrete indices that the request resolves to.

Related Issues

Related to discussion in this thread: https://github.com/opensearch-project/OpenSearch/pull/15778#discussion_r1834692812

Check List

[ ] Functionality includes testing.
[ ] API changes companion pull request created, if applicable.
[ ] Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.