Adding User support for Detector and DetectorJob

[saratvemulapalli]

*Issue #195 *

Description of changes:
Adding User support to store User information for each detector created and store user context in .opendistro-anomaly-detectors index.
Adding User support for AD Job and store user context in .opendistro-anomaly-detectors-jobs.

User role will be used to filter when AD Rest API's are invoked.
Background jobs will soon have injected role from the User context.

User information is always sent to elasticsearch when Opendistro security plugin is enabled.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[codecov]

Codecov Report

Merging #251 into master will decrease coverage by 0.16%.
The diff coverage is 34.21%.

@@             Coverage Diff              @@
##             master     #251      +/-   ##
============================================
- Coverage     73.01%   72.85%   -0.17%     
- Complexity     1461     1465       +4     
============================================
  Files           164      164              
  Lines          6834     6867      +33     
  Branches        527      533       +6     
============================================
+ Hits           4990     5003      +13     
- Misses         1594     1613      +19     
- Partials        250      251       +1     

Flag	Coverage Δ	Complexity Δ
#cli	79.27% <ø> (ø)	0.00 <ø> (ø)
#plugin	72.10% <34.21%> (-0.18%)	1465.00 <1.00> (+4.00)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ	Complexity Δ
...est/handler/IndexAnomalyDetectorActionHandler.java	51.17% <0.00%> (-0.25%)	26.00 <0.00> (ø)
.../handler/IndexAnomalyDetectorJobActionHandler.java	11.44% <0.00%> (-0.22%)	4.00 <0.00> (ø)
...stroforelasticsearch/ad/model/AnomalyDetector.java	62.06% <35.71%> (-1.96%)	52.00 <0.00> (+1.00)	⬇️
...oforelasticsearch/ad/model/AnomalyDetectorJob.java	58.97% <42.85%> (-2.20%)	24.00 <1.00> (+2.00)	⬇️
...oforelasticsearch/ad/AnomalyDetectorJobRunner.java	76.59% <100.00%> (+0.12%)	35.00 <0.00> (ø)
...sticsearch/ad/indices/AnomalyDetectionIndices.java	62.58% <0.00%> (+0.71%)	24.00% <0.00%> (+1.00%)

[ylwu-amzn]

Add user field in detector index mapping https://github.com/opendistro-for-elasticsearch/anomaly-detection/blob/master/src/main/resources/mappings/anomaly-detectors.json ?
Same for detector job.

[saratvemulapalli]

Great point sure. Will add.

[ylwu-amzn]

Here we just add User in each detector document. Security plugin will do authorization check for each request based on backend_roles or roles ? Can you share the related code?

[saratvemulapalli]

Good question, security plugin will only provide the authorization headers.
My next PR will address this. Basically we have to query and filter by roles or backend_roles.
Here is a code pointer in alerting which does that: opendistro-for-elasticsearch/alerting@44abca1#diff-39bec5249e2b91e055cdb30bb3edcd28ee868ab3676e98652547bcce28eed895R86

[ylwu-amzn]

Got it, that makes sense.

[ylwu-amzn]

For old detector, they have no user field, so they will be open to all users which has AD permission ?
For new detector, we will create default user with the creator's user role?

[saratvemulapalli]

Exactly, for existing detectors where User doesn't exist, the filter will not work and users who have all access to rest api's will be able to see those detectors.
This is to maintain backward compatibility.

[ylwu-amzn]

LGTM. Thanks for the change!

[skkosuri-amzn]

Looks good. 👍