[Resource Sharing] Restores client accessor pattern to fix compilation issues when security plugin is not installed

[DarshitChanpura]

Description

#5408 removed client accessor pattern to allow fetch client by Dependency Injection of the ResourceSharingExtension instance. However, that required that SPI be present on the classpath. That might not be the case in plugins which are not dependent on security.
See this example run from AD plugin PR that fails with ClassNotFoundException:
https://github.com/opensearch-project/anomaly-detection/actions/runs/16732487298/job/47363684918?pr=1533#step:6:635

This was not caught in our e2e test framework because security plugin is always present in the test cluster even if it is disabled.

• Category: Bug fix

• Why these changes are required?

• To unblock compilation of plugins

• What is the old behavior before changes and new behavior after changes?

• Without this change, plugins will not compile when security is not present.

Testing

automated testing

Check List

• New functionality includes testing
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 72.95%. Comparing base (11c71e7) to head (66dc10b).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #5541      +/-   ##
==========================================
+ Coverage   72.93%   72.95%   +0.01%     
==========================================
  Files         399      400       +1     
  Lines       24924    24925       +1     
  Branches     3803     3803              
==========================================
+ Hits        18179    18184       +5     
+ Misses       4897     4896       -1     
+ Partials     1848     1845       -3     

Files with missing lines	Coverage Δ
...org/opensearch/sample/SampleResourceExtension.java	100.00% <100.00%> (ø)
...h/sample/client/ResourceSharingClientAccessor.java	100.00% <100.00%> (ø)
.../actions/transport/GetResourceTransportAction.java	88.67% <100.00%> (-0.21%)	⬇️
...transport/RevokeResourceAccessTransportAction.java	100.00% <100.00%> (ø)
...ctions/transport/ShareResourceTransportAction.java	78.94% <100.00%> (ø)
.../opensearch/security/OpenSearchSecurityPlugin.java	84.98% <ø> (-0.04%)	⬇️
...org/opensearch/security/filter/SecurityFilter.java	66.93% <100.00%> (+0.40%)	⬆️
...h/security/privileges/ResourceAccessEvaluator.java	67.85% <100.00%> (-1.11%)	⬇️

... and 5 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[cwperks]

Approving in lieu of a native solution through dependency injection.

I think it would eventually be nice to do dependency injection work for all 3 types (Field, Constructor, Method) like this example:

@Inject(optional = true)               // ← silently ignored if TestClass isn’t bound
private TestClass testClass;

private ConfigurationRepository configurationRepository;

@Inject
public TransportConfigUpdateAction(
        final Settings settings,
        final ThreadPool threadPool,
        final ClusterService clusterService,
        final TransportService transportService,
        final ActionFilters actionFilters,
        Provider<BackendRegistry> backendRegistry,
        DynamicConfigFactory dynamicConfigFactory
        ) {
    super(
        ConfigUpdateAction.NAME,
        threadPool,
        clusterService,
        transportService,
        actionFilters,
        ConfigUpdateRequest::new,
        TransportConfigUpdateAction.NodeConfigUpdateRequest::new,
        ThreadPool.Names.MANAGEMENT,
        ConfigUpdateNodeResponse.class
    );
    this.backendRegistry = backendRegistry;
    this.dynamicConfigFactory = dynamicConfigFactory;
}

@Inject
void setConfigurationRepository(ConfigurationRepository configurationRepository) {
    this.configurationRepository = configurationRepository;
}

[cwperks]

I'm getting convinced that OpenSearch has a bug in dependency injection. We know for a fact that it works with constructors, but no matter what I try I cannot get the field or method annotation to work.

This is the annotation: https://github.com/opensearch-project/OpenSearch/blob/main/server/src/main/java/org/opensearch/common/inject/Inject.java

It clearly shows what we'd need is supported, but I just cannot get it to work. Fields and methods are not being injected when the injector is created here: https://github.com/opensearch-project/OpenSearch/blob/main/server/src/main/java/org/opensearch/node/Node.java#L1680

That optional flag is exactly what's needed for the use case

[DarshitChanpura]

I agree. This change is needed to unblock AD CI for time being while we investigate the bug.