Add support for encrypted async blob read

[kotwanikunal]

Description

• Add async blob read support for encrypted containers

Related Issues

Resolves #10105

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Compatibility status:

Checks if related components are compatible with change 5551aaf

Incompatible components

Incompatible components: [https://github.com/opensearch-project/k-nn.git]

Skipped components

Compatible components

Compatible components: [https://github.com/opensearch-project/security.git, https://github.com/opensearch-project/alerting.git, https://github.com/opensearch-project/index-management.git, https://github.com/opensearch-project/sql.git, https://github.com/opensearch-project/anomaly-detection.git, https://github.com/opensearch-project/job-scheduler.git, https://github.com/opensearch-project/asynchronous-search.git, https://github.com/opensearch-project/observability.git, https://github.com/opensearch-project/common-utils.git, https://github.com/opensearch-project/reporting.git, https://github.com/opensearch-project/cross-cluster-replication.git, https://github.com/opensearch-project/security-analytics.git, https://github.com/opensearch-project/custom-codecs.git, https://github.com/opensearch-project/performance-analyzer.git, https://github.com/opensearch-project/ml-commons.git, https://github.com/opensearch-project/performance-analyzer-rca.git, https://github.com/opensearch-project/opensearch-oci-object-storage.git, https://github.com/opensearch-project/geospatial.git, https://github.com/opensearch-project/notifications.git, https://github.com/opensearch-project/neural-search.git]

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: FAILURE ❌
• URL: https://build.ci.opensearch.org/job/gradle-check/25885/
• CommitID: 421d3c5
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure a flaky test unrelated to your change?

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: UNSTABLE ❕
• TEST FAILURES:

      1 org.opensearch.remotestore.SegmentReplicationUsingRemoteStoreIT.testCancelPrimaryAllocation

• URL: https://build.ci.opensearch.org/job/gradle-check/25933/
• CommitID: 421d3c5
  Please review all flaky tests that succeeded after retry and create an issue if one does not already exist to track the flaky failure.

[codecov]

Codecov Report

Merging #10131 (5551aaf) into main (cbff21d) will decrease coverage by 0.11%.
The diff coverage is 96.42%.

@@             Coverage Diff              @@
##               main   #10131      +/-   ##
============================================
- Coverage     71.22%   71.12%   -0.11%     
+ Complexity    58245    58189      -56     
============================================
  Files          4828     4828              
  Lines        274340   274367      +27     
  Branches      39985    39986       +1     
============================================
- Hits         195401   195141     -260     
- Misses        62571    62857     +286     
- Partials      16368    16369       +1     

Files Changed	Coverage Δ
...earch/common/blobstore/EncryptedBlobContainer.java	7.46% <ø> (+7.46%)	⬆️
...bstore/AsyncMultiStreamEncryptedBlobContainer.java	57.44% <95.65%> (+57.44%)	⬆️
...arch/common/blobstore/stream/read/ReadContext.java	100.00% <100.00%> (ø)

... and 449 files with indirect coverage changes

[andrross]

Do we have any way to actually test this? The mock-based tests seem to mostly be implementing the behavior you expect from the real system and therefore susceptible to things being wrong when the actual integration happens.

[kotwanikunal]

Do we have any way to actually test this? The mock-based tests seem to mostly be implementing the behavior you expect from the real system and therefore susceptible to things being wrong when the actual integration happens.

@vikasvb90 Any thoughts here for testing cypto logic, given that we do not have any specific implementation?

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: SUCCESS ✅
• URL: https://build.ci.opensearch.org/job/gradle-check/26094/
• CommitID: 5551aaf

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/OpenSearch/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/OpenSearch/backport-2.x
# Create a new branch
git switch --create backport/backport-10131-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 c4c4ad84d995f75f8749a0f99aa8a1ecc3b71760
# Push it to GitHub
git push --set-upstream origin backport/backport-10131-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/OpenSearch/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-10131-to-2.x.