Bump JSON libs

[willyborankin]

Description

Bump JSON libraries to latest versions:

• jjwt-api - to 0.11.5
• json-flattener -0.16.4
• zjsonpatch - 0.4.14
• json-path -2.8
• json-smart - 2.4.11

Regarding json-flattener I have a question. All functionality which we use in our case can be replaced with such class:

package org.opensearch.security.compliance;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.core.type.TypeReference;
import com.fasterxml.jackson.databind.JsonNode;
import org.apache.kafka.common.protocol.types.Field;
import org.opensearch.core.common.Strings;
import org.opensearch.security.DefaultObjectMapper;

import java.io.IOException;
import java.io.UncheckedIOException;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;

public class JsonFlattener {

    public static Map<String, Object> flatten(final byte[] bytes) {
        try {
            final TypeReference<Map<String, Object>> typeReference = new TypeReference<>() {
            };
            final Map<String, Object> jsonMap = DefaultObjectMapper.objectMapper.readValue(bytes, typeReference);
            final Map<String, Object> flattenMap = new LinkedHashMap<>();
            flattenEntries("", jsonMap.entrySet(), flattenMap);
            return flattenMap;
        } catch (final IOException ioe) {
            throw new IllegalArgumentException("Unparseable json", ioe);
        }
    }

    private static void flattenEntries(String prefix, final Iterable<Map.Entry<String, Object>> entries, final Map<String, Object> result) {
        if (!Strings.isNullOrEmpty(prefix)) {
            prefix += ".";
        }

        for (final Map.Entry<String, Object> e : entries) {
            flattenElement(prefix.concat(e.getKey()), e.getValue(), result);
        }
    }

    private void flattenElement(String prefix, final Object source, final Map<String, Object> result) {
        if (source instanceof Iterable) {
            flattenCollection(prefix, (Iterable<Object>) source, result);
        }
        if (source instanceof Map) {
            flattenEntries(prefix, ((Map<String, Object>) source).entrySet(), result);
        }
        result.put(prefix, source);
    }

    private void flattenCollection(String prefix, final Iterable<Object> objects, final Map<String, Object> result) {
        int counter = 0;
        for (final Object o : objects) {
            flattenElement(prefix + "[" + counter + "]", o, result);
            counter++;
        }
    }

}

So the question is: Do we need yet another library for such functionality?

Issues Resolved

Testing

[Please provide details of testing done: unit testing, integration testing and manual testing]

Check List

• New functionality includes testing
• New functionality has been documented
• Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[codecov]

Codecov Report

Merging #2926 (05ccc63) into main (e5348eb) will decrease coverage by 0.15%.
The diff coverage is 100.00%.

@@             Coverage Diff              @@
##               main    #2926      +/-   ##
============================================
- Coverage     62.47%   62.32%   -0.15%     
+ Complexity     3380     3369      -11     
============================================
  Files           267      267              
  Lines         19772    19772              
  Branches       3356     3356              
============================================
- Hits          12352    12323      -29     
- Misses         5780     5806      +26     
- Partials       1640     1643       +3     

Impacted Files	Coverage Δ
...nsearch/security/compliance/FieldReadCallback.java	55.55% <100.00%> (ø)

... and 9 files with indirect coverage changes

[stephen-crawford]

Left one comment about extracting to a version variable for the JWT libraries but overall looks good to me. :)

[cwperks]

Thank you @willyborankin. If that is all we use the json-flattener for than I would be in favor of less dependencies. If I am understanding it correctly, it is recursively going through a JSON structure and flattening it so all.entries.are.dot.separated and there is no object nesting?

[stephen-crawford]

HI @cwperks, I opened this issue as a follow up to address your concern: #2930.

That way we can get this PR unblocked and still review the use.

[willyborankin]

HI @cwperks, I opened this issue as a follow up to address your concern: #2930.

That way we can get this PR unblocked and still review the use.

Hi @scrawfor99, I was about to do the same, thank you. I think it's better to investigate as a first step.

[cwperks]

This PR looks good to me once the conflict in build.gradle is resolved

[willyborankin]

This PR looks good to me once the conflict in build.gradle is resolved

done

[opensearch-trigger-bot]

The backport to 2.x failed:

The process '/usr/bin/git' failed with exit code 128

To backport manually, run these commands in your terminal:

# Navigate to the root of your repository
cd $(git rev-parse --show-toplevel)
# Fetch latest updates from GitHub
git fetch
# Create a new working tree
git worktree add ../.worktrees/security/backport-2.x 2.x
# Navigate to the new working tree
pushd ../.worktrees/security/backport-2.x
# Create a new branch
git switch --create backport/backport-2926-to-2.x
# Cherry-pick the merged commit of this pull request and resolve the conflicts
git cherry-pick -x --mainline 1 0e6608d938af44b8db31440f94cfbb39d9a97d98
# Push it to GitHub
git push --set-upstream origin backport/backport-2926-to-2.x
# Go back to the original working tree
popd
# Delete the working tree
git worktree remove ../.worktrees/security/backport-2.x

Then, create a pull request where the base branch is 2.x and the compare/head branch is backport/backport-2926-to-2.x.