[Data Source]Add data source permission wrapper and dataSourceAdmin role

[yubonluo]

Description

Adding a permission wrapper to control the permissions of data source to create/update/delete according the data_source_management.manageableBy.
Adding a dataSourceAdmin role to have the all permissions to access data sources.

Issues Resolved

#8009

Screenshot

Data source admin can operate data source

data_source_management.manageableBy = "none"
data_source_management.dataSourceAdmin.groups: ["admin"]

If data source is managed by none, any user(Except for dataSourceAdmin) can not operate data source

data_source_management.manageableBy: "none"
data_source_management.dataSourceAdmin.groups: []

If data source is managed by all, any user can operate data source

data_source_management.manageableBy = "all"

If data source is managed by dashboard admin, only admin user can operate data source

data_source_management.manageableBy: "dashboard_admin"
opensearchDashboards.dashboardAdmin.users: ["admin"]

user is not dashboard admin

uses is dashboard admin

Testing the changes

Changelog

• feat: [Data source] Add data source permission wrapper and dataSourceAdmin role

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[github-actions]

❌ Empty Changelog Section

The Changelog section in your PR description is empty. Please add a valid changelog entry or entries. If you did add a changelog entry, check to make sure that it was not accidentally included inside the comment block in the Changelog section.

[codecov]

Codecov Report

Attention: Patch coverage is 90.00000% with 8 lines in your changes missing coverage. Please review.

Project coverage is 60.54%. Comparing base (7dedc58) to head (38383bc).
Report is 12 commits behind head on main.

Files with missing lines	Patch %	Lines
..._objects/workspace_saved_objects_client_wrapper.ts	68.75%	2 Missing and 3 partials ⚠️
src/core/server/utils/auth_info.ts	86.66%	0 Missing and 2 partials ⚠️
...d_objects/data_source_premission_client_wrapper.ts	97.77%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7959      +/-   ##
==========================================
- Coverage   61.09%   60.54%   -0.55%     
==========================================
  Files        3691     3730      +39     
  Lines       87310    88357    +1047     
  Branches    13433    13681     +248     
==========================================
+ Hits        53340    53497     +157     
- Misses      30722    31602     +880     
- Partials     3248     3258      +10     

Flag	Coverage Δ
Linux_1	28.71% <42.85%> (-0.61%)	⬇️
Linux_2	56.26% <88.23%> (+0.01%)	⬆️
Linux_3	37.45% <73.43%> (-0.48%)	⬇️
Linux_4	29.60% <21.05%> (+<0.01%)	⬆️
Windows_1	28.73% <42.85%> (-0.61%)	⬇️
Windows_2	56.21% <88.23%> (+0.01%)	⬆️
Windows_3	37.45% <73.43%> (-0.49%)	⬇️
Windows_4	29.60% <21.05%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[SuZhou-Joe]

It is recommended to add integration test for new introduced saved objects wrapper, we can add that in a following PR, as well as to cover some missing branches in workspace_saved_objects_wrapper.ts.

[SuZhou-Joe]

And thanks for the quick update on the comment, the PR looks amazing to me. We finally have API level access control on data sources.

[ruanyl]

Nice refactor!

[SuZhou-Joe]

Run cypress tests (osd:ciGroup6) should be irrelevant to the code changes.