Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface (#16387)

* Add isDualModeEnabled to SecureTransportSettingsProvider interface

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add default impl

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Respond to comments, update usages and update docstring

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address feedback

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Add ExperimentalApi and add to CHANGELOG

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Move DefaultSecureTransportParameters to separate file and add javadoc

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>

Author: cwperks

CHANGELOG.md

@@ -26,6 +26,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - Add _list/shards API as paginated alternate to _cat/shards ([#14641](https://github.com/opensearch-project/OpenSearch/pull/14641))
 - Latency and Memory allocation improvements to Multi Term Aggregation queries ([#14993](https://github.com/opensearch-project/OpenSearch/pull/14993))
 - Flat object field use IndexOrDocValuesQuery to optimize query ([#14383](https://github.com/opensearch-project/OpenSearch/issues/14383))
+- Add method to return dynamic SecureTransportParameters from SecureTransportSettingsProvider interface ([#16387](https://github.com/opensearch-project/OpenSearch/pull/16387)
 
 ### Dependencies
 - Bump `com.azure:azure-identity` from 1.13.0 to 1.13.2 ([#15578](https://github.com/opensearch-project/OpenSearch/pull/15578))

modules/transport-netty4/src/main/java/org/opensearch/transport/netty4/ssl/SecureNetty4Transport.java

@@ -142,9 +142,10 @@ public SSLServerChannelInitializer(String name) {
         protected void initChannel(Channel ch) throws Exception {
             super.initChannel(ch);
 
-            final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+            final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
+                .map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
+                .orElse(false);
             if (dualModeEnabled) {
-                logger.info("SSL Dual mode enabled, using port unification handler");
                 final ChannelHandler portUnificationHandler = new DualModeSslHandler(
                     settings,
                     secureTransportSettingsProvider,
@@ -258,7 +259,9 @@ protected class SSLClientChannelInitializer extends Netty4Transport.ClientChanne
         public SSLClientChannelInitializer(DiscoveryNode node) {
             this.node = node;
 
-            final boolean dualModeEnabled = NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+            final boolean dualModeEnabled = secureTransportSettingsProvider.parameters(settings)
+                .map(SecureTransportSettingsProvider.SecureTransportParameters::dualModeEnabled)
+                .orElse(false);
             hostnameVerificationEnabled = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION.get(settings);
             hostnameVerificationResolveHostName = NetworkModule.TRANSPORT_SSL_ENFORCE_HOSTNAME_VERIFICATION_RESOLVE_HOST_NAME.get(settings);
 

server/src/main/java/org/opensearch/plugins/DefaultSecureTransportParameters.java

@@ -0,0 +1,28 @@
+/*
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * The OpenSearch Contributors require contributions made to
+ * this file be licensed under the Apache-2.0 license or a
+ * compatible open source license.
+ */
+
+package org.opensearch.plugins;
+
+import org.opensearch.common.network.NetworkModule;
+import org.opensearch.common.settings.Settings;
+
+/**
+ * Default implementation of {@link SecureTransportSettingsProvider.SecureTransportParameters}.
+ */
+class DefaultSecureTransportParameters implements SecureTransportSettingsProvider.SecureTransportParameters {
+    private final Settings settings;
+
+    DefaultSecureTransportParameters(Settings settings) {
+        this.settings = settings;
+    }
+
+    @Override
+    public boolean dualModeEnabled() {
+        return NetworkModule.TRANSPORT_SSL_DUAL_MODE_ENABLED.get(settings);
+    }
+}

server/src/main/java/org/opensearch/plugins/SecureTransportSettingsProvider.java

@@ -36,6 +36,24 @@ default Collection<TransportAdapterProvider<Transport>> getTransportAdapterProvi
         return Collections.emptyList();
     }
 
+    /**
+     * Returns parameters that can be dynamically provided by a plugin providing a {@link SecureTransportSettingsProvider}
+     * implementation
+     * @param settings settings
+     * @return an instance of {@link SecureTransportParameters}
+     */
+    default Optional<SecureTransportParameters> parameters(Settings settings) {
+        return Optional.of(new DefaultSecureTransportParameters(settings));
+    }
+
+    /**
+     * Dynamic parameters that can be provided by the {@link SecureTransportSettingsProvider}
+     */
+    @ExperimentalApi
+    interface SecureTransportParameters {
+        boolean dualModeEnabled();
+    }
+
     /**
      * If supported, builds the {@link TransportExceptionHandler} instance for {@link Transport} instance
      * @param settings settings