From dcf191d656df867129d903f8b89221c58179cc46 Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Sun, 19 Jan 2025 14:04:46 -0800 Subject: [PATCH 1/2] Refactor entitlement IT test to allow dynamic policy This commit combines the different entitlement test plugins used for integration tests into a single plugin. When installing the plugin in the integ test cluster, the entitlement policy and plugin properties are adjusted to test the desired combination of settings. This allows the plugin policy to be dynamically generated by each test, rather than rely on a static policy. --- libs/entitlement/qa/build.gradle | 7 +- .../build.gradle | 24 ------- .../EntitlementAllowedNonModularPlugin.java | 44 ------------ .../plugin-metadata/entitlement-policy.yaml | 8 --- .../qa/entitlement-allowed/build.gradle | 25 ------- .../src/main/java/module-info.java | 15 ---- .../qa/EntitlementAllowedPlugin.java | 44 ------------ .../plugin-metadata/entitlement-policy.yaml | 8 --- .../build.gradle | 24 ------- .../EntitlementDeniedNonModularPlugin.java | 44 ------------ .../qa/entitlement-denied/build.gradle | 25 ------- .../src/main/java/module-info.java | 6 -- .../entitlement/qa/EntitlementsAllowedIT.java | 22 +++--- .../qa/EntitlementsAllowedNonModularIT.java | 62 +++++++++++++++++ .../entitlement/qa/EntitlementsDeniedIT.java | 21 +++--- .../qa/EntitlementsDeniedNonModularIT.java | 64 +++++++++++++++++ .../entitlement/qa/EntitlementsUtil.java | 69 +++++++++++++++++++ .../qa/{common => test-plugin}/build.gradle | 14 ++-- .../src/main/java/module-info.java | 4 +- .../qa/test}/DummyImplementations.java | 2 +- .../qa/test/EntitlementTestPlugin.java} | 7 +- .../qa/test}/NetworkAccessCheckActions.java | 2 +- .../qa/test}/RestEntitlementsCheckAction.java | 43 +++++------- .../test}/VersionSpecificNetworkChecks.java | 2 +- .../test}/VersionSpecificNetworkChecks.java | 0 25 files changed, 253 insertions(+), 333 deletions(-) delete mode 100644 libs/entitlement/qa/entitlement-allowed-nonmodular/build.gradle delete mode 100644 libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementAllowedNonModularPlugin.java delete mode 100644 libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/plugin-metadata/entitlement-policy.yaml delete mode 100644 libs/entitlement/qa/entitlement-allowed/build.gradle delete mode 100644 libs/entitlement/qa/entitlement-allowed/src/main/java/module-info.java delete mode 100644 libs/entitlement/qa/entitlement-allowed/src/main/java/org/elasticsearch/entitlement/qa/EntitlementAllowedPlugin.java delete mode 100644 libs/entitlement/qa/entitlement-allowed/src/main/plugin-metadata/entitlement-policy.yaml delete mode 100644 libs/entitlement/qa/entitlement-denied-nonmodular/build.gradle delete mode 100644 libs/entitlement/qa/entitlement-denied-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementDeniedNonModularPlugin.java delete mode 100644 libs/entitlement/qa/entitlement-denied/build.gradle delete mode 100644 libs/entitlement/qa/entitlement-denied/src/main/java/module-info.java create mode 100644 libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java create mode 100644 libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java create mode 100644 libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java rename libs/entitlement/qa/{common => test-plugin}/build.gradle (68%) rename libs/entitlement/qa/{common => test-plugin}/src/main/java/module-info.java (87%) rename libs/entitlement/qa/{common/src/main/java/org/elasticsearch/entitlement/qa/common => test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test}/DummyImplementations.java (99%) rename libs/entitlement/qa/{entitlement-denied/src/main/java/org/elasticsearch/entitlement/qa/EntitlementDeniedPlugin.java => test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/EntitlementTestPlugin.java} (86%) rename libs/entitlement/qa/{common/src/main/java/org/elasticsearch/entitlement/qa/common => test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test}/NetworkAccessCheckActions.java (99%) rename libs/entitlement/qa/{common/src/main/java/org/elasticsearch/entitlement/qa/common => test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test}/RestEntitlementsCheckAction.java (92%) rename libs/entitlement/qa/{common/src/main/java/org/elasticsearch/entitlement/qa/common => test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test}/VersionSpecificNetworkChecks.java (92%) rename libs/entitlement/qa/{common/src/main18/java/org/elasticsearch/entitlement/qa/common => test-plugin/src/main18/java/org/elasticsearch/entitlement/qa/test}/VersionSpecificNetworkChecks.java (100%) diff --git a/libs/entitlement/qa/build.gradle b/libs/entitlement/qa/build.gradle index 7f46b2fe20a8a..fea746eb3bfa3 100644 --- a/libs/entitlement/qa/build.gradle +++ b/libs/entitlement/qa/build.gradle @@ -12,9 +12,6 @@ apply plugin: 'elasticsearch.internal-java-rest-test' apply plugin: 'elasticsearch.internal-test-artifact' dependencies { - javaRestTestImplementation project(':libs:entitlement:qa:common') - clusterModules project(':libs:entitlement:qa:entitlement-allowed') - clusterModules project(':libs:entitlement:qa:entitlement-allowed-nonmodular') - clusterPlugins project(':libs:entitlement:qa:entitlement-denied') - clusterPlugins project(':libs:entitlement:qa:entitlement-denied-nonmodular') + javaRestTestImplementation project(':libs:entitlement:qa:test-plugin') + clusterModules project(':libs:entitlement:qa:test-plugin') } diff --git a/libs/entitlement/qa/entitlement-allowed-nonmodular/build.gradle b/libs/entitlement/qa/entitlement-allowed-nonmodular/build.gradle deleted file mode 100644 index 316b61e15707e..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed-nonmodular/build.gradle +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -apply plugin: 'elasticsearch.base-internal-es-plugin' - -esplugin { - name = 'entitlement-allowed-nonmodular' - description = 'A non-modular test module that invokes entitlement checks that are supposed to be granted' - classname = 'org.elasticsearch.entitlement.qa.nonmodular.EntitlementAllowedNonModularPlugin' -} - -dependencies { - implementation project(':libs:entitlement:qa:common') -} - -tasks.named("javadoc").configure { - enabled = false -} diff --git a/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementAllowedNonModularPlugin.java b/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementAllowedNonModularPlugin.java deleted file mode 100644 index 82146e6a87759..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementAllowedNonModularPlugin.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ -package org.elasticsearch.entitlement.qa.nonmodular; - -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.node.DiscoveryNodes; -import org.elasticsearch.common.io.stream.NamedWriteableRegistry; -import org.elasticsearch.common.settings.ClusterSettings; -import org.elasticsearch.common.settings.IndexScopedSettings; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; -import org.elasticsearch.features.NodeFeature; -import org.elasticsearch.plugins.ActionPlugin; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.rest.RestController; -import org.elasticsearch.rest.RestHandler; - -import java.util.List; -import java.util.function.Predicate; -import java.util.function.Supplier; - -public class EntitlementAllowedNonModularPlugin extends Plugin implements ActionPlugin { - @Override - public List getRestHandlers( - final Settings settings, - NamedWriteableRegistry namedWriteableRegistry, - final RestController restController, - final ClusterSettings clusterSettings, - final IndexScopedSettings indexScopedSettings, - final SettingsFilter settingsFilter, - final IndexNameExpressionResolver indexNameExpressionResolver, - final Supplier nodesInCluster, - Predicate clusterSupportsFeature - ) { - return List.of(new RestEntitlementsCheckAction("allowed_nonmodular")); - } -} diff --git a/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/plugin-metadata/entitlement-policy.yaml b/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/plugin-metadata/entitlement-policy.yaml deleted file mode 100644 index 05a94f09264a8..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed-nonmodular/src/main/plugin-metadata/entitlement-policy.yaml +++ /dev/null @@ -1,8 +0,0 @@ -ALL-UNNAMED: - - create_class_loader - - set_https_connection_properties - - network: - actions: - - listen - - accept - - connect diff --git a/libs/entitlement/qa/entitlement-allowed/build.gradle b/libs/entitlement/qa/entitlement-allowed/build.gradle deleted file mode 100644 index b9518f8d65fb5..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed/build.gradle +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -apply plugin: 'elasticsearch.base-internal-es-plugin' - -esplugin { - name = 'entitlement-allowed' - description = 'A test module that invokes entitlement checks that are supposed to be granted' - classname = 'org.elasticsearch.entitlement.qa.EntitlementAllowedPlugin' -} - -dependencies { - implementation project(':libs:entitlement:qa:common') -} - -tasks.named("javadoc").configure { - enabled = false -} - diff --git a/libs/entitlement/qa/entitlement-allowed/src/main/java/module-info.java b/libs/entitlement/qa/entitlement-allowed/src/main/java/module-info.java deleted file mode 100644 index a88611e6ac9a5..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed/src/main/java/module-info.java +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -module org.elasticsearch.entitlement.qa.allowed { - requires org.elasticsearch.server; - requires org.elasticsearch.base; - requires org.elasticsearch.logging; - requires org.elasticsearch.entitlement.qa.common; -} diff --git a/libs/entitlement/qa/entitlement-allowed/src/main/java/org/elasticsearch/entitlement/qa/EntitlementAllowedPlugin.java b/libs/entitlement/qa/entitlement-allowed/src/main/java/org/elasticsearch/entitlement/qa/EntitlementAllowedPlugin.java deleted file mode 100644 index 8649daf272e70..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed/src/main/java/org/elasticsearch/entitlement/qa/EntitlementAllowedPlugin.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ -package org.elasticsearch.entitlement.qa; - -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.node.DiscoveryNodes; -import org.elasticsearch.common.io.stream.NamedWriteableRegistry; -import org.elasticsearch.common.settings.ClusterSettings; -import org.elasticsearch.common.settings.IndexScopedSettings; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; -import org.elasticsearch.features.NodeFeature; -import org.elasticsearch.plugins.ActionPlugin; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.rest.RestController; -import org.elasticsearch.rest.RestHandler; - -import java.util.List; -import java.util.function.Predicate; -import java.util.function.Supplier; - -public class EntitlementAllowedPlugin extends Plugin implements ActionPlugin { - @Override - public List getRestHandlers( - final Settings settings, - NamedWriteableRegistry namedWriteableRegistry, - final RestController restController, - final ClusterSettings clusterSettings, - final IndexScopedSettings indexScopedSettings, - final SettingsFilter settingsFilter, - final IndexNameExpressionResolver indexNameExpressionResolver, - final Supplier nodesInCluster, - Predicate clusterSupportsFeature - ) { - return List.of(new RestEntitlementsCheckAction("allowed")); - } -} diff --git a/libs/entitlement/qa/entitlement-allowed/src/main/plugin-metadata/entitlement-policy.yaml b/libs/entitlement/qa/entitlement-allowed/src/main/plugin-metadata/entitlement-policy.yaml deleted file mode 100644 index 0d2c66c2daa2c..0000000000000 --- a/libs/entitlement/qa/entitlement-allowed/src/main/plugin-metadata/entitlement-policy.yaml +++ /dev/null @@ -1,8 +0,0 @@ -org.elasticsearch.entitlement.qa.common: - - create_class_loader - - set_https_connection_properties - - network: - actions: - - listen - - accept - - connect diff --git a/libs/entitlement/qa/entitlement-denied-nonmodular/build.gradle b/libs/entitlement/qa/entitlement-denied-nonmodular/build.gradle deleted file mode 100644 index 6a88dd66eaf75..0000000000000 --- a/libs/entitlement/qa/entitlement-denied-nonmodular/build.gradle +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -apply plugin: 'elasticsearch.base-internal-es-plugin' - -esplugin { - name = 'entitlement-denied-nonmodular' - description = 'A non-modular test module that invokes non-granted entitlement and triggers exceptions' - classname = 'org.elasticsearch.entitlement.qa.nonmodular.EntitlementDeniedNonModularPlugin' -} - -dependencies { - implementation project(':libs:entitlement:qa:common') -} - -tasks.named("javadoc").configure { - enabled = false -} diff --git a/libs/entitlement/qa/entitlement-denied-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementDeniedNonModularPlugin.java b/libs/entitlement/qa/entitlement-denied-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementDeniedNonModularPlugin.java deleted file mode 100644 index 7ca89c735a602..0000000000000 --- a/libs/entitlement/qa/entitlement-denied-nonmodular/src/main/java/org/elasticsearch/entitlement/qa/nonmodular/EntitlementDeniedNonModularPlugin.java +++ /dev/null @@ -1,44 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ -package org.elasticsearch.entitlement.qa.nonmodular; - -import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; -import org.elasticsearch.cluster.node.DiscoveryNodes; -import org.elasticsearch.common.io.stream.NamedWriteableRegistry; -import org.elasticsearch.common.settings.ClusterSettings; -import org.elasticsearch.common.settings.IndexScopedSettings; -import org.elasticsearch.common.settings.Settings; -import org.elasticsearch.common.settings.SettingsFilter; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; -import org.elasticsearch.features.NodeFeature; -import org.elasticsearch.plugins.ActionPlugin; -import org.elasticsearch.plugins.Plugin; -import org.elasticsearch.rest.RestController; -import org.elasticsearch.rest.RestHandler; - -import java.util.List; -import java.util.function.Predicate; -import java.util.function.Supplier; - -public class EntitlementDeniedNonModularPlugin extends Plugin implements ActionPlugin { - @Override - public List getRestHandlers( - final Settings settings, - NamedWriteableRegistry namedWriteableRegistry, - final RestController restController, - final ClusterSettings clusterSettings, - final IndexScopedSettings indexScopedSettings, - final SettingsFilter settingsFilter, - final IndexNameExpressionResolver indexNameExpressionResolver, - final Supplier nodesInCluster, - Predicate clusterSupportsFeature - ) { - return List.of(new RestEntitlementsCheckAction("denied_nonmodular")); - } -} diff --git a/libs/entitlement/qa/entitlement-denied/build.gradle b/libs/entitlement/qa/entitlement-denied/build.gradle deleted file mode 100644 index 9d1872563b8c5..0000000000000 --- a/libs/entitlement/qa/entitlement-denied/build.gradle +++ /dev/null @@ -1,25 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -apply plugin: 'elasticsearch.base-internal-es-plugin' - -esplugin { - name = 'entitlement-denied' - description = 'A test module that invokes non-granted entitlement and triggers exceptions' - classname = 'org.elasticsearch.entitlement.qa.EntitlementDeniedPlugin' -} - -dependencies { - implementation project(':libs:entitlement:qa:common') -} - -tasks.named("javadoc").configure { - enabled = false -} - diff --git a/libs/entitlement/qa/entitlement-denied/src/main/java/module-info.java b/libs/entitlement/qa/entitlement-denied/src/main/java/module-info.java deleted file mode 100644 index 3def472be7a45..0000000000000 --- a/libs/entitlement/qa/entitlement-denied/src/main/java/module-info.java +++ /dev/null @@ -1,6 +0,0 @@ -module org.elasticsearch.entitlement.qa.denied { - requires org.elasticsearch.server; - requires org.elasticsearch.base; - requires org.apache.logging.log4j; - requires org.elasticsearch.entitlement.qa.common; -} diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java index c38e8b3f35efb..e08c7b5a23e4d 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java @@ -14,40 +14,36 @@ import org.elasticsearch.client.Request; import org.elasticsearch.client.Response; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; +import org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction; import org.elasticsearch.test.cluster.ElasticsearchCluster; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.ClassRule; import java.io.IOException; -import java.util.stream.Stream; +import static org.elasticsearch.entitlement.qa.EntitlementsUtil.ALLOWED_ENTITLEMENTS; import static org.hamcrest.Matchers.equalTo; public class EntitlementsAllowedIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .module("entitlement-allowed") - .module("entitlement-allowed-nonmodular") + .module("test-plugin", spec -> + EntitlementsUtil.setupEntitlements(spec, true, ALLOWED_ENTITLEMENTS) + ) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") .build(); - private final String pathPrefix; private final String actionName; - public EntitlementsAllowedIT(@Name("pathPrefix") String pathPrefix, @Name("actionName") String actionName) { - this.pathPrefix = pathPrefix; + public EntitlementsAllowedIT(@Name("actionName") String actionName) { this.actionName = actionName; } @ParametersFactory public static Iterable data() { - return Stream.of("allowed", "allowed_nonmodular") - .flatMap( - path -> RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { path, action }) - ) + return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }) .toList(); } @@ -57,8 +53,8 @@ protected String getTestRestCluster() { } public void testCheckActionWithPolicyPass() throws IOException { - logger.info("Executing Entitlement test [{}] for [{}]", pathPrefix, actionName); - var request = new Request("GET", "/_entitlement/" + pathPrefix + "/_check"); + logger.info("Executing Entitlement test for [{}]", actionName); + var request = new Request("GET", "/_entitlement_check"); request.addParameter("action", actionName); Response result = client().performRequest(request); assertThat(result.getStatusLine().getStatusCode(), equalTo(200)); diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java new file mode 100644 index 0000000000000..25ade7a56fde8 --- /dev/null +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java @@ -0,0 +1,62 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +package org.elasticsearch.entitlement.qa; + +import com.carrotsearch.randomizedtesting.annotations.Name; +import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; + +import org.elasticsearch.client.Request; +import org.elasticsearch.client.Response; +import org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction; +import org.elasticsearch.test.cluster.ElasticsearchCluster; +import org.elasticsearch.test.rest.ESRestTestCase; +import org.junit.ClassRule; + +import java.io.IOException; + +import static org.elasticsearch.entitlement.qa.EntitlementsUtil.ALLOWED_ENTITLEMENTS; +import static org.hamcrest.Matchers.equalTo; + +public class EntitlementsAllowedNonModularIT extends ESRestTestCase { + + @ClassRule + public static ElasticsearchCluster cluster = ElasticsearchCluster.local() + .module("test-plugin", spec -> + EntitlementsUtil.setupEntitlements(spec, false, ALLOWED_ENTITLEMENTS) + ) + .systemProperty("es.entitlements.enabled", "true") + .setting("xpack.security.enabled", "false") + .build(); + + private final String actionName; + + public EntitlementsAllowedNonModularIT(@Name("actionName") String actionName) { + this.actionName = actionName; + } + + @ParametersFactory + public static Iterable data() { + return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }) + .toList(); + } + + @Override + protected String getTestRestCluster() { + return cluster.getHttpAddresses(); + } + + public void testCheckActionWithPolicyPass() throws IOException { + logger.info("Executing Entitlement test for [{}]", actionName); + var request = new Request("GET", "/_entitlement_check"); + request.addParameter("action", actionName); + Response result = client().performRequest(request); + assertThat(result.getStatusLine().getStatusCode(), equalTo(200)); + } +} diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java index e2e5a3c4c61e6..215664e94fcc6 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java @@ -13,7 +13,8 @@ import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; import org.elasticsearch.client.Request; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; +import org.elasticsearch.client.Response; +import org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction; import org.elasticsearch.test.cluster.ElasticsearchCluster; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.ClassRule; @@ -21,14 +22,17 @@ import java.io.IOException; import java.util.stream.Stream; +import static org.elasticsearch.entitlement.qa.EntitlementsUtil.ALLOWED_ENTITLEMENTS; import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.Matchers.equalTo; public class EntitlementsDeniedIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .plugin("entitlement-denied") - .plugin("entitlement-denied-nonmodular") + .module("test-plugin", spec -> + EntitlementsUtil.setupEntitlements(spec, true, null) + ) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") // Logs in libs/entitlement/qa/build/test-results/javaRestTest/TEST-org.elasticsearch.entitlement.qa.EntitlementsDeniedIT.xml @@ -40,25 +44,22 @@ protected String getTestRestCluster() { return cluster.getHttpAddresses(); } - private final String pathPrefix; private final String actionName; - public EntitlementsDeniedIT(@Name("pathPrefix") String pathPrefix, @Name("actionName") String actionName) { - this.pathPrefix = pathPrefix; + public EntitlementsDeniedIT(@Name("actionName") String actionName) { this.actionName = actionName; } @ParametersFactory public static Iterable data() { - return Stream.of("denied", "denied_nonmodular") - .flatMap(path -> RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { path, action })) + return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }) .toList(); } public void testCheckThrows() { - logger.info("Executing Entitlement test [{}] for [{}]", pathPrefix, actionName); + logger.info("Executing Entitlement test for [{}]", actionName); var exception = expectThrows(IOException.class, () -> { - var request = new Request("GET", "/_entitlement/" + pathPrefix + "/_check"); + var request = new Request("GET", "/_entitlement_check"); request.addParameter("action", actionName); client().performRequest(request); }); diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java new file mode 100644 index 0000000000000..150bd62623c20 --- /dev/null +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java @@ -0,0 +1,64 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +package org.elasticsearch.entitlement.qa; + +import com.carrotsearch.randomizedtesting.annotations.Name; +import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; + +import org.elasticsearch.client.Request; +import org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction; +import org.elasticsearch.test.cluster.ElasticsearchCluster; +import org.elasticsearch.test.rest.ESRestTestCase; +import org.junit.ClassRule; + +import java.io.IOException; + +import static org.hamcrest.Matchers.containsString; + +public class EntitlementsDeniedNonModularIT extends ESRestTestCase { + + @ClassRule + public static ElasticsearchCluster cluster = ElasticsearchCluster.local() + .module("test-plugin", spec -> + EntitlementsUtil.setupEntitlements(spec, false, null) + ) + .systemProperty("es.entitlements.enabled", "true") + .setting("xpack.security.enabled", "false") + // Logs in libs/entitlement/qa/build/test-results/javaRestTest/TEST-org.elasticsearch.entitlement.qa.EntitlementsDeniedIT.xml + // .setting("logger.org.elasticsearch.entitlement", "DEBUG") + .build(); + + @Override + protected String getTestRestCluster() { + return cluster.getHttpAddresses(); + } + + private final String actionName; + + public EntitlementsDeniedNonModularIT(@Name("actionName") String actionName) { + this.actionName = actionName; + } + + @ParametersFactory + public static Iterable data() { + return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }) + .toList(); + } + + public void testCheckThrows() { + logger.info("Executing Entitlement test for [{}]", actionName); + var exception = expectThrows(IOException.class, () -> { + var request = new Request("GET", "/_entitlement_check"); + request.addParameter("action", actionName); + client().performRequest(request); + }); + assertThat(exception.getMessage(), containsString("not_entitled_exception")); + } +} diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java new file mode 100644 index 0000000000000..8bd0912233f5a --- /dev/null +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java @@ -0,0 +1,69 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +package org.elasticsearch.entitlement.qa; + +import org.elasticsearch.common.Strings; +import org.elasticsearch.test.cluster.local.PluginInstallSpec; +import org.elasticsearch.test.cluster.util.resource.Resource; +import org.elasticsearch.xcontent.XContentBuilder; +import org.elasticsearch.xcontent.yaml.YamlXContent; + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.util.List; +import java.util.Map; +import java.util.function.Consumer; + +class EntitlementsUtil { + + @FunctionalInterface + interface IOConsumer { + void accept(T var1) throws IOException; + } + + static final IOConsumer ALLOWED_ENTITLEMENTS = builder -> { + builder.value("create_class_loader"); + builder.value("set_https_connection_properties"); + builder.value(Map.of("network", Map.of("actions", List.of("listen", "accept", "connect")))); + }; + + static void setupEntitlements(PluginInstallSpec spec, boolean modular, IOConsumer policyBuilder) { + String moduleName = modular ? "org.elasticsearch.entitlement.qa.test" : "ALL-UNNAMED"; + if (policyBuilder != null) { + try { + try (var builder = YamlXContent.contentBuilder()) { + builder.startObject(); + builder.field(moduleName); + builder.startArray(); + policyBuilder.accept(builder); + builder.endArray(); + builder.endObject(); + + String policy = Strings.toString(builder); + System.out.println("Using entitlement policy:\n" + policy); + spec.withEntitlementsOverride(old -> Resource.fromString(policy)); + } + + } catch (IOException e) { + throw new UncheckedIOException(e); + } + } + + if (modular == false) { + spec.withPropertiesOverride(old -> { + String props = old.replace("modulename=org.elasticsearch.entitlement.qa.test", ""); + System.out.println("Using plugin properties:\n" + props); + return Resource.fromString(props); + }); + } + } + + private EntitlementsUtil() {} +} diff --git a/libs/entitlement/qa/common/build.gradle b/libs/entitlement/qa/test-plugin/build.gradle similarity index 68% rename from libs/entitlement/qa/common/build.gradle rename to libs/entitlement/qa/test-plugin/build.gradle index 18bc5679d09c9..4a8553cb4547f 100644 --- a/libs/entitlement/qa/common/build.gradle +++ b/libs/entitlement/qa/test-plugin/build.gradle @@ -7,16 +7,22 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import org.elasticsearch.gradle.internal.precommit.CheckForbiddenApisTask - +apply plugin: 'elasticsearch.base-internal-es-plugin' apply plugin: 'elasticsearch.build' apply plugin: 'elasticsearch.mrjar' +esplugin { + name = 'test-plugin' + description = 'A test plugin that invokes methods checked by entitlements' + classname = 'org.elasticsearch.entitlement.qa.test.EntitlementTestPlugin' +} + dependencies { implementation project(':server') implementation project(':libs:logging') } -tasks.withType(CheckForbiddenApisTask).configureEach { - replaceSignatureFiles 'jdk-signatures' +tasks.named("javadoc").configure { + enabled = false } + diff --git a/libs/entitlement/qa/common/src/main/java/module-info.java b/libs/entitlement/qa/test-plugin/src/main/java/module-info.java similarity index 87% rename from libs/entitlement/qa/common/src/main/java/module-info.java rename to libs/entitlement/qa/test-plugin/src/main/java/module-info.java index c40240f3dc1d5..a1df03ad5c974 100644 --- a/libs/entitlement/qa/common/src/main/java/module-info.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/module-info.java @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -module org.elasticsearch.entitlement.qa.common { +module org.elasticsearch.entitlement.qa.test { requires org.elasticsearch.server; requires org.elasticsearch.base; requires org.elasticsearch.logging; @@ -15,6 +15,4 @@ // Modules we'll attempt to use in order to exercise entitlements requires java.logging; requires java.net.http; - - exports org.elasticsearch.entitlement.qa.common; } diff --git a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/DummyImplementations.java b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/DummyImplementations.java similarity index 99% rename from libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/DummyImplementations.java rename to libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/DummyImplementations.java index 304aead1e2bf6..6564e0eed41e1 100644 --- a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/DummyImplementations.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/DummyImplementations.java @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -package org.elasticsearch.entitlement.qa.common; +package org.elasticsearch.entitlement.qa.test; import java.io.IOException; import java.io.InputStream; diff --git a/libs/entitlement/qa/entitlement-denied/src/main/java/org/elasticsearch/entitlement/qa/EntitlementDeniedPlugin.java b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/EntitlementTestPlugin.java similarity index 86% rename from libs/entitlement/qa/entitlement-denied/src/main/java/org/elasticsearch/entitlement/qa/EntitlementDeniedPlugin.java rename to libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/EntitlementTestPlugin.java index 2a2fd35d47cf3..36283cce3c81d 100644 --- a/libs/entitlement/qa/entitlement-denied/src/main/java/org/elasticsearch/entitlement/qa/EntitlementDeniedPlugin.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/EntitlementTestPlugin.java @@ -6,7 +6,7 @@ * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ -package org.elasticsearch.entitlement.qa; +package org.elasticsearch.entitlement.qa.test; import org.elasticsearch.cluster.metadata.IndexNameExpressionResolver; import org.elasticsearch.cluster.node.DiscoveryNodes; @@ -15,7 +15,6 @@ import org.elasticsearch.common.settings.IndexScopedSettings; import org.elasticsearch.common.settings.Settings; import org.elasticsearch.common.settings.SettingsFilter; -import org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction; import org.elasticsearch.features.NodeFeature; import org.elasticsearch.plugins.ActionPlugin; import org.elasticsearch.plugins.Plugin; @@ -26,7 +25,7 @@ import java.util.function.Predicate; import java.util.function.Supplier; -public class EntitlementDeniedPlugin extends Plugin implements ActionPlugin { +public class EntitlementTestPlugin extends Plugin implements ActionPlugin { @Override public List getRestHandlers( final Settings settings, @@ -39,6 +38,6 @@ public List getRestHandlers( final Supplier nodesInCluster, Predicate clusterSupportsFeature ) { - return List.of(new RestEntitlementsCheckAction("denied")); + return List.of(new RestEntitlementsCheckAction()); } } diff --git a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/NetworkAccessCheckActions.java b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/NetworkAccessCheckActions.java similarity index 99% rename from libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/NetworkAccessCheckActions.java rename to libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/NetworkAccessCheckActions.java index 553c025143725..2d6a2c8caafe1 100644 --- a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/NetworkAccessCheckActions.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/NetworkAccessCheckActions.java @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -package org.elasticsearch.entitlement.qa.common; +package org.elasticsearch.entitlement.qa.test; import org.elasticsearch.core.SuppressForbidden; diff --git a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/RestEntitlementsCheckAction.java b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java similarity index 92% rename from libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/RestEntitlementsCheckAction.java rename to libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java index 5286430dc25f7..baf69363f6ea3 100644 --- a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/RestEntitlementsCheckAction.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java @@ -7,24 +7,24 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -package org.elasticsearch.entitlement.qa.common; +package org.elasticsearch.entitlement.qa.test; import org.elasticsearch.client.internal.node.NodeClient; import org.elasticsearch.common.Strings; import org.elasticsearch.core.CheckedRunnable; import org.elasticsearch.core.SuppressForbidden; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyBreakIteratorProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyCalendarDataProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyCalendarNameProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyCollatorProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyCurrencyNameProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyDateFormatProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyDateFormatSymbolsProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyDecimalFormatSymbolsProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyLocaleNameProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyLocaleServiceProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyNumberFormatProvider; -import org.elasticsearch.entitlement.qa.common.DummyImplementations.DummyTimeZoneNameProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyBreakIteratorProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyCalendarDataProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyCalendarNameProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyCollatorProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyCurrencyNameProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyDateFormatProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyDateFormatSymbolsProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyDecimalFormatSymbolsProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyLocaleNameProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyLocaleServiceProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyNumberFormatProvider; +import org.elasticsearch.entitlement.qa.test.DummyImplementations.DummyTimeZoneNameProvider; import org.elasticsearch.logging.LogManager; import org.elasticsearch.logging.Logger; import org.elasticsearch.rest.BaseRestHandler; @@ -61,16 +61,15 @@ import javax.net.ssl.SSLContext; import static java.util.Map.entry; -import static org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction.CheckAction.alwaysDenied; -import static org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction.CheckAction.deniedToPlugins; -import static org.elasticsearch.entitlement.qa.common.RestEntitlementsCheckAction.CheckAction.forPlugins; +import static org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction.CheckAction.alwaysDenied; +import static org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction.CheckAction.deniedToPlugins; +import static org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction.CheckAction.forPlugins; import static org.elasticsearch.rest.RestRequest.Method.GET; @SuppressWarnings("unused") public class RestEntitlementsCheckAction extends BaseRestHandler { private static final Logger logger = LogManager.getLogger(RestEntitlementsCheckAction.class); public static final Thread NO_OP_SHUTDOWN_HOOK = new Thread(() -> {}, "Shutdown hook for testing"); - private final String prefix; record CheckAction(CheckedRunnable action, boolean isAlwaysDeniedToPlugins, Integer fromJavaVersion) { /** @@ -434,10 +433,6 @@ private static void receiveDatagramSocket() throws IOException { } } - public RestEntitlementsCheckAction(String prefix) { - this.prefix = prefix; - } - public static Set getCheckActionsAllowedInPlugins() { return checkActions.entrySet() .stream() @@ -452,17 +447,17 @@ public static Set getAllCheckActions() { @Override public List routes() { - return List.of(new Route(GET, "/_entitlement/" + prefix + "/_check")); + return List.of(new Route(GET, "/_entitlement_check")); } @Override public String getName() { - return "check_" + prefix + "_action"; + return "check_entitlement_action"; } @Override protected RestChannelConsumer prepareRequest(RestRequest request, NodeClient client) { - logger.info("RestEntitlementsCheckAction rest handler [{}]", request.path()); + logger.debug("RestEntitlementsCheckAction rest handler [{}]", request.path()); var actionName = request.param("action"); if (Strings.isNullOrEmpty(actionName)) { throw new IllegalArgumentException("Missing action parameter"); diff --git a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/VersionSpecificNetworkChecks.java similarity index 92% rename from libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java rename to libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/VersionSpecificNetworkChecks.java index e1e0b9e52f510..151f58aa6392c 100644 --- a/libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java +++ b/libs/entitlement/qa/test-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/VersionSpecificNetworkChecks.java @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -package org.elasticsearch.entitlement.qa.common; +package org.elasticsearch.entitlement.qa.test; class VersionSpecificNetworkChecks { static void createInetAddressResolverProvider() {} diff --git a/libs/entitlement/qa/common/src/main18/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java b/libs/entitlement/qa/test-plugin/src/main18/java/org/elasticsearch/entitlement/qa/test/VersionSpecificNetworkChecks.java similarity index 100% rename from libs/entitlement/qa/common/src/main18/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java rename to libs/entitlement/qa/test-plugin/src/main18/java/org/elasticsearch/entitlement/qa/test/VersionSpecificNetworkChecks.java From c3f6507e21acd98e0e331567c00318e0acf257ce Mon Sep 17 00:00:00 2001 From: elasticsearchmachine Date: Sun, 19 Jan 2025 22:14:05 +0000 Subject: [PATCH 2/2] [CI] Auto commit changes from spotless --- .../entitlement/qa/EntitlementsAllowedIT.java | 7 ++----- .../qa/EntitlementsAllowedNonModularIT.java | 7 ++----- .../entitlement/qa/EntitlementsDeniedIT.java | 11 ++--------- .../qa/EntitlementsDeniedNonModularIT.java | 7 ++----- .../entitlement/qa/EntitlementsUtil.java | 9 ++++----- 5 files changed, 12 insertions(+), 29 deletions(-) diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java index e08c7b5a23e4d..c9eb4ea665aa1 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedIT.java @@ -28,9 +28,7 @@ public class EntitlementsAllowedIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .module("test-plugin", spec -> - EntitlementsUtil.setupEntitlements(spec, true, ALLOWED_ENTITLEMENTS) - ) + .module("test-plugin", spec -> EntitlementsUtil.setupEntitlements(spec, true, ALLOWED_ENTITLEMENTS)) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") .build(); @@ -43,8 +41,7 @@ public EntitlementsAllowedIT(@Name("actionName") String actionName) { @ParametersFactory public static Iterable data() { - return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }) - .toList(); + return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }).toList(); } @Override diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java index 25ade7a56fde8..5c56774ca9067 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsAllowedNonModularIT.java @@ -28,9 +28,7 @@ public class EntitlementsAllowedNonModularIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .module("test-plugin", spec -> - EntitlementsUtil.setupEntitlements(spec, false, ALLOWED_ENTITLEMENTS) - ) + .module("test-plugin", spec -> EntitlementsUtil.setupEntitlements(spec, false, ALLOWED_ENTITLEMENTS)) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") .build(); @@ -43,8 +41,7 @@ public EntitlementsAllowedNonModularIT(@Name("actionName") String actionName) { @ParametersFactory public static Iterable data() { - return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }) - .toList(); + return RestEntitlementsCheckAction.getCheckActionsAllowedInPlugins().stream().map(action -> new Object[] { action }).toList(); } @Override diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java index 215664e94fcc6..fac70e3167f43 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedIT.java @@ -13,26 +13,20 @@ import com.carrotsearch.randomizedtesting.annotations.ParametersFactory; import org.elasticsearch.client.Request; -import org.elasticsearch.client.Response; import org.elasticsearch.entitlement.qa.test.RestEntitlementsCheckAction; import org.elasticsearch.test.cluster.ElasticsearchCluster; import org.elasticsearch.test.rest.ESRestTestCase; import org.junit.ClassRule; import java.io.IOException; -import java.util.stream.Stream; -import static org.elasticsearch.entitlement.qa.EntitlementsUtil.ALLOWED_ENTITLEMENTS; import static org.hamcrest.Matchers.containsString; -import static org.hamcrest.Matchers.equalTo; public class EntitlementsDeniedIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .module("test-plugin", spec -> - EntitlementsUtil.setupEntitlements(spec, true, null) - ) + .module("test-plugin", spec -> EntitlementsUtil.setupEntitlements(spec, true, null)) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") // Logs in libs/entitlement/qa/build/test-results/javaRestTest/TEST-org.elasticsearch.entitlement.qa.EntitlementsDeniedIT.xml @@ -52,8 +46,7 @@ public EntitlementsDeniedIT(@Name("actionName") String actionName) { @ParametersFactory public static Iterable data() { - return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }) - .toList(); + return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }).toList(); } public void testCheckThrows() { diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java index 150bd62623c20..d48e23e6332ed 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsDeniedNonModularIT.java @@ -26,9 +26,7 @@ public class EntitlementsDeniedNonModularIT extends ESRestTestCase { @ClassRule public static ElasticsearchCluster cluster = ElasticsearchCluster.local() - .module("test-plugin", spec -> - EntitlementsUtil.setupEntitlements(spec, false, null) - ) + .module("test-plugin", spec -> EntitlementsUtil.setupEntitlements(spec, false, null)) .systemProperty("es.entitlements.enabled", "true") .setting("xpack.security.enabled", "false") // Logs in libs/entitlement/qa/build/test-results/javaRestTest/TEST-org.elasticsearch.entitlement.qa.EntitlementsDeniedIT.xml @@ -48,8 +46,7 @@ public EntitlementsDeniedNonModularIT(@Name("actionName") String actionName) { @ParametersFactory public static Iterable data() { - return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }) - .toList(); + return RestEntitlementsCheckAction.getAllCheckActions().stream().map(action -> new Object[] { action }).toList(); } public void testCheckThrows() { diff --git a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java index 8bd0912233f5a..81fa936f0ae3c 100644 --- a/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java +++ b/libs/entitlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsUtil.java @@ -19,7 +19,6 @@ import java.io.UncheckedIOException; import java.util.List; import java.util.Map; -import java.util.function.Consumer; class EntitlementsUtil { @@ -58,10 +57,10 @@ static void setupEntitlements(PluginInstallSpec spec, boolean modular, IOConsume if (modular == false) { spec.withPropertiesOverride(old -> { - String props = old.replace("modulename=org.elasticsearch.entitlement.qa.test", ""); - System.out.println("Using plugin properties:\n" + props); - return Resource.fromString(props); - }); + String props = old.replace("modulename=org.elasticsearch.entitlement.qa.test", ""); + System.out.println("Using plugin properties:\n" + props); + return Resource.fromString(props); + }); } }