Skip to content

Entitle com.unboundid.ldap.listener as test package #130706

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Entitle com.unboundid.ldap.listener as test package #130706

wants to merge 1 commit into from

Conversation

mosche
Copy link
Contributor

@mosche mosche commented Jul 7, 2025

This removes inbound_network from x-pack core and instead configures com.unboundid.ldap.listener as test package for LDAP and related test cases that start an LDAP server listening for requests.

Relates to ES-12128

@mosche mosche requested a review from a team July 7, 2025 10:04
@mosche mosche added >non-issue :Core/Infra/Entitlements Entitlements infrastructure labels Jul 7, 2025
@elasticsearchmachine elasticsearchmachine added Team:Core/Infra Meta label for core/infra team v9.2.0 labels Jul 7, 2025
@elasticsearchmachine
Copy link
Collaborator

Pinging @elastic/es-core-infra (Team:Core/Infra)

prdoyle
prdoyle reviewed Jul 7, 2025
View reviewed changes
Copy link
Contributor

@prdoyle prdoyle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Did you consider simply adding com.unboundid.ldap.listener to the existing list?

.../framework/src/main/java/org/elasticsearch/entitlement/runtime/policy/TestPolicyManager.java
}
return false;
idx = -idx - 2; // candidate package (insertion point - 1)
return idx >= 0 && idx < entitledTestPackages.length && packageName.startsWith(entitledTestPackages[idx]);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This could probably use a unit test, given the opportunity for off-by-one errors.

It inherits an existing bug where org.example.pack will be viewed as a prefix of org.example.package even though the two packages are unrelated. We somewhat got away with this before because it was a fixed set of packages known not to have this problem, but now that the API can add them dynamically, it becomes a possibility.

(We've overdue for writing a proper string prefix trie. 😅)

Also, I think our experience with FileAccessTree shows that this will fail for looking up org.example.foo if the array already contains org.example and org.example.bar. In this case, the binary search will land on org.example.bar which is not a prefix. In FileAccessTree we deal with this by removing entries that have a prefix already in the list.

test/framework/src/main/java/org/elasticsearch/test/ESTestCase.java
if (TestEntitlementBootstrap.isEnabledForTest()) {
TestEntitlementBootstrap.setActive(false == withoutEntitlements);
TestEntitlementBootstrap.setTriviallyAllowingTestCode(false == withEntitlementsOnTestCode);
if (entitledPackages != null) {
assert withEntitlementsOnTestCode == false : "Cannot use @WithEntitlementsOnTestCode together with @EntitledTestPackages";
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

these contradict each other

@prdoyle
Copy link
Contributor

prdoyle commented Jul 7, 2025

Also I think we're still backporting to 8.19?

@mosche
Copy link
Contributor Author

mosche commented Jul 7, 2025
edited
Loading

Did you consider simply adding com.unboundid.ldap.listener to the existing list?

I did, but this (aka having to entitle more test packages) has come up multiple times now and in this case the required package is highly specific, so I'd rather extend the list of packages for specific tests only.

@mosche mosche added auto-backport Automatically create backport pull requests when merged v9.1.0 v8.19.1 labels Jul 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@prdoyle prdoyle prdoyle left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
auto-backport Automatically create backport pull requests when merged :Core/Infra/Entitlements Entitlements infrastructure >non-issue Team:Core/Infra Meta label for core/infra team v8.19.1 v9.1.0 v9.2.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mosche @elasticsearchmachine @prdoyle