From 394b6265c3eff056ef1f91ef6bed0dcc5d013176 Mon Sep 17 00:00:00 2001
From: Robert Muir <rmuir@apache.org>
Date: Thu, 17 Sep 2015 17:02:11 -0400
Subject: [PATCH] Fix more issues with plugin unit tests and allow running from
 IDE.

This is the more sheisty business along the same lines as
https://github.com/elastic/elasticsearch/pull/13638

1 hour total adding the real functionality, days of wasted time
on simulated fake functionality to satisfy our crazy test framework...

I debugged on the problematic jenkins machine and I think issues are
from parsing the classpath and URL normalization etc (trailing slashes
vs not, etc in URLs). So I simplifed the code, to remove this completely,
inverting the logic so we just use an exclusion list instead of inclusion one.

I also allow tests for these plugins to run from the IDE (works at least for eclipse) too.
At least for eclipse this is even less realistic as it piles all the code (src and test)
into a single codebase, but it means you can *use it* and you just have to run mvn verify
before pushing as always. And as always... best effort.
---
 .../bootstrap/BootstrapForTesting.java        | 11 +++++--
 .../bootstrap/MockPluginPolicy.java           | 32 ++++++++-----------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java b/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java
index 41fad1607e3..8e155fa6915 100644
--- a/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java
+++ b/core/src/test/java/org/elasticsearch/bootstrap/BootstrapForTesting.java
@@ -118,6 +118,10 @@ public class BootstrapForTesting {
                 // if its an insecure plugin, we use a wrapper policy impl to try
                 // to simulate what happens with a real distribution
                 String artifact = System.getProperty("tests.artifact");
+                // in case we are running from the IDE:
+                if (artifact == null || System.getProperty("tests.maven") == null) {
+                    artifact = PathUtils.get(System.getProperty("user.dir")).toAbsolutePath().getFileName().toString();
+                }
                 String insecurePluginProp = Security.INSECURE_PLUGINS.get(artifact);
                 if (insecurePluginProp != null) {
                     policy = new MockPluginPolicy(perms, insecurePluginProp);
@@ -131,10 +135,11 @@ public class BootstrapForTesting {
                 if (insecurePluginProp != null) {
                     // initialize the plugin class, in case it has one-time hacks (unit tests often won't do this)
                     String clazz = System.getProperty("tests.plugin.classname");
-                    if (clazz == null) {
-                        throw new IllegalStateException("plugin classname is needed for insecure plugin unit tests");
+                    if (clazz != null) {
+                        Class.forName(clazz);
+                    } else if (System.getProperty("tests.maven") != null) {
+                        throw new IllegalStateException("plugin classname is needed for insecure plugin unit tests: something wrong with build");
                     }
-                    Class.forName(clazz);
                 }
             } catch (Exception e) {
                 throw new RuntimeException("unable to install test security manager", e);
diff --git a/core/src/test/java/org/elasticsearch/bootstrap/MockPluginPolicy.java b/core/src/test/java/org/elasticsearch/bootstrap/MockPluginPolicy.java
index 104aad59291..bd366a28c13 100644
--- a/core/src/test/java/org/elasticsearch/bootstrap/MockPluginPolicy.java
+++ b/core/src/test/java/org/elasticsearch/bootstrap/MockPluginPolicy.java
@@ -22,12 +22,10 @@ package org.elasticsearch.bootstrap;
 import com.carrotsearch.randomizedtesting.RandomizedRunner;
 
 import org.apache.lucene.util.LuceneTestCase;
-import org.elasticsearch.common.io.PathUtils;
 import org.elasticsearch.common.logging.Loggers;
 import org.junit.Assert;
 
 import java.net.URL;
-import java.nio.file.Path;
 import java.security.CodeSource;
 import java.security.Permission;
 import java.security.PermissionCollection;
@@ -37,6 +35,7 @@ import java.security.ProtectionDomain;
 import java.security.cert.Certificate;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.Objects;
 import java.util.Set;
 
 /**
@@ -53,7 +52,7 @@ import java.util.Set;
 final class MockPluginPolicy extends Policy {
     final ESPolicy standardPolicy;
     final PermissionCollection extraPermissions;
-    final Set<CodeSource> extraSources;
+    final Set<CodeSource> excludedSources;
 
     /**
      * Create a new MockPluginPolicy with dynamic {@code permissions} and
@@ -88,35 +87,30 @@ final class MockPluginPolicy extends Policy {
             extraPermissions.add(p);
         }
 
-        // every element in classpath except test-classes/
-        extraSources = new HashSet<CodeSource>();
-        for (URL location : JarHell.parseClassPath()) {
-            Path path = PathUtils.get(location.toURI());
-            String baseName = path.getFileName().toString();
-            if (baseName.contains("test-classes") == false) {
-              extraSources.add(new CodeSource(location, (Certificate[])null));
-            }
-        }
+        excludedSources = new HashSet<CodeSource>();
         // exclude some obvious places
         // es core
-        extraSources.remove(Bootstrap.class.getProtectionDomain().getCodeSource());
+        excludedSources.add(Bootstrap.class.getProtectionDomain().getCodeSource());
         // es test framework
-        extraSources.remove(getClass().getProtectionDomain().getCodeSource());
+        excludedSources.add(getClass().getProtectionDomain().getCodeSource());
         // lucene test framework
-        extraSources.remove(LuceneTestCase.class.getProtectionDomain().getCodeSource());
+        excludedSources.add(LuceneTestCase.class.getProtectionDomain().getCodeSource());
         // test runner
-        extraSources.remove(RandomizedRunner.class.getProtectionDomain().getCodeSource());
+        excludedSources.add(RandomizedRunner.class.getProtectionDomain().getCodeSource());
         // junit library
-        extraSources.remove(Assert.class.getProtectionDomain().getCodeSource());
+        excludedSources.add(Assert.class.getProtectionDomain().getCodeSource());
+        // groovy scripts
+        excludedSources.add(new CodeSource(new URL("file:/groovy/script"), (Certificate[])null));
 
-        Loggers.getLogger(getClass()).debug("Apply permissions [{}] to codebases [{}]", extraPermissions, extraSources);
+        Loggers.getLogger(getClass()).debug("Apply permissions [{}] excluding codebases [{}]", extraPermissions, excludedSources);
     }
 
     @Override
     public boolean implies(ProtectionDomain domain, Permission permission) {
         if (standardPolicy.implies(domain, permission)) {
             return true;
-        } else if (extraSources.contains(domain.getCodeSource())) {
+        } else if (excludedSources.contains(domain.getCodeSource()) == false && 
+                   Objects.toString(domain.getCodeSource()).contains("test-classes") == false) {
             return extraPermissions.implies(permission);
         } else {
             return false;