move tests never running in jenkins to new evil tests module

2025-03-25 01:19:02 +00:00 · 2015-11-03 21:42:22 -05:00 · 2015-11-03 21:42:22 -05:00 · 602feac915
commit 602feac915
parent 9246ca98fe
9 changed files with 94 additions and 40 deletions
--- a/core/src/test/java/org/elasticsearch/bootstrap/ESPolicyTests.java
+++ b/core/src/test/java/org/elasticsearch/bootstrap/ESPolicyTests.java
@ -21,58 +21,18 @@ package org.elasticsearch.bootstrap;

 import org.elasticsearch.test.ESTestCase;

-import java.io.FilePermission;
 import java.security.AccessControlContext;
 import java.security.AccessController;
-import java.security.AllPermission;
-import java.security.CodeSource;
-import java.security.Permission;
 import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.PrivilegedAction;
 import java.security.ProtectionDomain;
-import java.security.cert.Certificate;
-import java.util.Collections;

 /** 
 * Tests for ESPolicy
- * <p>
- * Most unit tests won't run under security manager, since we don't allow 
- * access to the policy (you cannot construct it)
 */
 public class ESPolicyTests extends ESTestCase {

-    /** 
-     * Test policy with null codesource.
-     * <p>
-     * This can happen when restricting privileges with doPrivileged,
-     * even though ProtectionDomain's ctor javadocs might make you think
-     * that the policy won't be consulted.
-     */
-    public void testNullCodeSource() throws Exception {
-        assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
-        // create a policy with AllPermission
-        Permission all = new AllPermission();
-        PermissionCollection allCollection = all.newPermissionCollection();
-        allCollection.add(all);
-        ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap());
-        // restrict ourselves to NoPermission
-        PermissionCollection noPermissions = new Permissions();
-        assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
-    }
-
-    /** 
-     * test with null location
-     * <p>
-     * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
-     */
-    public void testNullLocation() throws Exception {
-        assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
-        PermissionCollection noPermissions = new Permissions();
-        ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap());
-        assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[])null), noPermissions), new FilePermission("foo", "read")));
-    }
-
    /** 
     * test restricting privileges to no permissions actually works
     */
--- a/qa/evil-tests/build.gradle
+++ b/qa/evil-tests/build.gradle
@ -0,0 +1,24 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+apply plugin: 'elasticsearch.standalone-test'
+
+test {
+  systemProperty 'tests.security.manager', 'false'
+}
--- a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/ESPolicyUnitTests.java
+++ b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/ESPolicyUnitTests.java
@ -0,0 +1,69 @@
+/*
+ * Licensed to Elasticsearch under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.elasticsearch.bootstrap;
+
+import org.elasticsearch.test.ESTestCase;
+
+import java.io.FilePermission;
+import java.security.AllPermission;
+import java.security.CodeSource;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.ProtectionDomain;
+import java.security.cert.Certificate;
+import java.util.Collections;
+
+/**
+ * Unit tests for ESPolicy: these cannot run with security manager,
+ * we don't allow messing with the policy
+ */
+public class ESPolicyUnitTests extends ESTestCase {
+    /** 
+     * Test policy with null codesource.
+     * <p>
+     * This can happen when restricting privileges with doPrivileged,
+     * even though ProtectionDomain's ctor javadocs might make you think
+     * that the policy won't be consulted.
+     */
+    public void testNullCodeSource() throws Exception {
+        assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
+        // create a policy with AllPermission
+        Permission all = new AllPermission();
+        PermissionCollection allCollection = all.newPermissionCollection();
+        allCollection.add(all);
+        ESPolicy policy = new ESPolicy(allCollection, Collections.emptyMap());
+        // restrict ourselves to NoPermission
+        PermissionCollection noPermissions = new Permissions();
+        assertFalse(policy.implies(new ProtectionDomain(null, noPermissions), new FilePermission("foo", "read")));
+    }
+
+    /** 
+     * test with null location
+     * <p>
+     * its unclear when/if this happens, see https://bugs.openjdk.java.net/browse/JDK-8129972
+     */
+    public void testNullLocation() throws Exception {
+        assumeTrue("test cannot run with security manager", System.getSecurityManager() == null);
+        PermissionCollection noPermissions = new Permissions();
+        ESPolicy policy = new ESPolicy(noPermissions, Collections.emptyMap());
+        assertFalse(policy.implies(new ProtectionDomain(new CodeSource(null, (Certificate[])null), noPermissions), new FilePermission("foo", "read")));
+    }
+}
--- a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/SeccompTests.java
+++ b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/SeccompTests.java
--- a/qa/evil-tests/src/test/java/org/elasticsearch/plugins/PluginSecurityTests.java
+++ b/qa/evil-tests/src/test/java/org/elasticsearch/plugins/PluginSecurityTests.java
--- a/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/complex-plugin-security.policy
+++ b/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/complex-plugin-security.policy
--- a/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/simple-plugin-security.policy
+++ b/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/simple-plugin-security.policy
--- a/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/unresolved-plugin-security.policy
+++ b/qa/evil-tests/src/test/resources/org/elasticsearch/plugins/security/unresolved-plugin-security.policy
--- a/settings.gradle
+++ b/settings.gradle
@ -29,6 +29,7 @@ String[] projects = [
  'plugins:jvm-example',
  'plugins:site-example',
  'plugins:store-smb',
+  'qa:evil-tests',
  'qa:smoke-test-client',
  'qa:smoke-test-plugins'
 ]