Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security Manager Replacement] Add support of Java policies #17663

Merged
merged 2 commits into from
Mar 25, 2025
Merged

[Security Manager Replacement] Add support of Java policies #17663

merged 2 commits into from
Mar 25, 2025

Conversation

reta
Copy link
Collaborator

@reta reta commented Mar 24, 2025

Description

As of JDK-24, the use of Java policies has been restricted. However, in order for OpenSearch to continue working post JDK-24, we should provide the support of Java policies.

Related Issues

Closes #17659

Check List

  • Functionality includes testing.
  • API changes companion pull request created, if applicable.
  • Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@github-actions github-actions bot added _No response_ enhancement Enhancement or improvement to existing feature or request v3.0.0 Issues and PRs related to version 3.0.0 labels Mar 24, 2025
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for dc87ede: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@kumargu
Copy link
Contributor

kumargu commented Mar 24, 2025

@andrross @kumargu @cwperks very much aware that there are no tests (yet) added into to these modules yet, severe lack of time, but I have ported these files from the JDK codebase mostly as-is.

I think its fine to not have unit tests for the (large) ported files, our integration test would cover parts of it. Also. I think these files would be barely changed.

@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Mar 24, 2025
Open
@kumargu
Copy link
Contributor

kumargu commented Mar 24, 2025

overall LGTM.

@cwperks
Copy link
Member

cwperks commented Mar 24, 2025

@andrross @kumargu @cwperks very much aware that there are no tests (yet) added into to these modules yet, severe lack of time, but I have ported these files from the JDK codebase mostly as-is.

I think its fine to not have unit tests for the (large) ported files, our integration test would cover parts of it. Also. I think these files would be barely changed.

Agree here for the sake of this PR. The logic in the files will be covered by ITs that read the policy files even if the individual units do not have tests. It would be a good idea to add tests, but I would be comfortable with that done in a separate future PR.

@reta
Merge branch 'main' into issue-17659
cdf3a2e 
Signed-off-by: Andriy Redko <andriy.redko@aiven.io>
@github-actions github-actions bot added the security Anything security related label Mar 24, 2025
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for cdf3a2e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for cdf3a2e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for cdf3a2e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

This was referenced Mar 25, 2025
Open
Open
@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for cdf3a2e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

❌ Gradle check result for cdf3a2e: FAILURE

Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green. Is the failure a flaky test unrelated to your change?

@github-actions GitHub Actions
Copy link
Contributor

✅ Gradle check result for cdf3a2e: SUCCESS

@reta
Copy link
Collaborator Author

reta commented Mar 25, 2025

@cwperks mind please re-approving, conflicts :-(, thank you

@cwperks
Copy link
Member

cwperks commented Mar 25, 2025

@cwperks mind please re-approving, conflicts :-(, thank you

approved

@andrross andrross merged commit 17289b7 into opensearch-project:main Mar 25, 2025
31 of 32 checks passed
@andrross andrross mentioned this pull request Mar 25, 2025
Merged
1 task
@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Mar 26, 2025
Open
andrross added a commit to andrross/OpenSearch that referenced this pull request Mar 26, 2025
@andrross
Revert "Add support of Java policies (opensearch-project#17663)"
fc456e4 
This reverts commit 17289b7.
andrross added a commit to andrross/OpenSearch that referenced this pull request Mar 26, 2025
@andrross
Revert "Add support of Java policies (opensearch-project#17663)"
7340701 
This reverts commit 17289b7.

Signed-off-by: Andrew Ross <andrross@amazon.com>
andrross added a commit to andrross/OpenSearch that referenced this pull request Mar 27, 2025
@andrross
Revert "Add support of Java policies (opensearch-project#17663)"
a7ff41e 
This reverts commit 17289b7.

Signed-off-by: Andrew Ross <andrross@amazon.com>
reta pushed a commit that referenced this pull request Mar 28, 2025
@andrross
Revert policy parsing logic (#17703)
399188f 
* Revert "Add simple PolicyParser unit test (#17690)"

This reverts commit 3fb09c7.

Signed-off-by: Andrew Ross <andrross@amazon.com>

* Revert "Add support of Java policies (#17663)"

This reverts commit 17289b7.

Signed-off-by: Andrew Ross <andrross@amazon.com>

---------

Signed-off-by: Andrew Ross <andrross@amazon.com>
@opensearch-ci-bot opensearch-ci-bot mentioned this pull request Apr 1, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yupeng9 yupeng9 yupeng9 left review comments

@andrross andrross andrross approved these changes

@cwperks cwperks cwperks approved these changes

@kumargu kumargu kumargu approved these changes

@anasalkouz anasalkouz Awaiting requested review from anasalkouz anasalkouz is a code owner

@ashking94 ashking94 Awaiting requested review from ashking94 ashking94 is a code owner

@bugmakerrrrrr bugmakerrrrrr Awaiting requested review from bugmakerrrrrr bugmakerrrrrr is a code owner

@Bukhtawar Bukhtawar Awaiting requested review from Bukhtawar Bukhtawar is a code owner

@CEHENKLE CEHENKLE Awaiting requested review from CEHENKLE CEHENKLE is a code owner

@dblock dblock Awaiting requested review from dblock dblock is a code owner

@dbwiddis dbwiddis Awaiting requested review from dbwiddis dbwiddis is a code owner

@gbbafna gbbafna Awaiting requested review from gbbafna gbbafna is a code owner

@jainankitk jainankitk Awaiting requested review from jainankitk jainankitk is a code owner

@kotwanikunal kotwanikunal Awaiting requested review from kotwanikunal kotwanikunal is a code owner

@linuxpi linuxpi Awaiting requested review from linuxpi linuxpi is a code owner

@mch2 mch2 Awaiting requested review from mch2 mch2 is a code owner

@msfroh msfroh Awaiting requested review from msfroh msfroh is a code owner

@nknize nknize Awaiting requested review from nknize nknize is a code owner

@owaiskazi19 owaiskazi19 Awaiting requested review from owaiskazi19 owaiskazi19 is a code owner

@Rishikesh1159 Rishikesh1159 Awaiting requested review from Rishikesh1159 Rishikesh1159 is a code owner

@sachinpkale sachinpkale Awaiting requested review from sachinpkale sachinpkale is a code owner

@saratvemulapalli saratvemulapalli Awaiting requested review from saratvemulapalli saratvemulapalli is a code owner

@shwetathareja shwetathareja Awaiting requested review from shwetathareja shwetathareja is a code owner

@sohami sohami Awaiting requested review from sohami sohami is a code owner

@VachaShah VachaShah Awaiting requested review from VachaShah VachaShah is a code owner

Assignees
No one assigned
Labels
enhancement Enhancement or improvement to existing feature or request _No response_ security Anything security related v3.0.0 Issues and PRs related to version 3.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Feature Request] Add support of Java policies
5 participants
@reta @kumargu @cwperks @andrross @yupeng9