Skip to content

[Entitlements] No SecurityManager when entitlements are enabled#119689

Merged
ldematte merged 2 commits intoelastic:mainfrom
ldematte:entitlements/boostrap-disallow-sm
Jan 8, 2025
Merged

[Entitlements] No SecurityManager when entitlements are enabled#119689
ldematte merged 2 commits intoelastic:mainfrom
ldematte:entitlements/boostrap-disallow-sm

Conversation

@ldematte
Copy link
Contributor

@ldematte ldematte commented Jan 7, 2025
edited
Loading

Today the SecurityManager is still partially initialized and checked to be present, even when entitlements are enabled - it is just a "all permission" SM, but it's there and it may interfere with entitlements IT tests (that's how I found it was still present).

This PR adjusts Bootstrap and JVM options to ensure the SM is never set or invoked when entitlements are enabled.

@ldematte ldematte added >non-issue :Core/Infra/Core Core issues without another label auto-backport Automatically create backport pull requests when merged v9.0.0 v8.18.0 labels Jan 7, 2025
@ldematte ldematte requested a review from a team as a code owner January 7, 2025 17:59
@elasticsearchmachine elasticsearchmachine added the Team:Core/Infra Meta label for core/infra team label Jan 7, 2025
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Jan 7, 2025

Pinging @elastic/es-core-infra (Team:Core/Infra)

rjernst
rjernst approved these changes Jan 7, 2025
View reviewed changes
Copy link
Member

@rjernst rjernst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ldematte ldematte merged commit 3464adb into elastic:main Jan 8, 2025
@ldematte ldematte deleted the entitlements/boostrap-disallow-sm branch January 8, 2025 09:24
@elasticsearchmachine
Copy link
Collaborator

elasticsearchmachine commented Jan 8, 2025

💔 Backport failed

Status Branch Result
8.x Commit could not be cherrypicked due to conflicts

You can use sqren/backport to manually backport by running backport --upstream elastic/elasticsearch --pr 119689

ldematte added a commit that referenced this pull request Jan 8, 2025
@ldematte
Adjust Bootstrap and JVM options to ensure the SM is never used when …
e4a4eb1 
…entitlements are enabled (#119689)
ldematte added a commit that referenced this pull request Jan 8, 2025
@ldematte
Revert "Adjust Bootstrap and JVM options to ensure the SM is never us…
1f82273 
…ed when entitlements are enabled (#119689)"

This reverts commit e4a4eb1.
@ldematte ldematte mentioned this pull request Jan 8, 2025
Merged
ldematte added a commit to ldematte/elasticsearch that referenced this pull request Jan 8, 2025
@ldematte
Adjust Bootstrap and JVM options to ensure the SM is never used when …
fc8fb1a 
…entitlements are enabled (elastic#119689)
elasticsearchmachine pushed a commit that referenced this pull request Jan 8, 2025
@ldematte
Adjust Bootstrap and JVM options to ensure the SM is never used when …
a62f9e4 
…entitlements are enabled (#119689) (#119741)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@rjernst rjernst rjernst approved these changes

Assignees

No one assigned

Labels

auto-backport Automatically create backport pull requests when merged :Core/Infra/Core Core issues without another label >non-issue Team:Core/Infra Meta label for core/infra team v8.18.0 v9.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ldematte @elasticsearchmachine @rjernst