Entitlements: manage_threads #122261
Merged
Entitlements: manage_threads #122261
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
prdoyle
added
>non-issue
:Core/Infra/Core
prdoyle
force-pushed
the
simple-thread-properties
branch
from
53d2975 to
04b6e8e
Compare
This reverts commit 443ca76.
prdoyle
force-pushed
the
simple-thread-properties
branch
from
04b6e8e to
99ab3d9
Compare
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
prdoyle
commented
Feb 12, 2025
...entitled-plugin/src/main/java/org/elasticsearch/entitlement/qa/entitled/EntitledActions.java
Outdated
Show resolved
Hide resolved
prdoyle
commented
Feb 12, 2025
...itlement/qa/src/javaRestTest/java/org/elasticsearch/entitlement/qa/EntitlementsTestRule.java
Outdated
Show resolved
Hide resolved
…imple-thread-properties
rjernst
reviewed
Feb 12, 2025
...ntitlement/bridge/src/main/java/org/elasticsearch/entitlement/bridge/EntitlementChecker.java
Outdated
Show resolved
Hide resolved
...-plugin/src/main/java/org/elasticsearch/entitlement/qa/test/RestEntitlementsCheckAction.java
Outdated
Show resolved
Hide resolved
libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java
Outdated
Show resolved
Hide resolved
libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java
Outdated
Show resolved
Hide resolved
libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java
Outdated
Show resolved
Hide resolved
libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyParser.java
Outdated
Show resolved
Hide resolved
ldematte
reviewed
Feb 13, 2025
| getTestEntries(FileCheckActions.class), | ||
| getTestEntries(SpiActions.class), | ||
| getTestEntries(SystemActions.class), | ||
| getTestEntries(FileStoreActions.class), |
There was a problem hiding this comment.
Thanks for ordering this; maybe mention it to everyone so we keep it ordered (and help in reducing merge conflicts)
| return channel -> { | ||
| logger.info("Calling check action [{}]", actionName); | ||
| checkAction.action().run(); | ||
| logger.debug("Check action [{}] returned", actionName); |
There was a problem hiding this comment.
Intentional or leftover from debugging?
There was a problem hiding this comment.
At one point, I wanted to know whether the action actually returned, as opposed to throwing. By and large, when I add log statements during debugging, I don't remove them before merging because if they're helpful once, they're likely to be helpful again.
There was a problem hiding this comment.
👍
Should we change the "matching" logger level too? (2 lines above) (if it makes sense)
| } | ||
|
|
||
| throw new NotEntitledException( | ||
| notEntitled( |
There was a problem hiding this comment.
I'm not the biggest fan of this change tbh; it does not make things more readable, and it adds a frame to the stack trace I think?
Not blocking, but I preferred the way it was.
There was a problem hiding this comment.
I did this so the throws are all done from one place in order to switch them all to reporting only in this commit. That reporting mode was really useful; I suspect we'll end up making that "for real" somehow and merging it, but I didn't do that in this PR.
There was a problem hiding this comment.
I should say... in isolation, with no context, I agree with you and probably would have left the same review comment. 😂
There was a problem hiding this comment.
Yes! :) thanks for the context, the change makes sense now
| InboundNetworkEntitlement.class, | ||
| WriteSystemPropertiesEntitlement.class, | ||
| LoadNativeLibrariesEntitlement.class | ||
| LoadNativeLibrariesEntitlement.class, |
There was a problem hiding this comment.
Same; good that you ordered them, but please share with the team so we keep doing it.
💔 Backport failed
You can use sqren/backport to manually backport by running |
prdoyle
added a commit
to prdoyle/elasticsearch
that referenced
this pull request
Feb 13, 2025
* Refactor: protected -> private * Initial thread-related entitlements * Entitlements from manual test runs * Refactor: notEntitled method * Entitlements reporting mode * Entitlements from CI * Revert "Entitlements reporting mode" This reverts commit 443ca76. * Remove unnecessary EntitledActions.newThread * Don't log in entitlements ITs by default * Import SuppressForbidden * Respond to PR comments * Move manage_threads tests to their own file
prdoyle
added a commit
to prdoyle/elasticsearch
that referenced
this pull request
Feb 13, 2025
* Refactor: protected -> private * Initial thread-related entitlements * Entitlements from manual test runs * Refactor: notEntitled method * Entitlements reporting mode * Entitlements from CI * Revert "Entitlements reporting mode" This reverts commit 443ca76. * Remove unnecessary EntitledActions.newThread * Don't log in entitlements ITs by default * Import SuppressForbidden * Respond to PR comments * Move manage_threads tests to their own file
This was referenced Feb 13, 2025
elasticsearchmachine
pushed a commit
that referenced
this pull request
Feb 13, 2025
* Refactor: protected -> private * Initial thread-related entitlements * Entitlements from manual test runs * Refactor: notEntitled method * Entitlements reporting mode * Entitlements from CI * Revert "Entitlements reporting mode" This reverts commit 443ca76. * Remove unnecessary EntitledActions.newThread * Don't log in entitlements ITs by default * Import SuppressForbidden * Respond to PR comments * Move manage_threads tests to their own file
elasticsearchmachine
pushed a commit
that referenced
this pull request
Feb 13, 2025
* Entitlements: manage_threads (#122261) * Refactor: protected -> private * Initial thread-related entitlements * Entitlements from manual test runs * Refactor: notEntitled method * Entitlements reporting mode * Entitlements from CI * Revert "Entitlements reporting mode" This reverts commit 443ca76. * Remove unnecessary EntitledActions.newThread * Don't log in entitlements ITs by default * Import SuppressForbidden * Respond to PR comments * Move manage_threads tests to their own file * Move ForkJoinPool.setParallelism to VersionSpecificManageThreadsActions * [CI] Auto commit changes from spotless --------- Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
elasticsearchmachine
pushed a commit
that referenced
this pull request
Feb 13, 2025
* Entitlements: manage_threads (#122261) * Refactor: protected -> private * Initial thread-related entitlements * Entitlements from manual test runs * Refactor: notEntitled method * Entitlements reporting mode * Entitlements from CI * Revert "Entitlements reporting mode" This reverts commit 443ca76. * Remove unnecessary EntitledActions.newThread * Don't log in entitlements ITs by default * Import SuppressForbidden * Respond to PR comments * Move manage_threads tests to their own file * Move ForkJoinPool.setParallelism to VersionSpecificManageThreadsActions * [CI] Auto commit changes from spotless --------- Co-authored-by: elasticsearchmachine <infra-root+elasticsearchmachine@elastic.co>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adds a
manage_threadsentitlements coveringThread.start()as well as varioussetmethods for changing thread properties.See ES-10358.