Merge branch 'main' into cache-interface

Author: mjmbischoff

libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java

@@ -161,7 +161,7 @@ private static PolicyManager createPolicyManager(
         PathLookup pathLookup,
         Policy serverPolicyPatch,
         Function<Class<?>, PolicyManager.PolicyScope> scopeResolver,
-        Map<String, Collection<Path>> pluginSourcePaths
+        Map<String, Collection<Path>> pluginSourcePathsResolver
     ) {
         FilesEntitlementsValidation.validate(pluginPolicies, pathLookup);
 
@@ -170,7 +170,7 @@ private static PolicyManager createPolicyManager(
             HardcodedEntitlements.agentEntitlements(),
             pluginPolicies,
             scopeResolver,
-            pluginSourcePaths,
+            pluginSourcePathsResolver::get,
             pathLookup
         );
     }

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookup.java

@@ -9,13 +9,17 @@
 
 package org.elasticsearch.entitlement.runtime.policy;
 
+import org.elasticsearch.core.PathUtils;
+
 import java.nio.file.Path;
 import java.util.stream.Stream;
 
 /**
  * Resolves paths for known directories checked by entitlements.
  */
 public interface PathLookup {
+    Class<?> DEFAULT_FILESYSTEM_CLASS = PathUtils.getDefaultFileSystem().getClass();
+
     enum BaseDir {
         USER_HOME,
         CONFIG,
@@ -37,4 +41,6 @@ enum BaseDir {
      * paths of the given {@code baseDir}.
      */
     Stream<Path> resolveSettingPaths(BaseDir baseDir, String settingName);
+
+    boolean isPathOnDefaultFilesystem(Path path);
 }

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookupImpl.java

@@ -75,4 +75,9 @@ public Stream<Path> resolveSettingPaths(BaseDir baseDir, String settingName) {
             .toList();
         return getBaseDirPaths(baseDir).flatMap(path -> relativePaths.stream().map(path::resolve));
     }
+
+    @Override
+    public boolean isPathOnDefaultFilesystem(Path path) {
+        return path.getFileSystem().getClass() == DEFAULT_FILESYSTEM_CLASS;
+    }
 }

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyCheckerImpl.java

@@ -9,7 +9,6 @@
 
 package org.elasticsearch.entitlement.runtime.policy;
 
-import org.elasticsearch.core.PathUtils;
 import org.elasticsearch.core.Strings;
 import org.elasticsearch.core.SuppressForbidden;
 import org.elasticsearch.entitlement.instrumentation.InstrumentationService;
@@ -58,7 +57,7 @@
  */
 @SuppressForbidden(reason = "Explicitly checking APIs that are forbidden")
 public class PolicyCheckerImpl implements PolicyChecker {
-    static final Class<?> DEFAULT_FILESYSTEM_CLASS = PathUtils.getDefaultFileSystem().getClass();
+
     protected final Set<Package> suppressFailureLogPackages;
     /**
      * Frames originating from this module are ignored in the permission logic.
@@ -81,15 +80,14 @@ public PolicyCheckerImpl(
         this.pathLookup = pathLookup;
     }
 
-    private static boolean isPathOnDefaultFilesystem(Path path) {
-        var pathFileSystemClass = path.getFileSystem().getClass();
-        if (path.getFileSystem().getClass() != DEFAULT_FILESYSTEM_CLASS) {
+    private boolean isPathOnDefaultFilesystem(Path path) {
+        if (pathLookup.isPathOnDefaultFilesystem(path) == false) {
             PolicyManager.generalLogger.trace(
                 () -> Strings.format(
                     "File entitlement trivially allowed: path [%s] is for a different FileSystem class [%s], default is [%s]",
                     path.toString(),
-                    pathFileSystemClass.getName(),
-                    DEFAULT_FILESYSTEM_CLASS.getName()
+                    path.getFileSystem().getClass().getName(),
+                    PathLookup.DEFAULT_FILESYSTEM_CLASS.getName()
                 )
             );
             return false;
@@ -217,7 +215,7 @@ public void checkFileRead(Class<?> callerClass, Path path) {
 
     @Override
     public void checkFileRead(Class<?> callerClass, Path path, boolean followLinks) throws NoSuchFileException {
-        if (PolicyCheckerImpl.isPathOnDefaultFilesystem(path) == false) {
+        if (isPathOnDefaultFilesystem(path) == false) {
             return;
         }
         var requestingClass = requestingClass(callerClass);
@@ -265,7 +263,7 @@ public void checkFileWrite(Class<?> callerClass, File file) {
 
     @Override
     public void checkFileWrite(Class<?> callerClass, Path path) {
-        if (PolicyCheckerImpl.isPathOnDefaultFilesystem(path) == false) {
+        if (isPathOnDefaultFilesystem(path) == false) {
             return;
         }
         var requestingClass = requestingClass(callerClass);

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PolicyManager.java

@@ -22,9 +22,11 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Map;
+import java.util.Objects;
 import java.util.Set;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.function.Function;
@@ -217,7 +219,7 @@ private static Set<Module> findSystemLayerModules() {
         .filter(m -> SYSTEM_LAYER_MODULES.contains(m) == false)
         .collect(Collectors.toUnmodifiableSet());
 
-    private final Map<String, Collection<Path>> pluginSourcePaths;
+    private final Function<String, Collection<Path>> pluginSourcePathsResolver;
 
     /**
      * Paths that are only allowed for a single module. Used to generate
@@ -231,7 +233,7 @@ public PolicyManager(
         List<Entitlement> apmAgentEntitlements,
         Map<String, Policy> pluginPolicies,
         Function<Class<?>, PolicyScope> scopeResolver,
-        Map<String, Collection<Path>> pluginSourcePaths,
+        Function<String, Collection<Path>> pluginSourcePathsResolver,
         PathLookup pathLookup
     ) {
         this.serverEntitlements = buildScopeEntitlementsMap(requireNonNull(serverPolicy));
@@ -240,7 +242,7 @@ public PolicyManager(
             .stream()
             .collect(toUnmodifiableMap(Map.Entry::getKey, e -> buildScopeEntitlementsMap(e.getValue())));
         this.scopeResolver = scopeResolver;
-        this.pluginSourcePaths = pluginSourcePaths;
+        this.pluginSourcePathsResolver = pluginSourcePathsResolver;
         this.pathLookup = requireNonNull(pathLookup);
 
         List<ExclusiveFileEntitlement> exclusiveFileEntitlements = new ArrayList<>();
@@ -334,7 +336,10 @@ protected final ModuleEntitlements computeEntitlements(Class<?> requestingClass)
             default -> {
                 assert policyScope.kind() == PLUGIN;
                 var pluginEntitlements = pluginsEntitlements.get(componentName);
-                Collection<Path> componentPaths = pluginSourcePaths.getOrDefault(componentName, List.of());
+                Collection<Path> componentPaths = Objects.requireNonNullElse(
+                    pluginSourcePathsResolver.apply(componentName),
+                    Collections.emptyList()
+                );
                 if (pluginEntitlements == null) {
                     return defaultEntitlements(componentName, componentPaths, moduleName);
                 } else {

libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java

@@ -33,6 +33,7 @@
 import java.net.URLClassLoader;
 import java.nio.file.Path;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.List;
 import java.util.Map;
 import java.util.Set;
@@ -95,7 +96,7 @@ public void testGetEntitlements() {
             List.of(),
             Map.of("plugin1", new Policy("plugin1", List.of(new Scope("plugin.module1", List.of(new ExitVMEntitlement()))))),
             c -> policyScope.get(),
-            Map.of("plugin1", plugin1SourcePaths),
+            Map.of("plugin1", plugin1SourcePaths)::get,
             TEST_PATH_LOOKUP
         );
         Collection<Path> thisSourcePaths = policyManager.getComponentPathsFromClass(getClass());
@@ -170,7 +171,7 @@ public void testAgentsEntitlements() throws IOException, ClassNotFoundException
             c -> c.getPackageName().startsWith(TEST_AGENTS_PACKAGE_NAME)
                 ? PolicyScope.apmAgent("test.agent.module")
                 : PolicyScope.plugin("test", "test.plugin.module"),
-            Map.of(),
+            name -> Collections.emptyList(),
             TEST_PATH_LOOKUP
         );
         ModuleEntitlements agentsEntitlements = policyManager.getEntitlements(TestAgent.class);
@@ -197,7 +198,7 @@ public void testDuplicateEntitlements() {
                 List.of(),
                 Map.of(),
                 c -> PolicyScope.plugin("test", moduleName(c)),
-                Map.of(),
+                name -> Collections.emptyList(),
                 TEST_PATH_LOOKUP
             )
         );
@@ -213,7 +214,7 @@ public void testDuplicateEntitlements() {
                 List.of(new CreateClassLoaderEntitlement(), new CreateClassLoaderEntitlement()),
                 Map.of(),
                 c -> PolicyScope.plugin("test", moduleName(c)),
-                Map.of(),
+                name -> Collections.emptyList(),
                 TEST_PATH_LOOKUP
             )
         );
@@ -249,7 +250,7 @@ public void testDuplicateEntitlements() {
                     )
                 ),
                 c -> PolicyScope.plugin("plugin1", moduleName(c)),
-                Map.of("plugin1", List.of(Path.of("modules", "plugin1"))),
+                Map.of("plugin1", List.of(Path.of("modules", "plugin1")))::get,
                 TEST_PATH_LOOKUP
             )
         );
@@ -299,7 +300,7 @@ public void testFilesEntitlementsWithExclusive() {
                     )
                 ),
                 c -> PolicyScope.plugin("", moduleName(c)),
-                Map.of("plugin1", List.of(Path.of("modules", "plugin1")), "plugin2", List.of(Path.of("modules", "plugin2"))),
+                Map.of("plugin1", List.of(Path.of("modules", "plugin1")), "plugin2", List.of(Path.of("modules", "plugin2")))::get,
                 TEST_PATH_LOOKUP
             )
         );
@@ -350,7 +351,7 @@ public void testFilesEntitlementsWithExclusive() {
                     )
                 ),
                 c -> PolicyScope.plugin("", moduleName(c)),
-                Map.of(),
+                name -> Collections.emptyList(),
                 TEST_PATH_LOOKUP
             )
         );

muted-tests.yml

@@ -489,21 +489,6 @@ tests:
 - class: org.elasticsearch.test.rest.yaml.RcsCcsCommonYamlTestSuiteIT
   method: test {p0=msearch/20_typed_keys/Multisearch test with typed_keys parameter for sampler and significant terms}
   issue: https://github.com/elastic/elasticsearch/issues/130472
-- class: org.elasticsearch.xpack.ssl.SSLErrorMessageFileTests
-  method: testMessageForKeyStoreOutsideConfigDir
-  issue: https://github.com/elastic/elasticsearch/issues/127192
-- class: org.elasticsearch.xpack.ssl.SSLErrorMessageFileTests
-  method: testMessageForPemKeyOutsideConfigDir
-  issue: https://github.com/elastic/elasticsearch/issues/127192
-- class: org.elasticsearch.xpack.ssl.SSLErrorMessageFileTests
-  method: testMessageForPemCertificateOutsideConfigDir
-  issue: https://github.com/elastic/elasticsearch/issues/127192
-- class: org.elasticsearch.xpack.ssl.SSLErrorMessageFileTests
-  method: testMessageForTrustStoreOutsideConfigDir
-  issue: https://github.com/elastic/elasticsearch/issues/127192
-- class: org.elasticsearch.xpack.ssl.SSLErrorMessageFileTests
-  method: testMessageForCertificateAuthoritiesOutsideConfigDir
-  issue: https://github.com/elastic/elasticsearch/issues/127192
 - class: org.elasticsearch.index.codec.vectors.cluster.HierarchicalKMeansTests
   method: testHKmeans
   issue: https://github.com/elastic/elasticsearch/issues/130497
@@ -552,6 +537,18 @@ tests:
 - class: org.elasticsearch.common.util.concurrent.TaskExecutionTimeTrackingEsThreadPoolExecutorTests
   method: testMaxQueueLatency
   issue: https://github.com/elastic/elasticsearch/issues/131093
+- class: org.elasticsearch.xpack.esql.action.CrossClusterAsyncQueryStopIT
+  method: testStopQueryLocal
+  issue: https://github.com/elastic/elasticsearch/issues/121672
+- class: org.elasticsearch.xpack.esql.qa.multi_node.EsqlSpecIT
+  method: test {lookup-join.MvJoinKeyOnFromAfterStats ASYNC}
+  issue: https://github.com/elastic/elasticsearch/issues/131148
+- class: org.elasticsearch.xpack.esql.qa.multi_node.GenerativeIT
+  method: test
+  issue: https://github.com/elastic/elasticsearch/issues/131154
+- class: org.elasticsearch.xpack.esql.ccq.MultiClustersIT
+  method: testNotLikeListKeyword
+  issue: https://github.com/elastic/elasticsearch/issues/131155
 
 # Examples:
 #

server/src/main/java/org/elasticsearch/cluster/routing/allocation/allocator/DesiredBalanceReconciler.java

@@ -23,6 +23,7 @@
 import org.elasticsearch.cluster.routing.UnassignedInfo.AllocationStatus;
 import org.elasticsearch.cluster.routing.allocation.RoutingAllocation;
 import org.elasticsearch.cluster.routing.allocation.decider.Decision;
+import org.elasticsearch.common.FrequencyCappedAction;
 import org.elasticsearch.common.Strings;
 import org.elasticsearch.common.settings.ClusterSettings;
 import org.elasticsearch.common.settings.Setting;

…ion/allocator/FrequencyCappedAction.java …search/common/FrequencyCappedAction.javaserver/src/main/java/org/elasticsearch/cluster/routing/allocation/allocator/FrequencyCappedAction.java renamed to server/src/main/java/org/elasticsearch/common/FrequencyCappedAction.java server/src/main/java/org/elasticsearch/cluster/routing/allocation/allocator/FrequencyCappedAction.java renamed to server/src/main/java/org/elasticsearch/common/FrequencyCappedAction.java

@@ -7,7 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-package org.elasticsearch.cluster.routing.allocation.allocator;
+package org.elasticsearch.common;
 
 import org.elasticsearch.core.TimeValue;
 

…llocator/FrequencyCappedActionTests.java …h/common/FrequencyCappedActionTests.javaserver/src/test/java/org/elasticsearch/cluster/routing/allocation/allocator/FrequencyCappedActionTests.java renamed to server/src/test/java/org/elasticsearch/common/FrequencyCappedActionTests.java server/src/test/java/org/elasticsearch/cluster/routing/allocation/allocator/FrequencyCappedActionTests.java renamed to server/src/test/java/org/elasticsearch/common/FrequencyCappedActionTests.java

@@ -7,7 +7,7 @@
  * License v3.0 only", or the "Server Side Public License, v 1".
  */
 
-package org.elasticsearch.cluster.routing.allocation.allocator;
+package org.elasticsearch.common;
 
 import org.elasticsearch.core.TimeValue;
 import org.elasticsearch.test.ESTestCase;