1111
1212import org .elasticsearch .core .Strings ;
1313import org .elasticsearch .core .SuppressForbidden ;
14+ import org .elasticsearch .entitlement .bootstrap .EntitlementBootstrap ;
1415import org .elasticsearch .entitlement .instrumentation .InstrumentationService ;
1516import org .elasticsearch .entitlement .runtime .api .NotEntitledException ;
1617import org .elasticsearch .entitlement .runtime .policy .entitlements .CreateClassLoaderEntitlement ;
@@ -215,7 +216,8 @@ private void neverEntitled(Class<?> callerClass, Supplier<String> operationDescr
215216 requestingClass .getModule ().getName (),
216217 requestingClass ,
217218 operationDescription .get ()
218- )
219+ ),
220+ callerClass
219221 );
220222 }
221223
@@ -274,7 +276,8 @@ public void checkFileRead(Class<?> callerClass, Path path) {
274276 requestingClass .getModule ().getName (),
275277 requestingClass ,
276278 path
277- )
279+ ),
280+ callerClass
278281 );
279282 }
280283 }
@@ -299,7 +302,8 @@ public void checkFileWrite(Class<?> callerClass, Path path) {
299302 requestingClass .getModule ().getName (),
300303 requestingClass ,
301304 path
302- )
305+ ),
306+ callerClass
303307 );
304308 }
305309 }
@@ -348,14 +352,15 @@ public void checkAllNetworkAccess(Class<?> callerClass) {
348352 }
349353
350354 var classEntitlements = getEntitlements (requestingClass );
351- checkFlagEntitlement (classEntitlements , InboundNetworkEntitlement .class , requestingClass );
352- checkFlagEntitlement (classEntitlements , OutboundNetworkEntitlement .class , requestingClass );
355+ checkFlagEntitlement (classEntitlements , InboundNetworkEntitlement .class , requestingClass , callerClass );
356+ checkFlagEntitlement (classEntitlements , OutboundNetworkEntitlement .class , requestingClass , callerClass );
353357 }
354358
355359 private static void checkFlagEntitlement (
356360 ModuleEntitlements classEntitlements ,
357361 Class <? extends Entitlement > entitlementClass ,
358- Class <?> requestingClass
362+ Class <?> requestingClass ,
363+ Class <?> callerClass
359364 ) {
360365 if (classEntitlements .hasEntitlement (entitlementClass ) == false ) {
361366 notEntitled (
@@ -365,7 +370,8 @@ private static void checkFlagEntitlement(
365370 requestingClass .getModule ().getName (),
366371 requestingClass ,
367372 PolicyParser .getEntitlementTypeName (entitlementClass )
368- )
373+ ),
374+ callerClass
369375 );
370376 }
371377 logger .debug (
@@ -405,12 +411,18 @@ public void checkWriteProperty(Class<?> callerClass, String property) {
405411 requestingClass .getModule ().getName (),
406412 requestingClass ,
407413 property
408- )
414+ ),
415+ callerClass
409416 );
410417 }
411418
412- private static void notEntitled (String message ) {
413- throw new NotEntitledException (message );
419+ private static void notEntitled (String message , Class <?> callerClass ) {
420+ var exception = new NotEntitledException (message );
421+ // don't log self tests in EntitlementBootstrap
422+ if (EntitlementBootstrap .class .equals (callerClass ) == false ) {
423+ logger .warn (message , exception );
424+ }
425+ throw exception ;
414426 }
415427
416428 public void checkManageThreadsEntitlement (Class <?> callerClass ) {
@@ -422,7 +434,7 @@ private void checkEntitlementPresent(Class<?> callerClass, Class<? extends Entit
422434 if (isTriviallyAllowed (requestingClass )) {
423435 return ;
424436 }
425- checkFlagEntitlement (getEntitlements (requestingClass ), entitlementClass , requestingClass );
437+ checkFlagEntitlement (getEntitlements (requestingClass ), entitlementClass , requestingClass , callerClass );
426438 }
427439
428440 ModuleEntitlements getEntitlements (Class <?> requestingClass ) {
0 commit comments