You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@lucene.apache.org by dw...@apache.org on 2019/12/06 18:26:06 UTC
[lucene-solr] branch gradle-master updated: Enable solr testing
with solr security manager.
This is an automated email from the ASF dual-hosted git repository.
dweiss pushed a commit to branch gradle-master
in repository https://gitbox.apache.org/repos/asf/lucene-solr.git
The following commit(s) were added to refs/heads/gradle-master by this push:
new 519ed99 Enable solr testing with solr security manager.
519ed99 is described below
commit 519ed997da39984e8b144c2d52552606148fb17a
Author: Dawid Weiss <dw...@apache.org>
AuthorDate: Fri Dec 6 19:25:57 2019 +0100
Enable solr testing with solr security manager.
---
gradle/testing/defaults-tests.gradle | 3 +-
gradle/testing/policies/replicator-tests.policy | 2 +-
gradle/testing/policies/solr-tests.policy | 187 ++++++++++++++++++++++++
gradle/testing/randomization.gradle | 8 +-
4 files changed, 193 insertions(+), 7 deletions(-)
diff --git a/gradle/testing/defaults-tests.gradle b/gradle/testing/defaults-tests.gradle
index 7997916..c454b5c 100644
--- a/gradle/testing/defaults-tests.gradle
+++ b/gradle/testing/defaults-tests.gradle
@@ -4,9 +4,10 @@ import org.gradle.api.tasks.testing.logging.*
allprojects {
plugins.withType(JavaPlugin) {
project.ext {
- commonDir = project(":lucene").projectDir
testsWorkDir = file("${buildDir}/tmp/tests-cwd")
testsTmpDir = file("${buildDir}/tmp/tests-tmp")
+ commonDir = project(":lucene").projectDir
+ commonSolrDir = project(":solr").projectDir
}
test {
diff --git a/gradle/testing/policies/replicator-tests.policy b/gradle/testing/policies/replicator-tests.policy
index 9508a04..584379a 100644
--- a/gradle/testing/policies/replicator-tests.policy
+++ b/gradle/testing/policies/replicator-tests.policy
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-// Policy file for lucene tests. Please keep minimal and avoid wildcards.
+// Policy file for :lucene:replicator tests. Please keep minimal and avoid wildcards.
grant {
// 3rd party jar resources (where symlinks are not supported), test-files/ resources
diff --git a/gradle/testing/policies/solr-tests.policy b/gradle/testing/policies/solr-tests.policy
new file mode 100644
index 0000000..332a83f
--- /dev/null
+++ b/gradle/testing/policies/solr-tests.policy
@@ -0,0 +1,187 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+// Policy file for :solr tests. Please keep minimal and avoid wildcards.
+
+grant {
+ // 3rd party jar resources (where symlinks are not supported), test-files/ resources
+ permission java.io.FilePermission "${common.dir}${/}-", "read";
+ permission java.io.FilePermission "${common-solr.dir}${/}-", "read";
+
+ // system jar resources
+ permission java.io.FilePermission "${java.home}${/}-", "read";
+
+ // write only to sandbox
+ permission java.io.FilePermission "${java.io.tmpdir}", "read,write";
+ permission java.io.FilePermission "${java.io.tmpdir}${/}-", "read,write,delete";
+ permission java.io.FilePermission "${tests.linedocsfile}", "read";
+
+ // hadoop
+ // permission java.io.FilePermission "${ant.library.dir}${/}-", "read";
+ // permission java.io.FilePermission "${user.home}${/}.ant${/}lib${/}-", "read";
+
+ permission java.io.FilePermission "${user.home}${/}hadoop-metrics2.properties", "read";
+ permission java.io.FilePermission "${user.home}${/}hadoop-metrics2-namenode.properties", "read";
+ // kerberos
+ permission java.io.FilePermission "${user.home}${/}.java.login.config", "read";
+ // SolrTestCaseJ4 explicitly uses these
+ permission java.io.FilePermission "/dev/./urandom", "read";
+ permission java.io.FilePermission "/dev/random", "read";
+ // DirectoryFactoryTest messes with these (wtf?)
+ permission java.io.FilePermission "/tmp/inst1/conf/solrcore.properties", "read";
+ permission java.io.FilePermission "/path/to/myinst/conf/solrcore.properties", "read";
+ // TestConfigSets messes with these (wtf?)
+ permission java.io.FilePermission "/path/to/solr/home/lib", "read";
+
+ permission java.nio.file.LinkPermission "hard";
+
+ // all possibilities of accepting/binding connections on localhost with ports >=1024:
+ permission java.net.SocketPermission "localhost:1024-", "accept,listen";
+ permission java.net.SocketPermission "127.0.0.1:1024-", "accept,listen";
+ permission java.net.SocketPermission "[::1]:1024-", "accept,listen";
+
+ // Allow connecting to the internet anywhere
+ permission java.net.SocketPermission "*", "connect,resolve";
+
+ // Basic permissions needed for Lucene to work:
+ permission java.util.PropertyPermission "*", "read,write";
+
+ // needed by randomizedtesting runner to identify test methods.
+ permission java.lang.RuntimePermission "accessDeclaredMembers";
+ permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+ // needed by certain tests to redirect sysout/syserr:
+ permission java.lang.RuntimePermission "setIO";
+ // needed by randomized runner to catch failures from other threads:
+ permission java.lang.RuntimePermission "setDefaultUncaughtExceptionHandler";
+ // needed by randomized runner getTopThreadGroup:
+ permission java.lang.RuntimePermission "modifyThreadGroup";
+ // needed by tests e.g. shutting down executors:
+ permission java.lang.RuntimePermission "modifyThread";
+ // needed for tons of test hacks etc
+ permission java.lang.RuntimePermission "getStackTrace";
+ // needed for mock filesystems in tests
+ permission java.lang.RuntimePermission "fileSystemProvider";
+ // needed for test of IOUtils.spins (maybe it can be avoided)
+ permission java.lang.RuntimePermission "getFileStoreAttributes";
+ // analyzers/uima: needed by lucene expressions' JavascriptCompiler
+ permission java.lang.RuntimePermission "createClassLoader";
+ // needed to test unmap hack on platforms that support it
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ // needed by jacoco to dump coverage
+ permission java.lang.RuntimePermission "shutdownHooks";
+ // needed by org.apache.logging.log4j
+ permission java.lang.RuntimePermission "getenv.*";
+ permission java.lang.RuntimePermission "getClassLoader";
+ permission java.lang.RuntimePermission "setContextClassLoader";
+ permission java.lang.RuntimePermission "getStackWalkerWithClassReference";
+ // needed by bytebuddy
+ permission java.lang.RuntimePermission "defineClass";
+ // needed by mockito
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
+ permission java.lang.RuntimePermission "reflectionFactoryAccess";
+ // needed by SolrResourceLoader
+ permission java.lang.RuntimePermission "closeClassLoader";
+ // needed by HttpSolrClient
+ permission java.lang.RuntimePermission "getFileSystemAttributes";
+ // needed by hadoop auth (TODO: there is a cleaner way to handle this)
+ permission java.lang.RuntimePermission "loadLibrary.jaas";
+ permission java.lang.RuntimePermission "loadLibrary.jaas_unix";
+ permission java.lang.RuntimePermission "loadLibrary.jaas_nt";
+ // needed by hadoop hdfs
+ permission java.lang.RuntimePermission "readFileDescriptor";
+ permission java.lang.RuntimePermission "writeFileDescriptor";
+ // needed by hadoop http
+ permission java.lang.RuntimePermission "getProtectionDomain";
+
+ // These two *have* to be spelled out a separate
+ permission java.lang.management.ManagementPermission "control";
+ permission java.lang.management.ManagementPermission "monitor";
+
+ // needed by hadoop htrace
+ permission java.net.NetPermission "getNetworkInformation";
+
+ // needed by DIH
+ permission java.sql.SQLPermission "deregisterDriver";
+
+ permission java.util.logging.LoggingPermission "control";
+
+ // needed by solr mbeans feature/tests
+ // TODO: can we remove wildcard for class names/members?
+ permission javax.management.MBeanPermission "*", "getAttribute";
+ permission javax.management.MBeanPermission "*", "getMBeanInfo";
+ permission javax.management.MBeanPermission "*", "queryMBeans";
+ permission javax.management.MBeanPermission "*", "queryNames";
+ permission javax.management.MBeanPermission "*", "registerMBean";
+ permission javax.management.MBeanPermission "*", "unregisterMBean";
+ permission javax.management.MBeanServerPermission "createMBeanServer";
+ permission javax.management.MBeanServerPermission "findMBeanServer";
+ permission javax.management.MBeanServerPermission "releaseMBeanServer";
+ permission javax.management.MBeanTrustPermission "register";
+
+ // needed by hadoop auth
+ permission javax.security.auth.AuthPermission "getSubject";
+ permission javax.security.auth.AuthPermission "modifyPrincipals";
+ permission javax.security.auth.AuthPermission "doAs";
+ permission javax.security.auth.AuthPermission "getLoginConfiguration";
+ permission javax.security.auth.AuthPermission "setLoginConfiguration";
+ permission javax.security.auth.AuthPermission "modifyPrivateCredentials";
+ permission javax.security.auth.AuthPermission "modifyPublicCredentials";
+ permission javax.security.auth.PrivateCredentialPermission "org.apache.hadoop.security.Credentials * \"*\"", "read";
+
+ // needed by hadoop security
+ permission java.security.SecurityPermission "putProviderProperty.SaslPlainServer";
+ permission java.security.SecurityPermission "insertProvider";
+
+ permission javax.xml.bind.JAXBPermission "setDatatypeConverter";
+
+ // SSL related properties for Solr tests
+ permission javax.net.ssl.SSLPermission "setDefaultSSLContext";
+
+ // SASL/Kerberos related properties for Solr tests
+ permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KerberosTicket * \"*\"", "read";
+
+ // may only be necessary with Java 7?
+ permission javax.security.auth.PrivateCredentialPermission "javax.security.auth.kerberos.KeyTab * \"*\"", "read";
+ permission javax.security.auth.PrivateCredentialPermission "sun.security.jgss.krb5.Krb5Util$KeysFromKeyTab * \"*\"", "read";
+
+ permission javax.security.auth.kerberos.ServicePermission "*", "initiate";
+ permission javax.security.auth.kerberos.ServicePermission "*", "accept";
+ permission javax.security.auth.kerberos.DelegationPermission "\"*\" \"krbtgt/EXAMPLE.COM@EXAMPLE.COM\"";
+
+ // java 8 accessibility requires this perm - should not after 8 I believe (rrd4j is the root reason we hit an accessibility code path)
+ permission java.awt.AWTPermission "*";
+
+ // used by solr to create sandboxes (e.g. script execution)
+ permission java.security.SecurityPermission "createAccessControlContext";
+};
+
+// Grant all permissions to Gradle test runner classes.
+
+grant codeBase "file:${gradle.lib.dir}${/}-" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "file:${gradle.worker.jar}" {
+ permission java.security.AllPermission;
+};
+
+grant {
+ // Allow reading gradle worker JAR.
+ permission java.io.FilePermission "${gradle.worker.jar}", "read";
+ // Allow reading from classpath JARs (resources).
+ permission java.io.FilePermission "${gradle.user.home}${/}-", "read";
+};
\ No newline at end of file
diff --git a/gradle/testing/randomization.gradle b/gradle/testing/randomization.gradle
index bdbb157..5983a72 100644
--- a/gradle/testing/randomization.gradle
+++ b/gradle/testing/randomization.gradle
@@ -163,11 +163,9 @@ allprojects {
systemProperty 'java.security.manager', "org.apache.lucene.util.TestSecurityManager"
systemProperty 'java.security.policy', rootProject.file("gradle/testing/policies/tests.policy")
} else {
- // systemProperty 'java.security.manager', "org.apache.solr.util.SolrSecurityManager"
- // systemProperty 'java.security.policy', file("${commonDir}/tools/junit4/solr-tests.policy")
- doFirst {
- logger.log(LogLevel.WARN, "Running with security manager not implemented for: ${project.path}")
- }
+ systemProperty 'common-solr.dir', commonSolrDir
+ systemProperty 'java.security.manager', "org.apache.solr.util.SolrSecurityManager"
+ systemProperty 'java.security.policy', rootProject.file("gradle/testing/policies/solr-tests.policy")
}
systemProperty 'common.dir', commonDir