elasticsearch
elasticsearch copied to clipboard
elastic
Test to ensure that remote CCS and remote CCR actions don't overlap
This commit introduces a test to help ensure that actions used between CCR and CCS are evaluated on case-by-case basis if/when the allowed permissions overlap. Some cases are fine if they overlap, other cases it could be a security bug. This will test will fail the permissions we assign to the RCS 2.0 API key overlap.
pulled back to draft ... the test introduced here failed in CI but not locally (and no randomization). need to better understand why
EDIT: it is because the test needs to influence static state, and other test could have already populated that static state. updated to use a custom test task + JVM argument so we have better control over over the static state.
@elastic/es-delivery - could you take a look at the introduction of a new test task (in xpack core). The reason I need this is that for testing only reasons, I need to record additional context to what the production code is doing, and the production code is in static state. So the new test task uses a test only JVM argument...trying to keep the change here isolated to only changing production code behavior for this 1 test.
but wanted to suggest an alternative that avoids the system property flag and "runtime" behavior toggle. It also gets rid of the need for a specialized task in gradle
Thanks for the suggestion, but I prefer the existing approach. I don't want to create 2 types of automatons or require the (extremely minimal) additional memory footprint across all running ES nodes just for this test. I also think having easy access to this for all automatons might help with future tests without the need to change any production code. The setup is kinda awkward, but should also be transparent and isolated to development only work.