Elasticsearch: Running integration tests with testing framework requires java.lang.RuntimePermission

Created on 19 Jan 2017 · 9Comments · Source: elastic/elasticsearch

Elasticsearch version: 5.1.2

Plugins installed: none

JVM version: openjdk version "1.8.0_66"

OS version: MacOS Sierra 10.12.2

Description of the problem including expected versus actual behavior:

We are currently in process of migrating to ES v5. Before we were running on 2.1.1. We have some ESIntegration tests which are using java testing framework. If i try to run simple integration test, the test fails on some runtime permissions:

@ESIntegTestCase.ClusterScope(scope = ESIntegTestCase.Scope.TEST)
public class ESTestES extends ESIntegTestCase {

    @Test
    public void basicUsage() throws ExecutionException, InterruptedException {
        client().prepareIndex("test", "test", "1")
                .setSource(Collections.singletonMap("keyField", "keyValue"))
                .execute().get();
    }

}

I'm not sure if this is desired behaviour at version 5 or not. Before everything was working somehow "out of the box" :-)

Full log:

[2017-01-19T14:37:01,097][WARN ][o.e.b.JNANatives         ] Unable to lock JVM Memory: error=78, reason=Function not implemented
[2017-01-19T14:37:01,100][WARN ][o.e.b.JNANatives         ] This can result in part of the JVM being swapped out.
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessDeclaredMembers")

    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.Class.checkMemberAccess(Class.java:2348)
    at java.lang.Class.getDeclaredMethods(Class.java:1974)
    at org.junit.internal.MethodSorter.getDeclaredMethods(MethodSorter.java:54)
    at org.junit.runners.model.TestClass.scanAnnotatedMembers(TestClass.java:65)
    at org.junit.runners.model.TestClass.<init>(TestClass.java:57)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$12.run(RandomizedRunner.java:1053)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$12.run(RandomizedRunner.java:1050)
    at java.security.AccessController.doPrivileged(Native Method)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.getAnnotatedFieldValues(RandomizedRunner.java:1050)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.withClassRules(RandomizedRunner.java:885)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.runSuite(RandomizedRunner.java:674)
    at com.carrotsearch.randomizedtesting.RandomizedRunner.access$200(RandomizedRunner.java:140)
    at com.carrotsearch.randomizedtesting.RandomizedRunner$2.run(RandomizedRunner.java:598)

REPRODUCE WITH: gradle null -Dtests.seed=9A8F64168F65BE0D -Dtests.class=com.mycroftmind.dg.common.elastic.ESTestES -Dtests.locale=cs-CZ -Dtests.timezone=Europe/Prague
NOTE: Mac OS X 10.12.2 x86_64/Oracle Corporation 1.8.0_66 (64-bit)/cpus=4,threads=1,free=95621936,total=128974848
NOTE: All tests run in this JVM: [ESTestES]
2017-01-19 14:37:01,549 Thread-1 ERROR Unable to unregister MBeans java.security.AccessControlException: access denied ("javax.management.MBeanServerPermission" "createMBeanServer")
    at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
    at java.security.AccessController.checkPermission(AccessController.java:884)
    at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
    at java.lang.management.ManagementFactory.getPlatformMBeanServer(ManagementFactory.java:465)
    at org.apache.logging.log4j.core.jmx.Server.unregisterLoggerContext(Server.java:236)
    at org.apache.logging.log4j.core.LoggerContext.stop(LoggerContext.java:300)
    at org.apache.logging.log4j.core.config.Configurator.shutdown(Configurator.java:336)
    at org.elasticsearch.test.ESTestCase.lambda$static$0(ESTestCase.java:158)
    at java.lang.Thread.run(Thread.java:745)


Process finished with exit code 255

Source

wallecnik

Most helpful comment

I've encountered the same issue, worked around this by adding this to JVM arguments:

-Dtests.security.manager=false

brainoutsource on 9 Feb 2017

👍2

All 9 comments

I've encountered the same issue, worked around this by adding this to JVM arguments:

-Dtests.security.manager=false

brainoutsource on 9 Feb 2017

👍2

I've encountered the same issue, worked around this by adding this to JVM arguments:

-Dtests.security.manager=false

I would not consider this a viable option. Elasticsearch runs with the security manager, running tests without the security manager enabled is not a realistic test.

jasontedor on 9 Feb 2017

@wallecnik I'm not sure why you're running into this as we include a test framework policy that grants this exact permission exactly for this purpose. I think that you should set a breakpoint in BootstrapForTesting and investigate why this policy is not being loaded. If you need additional assistance, I think that you should open a topic on the forum and link to it from here. I'm closing this as not a bug but we can reopen this if there is in fact an issue here.

jasontedor on 9 Feb 2017

Why was this closed? It is really easy to reproduce. See : https://github.com/jelmerk/elastic-bug

jelmerk on 19 Feb 2017

👍1

I would not consider this a viable option

That's why I called it "workaround"

brainoutsource on 20 Feb 2017

I would not consider this a viable option

That's why I called it "workaround"

The set of viable workarounds here is a strictly proper subset of all workarounds here. This workaround should not be considered viable due to being too divorced from reality.

jasontedor on 20 Feb 2017

I think what would help is to have ESIntegTestCase overridden method of nodePlugins should return a tuple of the policy + plugin class for each plugin so that each can have a policy applied if you are doing plugin testing.

And overall you can specify a policy that allows your test to have other permissions itself, or that + the plugin by passing in the policy file to the JVM when running your tests.

So for tests, would be this including things the test itself needs + any plugin you are testing:

-Djava.security.policy=src/test/resources/plugin-security.policy

If you don't have anything in the test class that would cause security violations then point at your plugin policy (plugin testing only):

-Djava.security.policy=src/main/plugin-metadata/plugin-security.policy

apatrida on 15 Mar 2017

👍1

Reopening this issue would be more helpful than being pedantic

jelmerk on 11 Apr 2017

It suddenly occurred to me here what the problem is. You're using JUnit 4.12 in your POM, we only grant permissions to JUnit 4.11 in Elasticsearch 5.2.1 (we have since upgraded to to JUnit 4.12 in the 5.x and master branches). If I make the following change:

diff --git a/pom.xml b/pom.xml
index 30c8403..562abfb 100644
--- a/pom.xml
+++ b/pom.xml
@@ -28,7 +28,7 @@
         <dependency>
             <groupId>junit</groupId>
             <artifactId>junit</artifactId>
-            <version>4.12</version>
+            <version>4.11</version>
             <scope>test</scope>
             <exclusions>
                 <exclusion>

The test passes fine.

Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 2.878 sec

Results :

Tests run: 1, Failures: 0, Errors: 0, Skipped: 0

[INFO] 
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ bug-minal ---
[INFO] Building jar: /home/jason/src/jelmerk/elastic-bug/target/bug-minal-0.0.1-SNAPSHOT.jar
[INFO] 
[INFO] --- maven-install-plugin:2.4:install (default-install) @ bug-minal ---
[INFO] Installing /home/jason/src/jelmerk/elastic-bug/target/bug-minal-0.0.1-SNAPSHOT.jar to /home/jason/.m2/repository/nl/marktplaats/elastic/bug-minal/0.0.1-SNAPSHOT/bug-minal-0.0.1-SNAPSHOT.jar
[INFO] Installing /home/jason/src/jelmerk/elastic-bug/pom.xml to /home/jason/.m2/repository/nl/marktplaats/elastic/bug-minal/0.0.1-SNAPSHOT/bug-minal-0.0.1-SNAPSHOT.pom
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 4.551 s
[INFO] Finished at: 2017-04-11T09:52:44-04:00
[INFO] Final Memory: 30M/792M
[INFO] ------------------------------------------------------------------------

Either use the same version of JUnit as we declare, or grant the additional permissions to JUnit 4.12.

jasontedor on 11 Apr 2017

👍1

Was this page helpful?

0 / 5 - 0 ratings