-
Notifications
You must be signed in to change notification settings - Fork 24.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Explicitly set illegal-access to deny for tests #72588
Conversation
Since Java 16, the default value for illegal-access is deny. This means the latest release of Elasticsearch, and all current integration tests, run with deny (since we don't explicitly set it in jvm options). Yet tests run with illegal-access=warn, for legacy reasons. elastic#71908 proposed to remove the setting from test jvms, but concerns were raised there about whether this would cause some test failures. This commit explicitly sets tests to deny. This has the added benefit that any failures will be caught even when running tests with older jvms.
Pinging @elastic/es-delivery (Team:Delivery) |
@mark-vieira This is ready for review. It at least gets our tests closer to what production is using (since illegal-access defaults to deny in Java 16). I will followup trying to make mockito modular so that we can not accidentally allow production code to cross the module boundaries of the JDK as necessary in tests for mocking. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like you still have one mole left to whack but otherwise LGTM.
Caused by: java.lang.IllegalAccessException: class org.apache.hadoop.security.authentication.util.KerberosUtil cannot access class sun.security.krb5.Config (in module java.security.jgss) because module java.security.jgss does not export sun.security.krb5 to unnamed module @77cd01d8
Looks related to #68075. Of course the failure doesn't reproduce...will investigate. |
@elasticmachine update branch |
Since Java 16, the default value for illegal-access is deny. This means the latest release of Elasticsearch, and all current integration tests, run with deny (since we don't explicitly set it in jvm options). Yet tests run with illegal-access=warn, for legacy reasons. elastic#71908 proposed to remove the setting from test jvms, but concerns were raised there about whether this would cause some test failures. This commit explicitly sets tests to deny. This has the added benefit that any failures will be caught even when running tests with older jvms.
Since Java 16, the default value for illegal-access is deny. This means the latest release of Elasticsearch, and all current integration tests, run with deny (since we don't explicitly set it in jvm options). Yet tests run with illegal-access=warn, for legacy reasons. #71908 proposed to remove the setting from test jvms, but concerns were raised there about whether this would cause some test failures. This commit explicitly sets tests to deny. This has the added benefit that any failures will be caught even when running tests with older jvms.
Since Java 16, the default value for illegal-access is deny. This means the latest release of Elasticsearch, and all current integration tests, run with deny (since we don't explicitly set it in jvm options). Yet tests run with illegal-access=warn, for legacy reasons. elastic#71908 proposed to remove the setting from test jvms, but concerns were raised there about whether this would cause some test failures. This commit explicitly sets tests to deny. This has the added benefit that any failures will be caught even when running tests with older jvms.
Since Java 16, the default value for illegal-access is deny. This means the latest release of Elasticsearch, and all current integration tests, run with deny (since we don't explicitly set it in jvm options). Yet tests run with illegal-access=warn, for legacy reasons. #71908 proposed to remove the setting from test jvms, but concerns were raised there about whether this would cause some test failures. This commit explicitly sets tests to deny. This has the added benefit that any failures will be caught even when running tests with older jvms.
Since Java 16, the default value for illegal-access is deny. This means
the latest release of Elasticsearch, and all current integration tests,
run with deny (since we don't explicitly set it in jvm options). Yet
tests run with illegal-access=warn, for legacy reasons. #71908
proposed to remove the setting from test jvms, but concerns were raised
there about whether this would cause some test failures.
This commit explicitly sets tests to deny. This has the added benefit
that any failures will be caught even when running tests with older
jvms.