[Entitlements] Move some checks that use version-specific API (#120397)

Author: ldematte

libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/NetworkAccessCheckActions.java

@@ -20,9 +20,6 @@
 import java.net.SocketException;
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.net.http.HttpClient;
-import java.net.http.HttpRequest;
-import java.net.http.HttpResponse;
 import java.nio.ByteBuffer;
 import java.nio.channels.AsynchronousServerSocketChannel;
 import java.nio.channels.AsynchronousSocketChannel;
@@ -84,37 +81,6 @@ static void urlOpenConnectionWithProxy() throws URISyntaxException, IOException
         assert urlConnection != null;
     }
 
-    static void httpClientSend() throws InterruptedException {
-        try (HttpClient httpClient = HttpClient.newBuilder().build()) {
-            // Shutdown the client, so the send action will shortcut before actually executing any network operation
-            // (but after it run our check in the prologue)
-            httpClient.shutdown();
-            try {
-                httpClient.send(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
-            } catch (IOException e) {
-                // Expected, since we shut down the client.
-                // "send" will be called and exercise the Entitlement check, we don't care if it fails afterward for this known reason.
-            }
-        }
-    }
-
-    static void httpClientSendAsync() {
-        try (HttpClient httpClient = HttpClient.newBuilder().build()) {
-            // Shutdown the client, so the send action will return before actually executing any network operation
-            // (but after it run our check in the prologue)
-            httpClient.shutdown();
-            var future = httpClient.sendAsync(
-                HttpRequest.newBuilder(URI.create("http://localhost")).build(),
-                HttpResponse.BodyHandlers.discarding()
-            );
-            assert future.isCompletedExceptionally();
-            future.exceptionally(ex -> {
-                assert ex instanceof IOException;
-                return null;
-            });
-        }
-    }
-
     static void createLDAPCertStore() throws NoSuchAlgorithmException {
         try {
             // We pass down null params to provoke a InvalidAlgorithmParameterException

libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/RestEntitlementsCheckAction.java

@@ -160,8 +160,8 @@ static CheckAction alwaysDenied(CheckedRunnable<Exception> action) {
         entry("server_socket_accept", forPlugins(NetworkAccessCheckActions::serverSocketAccept)),
 
         entry("url_open_connection_proxy", forPlugins(NetworkAccessCheckActions::urlOpenConnectionWithProxy)),
-        entry("http_client_send", forPlugins(NetworkAccessCheckActions::httpClientSend)),
-        entry("http_client_send_async", forPlugins(NetworkAccessCheckActions::httpClientSendAsync)),
+        entry("http_client_send", forPlugins(VersionSpecificNetworkChecks::httpClientSend)),
+        entry("http_client_send_async", forPlugins(VersionSpecificNetworkChecks::httpClientSendAsync)),
         entry("create_ldap_cert_store", forPlugins(NetworkAccessCheckActions::createLDAPCertStore)),
 
         entry("server_socket_channel_bind", forPlugins(NetworkAccessCheckActions::serverSocketChannelBind)),

libs/entitlement/qa/common/src/main/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java

@@ -9,6 +9,26 @@
 
 package org.elasticsearch.entitlement.qa.common;
 
+import java.io.IOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+
 class VersionSpecificNetworkChecks {
     static void createInetAddressResolverProvider() {}
+
+    static void httpClientSend() throws InterruptedException {
+        HttpClient httpClient = HttpClient.newBuilder().build();
+        try {
+            httpClient.send(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
+        } catch (IOException e) {
+            // Expected, the send action may fail with these parameters (but after it run the entitlement check in the prologue)
+        }
+    }
+
+    static void httpClientSendAsync() {
+        HttpClient httpClient = HttpClient.newBuilder().build();
+        httpClient.sendAsync(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
+    }
 }

libs/entitlement/qa/common/src/main18/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java

@@ -9,6 +9,11 @@
 
 package org.elasticsearch.entitlement.qa.common;
 
+import java.io.IOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
 import java.net.spi.InetAddressResolver;
 import java.net.spi.InetAddressResolverProvider;
 
@@ -26,4 +31,18 @@ public String name() {
             }
         };
     }
+
+    static void httpClientSend() throws InterruptedException {
+        HttpClient httpClient = HttpClient.newBuilder().build();
+        try {
+            httpClient.send(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
+        } catch (IOException e) {
+            // Expected, the send action may fail with these parameters (but after it run the entitlement check in the prologue)
+        }
+    }
+
+    static void httpClientSendAsync() {
+        HttpClient httpClient = HttpClient.newBuilder().build();
+        httpClient.sendAsync(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
+    }
 }

libs/entitlement/qa/common/src/main21/java/org/elasticsearch/entitlement/qa/common/VersionSpecificNetworkChecks.java

@@ -0,0 +1,64 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.entitlement.qa.common;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.net.spi.InetAddressResolver;
+import java.net.spi.InetAddressResolverProvider;
+
+class VersionSpecificNetworkChecks {
+    static void createInetAddressResolverProvider() {
+        var x = new InetAddressResolverProvider() {
+            @Override
+            public InetAddressResolver get(Configuration configuration) {
+                return null;
+            }
+
+            @Override
+            public String name() {
+                return "TEST";
+            }
+        };
+    }
+
+    static void httpClientSend() throws InterruptedException {
+        try (HttpClient httpClient = HttpClient.newBuilder().build()) {
+            // Shutdown the client, so the send action will shortcut before actually executing any network operation
+            // (but after it run our check in the prologue)
+            httpClient.shutdown();
+            try {
+                httpClient.send(HttpRequest.newBuilder(URI.create("http://localhost")).build(), HttpResponse.BodyHandlers.discarding());
+            } catch (IOException e) {
+                // Expected, since we shut down the client
+            }
+        }
+    }
+
+    static void httpClientSendAsync() {
+        try (HttpClient httpClient = HttpClient.newBuilder().build()) {
+            // Shutdown the client, so the send action will return before actually executing any network operation
+            // (but after it run our check in the prologue)
+            httpClient.shutdown();
+            var future = httpClient.sendAsync(
+                HttpRequest.newBuilder(URI.create("http://localhost")).build(),
+                HttpResponse.BodyHandlers.discarding()
+            );
+            assert future.isCompletedExceptionally();
+            future.exceptionally(ex -> {
+                assert ex instanceof IOException;
+                return null;
+            });
+        }
+    }
+}