Add security manager test app (#8115)

laurit · web-flow · commit 9c21045c18df · 2023-03-23T18:35:17.000+02:00
For testing #7983
diff --git a/.github/workflows/pr-smoke-test-security-manager-images.yml b/.github/workflows/pr-smoke-test-security-manager-images.yml
@@ -0,0 +1,14 @@
+name: PR build Security Manager test app images for smoke tests
+
+on:
+  pull_request:
+    paths:
+      - 'smoke-tests/images/security-manager/**'
+      - '.github/workflows/pr-smoke-test-security-manager-images.yml'
+
+jobs:
+  build:
+    uses: ./.github/workflows/reusable-smoke-test-images.yml
+    with:
+      project: ":smoke-tests:images:security-manager"
+      cache-read-only: true
diff --git a/.github/workflows/publish-smoke-test-security-manager-images.yml b/.github/workflows/publish-smoke-test-security-manager-images.yml
@@ -0,0 +1,23 @@
+name: Publish Security Manager test app images for smoke tests
+
+on:
+  push:
+    paths:
+      - 'smoke-tests/images/security-manager/**'
+      - '.github/workflows/publish-smoke-test-security-manager-images.yml'
+    branches:
+      - main
+  workflow_dispatch:
+
+jobs:
+  publish:
+    uses: ./.github/workflows/reusable-smoke-test-images.yml
+    with:
+      project: ":smoke-tests:images:security-manager"
+      publish: true
+
+  open-issue-on-failure:
+    needs:
+      - publish
+    if: failure() && github.run_attempt == 1
+    uses: ./.github/workflows/reusable-open-issue-on-failure.yml
diff --git a/settings.gradle.kts b/settings.gradle.kts
@@ -124,6 +124,7 @@ include(":smoke-tests:images:fake-backend")
 include(":smoke-tests:images:grpc")
 include(":smoke-tests:images:play")
 include(":smoke-tests:images:quarkus")
+include(":smoke-tests:images:security-manager")
 include(":smoke-tests:images:servlet")
 hideFromDependabot(":smoke-tests:images:servlet:servlet-3.0")
 hideFromDependabot(":smoke-tests:images:servlet:servlet-5.0")
diff --git a/smoke-tests/images/security-manager/build.gradle.kts b/smoke-tests/images/security-manager/build.gradle.kts
@@ -0,0 +1,33 @@
+import java.time.LocalDateTime
+import java.time.format.DateTimeFormatter
+
+plugins {
+  id("otel.java-conventions")
+
+  id("com.google.cloud.tools.jib")
+}
+
+dependencies {
+  implementation(platform("io.opentelemetry:opentelemetry-bom:1.0.0"))
+
+  implementation("io.opentelemetry:opentelemetry-api")
+}
+
+val targetJDK = project.findProperty("targetJDK") ?: "11"
+
+val tag = findProperty("tag")
+  ?: DateTimeFormatter.ofPattern("yyyyMMdd.HHmmSS").format(LocalDateTime.now())
+
+java {
+  // needed by jib to detect java version used in project
+  // for jdk9+ jib uses an entrypoint that doesn't work with jdk8
+  sourceCompatibility = JavaVersion.VERSION_1_8
+  targetCompatibility = JavaVersion.VERSION_1_8
+}
+
+jib {
+  from.image = "openjdk:$targetJDK"
+  to.image = "ghcr.io/open-telemetry/opentelemetry-java-instrumentation/smoke-test-security-manager:jdk$targetJDK-$tag"
+  container.mainClass = "io.opentelemetry.smoketest.securitymanager.Main"
+  container.jvmFlags = listOf("-Djava.security.manager", "-Djava.security.policy=/app/resources/security.policy")
+}
diff --git a/smoke-tests/images/security-manager/src/main/java/io/opentelemetry/smoketest/securitymanager/Main.java b/smoke-tests/images/security-manager/src/main/java/io/opentelemetry/smoketest/securitymanager/Main.java
@@ -0,0 +1,28 @@
+/*
+ * Copyright The OpenTelemetry Authors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package io.opentelemetry.smoketest.securitymanager;
+
+import io.opentelemetry.api.GlobalOpenTelemetry;
+import io.opentelemetry.api.trace.Span;
+import io.opentelemetry.api.trace.Tracer;
+import io.opentelemetry.context.Scope;
+
+public class Main {
+
+  private Main() {}
+
+  @SuppressWarnings("SystemOut")
+  public static void main(String[] args) {
+    Tracer tracer = GlobalOpenTelemetry.get().getTracer("test-tracer");
+    Span span = tracer.spanBuilder("test").startSpan();
+    try (Scope ignore = span.makeCurrent()) {
+      // empty
+    } finally {
+      span.end();
+    }
+    System.out.println("completed successfully");
+  }
+}
diff --git a/smoke-tests/images/security-manager/src/main/resources/security.policy b/smoke-tests/images/security-manager/src/main/resources/security.policy
@@ -0,0 +1,10 @@
+// io.opentelemetry.context.LazyStorage reads system properties
+// grant permission to read these to test application code, but not the agent code
+grant codeBase "file:/app/classes/" {
+  permission java.util.PropertyPermission "io.opentelemetry.context.contextStorageProvider", "read";
+  permission java.util.PropertyPermission "io.opentelemetry.context.enableStrictContext", "read";
+};
+grant codeBase "file:/app/libs/-" {
+  permission java.util.PropertyPermission "io.opentelemetry.context.contextStorageProvider", "read";
+  permission java.util.PropertyPermission "io.opentelemetry.context.enableStrictContext", "read";
+};
