Remove unused EntitlementInternals (#116473)

elastic · Nov 8, 2024 · f88a004 · f88a004
1 parent bc270bd
commit f88a004
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 38 deletions.
diff --git a/libs/entitlement/README.md b/libs/entitlement/README.md
@@ -5,3 +5,7 @@ This module implements mechanisms to grant and check permissions under the _enti
 The entitlements system provides an alternative to the legacy `SecurityManager` system, which is deprecated for removal.
 The `entitlement-agent` instruments sensitive class library methods with calls to this module, in order to enforce the controls.
 
+This feature is currently under development, and it is completely disabled by default (the agent is not loaded). To enable it, run Elasticsearch with
+```shell
+./gradlew run --entitlements
+```
diff --git a/.../main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java b/.../main/java/org/elasticsearch/entitlement/runtime/api/ElasticsearchEntitlementChecker.java
@@ -15,8 +15,6 @@
 
 import java.util.Optional;
 
-import static org.elasticsearch.entitlement.runtime.internals.EntitlementInternals.isActive;
-
 /**
  * Implementation of the {@link EntitlementChecker} interface, providing additional
  * API methods for managing the checks.
@@ -25,13 +23,6 @@
 public class ElasticsearchEntitlementChecker implements EntitlementChecker {
     private static final Logger logger = LogManager.getLogger(ElasticsearchEntitlementChecker.class);
 
-    /**
-     * Causes entitlements to be enforced.
-     */
-    public void activate() {
-        isActive = true;
-    }
-
     @Override
     public void checkSystemExit(Class<?> callerClass, int status) {
         var requestingModule = requestingModule(callerClass);
@@ -66,10 +57,6 @@ private static Module requestingModule(Class<?> callerClass) {
     }
 
     private static boolean isTriviallyAllowed(Module requestingModule) {
-        if (isActive == false) {
-            logger.debug("Trivially allowed: entitlements are inactive");
-            return true;
-        }
         if (requestingModule == null) {
             logger.debug("Trivially allowed: Entire call stack is in the boot module layer");
             return true;
@@ -81,5 +68,4 @@ private static boolean isTriviallyAllowed(Module requestingModule) {
         logger.trace("Not trivially allowed");
         return false;
     }
-
 }
diff --git a/...t/src/main/java/org/elasticsearch/entitlement/runtime/internals/EntitlementInternals.java b/...t/src/main/java/org/elasticsearch/entitlement/runtime/internals/EntitlementInternals.java