[TEST] Reload secure settings transport IT

[albertzaharovits]

Adds Integration Tests for the TransportNodesReloadSecureSettingsAction . Specifically, it tests:

• SecureSettings are retrievable when plugins are notified
• missing/invalid keystore is handled gracefully (no spurious reload calls)
• reloadable plugins should fail independently (a throw during a plugin reload on any node will not interrupt the reload flow in any way - it will just return the exception in the response)

Previously there were tests only for the individual plugins implementing the reload handler, no tests for the "broadcast password - decrypt keystore - notify plugins - close keystore" logic.

One obstacle I struggled with was generating keystores programatically. They are test resources in the present implementation. The problem is that saving a generated keystores requires the Java SM permissions to change file permissions. This is not granted for the server codebase. In the real world the keystore is generated before the Security Manager is installed.

Relates: #29135
CC @elastic/es-security

[elasticmachine]

Pinging @elastic/es-core-infra

[albertzaharovits]

1/2 non test change

[albertzaharovits]

2/2 non test change
This password is no longer internal API, there are code paths where the user supplies its value.

[albertzaharovits]

1/2 non test change

[jaymode]

I don't think we need the class name in the message since we also log the exception

[jaymode]

I left some comments. Regarding not being able to write a keystore in tests, maybe someone from @elastic/es-core-infra could provide some thoughts about whether there is a better way than checking the files in as a resource.

[jaymode]

I don't think we need the class name in the message since we also log the exception

[jaymode]

should we randomize the order? Sometimes the misbehaving goes first?

[albertzaharovits]

Yes! I was under the impression that the order here is not relevant when iterating oveer Plugin instances. But it is, and this is a good thing!

[jaymode]

Collections.singletonList

[jaymode]

can we rename this to shouldThrow? Then just have a setter for the method? Also, let's make this non-volatile and the methods synchronized since we technically do a CAS in reload

[albertzaharovits]

Yes, I've been lax here.

[albertzaharovits]

Thank you @jaymode .
I have addressed your comments. I will wait a little for suggestions, but probably start pulling someone's coat over slack.

[jaymode]

LGTM pending discussion with the core-infra team regarding the updating of the keystore during the test

[albertzaharovits]

@jaymode The matter did not piqued any interest.
I have found a workaround which does not require any permission changes.
The trick simply ignores the RuntimePermission("accessUserInformation"). This is possible because the access exception is thrown after the keystore has been written, as a matter of precaution against broken umask settings. This is not required in the test environment.
Also, the keystore contains only the seed value, which is alright in this case, as the setString is package-private.

Please take another short look, thanks!

[jaymode]

Left one comment. Otherwise LGTM as long as CI is happy.

[jaymode]

you need to use Collections.shuffle(plugins, random()) to fix the build failure

[albertzaharovits]

Appreciate the prompt review! Thank you, I will make sure CI runs several times before merging the feature branch!