Merge branch 'stable-2.16' into stable-3.0

* stable-2.16:
  Fix handling of LDAP groups that contain dots
  ElasticContainer: Upgrade V7_5 to elasticsearch 7.5.2

Change-Id: Id85b8e7c1ce80efa1ac7cdede1e25126c84f6456

javatests/com/google/gerrit/elasticsearch/ElasticContainer.java

@@ -63,7 +63,7 @@ public class ElasticContainer extends ElasticsearchContainer {
       case V7_4:
         return "blacktop/elasticsearch:7.4.2";
       case V7_5:
-        return "blacktop/elasticsearch:7.5.1";
+        return "blacktop/elasticsearch:7.5.2";
     }
     throw new IllegalStateException("No tests for version: " + version.name());
   }

polygerrit-ui/app/elements/admin/gr-permission/gr-permission.js

@@ -253,7 +253,12 @@
       // The group id is encoded, but have to decode in order for the access
       // API to work as expected.
       const groupId = decodeURIComponent(e.detail.value.id).replace(/\+/g, ' ');
-      this.set(['permission', 'value', 'rules', groupId], {});
+      // We cannot use "this.set(...)" here, because groupId may contain dots,
+      // and dots in property path names are totally unsupported by Polymer.
+      // Apparently Polymer picks up this change anyway, otherwise we should
+      // have looked at using MutableData:
+      // https://polymer-library.polymer-project.org/2.0/docs/devguide/data-system#mutable-data
+      this.permission.value.rules[groupId] = {};
 
       // Purposely don't recompute sorted array so that the newly added rule
       // is the last item of the array.
@@ -274,7 +279,8 @@
       Polymer.dom.flush();
       const value = this._rules[this._rules.length - 1].value;
       value.added = true;
-      this.set(['permission', 'value', 'rules', groupId], value);
+      // See comment above for why we cannot use "this.set(...)" here.
+      this.permission.value.rules[groupId] = value;
       this.dispatchEvent(new CustomEvent('access-modified', {bubbles: true}));
     },
 

polygerrit-ui/app/elements/admin/gr-permission/gr-permission_test.html

@@ -310,11 +310,11 @@ limitations under the License.
         element.name = 'Priority';
         element.section = 'refs/*';
         element.groups = {};
-        element.$.groupAutocomplete.text = 'ldap/tests tests';
+        element.$.groupAutocomplete.text = 'ldap/tests te.st';
         const e = {
           detail: {
             value: {
-              id: 'ldap:CN=test+test',
+              id: 'ldap:CN=test+te.st',
             },
           },
         };
@@ -323,11 +323,11 @@ limitations under the License.
         assert.equal(Object.keys(element._groupsWithRules).length, 2);
         element._handleAddRuleItem(e);
         flushAsynchronousOperations();
-        assert.deepEqual(element.groups, {'ldap:CN=test test': {
+        assert.deepEqual(element.groups, {'ldap:CN=test te.st': {
-          name: 'ldap/tests tests'}});
+          name: 'ldap/tests te.st'}});
         assert.equal(element._rules.length, 3);
         assert.equal(Object.keys(element._groupsWithRules).length, 3);
-        assert.deepEqual(element.permission.value.rules['ldap:CN=test test'],
+        assert.deepEqual(element.permission.value.rules['ldap:CN=test te.st'],
             {action: 'ALLOW', min: -2, max: 2, added: true});
         // New rule should be removed if cancel from editing.
         element.editing = false;

tools/nongoogle.bzl

@@ -94,8 +94,8 @@ def declare_nongoogle_deps():
     # and httpasyncclient as necessary.
     maven_jar(
         name = "elasticsearch-rest-client",
-        artifact = "org.elasticsearch.client:elasticsearch-rest-client:7.5.1",
+        artifact = "org.elasticsearch.client:elasticsearch-rest-client:7.5.2",
-        sha1 = "094c155906dc94146fc5adc344ea2c676d487cf2",
+        sha1 = "e11393f600a425b7f62e6f653e19a9e53556fd79",
     )
 
     maven_jar(