OpenSearch/docs/plugins/authors.asciidoc

[[plugin-authors]]
== Help for plugin authors

The Elasticsearch repository contains examples of:

* a https://github.com/elastic/elasticsearch/tree/master/plugins/jvm-example[Java plugin]
  which contains Java code.

These examples provide the bare bones needed to get started.  For more
information about how to write a plugin, we recommend looking at the plugins
listed in this documentation for inspiration.

[float]
=== Plugin descriptor file

All plugins, be they site or Java plugins, must contain a file called
`plugin-descriptor.properties` in the root directory. The format for this file
is described in detail  here:

https://github.com/elastic/elasticsearch/blob/master/buildSrc/src/main/resources/plugin-descriptor.properties[`/buildSrc/src/main/resources/plugin-descriptor.properties`].

Either fill in this template yourself (see
https://github.com/lmenezes/elasticsearch-kopf/blob/master/plugin-descriptor.properties[elasticsearch-kopf]
as an example) or, if you are using Elasticsearch's Gradle build system, you
can fill in the necessary values in the `build.gradle` file for your plugin. For
instance, see
https://github.com/elastic/elasticsearch/blob/master/plugins/site-example/build.gradle[`/plugins/site-example/build.gradle`].

[float]
==== Mandatory elements for plugins


[cols="<,<,<",options="header",]
|=======================================================================
|Element                    | Type   | Description

|`description`              |String  | simple summary of the plugin

|`version`                  |String  | plugin's version

|`name`                     |String  | the plugin name

|`classname`                |String  | the name of the class to load, fully-qualified.

|`java.version`             |String  | version of java the code is built against.
Use the system property `java.specification.version`. Version string must be a sequence
of nonnegative decimal integers separated by "."'s and may have leading zeros.

|`elasticsearch.version`    |String  | version of elasticsearch compiled against.

|=======================================================================

Note that only jar files in the root directory are added to the classpath for the plugin!
If you need other resources, package them into a resources jar.

[IMPORTANT]
.Plugin release lifecycle
==============================================

You will have to release a new version of the plugin for each new elasticsearch release.
This version is checked when the plugin is loaded so Elasticsearch will refuse to start
in the presence of plugins with the incorrect `elasticsearch.version`.

==============================================


[float]
=== Testing your plugin

When testing a Java plugin, it will only be auto-loaded if it is in the
`plugins/` directory.  Use `bin/plugin install file:///path/to/your/plugin`
to install your plugin for testing.

You may also load your plugin within the test framework for integration tests.
Read more in {ref}/integration-tests.html#changing-node-configuration[Changing Node Configuration].


[float]
=== Java Security permissions

Some plugins may need additional security permissions. A plugin can include
the optional `plugin-security.policy` file containing `grant` statements for
additional permissions. Any additional permissions will be displayed to the user
with a large warning, and they will have to confirm them when installing the
plugin interactively. So if possible, it is best to avoid requesting any
spurious permissions!

If you are using the elasticsearch Gradle build system, place this file in
`src/main/plugin-metadata` and it will be applied during unit tests as well.

Keep in mind that the Java security model is stack-based, and the additional
permissions will only be granted to the jars in your plugin, so you will have
write proper security code around operations requiring elevated privileges.
It is recommended to add a check to prevent unprivileged code (such as scripts)
from gaining escalated permissions. For example:

[source,java]
--------------------------------------------------
// ES permission you should check before doPrivileged() blocks
import org.elasticsearch.SpecialPermission;

SecurityManager sm = System.getSecurityManager();
if (sm != null) {
  // unprivileged code such as scripts do not have SpecialPermission
  sm.checkPermission(new SpecialPermission());
}
AccessController.doPrivileged(
  // sensitive operation
);
--------------------------------------------------

See http://www.oracle.com/technetwork/java/seccodeguide-139067.html[Secure Coding Guidelines for Java SE]
for more information.
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00			`[[plugin-authors]]`
			`== Help for plugin authors`

			`The Elasticsearch repository contains examples of:`

			`* a https://github.com/elastic/elasticsearch/tree/master/plugins/jvm-example[Java plugin]`
			`which contains Java code.`

			`These examples provide the bare bones needed to get started. For more`
			`information about how to write a plugin, we recommend looking at the plugins`
			`listed in this documentation for inspiration.`

			`[float]`
			`=== Plugin descriptor file`

			`All plugins, be they site or Java plugins, must contain a file called`
			`plugin-descriptor.properties` in the root directory. The format for this file
			`is described in detail here:`

Docs: Updated plugin author help for Gradle Relates to #15280 2015-12-15 06:27:20 -05:00			https://github.com/elastic/elasticsearch/blob/master/buildSrc/src/main/resources/plugin-descriptor.properties[`/buildSrc/src/main/resources/plugin-descriptor.properties`].
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00
			`Either fill in this template yourself (see`
			`https://github.com/lmenezes/elasticsearch-kopf/blob/master/plugin-descriptor.properties[elasticsearch-kopf]`
Docs: Updated plugin author help for Gradle Relates to #15280 2015-12-15 06:27:20 -05:00			`as an example) or, if you are using Elasticsearch's Gradle build system, you`
			can fill in the necessary values in the `build.gradle` file for your plugin. For
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00			`instance, see`
Docs: Updated plugin author help for Gradle Relates to #15280 2015-12-15 06:27:20 -05:00			https://github.com/elastic/elasticsearch/blob/master/plugins/site-example/build.gradle[`/plugins/site-example/build.gradle`].
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00
Enhance plugin-descriptor.properties guide * extract doc from the descriptor * make obvious that plugin authors will have to release a new version for each elasticsearch version 2015-10-05 04:13:02 -04:00			`[float]`
Plugins: Remove site plugins Site plugins used to be used for things like kibana and marvel, but there is no longer a need since kibana (and marvel as a kibana plugin) uses node.js. This change removes site plugins, as well as the flag for jvm plugins. Now all plugins are jvm plugins. 2016-01-17 00:54:05 -05:00			`==== Mandatory elements for plugins`
Enhance plugin-descriptor.properties guide * extract doc from the descriptor * make obvious that plugin authors will have to release a new version for each elasticsearch version 2015-10-05 04:13:02 -04:00

			`[cols="<,<,<",options="header",]`
			`\|=======================================================================`
			`\|Element \| Type \| Description`

			\|`description` \|String \| simple summary of the plugin

			\|`version` \|String \| plugin's version

			\|`name` \|String \| the plugin name

			\|`classname` \|String \| the name of the class to load, fully-qualified.

			\|`java.version` \|String \| version of java the code is built against.
			Use the system property `java.specification.version`. Version string must be a sequence
			`of nonnegative decimal integers separated by "."'s and may have leading zeros.`

			\|`elasticsearch.version` \|String \| version of elasticsearch compiled against.

			`\|=======================================================================`

Plugins: Remove site plugins Site plugins used to be used for things like kibana and marvel, but there is no longer a need since kibana (and marvel as a kibana plugin) uses node.js. This change removes site plugins, as well as the flag for jvm plugins. Now all plugins are jvm plugins. 2016-01-17 00:54:05 -05:00			`Note that only jar files in the root directory are added to the classpath for the plugin!`
			`If you need other resources, package them into a resources jar.`

Enhance plugin-descriptor.properties guide * extract doc from the descriptor * make obvious that plugin authors will have to release a new version for each elasticsearch version 2015-10-05 04:13:02 -04:00			`[IMPORTANT]`
			`.Plugin release lifecycle`
			`==============================================`

			`You will have to release a new version of the plugin for each new elasticsearch release.`
			`This version is checked when the plugin is loaded so Elasticsearch will refuse to start`
			in the presence of plugins with the incorrect `elasticsearch.version`.

			`==============================================`


Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00			`[float]`
Plugins: Removed plugin.types The setting `plugin.types` is currently used to load plugins from the classpath. This is necessary in tests, as well as the transport client. This change removes the setting, and replaces it with the ability to directly add plugins when building a transport client, as well as infrastructure in the integration tests to specify which plugin classes should be loaded on each node. 2015-08-22 03:21:13 -04:00			`=== Testing your plugin`
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00
			`When testing a Java plugin, it will only be auto-loaded if it is in the`
[Doc] Fix correct number of slashes when installing a plugin with zip file 2015-10-15 11:25:39 -04:00			`plugins/` directory. Use `bin/plugin install file:///path/to/your/plugin`
Plugins: Removed plugin.types The setting `plugin.types` is currently used to load plugins from the classpath. This is necessary in tests, as well as the transport client. This change removes the setting, and replaces it with the ability to directly add plugins when building a transport client, as well as infrastructure in the integration tests to specify which plugin classes should be loaded on each node. 2015-08-22 03:21:13 -04:00			`to install your plugin for testing.`

			`You may also load your plugin within the test framework for integration tests.`
Added link to test framework for plugin authors 2015-08-24 15:05:00 -04:00			`Read more in {ref}/integration-tests.html#changing-node-configuration[Changing Node Configuration].`
Docs: Prepare plugin and integration docs for 2.0 * Centralised plugin docs in docs/plugins/ * Moved integrations into same docs * Moved community clients into the clients section of the docs * Removed docs/community Closes #11734 Closes #11724 Closes #11636 Closes #11635 Closes #11632 Closes #11630 Closes #12046 Closes #12438 Closes #12579 2015-08-15 12:00:55 -04:00

Decentralize plugin security * Add ability for plugins to declare additional permissions with a custom plugin-security.policy file and corresponding AccessController logic. See the plugin author's guide for more information. * Add warning messages to users for extra plugin permissions in bin/plugin. * When bin/plugin is run interactively (stdin is a controlling terminal and -b/--batch not supplied), require user confirmation. * Improve unit test and IDE support for plugins with additional permissions by exposing plugin's metadata as a maven test resource. Closes #14108 Squashed commit of the following: commit cf8ace65a7397aaccd356bf55f95d6fbb8bb571c Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 13:36:05 2015 -0400 fix new unit test from master merge commit 9be3c5aa38f2d9ae50f3d54924a30ad9cddeeb65 Merge: 2f168b8 7368231 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:58:31 2015 -0400 Merge branch 'master' into off_my_back commit 2f168b8038e32672f01ad0279fb5db77ba902ae8 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:56:04 2015 -0400 improve plugin author documentation commit 6e6c2bfda68a418d92733ac22a58eec35508b2d0 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:52:14 2015 -0400 move security confirmation after 'plugin already installed' check, to prevent user from answering unnecessary questions. commit 08233a2972554afef2a6a7521990283102e20d92 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 05:36:42 2015 -0400 Add documentation and pluginmanager support commit 05dad86c51488ba43ccbd749f0164f3fbd3aee62 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 02:22:24 2015 -0400 Decentralize plugin permissions (modulo docs and pluginmanager work) 2015-10-14 14:46:45 -04:00			`[float]`
			`=== Java Security permissions`

			`Some plugins may need additional security permissions. A plugin can include`
Docs: Updated plugin author help for Gradle Relates to #15280 2015-12-15 06:27:20 -05:00			the optional `plugin-security.policy` file containing `grant` statements for
			`additional permissions. Any additional permissions will be displayed to the user`
			`with a large warning, and they will have to confirm them when installing the`
Decentralize plugin security * Add ability for plugins to declare additional permissions with a custom plugin-security.policy file and corresponding AccessController logic. See the plugin author's guide for more information. * Add warning messages to users for extra plugin permissions in bin/plugin. * When bin/plugin is run interactively (stdin is a controlling terminal and -b/--batch not supplied), require user confirmation. * Improve unit test and IDE support for plugins with additional permissions by exposing plugin's metadata as a maven test resource. Closes #14108 Squashed commit of the following: commit cf8ace65a7397aaccd356bf55f95d6fbb8bb571c Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 13:36:05 2015 -0400 fix new unit test from master merge commit 9be3c5aa38f2d9ae50f3d54924a30ad9cddeeb65 Merge: 2f168b8 7368231 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:58:31 2015 -0400 Merge branch 'master' into off_my_back commit 2f168b8038e32672f01ad0279fb5db77ba902ae8 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:56:04 2015 -0400 improve plugin author documentation commit 6e6c2bfda68a418d92733ac22a58eec35508b2d0 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:52:14 2015 -0400 move security confirmation after 'plugin already installed' check, to prevent user from answering unnecessary questions. commit 08233a2972554afef2a6a7521990283102e20d92 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 05:36:42 2015 -0400 Add documentation and pluginmanager support commit 05dad86c51488ba43ccbd749f0164f3fbd3aee62 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 02:22:24 2015 -0400 Decentralize plugin permissions (modulo docs and pluginmanager work) 2015-10-14 14:46:45 -04:00			`plugin interactively. So if possible, it is best to avoid requesting any`
			`spurious permissions!`

Docs: Updated plugin author help for Gradle Relates to #15280 2015-12-15 06:27:20 -05:00			`If you are using the elasticsearch Gradle build system, place this file in`
Decentralize plugin security * Add ability for plugins to declare additional permissions with a custom plugin-security.policy file and corresponding AccessController logic. See the plugin author's guide for more information. * Add warning messages to users for extra plugin permissions in bin/plugin. * When bin/plugin is run interactively (stdin is a controlling terminal and -b/--batch not supplied), require user confirmation. * Improve unit test and IDE support for plugins with additional permissions by exposing plugin's metadata as a maven test resource. Closes #14108 Squashed commit of the following: commit cf8ace65a7397aaccd356bf55f95d6fbb8bb571c Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 13:36:05 2015 -0400 fix new unit test from master merge commit 9be3c5aa38f2d9ae50f3d54924a30ad9cddeeb65 Merge: 2f168b8 7368231 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:58:31 2015 -0400 Merge branch 'master' into off_my_back commit 2f168b8038e32672f01ad0279fb5db77ba902ae8 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:56:04 2015 -0400 improve plugin author documentation commit 6e6c2bfda68a418d92733ac22a58eec35508b2d0 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 12:52:14 2015 -0400 move security confirmation after 'plugin already installed' check, to prevent user from answering unnecessary questions. commit 08233a2972554afef2a6a7521990283102e20d92 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 05:36:42 2015 -0400 Add documentation and pluginmanager support commit 05dad86c51488ba43ccbd749f0164f3fbd3aee62 Author: Robert Muir <rmuir@apache.org> Date: Wed Oct 14 02:22:24 2015 -0400 Decentralize plugin permissions (modulo docs and pluginmanager work) 2015-10-14 14:46:45 -04:00			`src/main/plugin-metadata` and it will be applied during unit tests as well.

			`Keep in mind that the Java security model is stack-based, and the additional`
			`permissions will only be granted to the jars in your plugin, so you will have`
			`write proper security code around operations requiring elevated privileges.`
			`It is recommended to add a check to prevent unprivileged code (such as scripts)`
			`from gaining escalated permissions. For example:`

			`[source,java]`
			`--------------------------------------------------`
			`// ES permission you should check before doPrivileged() blocks`
			`import org.elasticsearch.SpecialPermission;`

			`SecurityManager sm = System.getSecurityManager();`
			`if (sm != null) {`
			`// unprivileged code such as scripts do not have SpecialPermission`
			`sm.checkPermission(new SpecialPermission());`
			`}`
			`AccessController.doPrivileged(`
			`// sensitive operation`
			`);`
			`--------------------------------------------------`

			`See http://www.oracle.com/technetwork/java/seccodeguide-139067.html[Secure Coding Guidelines for Java SE]`
			`for more information.`