honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12351 from rmuir/perms 

Remove Environment.homeFile()
This commit is contained in:
Robert Muir 2015-08-03 13:21:22 -04:00
parent ac89f43d11 e472cbed09
commit 22a73d3e65
6 changed files with 30 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
core/src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -116,11 +116,11 @@ final class Security {
/** returns dynamic Permissions to configured paths */ /** returns dynamic Permissions to configured paths */
static Permissions createPermissions(Environment environment) throws IOException { static Permissions createPermissions(Environment environment) throws IOException {
// TODO: improve test infra so we can reduce permissions where read/write
// is not really needed...
Permissions policy = new Permissions(); Permissions policy = new Permissions();
// read-only dirs
addPath(policy, environment.binFile(), "read,readlink");
addPath(policy, environment.libFile(), "read,readlink");
addPath(policy, environment.tmpFile(), "read,readlink,write,delete"); addPath(policy, environment.tmpFile(), "read,readlink,write,delete");
addPath(policy, environment.homeFile(), "read,readlink,write,delete");
addPath(policy, environment.configFile(), "read,readlink,write,delete"); addPath(policy, environment.configFile(), "read,readlink,write,delete");
addPath(policy, environment.logsFile(), "read,readlink,write,delete"); addPath(policy, environment.logsFile(), "read,readlink,write,delete");
addPath(policy, environment.pluginsFile(), "read,readlink,write,delete"); addPath(policy, environment.pluginsFile(), "read,readlink,write,delete");

27
core/src/main/java/org/elasticsearch/env/Environment.java vendored
View File

@ -45,8 +45,6 @@ public class Environment {
private final Settings settings; private final Settings settings;
private final Path homeFile;
private final Path[] dataFiles; private final Path[] dataFiles;
private final Path[] dataWithClusterFiles; private final Path[] dataWithClusterFiles;
@ -57,6 +55,12 @@ public class Environment {
private final Path pluginsFile; private final Path pluginsFile;
/** location of bin/, used by plugin manager */
private final Path binFile;
/** location of lib/, */
private final Path libFile;
private final Path logsFile; private final Path logsFile;
/** Path to the PID file (can be null if no PID file is configured) **/ /** Path to the PID file (can be null if no PID file is configured) **/
@ -83,6 +87,7 @@ public class Environment {
public Environment(Settings settings) { public Environment(Settings settings) {
this.settings = settings; this.settings = settings;
final Path homeFile;
if (settings.get("path.home") != null) { if (settings.get("path.home") != null) {
homeFile = PathUtils.get(cleanPath(settings.get("path.home"))); homeFile = PathUtils.get(cleanPath(settings.get("path.home")));
} else { } else {
@ -133,6 +138,9 @@ public class Environment {
} else { } else {
pidFile = null; pidFile = null;
} }
binFile = homeFile.resolve("bin");
libFile = homeFile.resolve("lib");
} }
/** /**
@ -142,13 +150,6 @@ public class Environment {
return this.settings; return this.settings;
} }
/**
* The home of the installation.
*/
public Path homeFile() {
return homeFile;
}
/** /**
* The data location. * The data location.
*/ */
@ -236,6 +237,14 @@ public class Environment {
return pluginsFile; return pluginsFile;
} }
public Path binFile() {
return binFile;
}
public Path libFile() {
return libFile;
}
public Path logsFile() { public Path logsFile() {
return logsFile; return logsFile;
} }

4
core/src/main/java/org/elasticsearch/node/Node.java
View File

@ -140,8 +140,8 @@ public class Node implements Releasable {
if (logger.isDebugEnabled()) { if (logger.isDebugEnabled()) {
Environment env = tuple.v2(); Environment env = tuple.v2();
logger.debug("using home [{}], config [{}], data [{}], logs [{}], plugins [{}]", logger.debug("using config [{}], data [{}], logs [{}], plugins [{}]",
env.homeFile(), env.configFile(), Arrays.toString(env.dataFiles()), env.logsFile(), env.pluginsFile()); env.configFile(), Arrays.toString(env.dataFiles()), env.logsFile(), env.pluginsFile());
} }
this.pluginsService = new PluginsService(tuple.v1(), tuple.v2()); this.pluginsService = new PluginsService(tuple.v1(), tuple.v2());

2
core/src/main/java/org/elasticsearch/plugins/PluginManager.java
View File

@ -462,7 +462,7 @@ public class PluginManager {
} }
Path binDir(Environment env) { Path binDir(Environment env) {
return env.homeFile().resolve("bin").resolve(name); return env.binFile().resolve(name);
} }
Path configDir(Environment env) { Path configDir(Environment env) {

7
core/src/test/java/org/elasticsearch/bootstrap/SecurityTests.java
View File

@ -53,7 +53,7 @@ public class SecurityTests extends ElasticsearchTestCase {
} }
// the fake es home // the fake es home
assertTrue(permissions.implies(new FilePermission(esHome.toString(), "read"))); assertFalse(permissions.implies(new FilePermission(esHome.toString(), "read")));
// its parent // its parent
assertFalse(permissions.implies(new FilePermission(path.toString(), "read"))); assertFalse(permissions.implies(new FilePermission(path.toString(), "read")));
// some other sibling // some other sibling
@ -88,9 +88,8 @@ public class SecurityTests extends ElasticsearchTestCase {
} }
// check that all directories got permissions: // check that all directories got permissions:
// homefile: this is needed unless we break out rules for "lib" dir. assertTrue(permissions.implies(new FilePermission(environment.binFile().toString(), "read")));
// TODO: make read-only assertTrue(permissions.implies(new FilePermission(environment.libFile().toString(), "read")));
assertTrue(permissions.implies(new FilePermission(environment.homeFile().toString(), "read,readlink,write,delete")));
// config file // config file
// TODO: make read-only // TODO: make read-only
assertTrue(permissions.implies(new FilePermission(environment.configFile().toString(), "read,readlink,write,delete"))); assertTrue(permissions.implies(new FilePermission(environment.configFile().toString(), "read,readlink,write,delete")));

6
core/src/test/java/org/elasticsearch/plugins/PluginManagerTests.java
View File

@ -73,7 +73,7 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
public void setup() throws Exception { public void setup() throws Exception {
initialSettings = buildInitialSettings(); initialSettings = buildInitialSettings();
System.setProperty("es.default.path.home", initialSettings.v1().get("path.home")); System.setProperty("es.default.path.home", initialSettings.v1().get("path.home"));
Path binDir = initialSettings.v2().homeFile().resolve("bin"); Path binDir = initialSettings.v2().binFile();
if (!Files.exists(binDir)) { if (!Files.exists(binDir)) {
Files.createDirectories(binDir); Files.createDirectories(binDir);
} }
@ -136,7 +136,7 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
"classname", "FakePlugin"); "classname", "FakePlugin");
Environment env = initialSettings.v2(); Environment env = initialSettings.v2();
Path binDir = env.homeFile().resolve("bin"); Path binDir = env.binFile();
Path pluginBinDir = binDir.resolve(pluginName); Path pluginBinDir = binDir.resolve(pluginName);
Path pluginConfigDir = env.configFile().resolve(pluginName); Path pluginConfigDir = env.configFile().resolve(pluginName);
@ -281,7 +281,7 @@ public class PluginManagerTests extends ElasticsearchIntegrationTest {
"classname", "FakePlugin"); "classname", "FakePlugin");
Environment env = initialSettings.v2(); Environment env = initialSettings.v2();
Path binDir = env.homeFile().resolve("bin"); Path binDir = env.binFile();
Path pluginBinDir = binDir.resolve(pluginName); Path pluginBinDir = binDir.resolve(pluginName);
assertStatusOk(String.format(Locale.ROOT, "install %s --url %s --verbose", pluginName, pluginUrl)); assertStatusOk(String.format(Locale.ROOT, "install %s --url %s --verbose", pluginName, pluginUrl));