honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13695 from rmuir/factor_out_scripts 

Get lang-javascript, lang-python, securemock ready for script refactoring
This commit is contained in:
Robert Muir 2015-09-21 15:44:08 -04:00
parent cf065c63fd f0733bd829
commit 7bcdae28ca
3 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/src/main/java/org/elasticsearch/bootstrap/Security.java
View File

@ -166,6 +166,8 @@ final class Security {
m.put("repository-s3", "org.elasticsearch.plugin.repository.s3.S3RepositoryPlugin"); m.put("repository-s3", "org.elasticsearch.plugin.repository.s3.S3RepositoryPlugin");
m.put("discovery-ec2", "org.elasticsearch.plugin.discovery.ec2.Ec2DiscoveryPlugin"); m.put("discovery-ec2", "org.elasticsearch.plugin.discovery.ec2.Ec2DiscoveryPlugin");
m.put("cloud-gce", "org.elasticsearch.plugin.cloud.gce.CloudGcePlugin"); m.put("cloud-gce", "org.elasticsearch.plugin.cloud.gce.CloudGcePlugin");
m.put("lang-javascript", "org.elasticsearch.plugin.javascript.JavaScriptPlugin");
m.put("lang-python", "org.elasticsearch.plugin.python.PythonPlugin");
SPECIAL_PLUGINS = Collections.unmodifiableMap(m); SPECIAL_PLUGINS = Collections.unmodifiableMap(m);
} }

13
core/src/main/resources/org/elasticsearch/bootstrap/security.policy
View File

@ -57,13 +57,26 @@ grant codeBase "${es.security.plugin.cloud-gce}" {
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
}; };
grant codeBase "${es.security.plugin.lang-javascript}" {
// needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader";
};
grant codeBase "${es.security.plugin.lang-python}" {
// needed to generate runtime classes
permission java.lang.RuntimePermission "createClassLoader";
};
//// test framework permissions. //// test framework permissions.
//// These are mock objects and test management that we allow test framework libs //// These are mock objects and test management that we allow test framework libs
//// to provide on our behalf. But tests themselves cannot do this stuff! //// to provide on our behalf. But tests themselves cannot do this stuff!
grant codeBase "${es.security.jar.elasticsearch.securemock}" { grant codeBase "${es.security.jar.elasticsearch.securemock}" {
// needed to access ReflectionFactory (see below)
permission java.lang.RuntimePermission "accessClassInPackage.sun.reflect";
// needed to support creation of mocks // needed to support creation of mocks
permission java.lang.RuntimePermission "reflectionFactoryAccess"; permission java.lang.RuntimePermission "reflectionFactoryAccess";
// needed for spy interception, etc
permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
}; };

16
plugins/lang-python/src/main/java/org/elasticsearch/script/python/PythonScriptEngineService.java
View File

@ -20,6 +20,8 @@
package org.elasticsearch.script.python; package org.elasticsearch.script.python;
import java.io.IOException; import java.io.IOException;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Map; import java.util.Map;
import org.apache.lucene.index.LeafReaderContext; import org.apache.lucene.index.LeafReaderContext;
@ -54,7 +56,13 @@ public class PythonScriptEngineService extends AbstractComponent implements Scri
public PythonScriptEngineService(Settings settings) { public PythonScriptEngineService(Settings settings) {
super(settings); super(settings);
this.interp = PythonInterpreter.threadLocalStateInterpreter(null); // classloader created here
this.interp = AccessController.doPrivileged(new PrivilegedAction<PythonInterpreter> () {
@Override
public PythonInterpreter run() {
return PythonInterpreter.threadLocalStateInterpreter(null);
}
});
} }
@Override @Override
@ -74,8 +82,14 @@ public class PythonScriptEngineService extends AbstractComponent implements Scri
@Override @Override
public Object compile(String script) { public Object compile(String script) {
// classloader created here
return AccessController.doPrivileged(new PrivilegedAction<PyCode>() {
@Override
public PyCode run() {
return interp.compile(script); return interp.compile(script);
} }
});
}
@Override @Override
public ExecutableScript executable(CompiledScript compiledScript, Map<String, Object> vars) { public ExecutableScript executable(CompiledScript compiledScript, Map<String, Object> vars) {