Use java sys prop override in tests instead of flag to createPermissions
This commit is contained in:
parent
072b90296a
commit
b889b3b437
|
@ -42,7 +42,7 @@ public class Security {
|
||||||
*/
|
*/
|
||||||
static void configure(Environment environment) throws Exception {
|
static void configure(Environment environment) throws Exception {
|
||||||
// enable security policy: union of template and environment-based paths.
|
// enable security policy: union of template and environment-based paths.
|
||||||
Policy.setPolicy(new ESPolicy(createPermissions(environment, true)));
|
Policy.setPolicy(new ESPolicy(createPermissions(environment)));
|
||||||
|
|
||||||
// enable security manager
|
// enable security manager
|
||||||
System.setSecurityManager(new SecurityManager());
|
System.setSecurityManager(new SecurityManager());
|
||||||
|
@ -52,13 +52,11 @@ public class Security {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** returns dynamic Permissions to configured paths */
|
/** returns dynamic Permissions to configured paths */
|
||||||
static Permissions createPermissions(Environment environment, boolean addTempDir) throws IOException {
|
static Permissions createPermissions(Environment environment) throws IOException {
|
||||||
// TODO: improve test infra so we can reduce permissions where read/write
|
// TODO: improve test infra so we can reduce permissions where read/write
|
||||||
// is not really needed...
|
// is not really needed...
|
||||||
Permissions policy = new Permissions();
|
Permissions policy = new Permissions();
|
||||||
if (addTempDir) {
|
addPath(policy, PathUtils.get(System.getProperty("java.io.tmpdir")), "read,readlink,write,delete");
|
||||||
addPath(policy, PathUtils.get(System.getProperty("java.io.tmpdir")), "read,readlink,write,delete");
|
|
||||||
}
|
|
||||||
addPath(policy, environment.homeFile(), "read,readlink,write,delete");
|
addPath(policy, environment.homeFile(), "read,readlink,write,delete");
|
||||||
addPath(policy, environment.configFile(), "read,readlink,write,delete");
|
addPath(policy, environment.configFile(), "read,readlink,write,delete");
|
||||||
addPath(policy, environment.logsFile(), "read,readlink,write,delete");
|
addPath(policy, environment.logsFile(), "read,readlink,write,delete");
|
||||||
|
|
|
@ -40,8 +40,15 @@ public class SecurityTests extends ElasticsearchTestCase {
|
||||||
Settings settings = settingsBuilder.build();
|
Settings settings = settingsBuilder.build();
|
||||||
|
|
||||||
Environment environment = new Environment(settings);
|
Environment environment = new Environment(settings);
|
||||||
// we pass false to not include temp (or it will grant permissions to everything here)
|
Path fakeTmpDir = createTempDir();
|
||||||
Permissions permissions = Security.createPermissions(environment, false);
|
String realTmpDir = System.getProperty("java.io.tmpdir");
|
||||||
|
Permissions permissions;
|
||||||
|
try {
|
||||||
|
System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
|
||||||
|
permissions = Security.createPermissions(environment);
|
||||||
|
} finally {
|
||||||
|
System.setProperty("java.io.tmpdir", realTmpDir);
|
||||||
|
}
|
||||||
|
|
||||||
// the fake es home
|
// the fake es home
|
||||||
assertTrue(permissions.implies(new FilePermission(esHome.toString(), "read")));
|
assertTrue(permissions.implies(new FilePermission(esHome.toString(), "read")));
|
||||||
|
@ -49,6 +56,8 @@ public class SecurityTests extends ElasticsearchTestCase {
|
||||||
assertFalse(permissions.implies(new FilePermission(path.toString(), "read")));
|
assertFalse(permissions.implies(new FilePermission(path.toString(), "read")));
|
||||||
// some other sibling
|
// some other sibling
|
||||||
assertFalse(permissions.implies(new FilePermission(path.resolve("other").toString(), "read")));
|
assertFalse(permissions.implies(new FilePermission(path.resolve("other").toString(), "read")));
|
||||||
|
// double check we overwrote java.io.tmpdir correctly for the test
|
||||||
|
assertFalse(permissions.implies(new FilePermission(realTmpDir.toString(), "read")));
|
||||||
}
|
}
|
||||||
|
|
||||||
/** test generated permissions for all configured paths */
|
/** test generated permissions for all configured paths */
|
||||||
|
@ -64,7 +73,15 @@ public class SecurityTests extends ElasticsearchTestCase {
|
||||||
Settings settings = settingsBuilder.build();
|
Settings settings = settingsBuilder.build();
|
||||||
|
|
||||||
Environment environment = new Environment(settings);
|
Environment environment = new Environment(settings);
|
||||||
Permissions permissions = Security.createPermissions(environment, false);
|
Path fakeTmpDir = createTempDir();
|
||||||
|
String realTmpDir = System.getProperty("java.io.tmpdir");
|
||||||
|
Permissions permissions;
|
||||||
|
try {
|
||||||
|
System.setProperty("java.io.tmpdir", fakeTmpDir.toString());
|
||||||
|
permissions = Security.createPermissions(environment);
|
||||||
|
} finally {
|
||||||
|
System.setProperty("java.io.tmpdir", realTmpDir);
|
||||||
|
}
|
||||||
|
|
||||||
// check that all directories got permissions:
|
// check that all directories got permissions:
|
||||||
// homefile: this is needed unless we break out rules for "lib" dir.
|
// homefile: this is needed unless we break out rules for "lib" dir.
|
||||||
|
@ -84,5 +101,9 @@ public class SecurityTests extends ElasticsearchTestCase {
|
||||||
}
|
}
|
||||||
// logs: r/w
|
// logs: r/w
|
||||||
assertTrue(permissions.implies(new FilePermission(environment.logsFile().toString(), "read,readlink,write,delete")));
|
assertTrue(permissions.implies(new FilePermission(environment.logsFile().toString(), "read,readlink,write,delete")));
|
||||||
|
// temp dir: r/w
|
||||||
|
assertTrue(permissions.implies(new FilePermission(fakeTmpDir.toString(), "read,readlink,write,delete")));
|
||||||
|
// double check we overwrote java.io.tmpdir correctly for the test
|
||||||
|
assertFalse(permissions.implies(new FilePermission(realTmpDir.toString(), "read")));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue