Merge pull request #14672 from rmuir/aws_1_10_33
Upgrade to aws 1.10.33
This commit is contained in:
commit
beffc88700
|
@ -74,18 +74,6 @@ final class ESPolicy extends Policy {
|
|||
}
|
||||
}
|
||||
|
||||
// Special handling for broken AWS code which destroys all SSL security
|
||||
// REMOVE THIS when https://github.com/aws/aws-sdk-java/pull/432 is fixed
|
||||
if (permission instanceof RuntimePermission && "accessClassInPackage.sun.security.ssl".equals(permission.getName())) {
|
||||
for (StackTraceElement element : Thread.currentThread().getStackTrace()) {
|
||||
if ("com.amazonaws.http.conn.ssl.SdkTLSSocketFactory".equals(element.getClassName()) &&
|
||||
"verifyMasterSecret".equals(element.getMethodName())) {
|
||||
// we found the horrible method: the hack begins!
|
||||
// force the aws code to back down, by throwing an exception that it catches.
|
||||
rethrow(new IllegalAccessException("no amazon, you cannot do this."));
|
||||
}
|
||||
}
|
||||
}
|
||||
// otherwise defer to template + dynamic file permissions
|
||||
return template.implies(domain, permission) || dynamic.implies(permission);
|
||||
}
|
||||
|
@ -104,20 +92,4 @@ final class ESPolicy extends Policy {
|
|||
// return UNSUPPORTED_EMPTY_COLLECTION since it is safe.
|
||||
return super.getPermissions(codesource);
|
||||
}
|
||||
|
||||
/**
|
||||
* Classy puzzler to rethrow any checked exception as an unchecked one.
|
||||
*/
|
||||
private static class Rethrower<T extends Throwable> {
|
||||
private void rethrow(Throwable t) throws T {
|
||||
throw (T) t;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Rethrows <code>t</code> (identical object).
|
||||
*/
|
||||
private void rethrow(Throwable t) {
|
||||
new Rethrower<Error>().rethrow(t);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ esplugin {
|
|||
}
|
||||
|
||||
versions << [
|
||||
'aws': '1.10.19'
|
||||
'aws': '1.10.33'
|
||||
]
|
||||
|
||||
dependencies {
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
b53f650323b7242dcced25b679f3e9aa4b494da5
|
|
@ -0,0 +1 @@
|
|||
fabedbbe2b834b1add150b6a38395c5ef7380168
|
|
@ -1 +0,0 @@
|
|||
50ba7eb31719be1260bdae51cf69340df2d91ec4
|
|
@ -0,0 +1 @@
|
|||
202f6b5dbc196e355d50c131b0fd34969bfd89e6
|
|
@ -19,7 +19,6 @@
|
|||
|
||||
package org.elasticsearch.plugin.discovery.ec2;
|
||||
|
||||
import org.elasticsearch.SpecialPermission;
|
||||
import org.elasticsearch.cloud.aws.AwsEc2ServiceImpl;
|
||||
import org.elasticsearch.cloud.aws.Ec2Module;
|
||||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
|
@ -32,8 +31,6 @@ import org.elasticsearch.discovery.ec2.AwsEc2UnicastHostsProvider;
|
|||
import org.elasticsearch.discovery.ec2.Ec2Discovery;
|
||||
import org.elasticsearch.plugins.Plugin;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
|
||||
|
@ -41,27 +38,6 @@ import java.util.Collection;
|
|||
*
|
||||
*/
|
||||
public class Ec2DiscoveryPlugin extends Plugin {
|
||||
|
||||
static {
|
||||
// This internal config is deserialized but with wrong access modifiers,
|
||||
// cannot work without suppressAccessChecks permission right now. We force
|
||||
// a one time load with elevated privileges as a workaround.
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SpecialPermission());
|
||||
}
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
try {
|
||||
Class.forName("com.amazonaws.internal.config.InternalConfig$Factory");
|
||||
} catch (ClassNotFoundException e) {
|
||||
throw new RuntimeException("Unable to initialize internal aws config", e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
private final Settings settings;
|
||||
protected final ESLogger logger = Loggers.getLogger(Ec2DiscoveryPlugin.class);
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
/*
|
||||
* Licensed to Elasticsearch under one or more contributor
|
||||
* license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright
|
||||
* ownership. Elasticsearch licenses this file to you under
|
||||
* the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
grant {
|
||||
// needed because of problems in aws-sdk
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
};
|
|
@ -1355,4 +1355,9 @@ public class AmazonEC2Mock implements AmazonEC2 {
|
|||
public ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request) {
|
||||
throw new UnsupportedOperationException("Not supported in mock");
|
||||
}
|
||||
|
||||
@Override
|
||||
public ModifySpotFleetRequestResult modifySpotFleetRequest(ModifySpotFleetRequestRequest modifySpotFleetRequestRequest) throws AmazonServiceException, AmazonClientException {
|
||||
throw new UnsupportedOperationException("Not supported in mock");
|
||||
}
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ esplugin {
|
|||
}
|
||||
|
||||
versions << [
|
||||
'aws': '1.10.19'
|
||||
'aws': '1.10.33'
|
||||
]
|
||||
|
||||
dependencies {
|
||||
|
|
|
@ -1 +0,0 @@
|
|||
b53f650323b7242dcced25b679f3e9aa4b494da5
|
|
@ -0,0 +1 @@
|
|||
fabedbbe2b834b1add150b6a38395c5ef7380168
|
|
@ -1 +0,0 @@
|
|||
c8764f3e61a3c420db429870ec22b31fe755d81d
|
|
@ -0,0 +1 @@
|
|||
35881245894ecc4d893c074eacdf2e6b56820fda
|
|
@ -1 +0,0 @@
|
|||
a23dc60d56d54126250c23cab1d01328b1e83678
|
|
@ -0,0 +1 @@
|
|||
5665cf77102a932a16e99ebf41d197e03ddbf25c
|
|
@ -19,7 +19,6 @@
|
|||
|
||||
package org.elasticsearch.plugin.repository.s3;
|
||||
|
||||
import org.elasticsearch.SpecialPermission;
|
||||
import org.elasticsearch.cloud.aws.S3Module;
|
||||
import org.elasticsearch.common.component.LifecycleComponent;
|
||||
import org.elasticsearch.common.inject.Module;
|
||||
|
@ -28,8 +27,6 @@ import org.elasticsearch.plugins.Plugin;
|
|||
import org.elasticsearch.repositories.RepositoriesModule;
|
||||
import org.elasticsearch.repositories.s3.S3Repository;
|
||||
|
||||
import java.security.AccessController;
|
||||
import java.security.PrivilegedAction;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.Collections;
|
||||
|
@ -38,27 +35,6 @@ import java.util.Collections;
|
|||
*
|
||||
*/
|
||||
public class S3RepositoryPlugin extends Plugin {
|
||||
|
||||
static {
|
||||
// This internal config is deserialized but with wrong access modifiers,
|
||||
// cannot work without suppressAccessChecks permission right now. We force
|
||||
// a one time load with elevated privileges as a workaround.
|
||||
SecurityManager sm = System.getSecurityManager();
|
||||
if (sm != null) {
|
||||
sm.checkPermission(new SpecialPermission());
|
||||
}
|
||||
AccessController.doPrivileged(new PrivilegedAction<Void>() {
|
||||
@Override
|
||||
public Void run() {
|
||||
try {
|
||||
Class.forName("com.amazonaws.internal.config.InternalConfig$Factory");
|
||||
} catch (ClassNotFoundException e) {
|
||||
throw new RuntimeException("Unable to initialize internal aws config", e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Override
|
||||
public String name() {
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
/*
|
||||
* Licensed to Elasticsearch under one or more contributor
|
||||
* license agreements. See the NOTICE file distributed with
|
||||
* this work for additional information regarding copyright
|
||||
* ownership. Elasticsearch licenses this file to you under
|
||||
* the Apache License, Version 2.0 (the "License"); you may
|
||||
* not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing,
|
||||
* software distributed under the License is distributed on an
|
||||
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
* KIND, either express or implied. See the License for the
|
||||
* specific language governing permissions and limitations
|
||||
* under the License.
|
||||
*/
|
||||
|
||||
grant {
|
||||
// needed because of problems in aws-sdk
|
||||
permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
|
||||
};
|
|
@ -628,4 +628,9 @@ public class AmazonS3Wrapper implements AmazonS3 {
|
|||
public BucketReplicationConfiguration getBucketReplicationConfiguration(GetBucketReplicationConfigurationRequest getBucketReplicationConfigurationRequest) throws AmazonServiceException, AmazonClientException {
|
||||
return delegate.getBucketReplicationConfiguration(getBucketReplicationConfigurationRequest);
|
||||
}
|
||||
|
||||
@Override
|
||||
public HeadBucketResult headBucket(HeadBucketRequest headBucketRequest) throws AmazonClientException, AmazonServiceException {
|
||||
return delegate.headBucket(headBucketRequest);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue