Skip to content

Commit d08d6d2

Browse files
prdoyleprdoyle
committed
Create PolicyManager during bootstrap, allowing us to share initialization
1 parent 21ce09c commit d08d6d2

File tree

7 files changed

+123
-173
lines changed

7 files changed

+123
-173
lines changed

libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java

Lines changed: 22 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
import org.elasticsearch.core.PathUtils;
1919
import org.elasticsearch.core.SuppressForbidden;
2020
import org.elasticsearch.entitlement.initialization.EntitlementInitialization;
21+
import org.elasticsearch.entitlement.runtime.policy.PathLookup;
2122
import org.elasticsearch.entitlement.runtime.policy.PathLookupImpl;
2223
import org.elasticsearch.entitlement.runtime.policy.Policy;
2324
import org.elasticsearch.entitlement.runtime.policy.PolicyManager;
@@ -91,12 +92,9 @@ public static void bootstrap(
9192
settingResolver
9293
);
9394
EntitlementInitialization.initializeArgs = new EntitlementInitialization.InitializeArgs(
94-
serverPolicyPatch,
95-
pluginPolicies,
96-
scopeResolver,
9795
pathLookup,
98-
pluginSourcePaths,
99-
suppressFailureLogPackages
96+
suppressFailureLogPackages,
97+
createPolicyManager(pluginPolicies, pathLookup, serverPolicyPatch, scopeResolver, pluginSourcePaths)
10098
);
10199
exportInitializationToAgent();
102100
loadAgent(findAgentJar(), EntitlementInitialization.class.getName());
@@ -154,5 +152,24 @@ static String findAgentJar() {
154152
}
155153
}
156154

155+
private static PolicyManager createPolicyManager(
156+
Map<String, Policy> pluginPolicies,
157+
PathLookup pathLookup,
158+
Policy serverPolicyPatch,
159+
Function<Class<?>, PolicyManager.PolicyScope> scopeResolver,
160+
Map<String, Collection<Path>> pluginSourcePaths
161+
) {
162+
FilesEntitlementsValidation.validate(pluginPolicies, pathLookup);
163+
164+
return new PolicyManager(
165+
HardcodedEntitlements.serverPolicy(pathLookup.pidFile(), serverPolicyPatch),
166+
HardcodedEntitlements.agentEntitlements(),
167+
pluginPolicies,
168+
scopeResolver,
169+
pluginSourcePaths,
170+
pathLookup
171+
);
172+
}
173+
157174
private static final Logger logger = LogManager.getLogger(EntitlementBootstrap.class);
158175
}

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidation.java renamed to libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/FilesEntitlementsValidation.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* License v3.0 only", or the "Server Side Public License, v 1".
88
*/
99

10-
package org.elasticsearch.entitlement.initialization;
10+
package org.elasticsearch.entitlement.bootstrap;
1111

1212
import org.elasticsearch.core.Strings;
1313
import org.elasticsearch.entitlement.runtime.policy.FileAccessTree;

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/HardcodedEntitlements.java renamed to libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/HardcodedEntitlements.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* License v3.0 only", or the "Server Side Public License, v 1".
88
*/
99

10-
package org.elasticsearch.entitlement.initialization;
10+
package org.elasticsearch.entitlement.bootstrap;
1111

1212
import org.elasticsearch.core.Booleans;
1313
import org.elasticsearch.entitlement.runtime.policy.Policy;

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java

Lines changed: 4 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -10,23 +10,17 @@
1010
package org.elasticsearch.entitlement.initialization;
1111

1212
import org.elasticsearch.core.Booleans;
13-
import org.elasticsearch.core.Nullable;
1413
import org.elasticsearch.entitlement.bridge.EntitlementChecker;
1514
import org.elasticsearch.entitlement.runtime.policy.ElasticsearchEntitlementChecker;
1615
import org.elasticsearch.entitlement.runtime.policy.PathLookup;
17-
import org.elasticsearch.entitlement.runtime.policy.Policy;
1816
import org.elasticsearch.entitlement.runtime.policy.PolicyChecker;
1917
import org.elasticsearch.entitlement.runtime.policy.PolicyCheckerImpl;
2018
import org.elasticsearch.entitlement.runtime.policy.PolicyManager;
2119

2220
import java.lang.instrument.Instrumentation;
2321
import java.lang.reflect.Constructor;
2422
import java.lang.reflect.InvocationTargetException;
25-
import java.nio.file.Path;
26-
import java.util.Collection;
27-
import java.util.Map;
2823
import java.util.Set;
29-
import java.util.function.Function;
3024

3125
import static java.util.Objects.requireNonNull;
3226

@@ -70,35 +64,23 @@ public static EntitlementChecker checker() {
7064
*/
7165
public static void initialize(Instrumentation inst) throws Exception {
7266
// the checker _MUST_ be set before _any_ instrumentation is done
73-
checker = initChecker(createPolicyManager());
67+
checker = initChecker(initializeArgs.policyManager());
7468
initInstrumentation(inst);
7569
}
7670

7771
/**
7872
* Arguments to {@link #initialize}. Since that's called in a static context from the agent,
7973
* we have no way to pass arguments directly, so we stuff them in here.
8074
*
81-
* @param serverPolicyPatch
82-
* @param pluginPolicies
83-
* @param scopeResolver
8475
* @param pathLookup
85-
* @param pluginSourcePaths
8676
* @param suppressFailureLogPackages
77+
* @param policyManager
8778
*/
88-
public record InitializeArgs(
89-
@Nullable Policy serverPolicyPatch,
90-
Map<String, Policy> pluginPolicies,
91-
Function<Class<?>, PolicyManager.PolicyScope> scopeResolver,
92-
PathLookup pathLookup,
93-
Map<String, Collection<Path>> pluginSourcePaths,
94-
Set<Package> suppressFailureLogPackages
95-
) {
79+
public record InitializeArgs(PathLookup pathLookup, Set<Package> suppressFailureLogPackages, PolicyManager policyManager) {
9680
public InitializeArgs {
97-
requireNonNull(pluginPolicies);
98-
requireNonNull(scopeResolver);
9981
requireNonNull(pathLookup);
100-
requireNonNull(pluginSourcePaths);
10182
requireNonNull(suppressFailureLogPackages);
83+
requireNonNull(policyManager);
10284
}
10385
}
10486

@@ -111,22 +93,6 @@ private static PolicyCheckerImpl createPolicyChecker(PolicyManager policyManager
11193
);
11294
}
11395

114-
private static PolicyManager createPolicyManager() {
115-
Map<String, Policy> pluginPolicies = initializeArgs.pluginPolicies();
116-
PathLookup pathLookup = initializeArgs.pathLookup();
117-
118-
FilesEntitlementsValidation.validate(pluginPolicies, pathLookup);
119-
120-
return new PolicyManager(
121-
HardcodedEntitlements.serverPolicy(pathLookup.pidFile(), initializeArgs.serverPolicyPatch()),
122-
HardcodedEntitlements.agentEntitlements(),
123-
pluginPolicies,
124-
initializeArgs.scopeResolver(),
125-
initializeArgs.pluginSourcePaths(),
126-
pathLookup
127-
);
128-
}
129-
13096
/**
13197
* If bytecode verification is enabled, ensure these classes get loaded before transforming/retransforming them.
13298
* For these classes, the order in which we transform and verify them matters. Verification during class transformation is at least an

libs/entitlement/src/test/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidationTests.java renamed to libs/entitlement/src/test/java/org/elasticsearch/entitlement/bootstrap/FilesEntitlementsValidationTests.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@
77
* License v3.0 only", or the "Server Side Public License, v 1".
88
*/
99

10-
package org.elasticsearch.entitlement.initialization;
10+
package org.elasticsearch.entitlement.bootstrap;
1111

1212
import org.elasticsearch.common.settings.Settings;
1313
import org.elasticsearch.entitlement.runtime.policy.PathLookup;

test/framework/src/main/java/org/elasticsearch/entitlement/bootstrap/TestEntitlementBootstrap.java

Lines changed: 94 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -9,12 +9,30 @@
99

1010
package org.elasticsearch.entitlement.bootstrap;
1111

12-
import org.elasticsearch.entitlement.initialization.TestEntitlementInitialization;
12+
import org.elasticsearch.bootstrap.TestBuildInfo;
13+
import org.elasticsearch.bootstrap.TestBuildInfoParser;
14+
import org.elasticsearch.bootstrap.TestScopeResolver;
15+
import org.elasticsearch.core.Strings;
16+
import org.elasticsearch.core.SuppressForbidden;
17+
import org.elasticsearch.entitlement.initialization.EntitlementInitialization;
1318
import org.elasticsearch.entitlement.runtime.policy.PathLookup;
19+
import org.elasticsearch.entitlement.runtime.policy.Policy;
20+
import org.elasticsearch.entitlement.runtime.policy.PolicyManager;
21+
import org.elasticsearch.entitlement.runtime.policy.PolicyParser;
22+
import org.elasticsearch.entitlement.runtime.policy.TestPolicyManager;
1423
import org.elasticsearch.logging.LogManager;
1524
import org.elasticsearch.logging.Logger;
25+
import org.elasticsearch.plugins.PluginDescriptor;
1626

27+
import java.io.IOException;
28+
import java.io.InputStream;
29+
import java.net.URL;
1730
import java.nio.file.Path;
31+
import java.util.ArrayList;
32+
import java.util.HashMap;
33+
import java.util.List;
34+
import java.util.Map;
35+
import java.util.Set;
1836
import java.util.stream.Stream;
1937

2038
public class TestEntitlementBootstrap {
@@ -24,10 +42,15 @@ public class TestEntitlementBootstrap {
2442
/**
2543
* Activates entitlement checking in tests.
2644
*/
27-
public static void bootstrap() {
28-
TestEntitlementInitialization.initializeArgs = new TestEntitlementInitialization.InitializeArgs(new TestPathLookup());
45+
public static void bootstrap() throws IOException {
46+
TestPathLookup pathLookup = new TestPathLookup();
47+
EntitlementInitialization.initializeArgs = new EntitlementInitialization.InitializeArgs(
48+
pathLookup,
49+
Set.of(),
50+
createPolicyManager(pathLookup)
51+
);
2952
logger.debug("Loading entitlement agent");
30-
EntitlementBootstrap.loadAgent(EntitlementBootstrap.findAgentJar(), TestEntitlementInitialization.class.getName());
53+
EntitlementBootstrap.loadAgent(EntitlementBootstrap.findAgentJar(), EntitlementInitialization.class.getName());
3154
}
3255

3356
private record TestPathLookup() implements PathLookup {
@@ -47,4 +70,71 @@ public Stream<Path> resolveSettingPaths(BaseDir baseDir, String settingName) {
4770
}
4871

4972
}
73+
74+
private static PolicyManager createPolicyManager(PathLookup pathLookup) throws IOException {
75+
76+
var pluginsTestBuildInfo = TestBuildInfoParser.parseAllPluginTestBuildInfo();
77+
var serverTestBuildInfo = TestBuildInfoParser.parseServerTestBuildInfo();
78+
var scopeResolver = TestScopeResolver.createScopeResolver(serverTestBuildInfo, pluginsTestBuildInfo);
79+
List<String> pluginNames = pluginsTestBuildInfo.stream().map(TestBuildInfo::component).toList();
80+
81+
var pluginDescriptors = parsePluginsDescriptors(pluginNames);
82+
var pluginsData = pluginDescriptors.stream()
83+
.map(descriptor -> new TestPluginData(descriptor.getName(), descriptor.isModular(), false))
84+
.toList();
85+
Map<String, Policy> pluginPolicies = parsePluginsPolicies(pluginsData);
86+
87+
FilesEntitlementsValidation.validate(pluginPolicies, pathLookup);
88+
89+
return new TestPolicyManager(
90+
HardcodedEntitlements.serverPolicy(null, null),
91+
HardcodedEntitlements.agentEntitlements(),
92+
pluginPolicies,
93+
scopeResolver,
94+
Map.of(),
95+
pathLookup
96+
);
97+
}
98+
99+
private record TestPluginData(String pluginName, boolean isModular, boolean isExternalPlugin) {}
100+
101+
private static Map<String, Policy> parsePluginsPolicies(List<TestPluginData> pluginsData) {
102+
Map<String, Policy> policies = new HashMap<>();
103+
for (var pluginData : pluginsData) {
104+
String pluginName = pluginData.pluginName();
105+
var resourceName = Strings.format("META-INF/es-plugins/%s/entitlement-policy.yaml", pluginName);
106+
107+
var resource = EntitlementInitialization.class.getClassLoader().getResource(resourceName);
108+
if (resource != null) {
109+
try (var inputStream = getStream(resource)) {
110+
policies.put(pluginName, new PolicyParser(inputStream, pluginName, pluginData.isExternalPlugin()).parsePolicy());
111+
} catch (IOException e) {
112+
throw new IllegalArgumentException(Strings.format("Cannot read policy for plugin [%s]", pluginName), e);
113+
}
114+
}
115+
}
116+
return policies;
117+
}
118+
119+
private static List<PluginDescriptor> parsePluginsDescriptors(List<String> pluginNames) {
120+
List<PluginDescriptor> descriptors = new ArrayList<>();
121+
for (var pluginName : pluginNames) {
122+
var resourceName = Strings.format("META-INF/es-plugins/%s/plugin-descriptor.properties", pluginName);
123+
var resource = EntitlementInitialization.class.getClassLoader().getResource(resourceName);
124+
if (resource != null) {
125+
try (var inputStream = getStream(resource)) {
126+
descriptors.add(PluginDescriptor.readInternalDescriptorFromStream(inputStream));
127+
} catch (IOException e) {
128+
throw new IllegalArgumentException(Strings.format("Cannot read descriptor for plugin [%s]", pluginName), e);
129+
}
130+
}
131+
}
132+
return descriptors;
133+
}
134+
135+
@SuppressForbidden(reason = "URLs from class loader")
136+
private static InputStream getStream(URL resource) throws IOException {
137+
return resource.openStream();
138+
}
139+
50140
}

0 commit comments

Comments
 (0)