Merge remote-tracking branch 'upstream/main' into entitlements/missing-url-connection-4

Author: ldematte

libs/cli/build.gradle

@@ -12,6 +12,7 @@ apply plugin: 'elasticsearch.publish'
 dependencies {
   api 'net.sf.jopt-simple:jopt-simple:5.0.2'
   api project(':libs:core')
+  api project(':libs:logging')
 
   testImplementation(project(":test:framework")) {
     exclude group: 'org.elasticsearch', module: 'cli'

libs/cli/src/main/java/module-info.java

@@ -11,6 +11,8 @@
 module org.elasticsearch.cli {
     requires jopt.simple;
     requires org.elasticsearch.base;
+    requires java.logging;
+    requires org.elasticsearch.logging;
 
     exports org.elasticsearch.cli;
 }

libs/cli/src/main/java/org/elasticsearch/cli/Command.java

@@ -15,6 +15,8 @@
 import joptsimple.OptionSpec;
 
 import org.elasticsearch.core.SuppressForbidden;
+import org.elasticsearch.logging.Level;
+import org.elasticsearch.logging.internal.spi.LoggerFactory;
 
 import java.io.Closeable;
 import java.io.IOException;
@@ -84,12 +86,16 @@ protected void mainWithoutErrorHandling(String[] args, Terminal terminal, Proces
             return;
         }
 
+        LoggerFactory loggerFactory = LoggerFactory.provider();
         if (options.has(silentOption)) {
             terminal.setVerbosity(Terminal.Verbosity.SILENT);
+            loggerFactory.setRootLevel(Level.OFF);
         } else if (options.has(verboseOption)) {
             terminal.setVerbosity(Terminal.Verbosity.VERBOSE);
+            loggerFactory.setRootLevel(Level.DEBUG);
         } else {
             terminal.setVerbosity(Terminal.Verbosity.NORMAL);
+            loggerFactory.setRootLevel(Level.INFO);
         }
 
         execute(terminal, options, processInfo);

libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java

@@ -64,11 +64,11 @@
 import java.util.stream.Stream;
 import java.util.stream.StreamSupport;
 
+import static org.elasticsearch.entitlement.runtime.policy.Platform.LINUX;
 import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.BaseDir.DATA;
 import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.BaseDir.SHARED_REPO;
 import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.Mode.READ;
 import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.Mode.READ_WRITE;
-import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.Platform.LINUX;
 
 /**
  * Called by the agent during {@code agentmain} to configure the entitlement system,

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTree.java

@@ -22,12 +22,12 @@
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Comparator;
 import java.util.List;
 import java.util.Objects;
 import java.util.function.BiConsumer;
 
 import static org.elasticsearch.core.PathUtils.getDefaultFileSystem;
+import static org.elasticsearch.entitlement.runtime.policy.FileUtils.PATH_ORDER;
 
 public final class FileAccessTree {
 
@@ -236,30 +236,4 @@ public boolean equals(Object o) {
     public int hashCode() {
         return Objects.hash(Arrays.hashCode(readPaths), Arrays.hashCode(writePaths));
     }
-
-    /**
-     * For our lexicographic sort trick to work correctly, we must have path separators sort before
-     * any other character so that files in a directory appear immediately after that directory.
-     * For example, we require [/a, /a/b, /a.xml] rather than the natural order [/a, /a.xml, /a/b].
-     */
-    private static final Comparator<String> PATH_ORDER = (s1, s2) -> {
-        Path p1 = Path.of(s1);
-        Path p2 = Path.of(s2);
-        var i1 = p1.iterator();
-        var i2 = p2.iterator();
-        while (i1.hasNext() && i2.hasNext()) {
-            int cmp = i1.next().compareTo(i2.next());
-            if (cmp != 0) {
-                return cmp;
-            }
-        }
-        if (i1.hasNext()) {
-            return 1;
-        } else if (i2.hasNext()) {
-            return -1;
-        } else {
-            assert p1.equals(p2);
-            return 0;
-        }
-    };
 }

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/FileUtils.java

@@ -0,0 +1,107 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.entitlement.runtime.policy;
+
+import org.elasticsearch.core.SuppressForbidden;
+
+import java.io.File;
+import java.util.Comparator;
+
+import static java.lang.Character.isLetter;
+
+public class FileUtils {
+
+    private FileUtils() {}
+
+    /**
+     * For our lexicographic sort trick to work correctly, we must have path separators sort before
+     * any other character so that files in a directory appear immediately after that directory.
+     * For example, we require [/a, /a/b, /a.xml] rather than the natural order [/a, /a.xml, /a/b].
+     */
+    static final Comparator<String> PATH_ORDER = (s1, s2) -> {
+        int len1 = s1.length();
+        int len2 = s2.length();
+        int lim = Math.min(len1, len2);
+        for (int k = 0; k < lim; k++) {
+            char c1 = s1.charAt(k);
+            char c2 = s2.charAt(k);
+            if (c1 == c2) {
+                continue;
+            }
+            boolean c1IsSeparator = isPathSeparator(c1);
+            boolean c2IsSeparator = isPathSeparator(c2);
+            if (c1IsSeparator == false || c2IsSeparator == false) {
+                if (c1IsSeparator) {
+                    return -1;
+                }
+                if (c2IsSeparator) {
+                    return 1;
+                }
+                return c1 - c2;
+            }
+        }
+        return len1 - len2;
+    };
+
+    @SuppressForbidden(reason = "we need the separator as a char, not a string")
+    private static boolean isPathSeparator(char c) {
+        return c == File.separatorChar;
+    }
+
+    /**
+     * Tests if a path is absolute or relative, taking into consideration both Unix and Windows conventions.
+     * Note that this leads to a conflict, resolved in favor of Unix rules: `/foo` can be either a Unix absolute path, or a Windows
+     * relative path with "wrong" directory separator (using non-canonical / in Windows).
+     * This method is intended to be used as validation for different file entitlements format: therefore it is preferable to reject a
+     * relative path that is definitely absolute on Unix, rather than accept it as a possible relative path on Windows (if that is the case,
+     * the developer can easily fix the path by using the correct platform separators).
+     */
+    public static boolean isAbsolutePath(String path) {
+        if (path.isEmpty()) {
+            return false;
+        }
+        if (path.charAt(0) == '/') {
+            // Unix/BSD absolute
+            return true;
+        }
+
+        return isWindowsAbsolutePath(path);
+    }
+
+    /**
+     * When testing for path separators in a platform-agnostic way, we may encounter both kinds of slashes, especially when
+     * processing windows paths. The JDK parses paths the same way under Windows.
+     */
+    static boolean isSlash(char c) {
+        return (c == '\\') || (c == '/');
+    }
+
+    private static boolean isWindowsAbsolutePath(String input) {
+        // if a prefix is present, we expected (long) UNC or (long) absolute
+        if (input.startsWith("\\\\?\\")) {
+            return true;
+        }
+
+        if (input.length() > 1) {
+            char c0 = input.charAt(0);
+            char c1 = input.charAt(1);
+            if (isSlash(c0) && isSlash(c1)) {
+                // Two slashes or more: UNC
+                return true;
+            }
+            if (isLetter(c0) && c1 == ':') {
+                // A drive: absolute
+                return true;
+            }
+        }
+        // Otherwise relative
+        return false;
+    }
+}

libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/Platform.java

@@ -0,0 +1,35 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the "Elastic License
+ * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side
+ * Public License v 1"; you may not use this file except in compliance with, at
+ * your election, the "Elastic License 2.0", the "GNU Affero General Public
+ * License v3.0 only", or the "Server Side Public License, v 1".
+ */
+
+package org.elasticsearch.entitlement.runtime.policy;
+
+public enum Platform {
+    LINUX,
+    MACOS,
+    WINDOWS;
+
+    private static final Platform current = findCurrent();
+
+    private static Platform findCurrent() {
+        String os = System.getProperty("os.name");
+        if (os.startsWith("Linux")) {
+            return LINUX;
+        } else if (os.startsWith("Mac OS")) {
+            return MACOS;
+        } else if (os.startsWith("Windows")) {
+            return WINDOWS;
+        } else {
+            throw new AssertionError("Unsupported platform [" + os + "]");
+        }
+    }
+
+    public boolean isCurrent() {
+        return this == current;
+    }
+}