From c96067d9aba03932bed831600a0dfef8593600ca Mon Sep 17 00:00:00 2001 From: Ryan Ernst Date: Tue, 25 Feb 2025 15:32:30 -0800 Subject: [PATCH] Give NamedComponentReader access to read plugins directories The NamedComponentReader reads a file created upon plugin installation for stable plugins from the plugin installation dir. This commit passes the plugins directory through to entitlements and grants server access. --- .../entitlement/bootstrap/EntitlementBootstrap.java | 5 +++++ .../initialization/EntitlementInitialization.java | 1 + .../main/java/org/elasticsearch/bootstrap/Elasticsearch.java | 1 + 3 files changed, 7 insertions(+) diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java index 6a80ec75751c5..85ee115be91ad 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java @@ -41,6 +41,7 @@ public record BootstrapArgs( Path[] sharedRepoDirs, Path configDir, Path libDir, + Path pluginsDir, Path logsDir, Path tempDir, Path pidFile, @@ -58,6 +59,7 @@ public record BootstrapArgs( requireNonNull(sharedRepoDirs); requireNonNull(configDir); requireNonNull(libDir); + requireNonNull(pluginsDir); requireNonNull(logsDir); requireNonNull(tempDir); requireNonNull(suppressFailureLogClasses); @@ -82,6 +84,7 @@ public static BootstrapArgs bootstrapArgs() { * @param sharedRepoDirs shared repository directories for Elasticsearch * @param configDir the config directory for Elasticsearch * @param libDir the lib directory for Elasticsearch + * @param pluginsDir the directory where plugins are installed for Elasticsearch * @param tempDir the temp directory for Elasticsearch * @param logsDir the log directory for Elasticsearch * @param pidFile path to a pid file for Elasticsearch, or {@code null} if one was not specified @@ -96,6 +99,7 @@ public static void bootstrap( Path[] sharedRepoDirs, Path configDir, Path libDir, + Path pluginsDir, Path logsDir, Path tempDir, Path pidFile, @@ -114,6 +118,7 @@ public static void bootstrap( sharedRepoDirs, configDir, libDir, + pluginsDir, logsDir, tempDir, pidFile, diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java index 64d84989b25c4..60bd52a02ab54 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/EntitlementInitialization.java @@ -152,6 +152,7 @@ private static PolicyManager createPolicyManager() { Collections.addAll( serverModuleFileDatas, // Base ES directories + FileData.ofPath(bootstrapArgs.pluginsDir(), READ), FileData.ofPath(bootstrapArgs.configDir(), READ), FileData.ofPath(bootstrapArgs.logsDir(), READ_WRITE), FileData.ofRelativePath(Path.of(""), DATA, READ_WRITE), diff --git a/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java b/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java index 79f15bb208176..c0ef9e28345fc 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java @@ -254,6 +254,7 @@ private static void initPhase2(Bootstrap bootstrap) throws IOException { nodeEnv.repoDirs(), nodeEnv.configDir(), nodeEnv.libDir(), + nodeEnv.pluginsDir(), nodeEnv.logsDir(), nodeEnv.tmpDir(), args.pidFile(),