From 5d76fe4e72d839eab189210daa333a9947106225 Mon Sep 17 00:00:00 2001 From: Lorenzo Dematte Date: Thu, 20 Mar 2025 12:02:00 +0100 Subject: [PATCH 1/2] Add warning if a legacy policy file is found --- .../elasticsearch/plugins/cli/InstallPluginAction.java | 8 ++++++++ .../org/elasticsearch/plugins/cli/PluginSecurity.java | 3 +++ 2 files changed, 11 insertions(+) diff --git a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java index 0803d24c3914f..f16b293142980 100644 --- a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java +++ b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java @@ -923,6 +923,14 @@ void jarHellCheck(PluginDescriptor candidateInfo, Path candidateDir, Path plugin */ private PluginDescriptor installPlugin(InstallablePlugin descriptor, Path tmpRoot, List deleteOnFailure) throws Exception { final PluginDescriptor info = loadPluginInfo(tmpRoot); + + Path legacyPolicyFile = tmpRoot.resolve(PluginDescriptor.ES_PLUGIN_POLICY); + if (Files.exists(legacyPolicyFile)) { + terminal.errorPrintln("WARNING: this plugin contains a legacy Security Policy file. Starting with version 8.18, " + + "Entitlements replace SecurityManager as the security mechanism. Plugins must migrate their policy files to the new " + + "format. For more information, please refer to " + PluginSecurity.ENTITLEMENTS_DESCRIPTION_URL); + } + if (RuntimeVersionFeature.isSecurityManagerAvailable()) { PluginPolicyInfo pluginPolicy = PolicyUtil.getPluginPolicyInfo(tmpRoot, env.tmpDir()); if (pluginPolicy != null) { diff --git a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/PluginSecurity.java b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/PluginSecurity.java index 376c797d68899..6f671ccbf161b 100644 --- a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/PluginSecurity.java +++ b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/PluginSecurity.java @@ -34,6 +34,9 @@ */ public class PluginSecurity { + public static final String ENTITLEMENTS_DESCRIPTION_URL = + "https://www.elastic.co/guide/en/elasticsearch/plugins/current/creating-classic-plugins.html"; + /** * prints/confirms policy exceptions with the user */ From caa0d59acef6bdc363908822c0770ff99d62c495 Mon Sep 17 00:00:00 2001 From: elasticsearchmachine Date: Thu, 20 Mar 2025 11:14:06 +0000 Subject: [PATCH 2/2] [CI] Auto commit changes from spotless --- .../elasticsearch/plugins/cli/InstallPluginAction.java | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java index f16b293142980..13c9ac0aa2a16 100644 --- a/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java +++ b/distribution/tools/plugin-cli/src/main/java/org/elasticsearch/plugins/cli/InstallPluginAction.java @@ -926,9 +926,12 @@ private PluginDescriptor installPlugin(InstallablePlugin descriptor, Path tmpRoo Path legacyPolicyFile = tmpRoot.resolve(PluginDescriptor.ES_PLUGIN_POLICY); if (Files.exists(legacyPolicyFile)) { - terminal.errorPrintln("WARNING: this plugin contains a legacy Security Policy file. Starting with version 8.18, " + - "Entitlements replace SecurityManager as the security mechanism. Plugins must migrate their policy files to the new " + - "format. For more information, please refer to " + PluginSecurity.ENTITLEMENTS_DESCRIPTION_URL); + terminal.errorPrintln( + "WARNING: this plugin contains a legacy Security Policy file. Starting with version 8.18, " + + "Entitlements replace SecurityManager as the security mechanism. Plugins must migrate their policy files to the new " + + "format. For more information, please refer to " + + PluginSecurity.ENTITLEMENTS_DESCRIPTION_URL + ); } if (RuntimeVersionFeature.isSecurityManagerAvailable()) {