diff --git a/docs/changelog/131680.yaml b/docs/changelog/131680.yaml new file mode 100644 index 0000000000000..0eec4d117b28f --- /dev/null +++ b/docs/changelog/131680.yaml @@ -0,0 +1,5 @@ +pr: 131680 +summary: Grant server module read/write entitlements for deprecated path setting "path.shared_data" +area: Infra/Core +type: bug +issues: [] diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java index 3d07f76670a5d..aa5cd38519b4d 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/bootstrap/EntitlementBootstrap.java @@ -69,6 +69,7 @@ public static BootstrapArgs bootstrapArgs() { * @param scopeResolver a functor to map a Java Class to the component and module it belongs to. * @param settingResolver a functor to resolve a setting name pattern for one or more Elasticsearch settings. * @param dataDirs data directories for Elasticsearch + * @param sharedDataDir shared data directory for Elasticsearch (deprecated) * @param sharedRepoDirs shared repository directories for Elasticsearch * @param configDir the config directory for Elasticsearch * @param libDir the lib directory for Elasticsearch @@ -86,6 +87,7 @@ public static void bootstrap( Function, PolicyManager.PolicyScope> scopeResolver, Function> settingResolver, Path[] dataDirs, + Path sharedDataDir, Path[] sharedRepoDirs, Path configDir, Path libDir, @@ -109,6 +111,7 @@ public static void bootstrap( getUserHome(), configDir, dataDirs, + sharedDataDir, sharedRepoDirs, libDir, modulesDir, diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/HardcodedEntitlements.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/HardcodedEntitlements.java index 33f197b0a63d9..5c15ce3ff7f36 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/HardcodedEntitlements.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/initialization/HardcodedEntitlements.java @@ -37,6 +37,7 @@ import static org.elasticsearch.entitlement.runtime.policy.PathLookup.BaseDir.LOGS; import static org.elasticsearch.entitlement.runtime.policy.PathLookup.BaseDir.MODULES; import static org.elasticsearch.entitlement.runtime.policy.PathLookup.BaseDir.PLUGINS; +import static org.elasticsearch.entitlement.runtime.policy.PathLookup.BaseDir.SHARED_DATA; import static org.elasticsearch.entitlement.runtime.policy.PathLookup.BaseDir.SHARED_REPO; import static org.elasticsearch.entitlement.runtime.policy.Platform.LINUX; import static org.elasticsearch.entitlement.runtime.policy.entitlements.FilesEntitlement.Mode.READ; @@ -57,6 +58,7 @@ private static List createServerEntitlements(Path pidFile) { FilesEntitlement.FileData.ofBaseDirPath(LOGS, READ_WRITE), FilesEntitlement.FileData.ofBaseDirPath(LIB, READ), FilesEntitlement.FileData.ofBaseDirPath(DATA, READ_WRITE), + FilesEntitlement.FileData.ofBaseDirPath(SHARED_DATA, READ_WRITE), FilesEntitlement.FileData.ofBaseDirPath(SHARED_REPO, READ_WRITE), // exclusive settings file FilesEntitlement.FileData.ofRelativePath(Path.of("operator/settings.json"), CONFIG, READ_WRITE).withExclusive(true), diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookup.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookup.java index 0781ee3a92059..ceb502780bc85 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookup.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookup.java @@ -20,6 +20,7 @@ enum BaseDir { USER_HOME, CONFIG, DATA, + SHARED_DATA, SHARED_REPO, LIB, MODULES, diff --git a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookupImpl.java b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookupImpl.java index 59ca7fd9c641c..88cd7e5fb6f02 100644 --- a/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookupImpl.java +++ b/libs/entitlement/src/main/java/org/elasticsearch/entitlement/runtime/policy/PathLookupImpl.java @@ -25,6 +25,7 @@ public record PathLookupImpl( Path homeDir, Path configDir, Path[] dataDirs, + Path sharedDataDir, Path[] sharedRepoDirs, Path libDir, Path modulesDir, @@ -56,6 +57,7 @@ public Stream getBaseDirPaths(BaseDir baseDir) { return switch (baseDir) { case USER_HOME -> Stream.of(homeDir); case DATA -> Arrays.stream(dataDirs); + case SHARED_DATA -> Stream.ofNullable(sharedDataDir); case SHARED_REPO -> Arrays.stream(sharedRepoDirs); case CONFIG -> Stream.of(configDir); case LIB -> Stream.of(libDir); diff --git a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidationTests.java b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidationTests.java index 4ca57a99e0a32..b3297bdaa177c 100644 --- a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidationTests.java +++ b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/initialization/FilesEntitlementsValidationTests.java @@ -48,6 +48,7 @@ public static void beforeClass() { testBaseDir.resolve("user/home"), TEST_CONFIG_DIR, new Path[] { testBaseDir.resolve("data1"), testBaseDir.resolve("data2") }, + Path.of("/shareddata"), new Path[] { testBaseDir.resolve("shared1"), testBaseDir.resolve("shared2") }, TEST_LIBS_DIR, testBaseDir.resolve("modules"), diff --git a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java index eb2fd64fc11b2..f32574da47b31 100644 --- a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java +++ b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/FileAccessTreeTests.java @@ -60,6 +60,7 @@ private static Path path(String s) { Path.of("/home"), Path.of("/config"), new Path[] { Path.of("/data1"), Path.of("/data2") }, + Path.of("/shareddata"), new Path[] { Path.of("/shared1"), Path.of("/shared2") }, Path.of("/lib"), Path.of("/modules"), diff --git a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java index bb48fddf56422..28275ad699bf8 100644 --- a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java +++ b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/PolicyManagerTests.java @@ -73,6 +73,7 @@ public static void beforeClass() { TEST_BASE_DIR.resolve("/user/home"), TEST_BASE_DIR.resolve("/config"), new Path[] { TEST_BASE_DIR.resolve("/data1/"), TEST_BASE_DIR.resolve("/data2") }, + TEST_BASE_DIR.resolve("/shareddata"), new Path[] { TEST_BASE_DIR.resolve("/shared1"), TEST_BASE_DIR.resolve("/shared2") }, TEST_BASE_DIR.resolve("/lib"), TEST_BASE_DIR.resolve("/modules"), diff --git a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlementTests.java b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlementTests.java index 84c4833ca6aae..d6f85eb4f069a 100644 --- a/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlementTests.java +++ b/libs/entitlement/src/test/java/org/elasticsearch/entitlement/runtime/policy/entitlements/FilesEntitlementTests.java @@ -47,6 +47,7 @@ public static void setupRoot() { Path.of("/home"), Path.of("/config"), new Path[] { Path.of("/data1"), Path.of("/data2") }, + Path.of("/shareddata"), new Path[] { Path.of("/shared1"), Path.of("/shared2") }, Path.of("/lib"), Path.of("/modules"), diff --git a/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java b/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java index d60c5b7e57deb..140f418a8ed7a 100644 --- a/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java +++ b/server/src/main/java/org/elasticsearch/bootstrap/Elasticsearch.java @@ -261,6 +261,7 @@ private static void initPhase2(Bootstrap bootstrap) throws IOException { scopeResolver::resolveClassToScope, nodeEnv.settings()::getValues, nodeEnv.dataDirs(), + nodeEnv.sharedDataDir(), nodeEnv.repoDirs(), nodeEnv.configDir(), nodeEnv.libDir(),