opensearch-project · cwperks · Sep 5, 2024 · Sep 5, 2024 · Sep 16, 2024 · Sep 16, 2024
@@ -60,6 +60,7 @@
 import org.opensearch.common.cli.EnvironmentAwareCommand;
 import org.opensearch.common.collect.Tuple;
 import org.opensearch.common.hash.MessageDigests;
+import org.opensearch.common.settings.Settings;
 import org.opensearch.common.util.io.IOUtils;
 import org.opensearch.env.Environment;
 import org.opensearch.plugins.Platforms;
@@ -95,6 +96,7 @@
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Enumeration;
+import java.util.HashMap;
 import java.util.HashSet;
 import java.util.LinkedHashMap;
 import java.util.List;
@@ -106,6 +108,10 @@
 import java.util.stream.Collectors;
 
 import static org.opensearch.cli.Terminal.Verbosity.VERBOSE;
+import static org.opensearch.plugins.PluginInfo.CLUSTER_ACTIONS_SETTING;
+import static org.opensearch.plugins.PluginInfo.DESCRIPTION_SETTING;
+import static org.opensearch.plugins.PluginInfo.INDEX_ACTIONS_SETTING;
+import static org.opensearch.plugins.PluginInfo.parseRequestedActions;
 
 /**
  * A command for the plugin cli to install a plugin into opensearch.
@@ -850,7 +856,34 @@ private PluginInfo installPlugin(Terminal terminal, boolean isBatch, Path tmpRoo
         } else {
             permissions = Collections.emptySet();
         }
-        PluginSecurity.confirmPolicyExceptions(terminal, permissions, isBatch);
+
+        Path actions = tmpRoot.resolve(PluginInfo.OPENSEARCH_PLUGIN_ACTIONS);
+        Settings requestedActions = Settings.EMPTY;
+
+        if (Files.exists(actions)) {
+            requestedActions = parseRequestedActions(actions);
+        }
+
+        final Map<String, List<String>> requestedIndexActions = new HashMap<>();
+
+        final List<String> requestedClusterActions = CLUSTER_ACTIONS_SETTING.get(requestedActions);
+        final Settings requestedIndexActionsGroup = INDEX_ACTIONS_SETTING.get(requestedActions);
+        final String pluginActionDescription = DESCRIPTION_SETTING.get(requestedActions);
+        if (!requestedIndexActionsGroup.keySet().isEmpty()) {
+            for (String indexPattern : requestedIndexActionsGroup.keySet()) {
+                List<String> indexActionsForPattern = requestedIndexActionsGroup.getAsList(indexPattern);
+                requestedIndexActions.put(indexPattern, indexActionsForPattern);
+            }
+        }
+
+        PluginSecurity.confirmPolicyExceptions(
+            terminal,
+            permissions,
+            pluginActionDescription,
+            requestedClusterActions,
+            requestedIndexActions,
+            isBatch
+        );
 
         String targetFolderName = info.getTargetFolderName();
         final Path destination = env.pluginsDir().resolve(targetFolderName);

@@ -51,6 +51,7 @@
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.List;
+import java.util.Map;
 import java.util.Set;
 import java.util.stream.Collectors;
 
@@ -64,10 +65,17 @@ class PluginSecurity {
     /**
      * prints/confirms policy exceptions with the user
      */
-    static void confirmPolicyExceptions(Terminal terminal, Set<String> permissions, boolean batch) throws UserException {
+    static void confirmPolicyExceptions(
+        Terminal terminal,
+        Set<String> permissions,
+        String description,
+        List<String> requestedClusterActions,
+        Map<String, List<String>> requestedIndexActions,
+        boolean batch
+    ) throws UserException {
         List<String> requested = new ArrayList<>(permissions);
-        if (requested.isEmpty()) {
-            terminal.println(Verbosity.VERBOSE, "plugin has a policy file with no additional permissions");
+        if (requested.isEmpty() && requestedClusterActions.isEmpty() && requestedIndexActions.isEmpty()) {
+            terminal.println(Verbosity.VERBOSE, "plugin has not requested any additional permissions");
         } else {
 
             // sort permissions in a reasonable order
@@ -76,12 +84,56 @@ static void confirmPolicyExceptions(Terminal terminal, Set<String> permissions,
             terminal.errorPrintln(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
             terminal.errorPrintln(Verbosity.NORMAL, "@     WARNING: plugin requires additional permissions     @");
             terminal.errorPrintln(Verbosity.NORMAL, "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
-            // print all permissions:
-            for (String permission : requested) {
-                terminal.errorPrintln(Verbosity.NORMAL, "* " + permission);
+            if (!requested.isEmpty()) {
+                // print all permissions:
+                for (String permission : requested) {
+                    terminal.errorPrintln(Verbosity.NORMAL, "* " + permission);
+                }
+                terminal.errorPrintln(
+                    Verbosity.NORMAL,
+                    "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html"
+                );
+                terminal.errorPrintln(Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
+                terminal.errorPrintln(Verbosity.NORMAL, "");
+                terminal.errorPrintln(Verbosity.NORMAL, "Plugin requests permission to perform the following transport actions. Any index");
+                terminal.errorPrintln(
+                    Verbosity.NORMAL,
+                    "pattern that appears below is a default value and may change depending on plugin settings."
+                );
             }
-            terminal.errorPrintln(Verbosity.NORMAL, "See http://docs.oracle.com/javase/8/docs/technotes/guides/security/permissions.html");
-            terminal.errorPrintln(Verbosity.NORMAL, "for descriptions of what these permissions allow and the associated risks.");
+            if (!requestedClusterActions.isEmpty() || !requestedIndexActions.isEmpty()) {
+                terminal.errorPrintln(Verbosity.NORMAL, "");
+                if (description != null) {
+                    terminal.errorPrintln(Verbosity.NORMAL, description);
+                    terminal.errorPrintln(Verbosity.NORMAL, "");
+                }
+                terminal.errorPrintln(Verbosity.NORMAL, "Cluster Actions");
+                terminal.errorPrintln(Verbosity.NORMAL, "---------------");
+                terminal.errorPrintln(Verbosity.NORMAL, "");
+                if (requestedClusterActions.isEmpty()) {
+                    terminal.errorPrintln(Verbosity.NORMAL, "None");
+                } else {
+                    for (String clusterAction : requestedClusterActions) {
+                        terminal.errorPrintln(Verbosity.NORMAL, "* " + clusterAction);
+                    }
+                }
+                terminal.errorPrintln(Verbosity.NORMAL, "");
+                terminal.errorPrintln(Verbosity.NORMAL, "Index Actions");
+                terminal.errorPrintln(Verbosity.NORMAL, "-------------");
+                terminal.errorPrintln(Verbosity.NORMAL, "");
+                if (requestedIndexActions.isEmpty()) {
+                    terminal.errorPrintln(Verbosity.NORMAL, "None");
+                } else {
+                    for (Map.Entry<String, List<String>> entry : requestedIndexActions.entrySet()) {
+                        terminal.errorPrintln(Verbosity.NORMAL, "Index Pattern: " + entry.getKey());
+                        terminal.errorPrintln(Verbosity.NORMAL, "");
+                        for (String indexAction : entry.getValue()) {
+                            terminal.errorPrintln(Verbosity.NORMAL, "* " + indexAction);
+                        }
+                    }
+                }
+            }
+
             prompt(terminal, batch);
         }
     }

@@ -266,6 +266,11 @@ static String createPluginUrl(String name, Path structure, String... additionalP
         return createPlugin(name, structure, additionalProps).toUri().toURL().toString();
     }
 
+    /** creates a plugin .zip and returns the url for testing */
+    static String createPluginWithRequestedActionsUrl(String name, Path structure, String... additionalProps) throws IOException {
+        return createPluginWithRequestedActions(name, structure, additionalProps).toUri().toURL().toString();
+    }
+
     static void writePlugin(String name, Path structure, String... additionalProps) throws IOException {
         String[] properties = Stream.concat(
             Stream.of(
@@ -289,6 +294,31 @@ static void writePlugin(String name, Path structure, String... additionalProps)
         writeJar(structure.resolve("plugin.jar"), className);
     }
 
+    static void writePluginWithRequestedActions(String name, Path structure, String... additionalProps) throws IOException {
+        String[] properties = Stream.concat(
+            Stream.of(
+                "description",
+                "fake desc",
+                "name",
+                name,
+                "version",
+                "1.0",
+                "opensearch.version",
+                Version.CURRENT.toString(),
+                "java.version",
+                System.getProperty("java.specification.version"),
+                "classname",
+                "FakePlugin"
+            ),
+            Arrays.stream(additionalProps)
+        ).toArray(String[]::new);
+
+        PluginTestUtil.writePluginProperties(structure, properties);
+        writePluginPermissionsYaml(structure);
+        String className = name.substring(0, 1).toUpperCase(Locale.ENGLISH) + name.substring(1) + "Plugin";
+        writeJar(structure.resolve("plugin.jar"), className);
+    }
+
     static void writePlugin(String name, Path structure, SemverRange opensearchVersionRange, String... additionalProps) throws IOException {
         String[] properties = Stream.concat(
             Stream.of(
@@ -329,11 +359,25 @@ static void writePluginSecurityPolicy(Path pluginDir, String... permissions) thr
         Files.write(pluginDir.resolve("plugin-security.policy"), securityPolicyContent.toString().getBytes(StandardCharsets.UTF_8));
     }
 
+    static void writePluginPermissionsYaml(Path pluginDir, String... permissions) throws IOException {
+        String permissionsYamlContent = "cluster.actions:\n"
+            + "  - cluster:monitor/health\n"
+            + "indices.actions:\n"
+            + "  example-index*:\n"
+            + "    - indices:data/write/index*";
+        Files.write(pluginDir.resolve("plugin-permissions.yml"), permissionsYamlContent.getBytes(StandardCharsets.UTF_8));
+    }
+
     static Path createPlugin(String name, Path structure, String... additionalProps) throws IOException {
         writePlugin(name, structure, additionalProps);
         return writeZip(structure, null);
     }
 
+    static Path createPluginWithRequestedActions(String name, Path structure, String... additionalProps) throws IOException {
+        writePluginWithRequestedActions(name, structure, additionalProps);
+        return writeZip(structure, null);
+    }
+
     void installPlugin(String pluginUrl, Path home) throws Exception {
         installPlugin(pluginUrl, home, skipJarHellCommand);
     }
@@ -1410,43 +1454,37 @@ private String signature(final byte[] bytes, final PGPSecretKey secretKey) {
     // checks the plugin requires a policy confirmation, and does not install when that is rejected by the user
     // the plugin is installed after this method completes
     private void assertPolicyConfirmation(Tuple<Path, Environment> env, String pluginZip, String... warnings) throws Exception {
-        for (int i = 0; i < warnings.length; ++i) {
-            String warning = warnings[i];
-            for (int j = 0; j < i; ++j) {
-                terminal.addTextInput("y"); // accept warnings we have already tested
-            }
-            // default answer, does not install
-            terminal.addTextInput("");
-            UserException e = expectThrows(UserException.class, () -> installPlugin(pluginZip, env.v1()));
-            assertEquals("installation aborted by user", e.getMessage());
-
-            assertThat(terminal.getErrorOutput(), containsString("WARNING: " + warning));
-            try (Stream<Path> fileStream = Files.list(env.v2().pluginsDir())) {
-                assertThat(fileStream.collect(Collectors.toList()), empty());
-            }
+        // default answer, does not install
+        terminal.addTextInput("");
+        UserException e = expectThrows(UserException.class, () -> installPlugin(pluginZip, env.v1()));
+        assertEquals("installation aborted by user", e.getMessage());
 
-            // explicitly do not install
-            terminal.reset();
-            for (int j = 0; j < i; ++j) {
-                terminal.addTextInput("y"); // accept warnings we have already tested
-            }
-            terminal.addTextInput("n");
-            e = expectThrows(UserException.class, () -> installPlugin(pluginZip, env.v1()));
-            assertEquals("installation aborted by user", e.getMessage());
-            assertThat(terminal.getErrorOutput(), containsString("WARNING: " + warning));
-            try (Stream<Path> fileStream = Files.list(env.v2().pluginsDir())) {
-                assertThat(fileStream.collect(Collectors.toList()), empty());
-            }
+        try (Stream<Path> fileStream = Files.list(env.v2().pluginsDir())) {
+            assertThat(fileStream.collect(Collectors.toList()), empty());
         }
 
-        // allow installation
+        for (String warning : warnings) {
+            assertThat(terminal.getErrorOutput(), containsString(warning));
+        }
+
+        // explicitly do not install
         terminal.reset();
-        for (int j = 0; j < warnings.length; ++j) {
-            terminal.addTextInput("y");
+        terminal.addTextInput("n");
+        e = expectThrows(UserException.class, () -> installPlugin(pluginZip, env.v1()));
+        assertEquals("installation aborted by user", e.getMessage());
+        try (Stream<Path> fileStream = Files.list(env.v2().pluginsDir())) {
+            assertThat(fileStream.collect(Collectors.toList()), empty());
+        }
+        for (String warning : warnings) {
+            assertThat(terminal.getErrorOutput(), containsString(warning));
         }
+
+        // allow installation
+        terminal.reset();
+        terminal.addTextInput("y");
         installPlugin(pluginZip, env.v1());
         for (String warning : warnings) {
-            assertThat(terminal.getErrorOutput(), containsString("WARNING: " + warning));
+            assertThat(terminal.getErrorOutput(), containsString(warning));
         }
     }
 
@@ -1456,7 +1494,16 @@ public void testPolicyConfirmation() throws Exception {
         writePluginSecurityPolicy(pluginDir, "setAccessible", "setFactory");
         String pluginZip = createPluginUrl("fake", pluginDir);
 
-        assertPolicyConfirmation(env, pluginZip, "plugin requires additional permissions");
+        assertPolicyConfirmation(env, pluginZip, "WARNING: plugin requires additional permissions");
+        assertPlugin("fake", pluginDir, env.v2());
+    }
+
+    public void testRequestedActionsConfirmation() throws Exception {
+        Tuple<Path, Environment> env = createEnv(fs, temp);
+        Path pluginDir = createPluginDir(temp);
+        String pluginZip = createPluginWithRequestedActionsUrl("fake", pluginDir);
+
+        assertPolicyConfirmation(env, pluginZip, "WARNING: plugin requires additional permissions", "Cluster Actions", "Index Actions");
         assertPlugin("fake", pluginDir, env.v2());
     }
 

@@ -28,6 +28,7 @@
 import org.opensearch.plugins.ActionPlugin;
 import org.opensearch.plugins.IdentityPlugin;
 import org.opensearch.plugins.Plugin;
+import org.opensearch.plugins.PluginInfo;
 import org.opensearch.repositories.RepositoriesService;
 import org.opensearch.rest.BytesRestResponse;
 import org.opensearch.rest.RestChannel;
@@ -138,7 +139,8 @@ public void handleRequest(RestRequest request, RestChannel channel, NodeClient c
         }
     }
 
-    public PluginSubject getPluginSubject(Plugin plugin) {
+    @Override
+    public PluginSubject getPluginSubject(PluginInfo pluginInfo) {
         return new ShiroPluginSubject(threadPool);
     }
 }
@@ -9,12 +9,14 @@
 import org.apache.logging.log4j.Logger;
 import org.opensearch.OpenSearchException;
 import org.opensearch.common.annotation.InternalApi;
+import org.opensearch.common.collect.Tuple;
 import org.opensearch.common.settings.Settings;
 import org.opensearch.identity.noop.NoopIdentityPlugin;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityAwarePlugin;
 import org.opensearch.plugins.IdentityPlugin;
 import org.opensearch.plugins.Plugin;
+import org.opensearch.plugins.PluginInfo;
 import org.opensearch.threadpool.ThreadPool;
 
 import java.util.List;
@@ -63,11 +65,11 @@ public TokenManager getTokenManager() {
         return identityPlugin.getTokenManager();
     }
 
-    public void initializeIdentityAwarePlugins(final List<IdentityAwarePlugin> identityAwarePlugins) {
+    public void initializeIdentityAwarePlugins(final List<Tuple<PluginInfo, Plugin>> identityAwarePlugins) {
         if (identityAwarePlugins != null) {
-            for (IdentityAwarePlugin plugin : identityAwarePlugins) {
-                PluginSubject pluginSubject = identityPlugin.getPluginSubject((Plugin) plugin);
-                plugin.assignSubject(pluginSubject);
+            for (Tuple<PluginInfo, Plugin> pluginTuple : identityAwarePlugins) {
+                PluginSubject pluginSubject = identityPlugin.getPluginSubject(pluginTuple.v1());
+                ((IdentityAwarePlugin) pluginTuple.v2()).assignSubject(pluginSubject);
             }
         }
     }

@@ -12,7 +12,7 @@
 import org.opensearch.identity.Subject;
 import org.opensearch.identity.tokens.TokenManager;
 import org.opensearch.plugins.IdentityPlugin;
-import org.opensearch.plugins.Plugin;
+import org.opensearch.plugins.PluginInfo;
 import org.opensearch.threadpool.ThreadPool;
 
 /**
@@ -49,7 +49,7 @@ public TokenManager getTokenManager() {
     }
 
     @Override
-    public PluginSubject getPluginSubject(Plugin plugin) {
+    public PluginSubject getPluginSubject(PluginInfo pluginInfo) {
         return new NoopPluginSubject(threadPool);
     }
 }