diff --git a/ci/supported-es-versions/es9x.txt b/ci/supported-es-versions/es9x.txt index 4177946350..6b58860280 100644 --- a/ci/supported-es-versions/es9x.txt +++ b/ci/supported-es-versions/es9x.txt @@ -1 +1,2 @@ +9.0.0-rc1 9.0.0-beta1 diff --git a/es90x/gradle.properties b/es90x/gradle.properties index e702db76db..e9b3be41d4 100644 --- a/es90x/gradle.properties +++ b/es90x/gradle.properties @@ -1 +1 @@ -latestSupportedEsVersion=9.0.0-beta1 \ No newline at end of file +latestSupportedEsVersion=9.0.0-rc1 \ No newline at end of file diff --git a/es90x/plugin-metadata/entitlement-policy.yaml b/es90x/plugin-metadata/entitlement-policy.yaml new file mode 100644 index 0000000000..b4d2d13728 --- /dev/null +++ b/es90x/plugin-metadata/entitlement-policy.yaml @@ -0,0 +1,9 @@ +ALL-UNNAMED: + - files: + - relative_path: ../ + relative_to: config + mode: read + - manage_threads + - inbound_network + - outbound_network + - create_class_loader \ No newline at end of file diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es80xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es80xPatch.scala index ac05f06b38..ee7941aa0d 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es80xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es80xPatch.scala @@ -28,7 +28,7 @@ import scala.language.postfixOps private[patches] class Es80xPatch(rorPluginDirectory: RorPluginDirectory, esVersion: SemVer) extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), new RorSecurityPolicyPatchCreator( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es813xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es813xPatch.scala index 2dcb133081..5a95e4940e 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es813xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es813xPatch.scala @@ -29,7 +29,7 @@ private[patches] class Es813xPatch(rorPluginDirectory: RorPluginDirectory, esVer extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( OpenModule, - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), new RorSecurityPolicyPatchCreator( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es814xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es814xPatch.scala index cbd82c4b1e..4007f9ecfa 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es814xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es814xPatch.scala @@ -29,7 +29,7 @@ private[patches] class Es814xPatch(rorPluginDirectory: RorPluginDirectory, esVer extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( OpenModule, - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), new RorSecurityPolicyPatchCreator( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es815xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es815xPatch.scala index 8922d01a10..41a6764037 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es815xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es815xPatch.scala @@ -29,7 +29,7 @@ private[patches] class Es815xPatch(rorPluginDirectory: RorPluginDirectory, esVer extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( OpenModule, - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new SecurityManagerShouldAllowReadingEsConfigFile(esVersion), new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es83xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es83xPatch.scala index 987cac5a46..bc4feb1581 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es83xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es83xPatch.scala @@ -29,7 +29,7 @@ private[patches] class Es83xPatch(rorPluginDirectory: RorPluginDirectory, esVers extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( OpenModule, - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), new RorSecurityPolicyPatchCreator( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es89xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es89xPatch.scala index e51057df67..ab53f55bb9 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es89xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es89xPatch.scala @@ -29,7 +29,7 @@ private[patches] class Es89xPatch(rorPluginDirectory: RorPluginDirectory, esVers extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( OpenModule, - ModifyPolicyUtilClass, + ModifyBootstrapPolicyUtilClass, new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) ), new RorSecurityPolicyPatchCreator( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es90xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es90xPatch.scala new file mode 100644 index 0000000000..655a43be99 --- /dev/null +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es90xPatch.scala @@ -0,0 +1,49 @@ +/* + * This file is part of ReadonlyREST. + * + * ReadonlyREST is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * ReadonlyREST is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ + */ +package tech.beshu.ror.tools.core.patches + +import just.semver.SemVer +import tech.beshu.ror.tools.core.patches.base.TransportNetty4AwareEsPatch +import tech.beshu.ror.tools.core.patches.internal.RorPluginDirectory +import tech.beshu.ror.tools.core.patches.internal.filePatchers.* +import tech.beshu.ror.tools.core.patches.internal.modifiers.bytecodeJars.* + +import scala.language.postfixOps + +private[patches] class Es90xPatch(rorPluginDirectory: RorPluginDirectory, esVersion: SemVer) + extends TransportNetty4AwareEsPatch(rorPluginDirectory, esVersion, + new ElasticsearchJarPatchCreator( + OpenModule, + new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) + ), + new EntitlementJarPatchCreator( + ModifyEntitlementRuntimePolicyUtilsClass, + ), + new XPackCoreJarPatchCreator( + OpenModule, + DisabledAsyncSearchSecurity + ), + new XPackSecurityJarPatchCreator( + OpenModule, + DeactivateSecurityActionFilter, + DeactivateAuthenticationServiceInHttpTransport, + DummyAuthorizeInAuthorizationService + ), + new XPackIlmJarPatchCreator( + OpenModule + ) + ) diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/base/EsPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/base/EsPatch.scala index 5d5a00d1cb..720f239403 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/base/EsPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/base/EsPatch.scala @@ -89,6 +89,7 @@ object EsPatch { val rorPluginDirectory = new RorPluginDirectory(esDirectory) new EsPatchLoggingDecorator( readEsVersion(esDirectory) match { + case esVersion if esVersion >= es900rc1 => new Es90xPatch(rorPluginDirectory, esVersion) case esVersion if esVersion >= es8150 => new Es815xPatch(rorPluginDirectory, esVersion) case esVersion if esVersion >= es8140 => new Es814xPatch(rorPluginDirectory, esVersion) case esVersion if esVersion >= es8130 => new Es813xPatch(rorPluginDirectory, esVersion) diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/filePatchers/EntitlementJarPatchCreator.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/filePatchers/EntitlementJarPatchCreator.scala new file mode 100644 index 0000000000..21d2b54598 --- /dev/null +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/filePatchers/EntitlementJarPatchCreator.scala @@ -0,0 +1,38 @@ +/* + * This file is part of ReadonlyREST. + * + * ReadonlyREST is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * ReadonlyREST is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ + */ +package tech.beshu.ror.tools.core.patches.internal.filePatchers + +import just.semver.SemVer +import tech.beshu.ror.tools.core.patches.internal.modifiers.FileModifier +import tech.beshu.ror.tools.core.patches.internal.{FileModifiersBasedPatch, RorPluginDirectory} + +private[patches] class EntitlementJarPatchCreator(patchingSteps: FileModifier*) + extends FilePatchCreator[EntitlementJarPatch] { + + override def create(rorPluginDirectory: RorPluginDirectory, + esVersion: SemVer): EntitlementJarPatch = + new EntitlementJarPatch(rorPluginDirectory, esVersion, patchingSteps) +} + +private[patches] class EntitlementJarPatch(rorPluginDirectory: RorPluginDirectory, + esVersion: SemVer, + patchingSteps: Iterable[FileModifier]) + extends FileModifiersBasedPatch( + rorPluginDirectory = rorPluginDirectory, + fileToPatchPath = rorPluginDirectory.esDirectory.libPath / s"elasticsearch-entitlement-${esVersion.render}.jar", + patchingSteps = patchingSteps + ) \ No newline at end of file diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyPolicyUtilClass.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyBootstrapPolicyUtilClass.scala similarity index 99% rename from ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyPolicyUtilClass.scala rename to ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyBootstrapPolicyUtilClass.scala index b3b2496f00..b49e6d009c 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyPolicyUtilClass.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyBootstrapPolicyUtilClass.scala @@ -21,7 +21,7 @@ import tech.beshu.ror.tools.core.patches.internal.modifiers.BytecodeJarModifier import java.io.{File, InputStream} -private [patches] object ModifyPolicyUtilClass extends BytecodeJarModifier { +private [patches] object ModifyBootstrapPolicyUtilClass extends BytecodeJarModifier { override def apply(jar: File): Unit = { modifyFileInJar( diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyEntitlementRuntimePolicyUtilsClass.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyEntitlementRuntimePolicyUtilsClass.scala new file mode 100644 index 0000000000..48cfbaa06a --- /dev/null +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/ModifyEntitlementRuntimePolicyUtilsClass.scala @@ -0,0 +1,130 @@ +/* + * This file is part of ReadonlyREST. + * + * ReadonlyREST is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * ReadonlyREST is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ + */ +package tech.beshu.ror.tools.core.patches.internal.modifiers.bytecodeJars + +import org.objectweb.asm.* +import tech.beshu.ror.tools.core.patches.internal.modifiers.BytecodeJarModifier + +import java.io.{File, InputStream} + +private [patches] object ModifyEntitlementRuntimePolicyUtilsClass extends BytecodeJarModifier { + + override def apply(jar: File): Unit = { + modifyFileInJar( + jar = jar, + filePathString = "org/elasticsearch/entitlement/runtime/policy/PolicyUtils.class", + processFileContent = doTreatRorPluginAsInternalPlugin + ) + } + + private def doTreatRorPluginAsInternalPlugin(moduleInputStream: InputStream) = { + val reader = new ClassReader(moduleInputStream) + val writer = new ClassWriter(reader, 0) + reader.accept(new EsClassVisitor(writer), 0) + writer.toByteArray + } + + private class EsClassVisitor(writer: ClassWriter) + extends ClassVisitor(Opcodes.ASM9, writer) { + + override def visitMethod(access: Int, + name: String, + descriptor: String, + signature: String, + exceptions: Array[String]): MethodVisitor = { + name match { + case "parsePolicyIfExists" => + new TreatRorPluginAsInternalPlugin( + super.visitMethod(access, name, descriptor, signature, exceptions) + ) + case _ => + super.visitMethod(access, name, descriptor, signature, exceptions) + } + } + } + + + private class TreatRorPluginAsInternalPlugin(underlying: MethodVisitor) + extends MethodVisitor(Opcodes.ASM9) { + + override def visitCode(): Unit = { + underlying.visitCode() + val label0 = new Label() + underlying.visitLabel(label0) + underlying.visitLineNumber(142, label0) + underlying.visitVarInsn(Opcodes.ALOAD, 1) + underlying.visitInsn(Opcodes.ICONST_0) + underlying.visitTypeInsn(Opcodes.ANEWARRAY, "java/nio/file/LinkOption") + underlying.visitMethodInsn(Opcodes.INVOKESTATIC, "java/nio/file/Files", "exists", "(Ljava/nio/file/Path;[Ljava/nio/file/LinkOption;)Z", false) + val label1 = new Label() + underlying.visitJumpInsn(Opcodes.IFEQ, label1) + val label2 = new Label() + underlying.visitLabel(label2) + underlying.visitLineNumber(143, label2) + underlying.visitLdcInsn("readonlyrest") + underlying.visitVarInsn(Opcodes.ALOAD, 0) + underlying.visitMethodInsn(Opcodes.INVOKEVIRTUAL, "java/lang/String", "equals", "(Ljava/lang/Object;)Z", false) + val label3 = new Label() + underlying.visitJumpInsn(Opcodes.IFEQ, label3) + underlying.visitInsn(Opcodes.ICONST_0) + val label4 = new Label() + underlying.visitJumpInsn(Opcodes.GOTO, label4) + underlying.visitLabel(label3) + underlying.visitFrame(Opcodes.F_SAME, 0, null, 0, null) + underlying.visitVarInsn(Opcodes.ILOAD, 2) + underlying.visitLabel(label4) + underlying.visitFrame(Opcodes.F_SAME1, 0, null, 1, Array(Opcodes.INTEGER)) + underlying.visitVarInsn(Opcodes.ISTORE, 3) + val label5 = new Label() + underlying.visitLabel(label5) + underlying.visitLineNumber(144, label5) + underlying.visitTypeInsn(Opcodes.NEW, "org/elasticsearch/entitlement/runtime/policy/PolicyParser") + underlying.visitInsn(Opcodes.DUP) + underlying.visitVarInsn(Opcodes.ALOAD, 1) + underlying.visitInsn(Opcodes.ICONST_1) + underlying.visitTypeInsn(Opcodes.ANEWARRAY, "java/nio/file/OpenOption") + underlying.visitInsn(Opcodes.DUP) + underlying.visitInsn(Opcodes.ICONST_0) + underlying.visitFieldInsn(Opcodes.GETSTATIC, "java/nio/file/StandardOpenOption", "READ", "Ljava/nio/file/StandardOpenOption;") + underlying.visitInsn(Opcodes.AASTORE) + underlying.visitMethodInsn(Opcodes.INVOKESTATIC, "java/nio/file/Files", "newInputStream", "(Ljava/nio/file/Path;[Ljava/nio/file/OpenOption;)Ljava/io/InputStream;", false) + underlying.visitVarInsn(Opcodes.ALOAD, 0) + underlying.visitVarInsn(Opcodes.ILOAD, 3) + underlying.visitMethodInsn(Opcodes.INVOKESPECIAL, "org/elasticsearch/entitlement/runtime/policy/PolicyParser", "", "(Ljava/io/InputStream;Ljava/lang/String;Z)V", false) + underlying.visitMethodInsn(Opcodes.INVOKEVIRTUAL, "org/elasticsearch/entitlement/runtime/policy/PolicyParser", "parsePolicy", "()Lorg/elasticsearch/entitlement/runtime/policy/Policy;", false) + underlying.visitInsn(Opcodes.ARETURN) + underlying.visitLabel(label1) + underlying.visitLineNumber(146, label1) + underlying.visitFrame(Opcodes.F_SAME, 0, null, 0, null) + underlying.visitTypeInsn(Opcodes.NEW, "org/elasticsearch/entitlement/runtime/policy/Policy") + underlying.visitInsn(Opcodes.DUP) + underlying.visitVarInsn(Opcodes.ALOAD, 0) + underlying.visitMethodInsn(Opcodes.INVOKESTATIC, "java/util/List", "of", "()Ljava/util/List;", true) + underlying.visitMethodInsn(Opcodes.INVOKESPECIAL, "org/elasticsearch/entitlement/runtime/policy/Policy", "", "(Ljava/lang/String;Ljava/util/List;)V", false) + underlying.visitInsn(Opcodes.ARETURN) + val label6 = new Label() + underlying.visitLabel(label6) + underlying.visitLocalVariable("modIsExternalPlugin", "Z", null, label5, label1, 3) + underlying.visitLocalVariable("pluginName", "Ljava/lang/String;", null, label0, label6, 0) + underlying.visitLocalVariable("policyFile", "Ljava/nio/file/Path;", null, label0, label6, 1) + underlying.visitLocalVariable("isExternalPlugin", "Z", null, label0, label6, 2) + underlying.visitMaxs(7, 4) + underlying.visitEnd() + } + } + +} diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala index 7779c93858..62ba57efb6 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala @@ -24,6 +24,7 @@ object EsUtil { private val elasticsearchJar = """^elasticsearch-(\d+\.\d+\.\d+(-[a-zA-Z0-9]+)?)\.jar$""".r private val transportNetty4JarNameRegex = """^transport-netty4-(\d+\.\d+\.\d+(-[a-zA-Z0-9]+)?)\.jar$""".r + val es900rc1: SemVer = SemVer.unsafeParse("9.0.0-rc1") val es8150: SemVer = SemVer.unsafeParse("8.15.0") val es8140: SemVer = SemVer.unsafeParse("8.14.0") val es8130: SemVer = SemVer.unsafeParse("8.13.0")