From 3d58e1ec05f25d9dc2999026468a919498f9328c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Mateusz=20Ko=C5=82odziejczyk?= Date: Sat, 15 Jun 2024 20:08:35 +0200 Subject: [PATCH] [RORDEV-1215] ES 7.21.22 support (#1025) --- ci/supported-es-versions/es7x.txt | 1 + es717x/gradle.properties | 2 +- .../ror/tools/core/patches/Es717xPatch.scala | 3 +- ...anagerShouldAllowReadingEsConfigFile.scala | 84 +++++++++++++++++++ .../beshu/ror/tools/core/utils/EsUtil.scala | 1 + 5 files changed, 89 insertions(+), 2 deletions(-) create mode 100644 ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/SecurityManagerShouldAllowReadingEsConfigFile.scala diff --git a/ci/supported-es-versions/es7x.txt b/ci/supported-es-versions/es7x.txt index bc2b51e4b8..c75f7a9043 100644 --- a/ci/supported-es-versions/es7x.txt +++ b/ci/supported-es-versions/es7x.txt @@ -1,3 +1,4 @@ +7.17.22 7.17.21 7.17.20 7.17.19 diff --git a/es717x/gradle.properties b/es717x/gradle.properties index b2f6ae6ffe..864bfdc652 100644 --- a/es717x/gradle.properties +++ b/es717x/gradle.properties @@ -1 +1 @@ -latestSupportedEsVersion=7.17.21 +latestSupportedEsVersion=7.17.22 diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es717xPatch.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es717xPatch.scala index ce38ca8152..ff7429d46b 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es717xPatch.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/Es717xPatch.scala @@ -27,7 +27,8 @@ import scala.language.postfixOps private[patches] class Es717xPatch(rorPluginDirectory: RorPluginDirectory, esVersion: SemVer) extends SimpleEsPatch(rorPluginDirectory, esVersion, new ElasticsearchJarPatchCreator( - new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion) + new RepositoriesServiceAvailableForClusterServiceForAnyTypeOfNode(esVersion), + new SecurityManagerShouldAllowReadingEsConfigFile(esVersion) ), new XPackCoreJarPatchCreator( AlwaysGrantApplicationPermission diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/SecurityManagerShouldAllowReadingEsConfigFile.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/SecurityManagerShouldAllowReadingEsConfigFile.scala new file mode 100644 index 0000000000..b95801bc18 --- /dev/null +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/patches/internal/modifiers/bytecodeJars/SecurityManagerShouldAllowReadingEsConfigFile.scala @@ -0,0 +1,84 @@ +/* + * This file is part of ReadonlyREST. + * + * ReadonlyREST is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * ReadonlyREST is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with ReadonlyREST. If not, see http://www.gnu.org/licenses/ + */ +package tech.beshu.ror.tools.core.patches.internal.modifiers.bytecodeJars + +import just.semver.SemVer +import org.objectweb.asm._ +import tech.beshu.ror.tools.core.patches.internal.modifiers.BytecodeJarModifier +import tech.beshu.ror.tools.core.utils.EsUtil.{es71722, es800} + +import java.io.{File, InputStream} + +private[patches] class SecurityManagerShouldAllowReadingEsConfigFile(esVersion: SemVer) + extends BytecodeJarModifier { + + override def apply(jar: File): Unit = { + modifyFileInJar( + jar = jar, + filePathString = "org/elasticsearch/bootstrap/Security.class", + processFileContent = removeForbiddingReadPermissionForElasticsearchYmlFile + ) + } + + private def removeForbiddingReadPermissionForElasticsearchYmlFile(moduleInputStream: InputStream) = { + val reader = new ClassReader(moduleInputStream) + val writer = new ClassWriter(reader, 0) + reader.accept(new EsClassVisitor(writer), 0) + writer.toByteArray + } + + private class EsClassVisitor(writer: ClassWriter) + extends ClassVisitor(Opcodes.ASM9, writer) { + + override def visitMethod(access: Int, + name: String, + descriptor: String, + signature: String, + exceptions: Array[String]): MethodVisitor = { + def noChanges = super.visitMethod(access, name, descriptor, signature, exceptions) + + name match { + case _ if esVersion >= es800 => + noChanges + case "createForbiddenFilePermissions" if esVersion >= es71722 => + new ElasticsearchYmlFileShouldBeReadable(super.visitMethod(access, name, descriptor, signature, exceptions)) + case _ => + noChanges + } + } + } + + private class ElasticsearchYmlFileShouldBeReadable(underlying: MethodVisitor) + extends MethodVisitor(Opcodes.ASM9, underlying) { + + private var modifyThePermissionList: Boolean = false + + override def visitLdcInsn(value: Any): Unit = { + value match { + case "elasticsearch.yml" => + modifyThePermissionList = true + super.visitLdcInsn(value) + case "read,readlink,write,delete,execute" if modifyThePermissionList => + modifyThePermissionList = false + super.visitLdcInsn("write,delete,execute") + case _ => + super.visitLdcInsn(value) + } + } + } + +} diff --git a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala index 4228699d35..9ce13970e3 100644 --- a/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala +++ b/ror-tools-core/src/main/scala/tech/beshu/ror/tools/core/utils/EsUtil.scala @@ -30,6 +30,7 @@ object EsUtil { val es820: SemVer = SemVer.unsafeParse("8.2.0") val es810: SemVer = SemVer.unsafeParse("8.1.0") val es800: SemVer = SemVer.unsafeParse("8.0.0") + val es71722: SemVer = SemVer.unsafeParse("7.17.22") val es71713: SemVer = SemVer.unsafeParse("7.17.13") val es7110: SemVer = SemVer.unsafeParse("7.11.0") val es790: SemVer = SemVer.unsafeParse("7.9.0")