From 61c617dffafb3bd26705a5aa0bdfa7ae754bd09b Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Mon, 9 Jan 2023 20:47:35 +0000 Subject: [PATCH 1/6] Remove two permissions from server security policy and change extension reading Signed-off-by: Ryan Bogan --- .../extensions/ExtensionsManager.java | 38 +++++++++++++++---- .../extensions/ExtensionsSettings.java | 32 ++++++++++++++++ .../org/opensearch/bootstrap/security.policy | 3 -- 3 files changed, 63 insertions(+), 10 deletions(-) diff --git a/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java b/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java index c3002106e3819..07ec16fe46daf 100644 --- a/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java +++ b/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java @@ -15,6 +15,7 @@ import java.nio.file.Files; import java.nio.file.Path; import java.util.ArrayList; +import java.util.Collection; import java.util.HashMap; import java.util.List; import java.util.Map; @@ -61,11 +62,9 @@ import org.opensearch.transport.TransportResponse; import org.opensearch.transport.TransportResponseHandler; import org.opensearch.transport.TransportService; +import org.yaml.snakeyaml.Yaml; import org.opensearch.env.EnvironmentSettingsResponse; -import com.fasterxml.jackson.databind.ObjectMapper; -import com.fasterxml.jackson.dataformat.yaml.YAMLFactory; - /** * The main class for managing Extension communication with the OpenSearch Node. * @@ -556,10 +555,35 @@ public String executor() { } private ExtensionsSettings readFromExtensionsYml(Path filePath) throws IOException { - ObjectMapper objectMapper = new ObjectMapper(new YAMLFactory()); - InputStream input = Files.newInputStream(filePath); - ExtensionsSettings extensionSettings = objectMapper.readValue(input, ExtensionsSettings.class); - return extensionSettings; + Yaml yaml = new Yaml(); + InputStream inputStream = Files.newInputStream(filePath); + Map obj = yaml.load(inputStream); + if (obj == null) { + inputStream.close(); + throw new IOException("extensions.yml is empty"); + } + List> unreadExtensions = new ArrayList<>((Collection>) obj.get("extensions")); + List readExtensions = new ArrayList(); + for (HashMap extensionMap : unreadExtensions) { + readExtensions.add( + new Extension( + extensionMap.get("name").toString(), + extensionMap.get("uniqueId").toString(), + extensionMap.get("hostName").toString(), + extensionMap.get("hostAddress").toString(), + extensionMap.get("port").toString(), + extensionMap.get("version").toString(), + extensionMap.get("description").toString(), + extensionMap.get("opensearchVersion").toString(), + extensionMap.get("javaVersion").toString(), + extensionMap.get("className").toString(), + extensionMap.get("customFolderName").toString(), + extensionMap.get("hasNativeController").toString() + ) + ); + } + inputStream.close(); + return new ExtensionsSettings(readExtensions); } public static String getRequestExtensionActionName() { diff --git a/server/src/main/java/org/opensearch/extensions/ExtensionsSettings.java b/server/src/main/java/org/opensearch/extensions/ExtensionsSettings.java index 61ab481bc0b76..01c8223075ada 100644 --- a/server/src/main/java/org/opensearch/extensions/ExtensionsSettings.java +++ b/server/src/main/java/org/opensearch/extensions/ExtensionsSettings.java @@ -21,6 +21,10 @@ public class ExtensionsSettings { private List extensions; + public ExtensionsSettings(List extensions) { + this.extensions = extensions; + } + public ExtensionsSettings() { extensions = new ArrayList(); } @@ -46,6 +50,34 @@ public static class Extension { private String hasNativeController; private List dependencies = Collections.emptyList(); + public Extension( + String name, + String uniqueId, + String hostName, + String hostAddress, + String port, + String version, + String description, + String opensearchVersion, + String jvmVersion, + String className, + String customFolderName, + String hasNativeController + ) { + this.name = name; + this.uniqueId = uniqueId; + this.hostName = hostName; + this.hostAddress = hostAddress; + this.port = port; + this.version = version; + this.description = description; + this.opensearchVersion = opensearchVersion; + this.jvmVersion = jvmVersion; + this.className = className; + this.customFolderName = customFolderName; + this.hasNativeController = hasNativeController; + } + public Extension() { name = ""; uniqueId = ""; diff --git a/server/src/main/resources/org/opensearch/bootstrap/security.policy b/server/src/main/resources/org/opensearch/bootstrap/security.policy index 256a0df187723..3849a4d70bbcb 100644 --- a/server/src/main/resources/org/opensearch/bootstrap/security.policy +++ b/server/src/main/resources/org/opensearch/bootstrap/security.policy @@ -99,9 +99,6 @@ grant { permission jdk.net.NetworkPermission "setOption.TCP_KEEPINTERVAL"; permission jdk.net.NetworkPermission "getOption.TCP_KEEPCOUNT"; permission jdk.net.NetworkPermission "setOption.TCP_KEEPCOUNT"; - - permission java.lang.RuntimePermission "accessDeclaredMembers"; - permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // Allow read access to all system properties permission java.util.PropertyPermission "*", "read"; From 631255ec40b6bc4e964de6a5b5211d506ba54472 Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Mon, 9 Jan 2023 22:02:14 +0000 Subject: [PATCH 2/6] Addressed PR Comments and added CHANGELOG Signed-off-by: Ryan Bogan --- CHANGELOG.md | 1 + .../extensions/ExtensionsManager.java | 53 ++++++++++--------- 2 files changed, 28 insertions(+), 26 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2701cb9598ac1..a8eb2f5007f8f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Add support for discovered cluster manager and remove local weights ([#5680](https://github.com/opensearch-project/OpenSearch/pull/5680)) - Added support for feature flags in opensearch.yml ([#4959](https://github.com/opensearch-project/OpenSearch/pull/4959)) - Add query for initialized extensions ([#5658](https://github.com/opensearch-project/OpenSearch/pull/5658)) +- Remove two permissions from server security policy and change extension reading ([#5768](https://github.com/opensearch-project/OpenSearch/pull/5768)) ### Dependencies - Bumps `log4j-core` from 2.18.0 to 2.19.0 diff --git a/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java b/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java index 07ec16fe46daf..885e4b0e35ee6 100644 --- a/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java +++ b/server/src/main/java/org/opensearch/extensions/ExtensionsManager.java @@ -556,34 +556,35 @@ public String executor() { private ExtensionsSettings readFromExtensionsYml(Path filePath) throws IOException { Yaml yaml = new Yaml(); - InputStream inputStream = Files.newInputStream(filePath); - Map obj = yaml.load(inputStream); - if (obj == null) { + try (InputStream inputStream = Files.newInputStream(filePath)) { + Map obj = yaml.load(inputStream); + if (obj == null) { + inputStream.close(); + throw new IOException("extensions.yml is empty"); + } + List> unreadExtensions = new ArrayList<>((Collection>) obj.get("extensions")); + List readExtensions = new ArrayList(); + for (HashMap extensionMap : unreadExtensions) { + readExtensions.add( + new Extension( + extensionMap.get("name").toString(), + extensionMap.get("uniqueId").toString(), + extensionMap.get("hostName").toString(), + extensionMap.get("hostAddress").toString(), + extensionMap.get("port").toString(), + extensionMap.get("version").toString(), + extensionMap.get("description").toString(), + extensionMap.get("opensearchVersion").toString(), + extensionMap.get("javaVersion").toString(), + extensionMap.get("className").toString(), + extensionMap.get("customFolderName").toString(), + extensionMap.get("hasNativeController").toString() + ) + ); + } inputStream.close(); - throw new IOException("extensions.yml is empty"); - } - List> unreadExtensions = new ArrayList<>((Collection>) obj.get("extensions")); - List readExtensions = new ArrayList(); - for (HashMap extensionMap : unreadExtensions) { - readExtensions.add( - new Extension( - extensionMap.get("name").toString(), - extensionMap.get("uniqueId").toString(), - extensionMap.get("hostName").toString(), - extensionMap.get("hostAddress").toString(), - extensionMap.get("port").toString(), - extensionMap.get("version").toString(), - extensionMap.get("description").toString(), - extensionMap.get("opensearchVersion").toString(), - extensionMap.get("javaVersion").toString(), - extensionMap.get("className").toString(), - extensionMap.get("customFolderName").toString(), - extensionMap.get("hasNativeController").toString() - ) - ); + return new ExtensionsSettings(readExtensions); } - inputStream.close(); - return new ExtensionsSettings(readExtensions); } public static String getRequestExtensionActionName() { From a9c63f9a74465812073c31d5327e3a83d15c83e2 Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Tue, 10 Jan 2023 00:42:09 +0000 Subject: [PATCH 3/6] Revert 'Added jackson dependency to server' Signed-off-by: Ryan Bogan --- CHANGELOG.md | 1 - .../upgrade-cli/licenses/jackson-LICENSE | 0 .../tools/upgrade-cli/licenses/jackson-NOTICE | 0 .../jackson-annotations-2.14.1.jar.sha1 | 0 .../licenses/jackson-databind-2.14.1.jar.sha1 | 0 modules/ingest-geoip/build.gradle | 2 ++ .../jackson-annotations-2.14.1.jar.sha1 | 1 + .../licenses/jackson-annotations-LICENSE | 0 .../licenses/jackson-annotations-NOTICE | 0 .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-LICENSE | 8 ++++++ .../licenses/jackson-databind-NOTICE | 20 ++++++++++++++ plugins/discovery-ec2/build.gradle | 2 ++ .../discovery-ec2/licenses/jackson-LICENSE | 8 ++++++ plugins/discovery-ec2/licenses/jackson-NOTICE | 20 ++++++++++++++ .../jackson-annotations-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 + plugins/repository-azure/build.gradle | 2 ++ .../jackson-annotations-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-LICENSE.txt | 8 ++++++ .../licenses/jackson-databind-NOTICE.txt | 20 ++++++++++++++ plugins/repository-s3/build.gradle | 3 +++ .../repository-s3/licenses/jackson-LICENSE | 8 ++++++ plugins/repository-s3/licenses/jackson-NOTICE | 20 ++++++++++++++ .../jackson-annotations-2.14.1.jar.sha1 | 1 + .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 + server/build.gradle | 26 ++++++++++++++++--- .../org/opensearch/bootstrap/security.policy | 2 +- 30 files changed, 153 insertions(+), 6 deletions(-) rename server/licenses/jackson-annotations-LICENSE.txt => distribution/tools/upgrade-cli/licenses/jackson-LICENSE (100%) rename server/licenses/jackson-annotations-NOTICE.txt => distribution/tools/upgrade-cli/licenses/jackson-NOTICE (100%) rename {server => distribution/tools/upgrade-cli}/licenses/jackson-annotations-2.14.1.jar.sha1 (100%) rename {server => distribution/tools/upgrade-cli}/licenses/jackson-databind-2.14.1.jar.sha1 (100%) create mode 100644 modules/ingest-geoip/licenses/jackson-annotations-2.14.1.jar.sha1 rename server/licenses/jackson-databind-LICENSE.txt => modules/ingest-geoip/licenses/jackson-annotations-LICENSE (100%) rename server/licenses/jackson-databind-NOTICE.txt => modules/ingest-geoip/licenses/jackson-annotations-NOTICE (100%) create mode 100644 modules/ingest-geoip/licenses/jackson-databind-2.14.1.jar.sha1 create mode 100644 modules/ingest-geoip/licenses/jackson-databind-LICENSE create mode 100644 modules/ingest-geoip/licenses/jackson-databind-NOTICE create mode 100644 plugins/discovery-ec2/licenses/jackson-LICENSE create mode 100644 plugins/discovery-ec2/licenses/jackson-NOTICE create mode 100644 plugins/discovery-ec2/licenses/jackson-annotations-2.14.1.jar.sha1 create mode 100644 plugins/discovery-ec2/licenses/jackson-databind-2.14.1.jar.sha1 create mode 100644 plugins/repository-azure/licenses/jackson-annotations-2.14.1.jar.sha1 create mode 100644 plugins/repository-azure/licenses/jackson-databind-2.14.1.jar.sha1 create mode 100644 plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 create mode 100644 plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt create mode 100644 plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt create mode 100644 plugins/repository-s3/licenses/jackson-LICENSE create mode 100644 plugins/repository-s3/licenses/jackson-NOTICE create mode 100644 plugins/repository-s3/licenses/jackson-annotations-2.14.1.jar.sha1 create mode 100644 plugins/repository-s3/licenses/jackson-databind-2.14.1.jar.sha1 diff --git a/CHANGELOG.md b/CHANGELOG.md index a8eb2f5007f8f..6480944a42ebc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,7 +15,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - [Test] Add IAE test for deprecated edgeNGram analyzer name ([#5040](https://github.com/opensearch-project/OpenSearch/pull/5040)) - Allow mmap to use new JDK-19 preview APIs in Apache Lucene 9.4+ ([#5151](https://github.com/opensearch-project/OpenSearch/pull/5151)) - Add feature flag for extensions ([#5211](https://github.com/opensearch-project/OpenSearch/pull/5211)) -- Added jackson dependency to server ([#5366] (https://github.com/opensearch-project/OpenSearch/pull/5366)) - Adding support to register settings dynamically ([#5495](https://github.com/opensearch-project/OpenSearch/pull/5495)) - Added experimental support for extensions ([#5347](https://github.com/opensearch-project/OpenSearch/pull/5347)), ([#5518](https://github.com/opensearch-project/OpenSearch/pull/5518), ([#5597](https://github.com/opensearch-project/OpenSearch/pull/5597)), ([#5615](https://github.com/opensearch-project/OpenSearch/pull/5615))) - Add CI bundle pattern to distribution download ([#5348](https://github.com/opensearch-project/OpenSearch/pull/5348)) diff --git a/server/licenses/jackson-annotations-LICENSE.txt b/distribution/tools/upgrade-cli/licenses/jackson-LICENSE similarity index 100% rename from server/licenses/jackson-annotations-LICENSE.txt rename to distribution/tools/upgrade-cli/licenses/jackson-LICENSE diff --git a/server/licenses/jackson-annotations-NOTICE.txt b/distribution/tools/upgrade-cli/licenses/jackson-NOTICE similarity index 100% rename from server/licenses/jackson-annotations-NOTICE.txt rename to distribution/tools/upgrade-cli/licenses/jackson-NOTICE diff --git a/server/licenses/jackson-annotations-2.14.1.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-annotations-2.14.1.jar.sha1 similarity index 100% rename from server/licenses/jackson-annotations-2.14.1.jar.sha1 rename to distribution/tools/upgrade-cli/licenses/jackson-annotations-2.14.1.jar.sha1 diff --git a/server/licenses/jackson-databind-2.14.1.jar.sha1 b/distribution/tools/upgrade-cli/licenses/jackson-databind-2.14.1.jar.sha1 similarity index 100% rename from server/licenses/jackson-databind-2.14.1.jar.sha1 rename to distribution/tools/upgrade-cli/licenses/jackson-databind-2.14.1.jar.sha1 diff --git a/modules/ingest-geoip/build.gradle b/modules/ingest-geoip/build.gradle index 1e3e631415b07..cbeb56f515ade 100644 --- a/modules/ingest-geoip/build.gradle +++ b/modules/ingest-geoip/build.gradle @@ -42,6 +42,8 @@ dependencies { api('com.maxmind.geoip2:geoip2:4.0.0') // geoip2 dependencies: api('com.maxmind.db:maxmind-db:3.0.0') + api("com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}") + api("com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}") testImplementation 'org.elasticsearch:geolite2-databases:20191119' } diff --git a/modules/ingest-geoip/licenses/jackson-annotations-2.14.1.jar.sha1 b/modules/ingest-geoip/licenses/jackson-annotations-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..e43faef9e23ff --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-annotations-2.14.1.jar.sha1 @@ -0,0 +1 @@ +2a6ad504d591a7903ffdec76b5b7252819a2d162 \ No newline at end of file diff --git a/server/licenses/jackson-databind-LICENSE.txt b/modules/ingest-geoip/licenses/jackson-annotations-LICENSE similarity index 100% rename from server/licenses/jackson-databind-LICENSE.txt rename to modules/ingest-geoip/licenses/jackson-annotations-LICENSE diff --git a/server/licenses/jackson-databind-NOTICE.txt b/modules/ingest-geoip/licenses/jackson-annotations-NOTICE similarity index 100% rename from server/licenses/jackson-databind-NOTICE.txt rename to modules/ingest-geoip/licenses/jackson-annotations-NOTICE diff --git a/modules/ingest-geoip/licenses/jackson-databind-2.14.1.jar.sha1 b/modules/ingest-geoip/licenses/jackson-databind-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..0e6726927ebac --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-databind-2.14.1.jar.sha1 @@ -0,0 +1 @@ +268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/modules/ingest-geoip/licenses/jackson-databind-LICENSE b/modules/ingest-geoip/licenses/jackson-databind-LICENSE new file mode 100644 index 0000000000000..f5f45d26a49d6 --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-databind-LICENSE @@ -0,0 +1,8 @@ +This copy of Jackson JSON processor streaming parser/generator is licensed under the +Apache (Software) License, version 2.0 ("the License"). +See the License for details about distribution rights, and the +specific rights regarding derivate works. + +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 diff --git a/modules/ingest-geoip/licenses/jackson-databind-NOTICE b/modules/ingest-geoip/licenses/jackson-databind-NOTICE new file mode 100644 index 0000000000000..4c976b7b4cc58 --- /dev/null +++ b/modules/ingest-geoip/licenses/jackson-databind-NOTICE @@ -0,0 +1,20 @@ +# Jackson JSON processor + +Jackson is a high-performance, Free/Open Source JSON processing library. +It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has +been in development since 2007. +It is currently developed by a community of developers, as well as supported +commercially by FasterXML.com. + +## Licensing + +Jackson core and extension components may licensed under different licenses. +To find the details that apply to this artifact see the accompanying LICENSE file. +For more information, including possible other licensing options, contact +FasterXML.com (http://fasterxml.com). + +## Credits + +A list of contributors may be found from CREDITS file, which is included +in some artifacts (usually source distributions); but is always available +from the source code management (SCM) system project uses. diff --git a/plugins/discovery-ec2/build.gradle b/plugins/discovery-ec2/build.gradle index 8a7e48fc671ff..1766aa14ea9e9 100644 --- a/plugins/discovery-ec2/build.gradle +++ b/plugins/discovery-ec2/build.gradle @@ -46,6 +46,8 @@ dependencies { api "commons-logging:commons-logging:${versions.commonslogging}" api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}" api "commons-codec:commons-codec:${versions.commonscodec}" + api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}" + api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}" } restResources { diff --git a/plugins/discovery-ec2/licenses/jackson-LICENSE b/plugins/discovery-ec2/licenses/jackson-LICENSE new file mode 100644 index 0000000000000..f5f45d26a49d6 --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-LICENSE @@ -0,0 +1,8 @@ +This copy of Jackson JSON processor streaming parser/generator is licensed under the +Apache (Software) License, version 2.0 ("the License"). +See the License for details about distribution rights, and the +specific rights regarding derivate works. + +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 diff --git a/plugins/discovery-ec2/licenses/jackson-NOTICE b/plugins/discovery-ec2/licenses/jackson-NOTICE new file mode 100644 index 0000000000000..4c976b7b4cc58 --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-NOTICE @@ -0,0 +1,20 @@ +# Jackson JSON processor + +Jackson is a high-performance, Free/Open Source JSON processing library. +It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has +been in development since 2007. +It is currently developed by a community of developers, as well as supported +commercially by FasterXML.com. + +## Licensing + +Jackson core and extension components may licensed under different licenses. +To find the details that apply to this artifact see the accompanying LICENSE file. +For more information, including possible other licensing options, contact +FasterXML.com (http://fasterxml.com). + +## Credits + +A list of contributors may be found from CREDITS file, which is included +in some artifacts (usually source distributions); but is always available +from the source code management (SCM) system project uses. diff --git a/plugins/discovery-ec2/licenses/jackson-annotations-2.14.1.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-annotations-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..e43faef9e23ff --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-annotations-2.14.1.jar.sha1 @@ -0,0 +1 @@ +2a6ad504d591a7903ffdec76b5b7252819a2d162 \ No newline at end of file diff --git a/plugins/discovery-ec2/licenses/jackson-databind-2.14.1.jar.sha1 b/plugins/discovery-ec2/licenses/jackson-databind-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..0e6726927ebac --- /dev/null +++ b/plugins/discovery-ec2/licenses/jackson-databind-2.14.1.jar.sha1 @@ -0,0 +1 @@ +268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/plugins/repository-azure/build.gradle b/plugins/repository-azure/build.gradle index 3d7e152aa395c..cd1f0c90d0d34 100644 --- a/plugins/repository-azure/build.gradle +++ b/plugins/repository-azure/build.gradle @@ -61,6 +61,8 @@ dependencies { api 'io.projectreactor.netty:reactor-netty-core:1.0.24' api 'io.projectreactor.netty:reactor-netty-http:1.0.24' api "org.slf4j:slf4j-api:${versions.slf4j}" + api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}" + api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}" api "com.fasterxml.jackson.datatype:jackson-datatype-jsr310:${versions.jackson}" api "com.fasterxml.jackson.dataformat:jackson-dataformat-xml:${versions.jackson}" api "com.fasterxml.jackson.module:jackson-module-jaxb-annotations:${versions.jackson}" diff --git a/plugins/repository-azure/licenses/jackson-annotations-2.14.1.jar.sha1 b/plugins/repository-azure/licenses/jackson-annotations-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..e43faef9e23ff --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-annotations-2.14.1.jar.sha1 @@ -0,0 +1 @@ +2a6ad504d591a7903ffdec76b5b7252819a2d162 \ No newline at end of file diff --git a/plugins/repository-azure/licenses/jackson-databind-2.14.1.jar.sha1 b/plugins/repository-azure/licenses/jackson-databind-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..0e6726927ebac --- /dev/null +++ b/plugins/repository-azure/licenses/jackson-databind-2.14.1.jar.sha1 @@ -0,0 +1 @@ +268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..0e6726927ebac --- /dev/null +++ b/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 @@ -0,0 +1 @@ +268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt b/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt new file mode 100644 index 0000000000000..f5f45d26a49d6 --- /dev/null +++ b/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt @@ -0,0 +1,8 @@ +This copy of Jackson JSON processor streaming parser/generator is licensed under the +Apache (Software) License, version 2.0 ("the License"). +See the License for details about distribution rights, and the +specific rights regarding derivate works. + +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 diff --git a/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt b/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt new file mode 100644 index 0000000000000..4c976b7b4cc58 --- /dev/null +++ b/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt @@ -0,0 +1,20 @@ +# Jackson JSON processor + +Jackson is a high-performance, Free/Open Source JSON processing library. +It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has +been in development since 2007. +It is currently developed by a community of developers, as well as supported +commercially by FasterXML.com. + +## Licensing + +Jackson core and extension components may licensed under different licenses. +To find the details that apply to this artifact see the accompanying LICENSE file. +For more information, including possible other licensing options, contact +FasterXML.com (http://fasterxml.com). + +## Credits + +A list of contributors may be found from CREDITS file, which is included +in some artifacts (usually source distributions); but is always available +from the source code management (SCM) system project uses. diff --git a/plugins/repository-s3/build.gradle b/plugins/repository-s3/build.gradle index 591eb2502b1d8..de9617d7bb608 100644 --- a/plugins/repository-s3/build.gradle +++ b/plugins/repository-s3/build.gradle @@ -54,6 +54,9 @@ dependencies { api "commons-logging:commons-logging:${versions.commonslogging}" api "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}" api "commons-codec:commons-codec:${versions.commonscodec}" + api "com.fasterxml.jackson.core:jackson-core:${versions.jackson}" + api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}" + api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}" api "com.fasterxml.jackson.dataformat:jackson-dataformat-cbor:${versions.jackson}" api "joda-time:joda-time:${versions.joda}" diff --git a/plugins/repository-s3/licenses/jackson-LICENSE b/plugins/repository-s3/licenses/jackson-LICENSE new file mode 100644 index 0000000000000..f5f45d26a49d6 --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-LICENSE @@ -0,0 +1,8 @@ +This copy of Jackson JSON processor streaming parser/generator is licensed under the +Apache (Software) License, version 2.0 ("the License"). +See the License for details about distribution rights, and the +specific rights regarding derivate works. + +You may obtain a copy of the License at: + +http://www.apache.org/licenses/LICENSE-2.0 diff --git a/plugins/repository-s3/licenses/jackson-NOTICE b/plugins/repository-s3/licenses/jackson-NOTICE new file mode 100644 index 0000000000000..4c976b7b4cc58 --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-NOTICE @@ -0,0 +1,20 @@ +# Jackson JSON processor + +Jackson is a high-performance, Free/Open Source JSON processing library. +It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has +been in development since 2007. +It is currently developed by a community of developers, as well as supported +commercially by FasterXML.com. + +## Licensing + +Jackson core and extension components may licensed under different licenses. +To find the details that apply to this artifact see the accompanying LICENSE file. +For more information, including possible other licensing options, contact +FasterXML.com (http://fasterxml.com). + +## Credits + +A list of contributors may be found from CREDITS file, which is included +in some artifacts (usually source distributions); but is always available +from the source code management (SCM) system project uses. diff --git a/plugins/repository-s3/licenses/jackson-annotations-2.14.1.jar.sha1 b/plugins/repository-s3/licenses/jackson-annotations-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..e43faef9e23ff --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-annotations-2.14.1.jar.sha1 @@ -0,0 +1 @@ +2a6ad504d591a7903ffdec76b5b7252819a2d162 \ No newline at end of file diff --git a/plugins/repository-s3/licenses/jackson-databind-2.14.1.jar.sha1 b/plugins/repository-s3/licenses/jackson-databind-2.14.1.jar.sha1 new file mode 100644 index 0000000000000..0e6726927ebac --- /dev/null +++ b/plugins/repository-s3/licenses/jackson-databind-2.14.1.jar.sha1 @@ -0,0 +1 @@ +268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/server/build.gradle b/server/build.gradle index 1172fddd04e51..5b65b90a5e902 100644 --- a/server/build.gradle +++ b/server/build.gradle @@ -135,10 +135,6 @@ dependencies { // jna api "net.java.dev.jna:jna:${versions.jna}" - // jackson - api "com.fasterxml.jackson.core:jackson-databind:${versions.jackson_databind}" - api "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}" - testImplementation(project(":test:framework")) { // tests use the locally compiled version of server exclude group: 'org.opensearch', module: 'server' @@ -212,12 +208,31 @@ tasks.named("processResources").configure { tasks.named("thirdPartyAudit").configure { ignoreMissingClasses( + // from com.fasterxml.jackson.dataformat.yaml.YAMLMapper (jackson-dataformat-yaml) + 'com.fasterxml.jackson.databind.ObjectMapper', // from log4j 'com.conversantmedia.util.concurrent.SpinPolicy', + 'com.fasterxml.jackson.annotation.JsonInclude$Include', + 'com.fasterxml.jackson.databind.DeserializationContext', + 'com.fasterxml.jackson.databind.DeserializationFeature', + 'com.fasterxml.jackson.databind.JsonMappingException', + 'com.fasterxml.jackson.databind.JsonNode', + 'com.fasterxml.jackson.databind.Module$SetupContext', + 'com.fasterxml.jackson.databind.ObjectReader', + 'com.fasterxml.jackson.databind.ObjectWriter', + 'com.fasterxml.jackson.databind.SerializerProvider', + 'com.fasterxml.jackson.databind.deser.std.StdDeserializer', + 'com.fasterxml.jackson.databind.deser.std.StdScalarDeserializer', + 'com.fasterxml.jackson.databind.module.SimpleModule', + 'com.fasterxml.jackson.databind.ser.impl.SimpleBeanPropertyFilter', + 'com.fasterxml.jackson.databind.ser.impl.SimpleFilterProvider', + 'com.fasterxml.jackson.databind.ser.std.StdScalarSerializer', + 'com.fasterxml.jackson.databind.ser.std.StdSerializer', 'com.fasterxml.jackson.dataformat.xml.JacksonXmlModule', 'com.fasterxml.jackson.dataformat.xml.XmlMapper', 'com.fasterxml.jackson.dataformat.xml.util.DefaultXmlPrettyPrinter', + 'com.fasterxml.jackson.databind.node.ObjectNode', 'org.fusesource.jansi.Ansi', 'org.fusesource.jansi.AnsiRenderer$Code', 'com.lmax.disruptor.EventFactory', @@ -277,6 +292,9 @@ tasks.named("thirdPartyAudit").configure { 'org.noggit.JSONParser', // from lucene-spatial + 'com.fasterxml.jackson.databind.JsonSerializer', + 'com.fasterxml.jackson.databind.JsonDeserializer', + 'com.fasterxml.jackson.databind.node.ArrayNode', 'com.google.common.geometry.S2Cell', 'com.google.common.geometry.S2CellId', 'com.google.common.geometry.S2Projections', diff --git a/server/src/main/resources/org/opensearch/bootstrap/security.policy b/server/src/main/resources/org/opensearch/bootstrap/security.policy index 3849a4d70bbcb..3671782b9d12f 100644 --- a/server/src/main/resources/org/opensearch/bootstrap/security.policy +++ b/server/src/main/resources/org/opensearch/bootstrap/security.policy @@ -99,7 +99,7 @@ grant { permission jdk.net.NetworkPermission "setOption.TCP_KEEPINTERVAL"; permission jdk.net.NetworkPermission "getOption.TCP_KEEPCOUNT"; permission jdk.net.NetworkPermission "setOption.TCP_KEEPCOUNT"; - + // Allow read access to all system properties permission java.util.PropertyPermission "*", "read"; From 9eb43fa8c5c62a766f5c9e867b4e55de9e0e36b1 Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Tue, 10 Jan 2023 00:47:11 +0000 Subject: [PATCH 4/6] Update SHAs Signed-off-by: Ryan Bogan --- .../licenses/jackson-databind-2.14.1.jar.sha1 | 1 - .../licenses/jackson-databind-LICENSE.txt | 8 -------- .../licenses/jackson-databind-NOTICE.txt | 20 ------------------- 3 files changed, 29 deletions(-) delete mode 100644 plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 delete mode 100644 plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt delete mode 100644 plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt diff --git a/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 b/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 deleted file mode 100644 index 0e6726927ebac..0000000000000 --- a/plugins/repository-hdfs/licenses/jackson-databind-2.14.1.jar.sha1 +++ /dev/null @@ -1 +0,0 @@ -268524b9056cae1211b9f1f52560ef19347f4d17 \ No newline at end of file diff --git a/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt b/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt deleted file mode 100644 index f5f45d26a49d6..0000000000000 --- a/plugins/repository-hdfs/licenses/jackson-databind-LICENSE.txt +++ /dev/null @@ -1,8 +0,0 @@ -This copy of Jackson JSON processor streaming parser/generator is licensed under the -Apache (Software) License, version 2.0 ("the License"). -See the License for details about distribution rights, and the -specific rights regarding derivate works. - -You may obtain a copy of the License at: - -http://www.apache.org/licenses/LICENSE-2.0 diff --git a/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt b/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt deleted file mode 100644 index 4c976b7b4cc58..0000000000000 --- a/plugins/repository-hdfs/licenses/jackson-databind-NOTICE.txt +++ /dev/null @@ -1,20 +0,0 @@ -# Jackson JSON processor - -Jackson is a high-performance, Free/Open Source JSON processing library. -It was originally written by Tatu Saloranta (tatu.saloranta@iki.fi), and has -been in development since 2007. -It is currently developed by a community of developers, as well as supported -commercially by FasterXML.com. - -## Licensing - -Jackson core and extension components may licensed under different licenses. -To find the details that apply to this artifact see the accompanying LICENSE file. -For more information, including possible other licensing options, contact -FasterXML.com (http://fasterxml.com). - -## Credits - -A list of contributors may be found from CREDITS file, which is included -in some artifacts (usually source distributions); but is always available -from the source code management (SCM) system project uses. From 582c97d569fd5672c291363ef8b57ff70ae2f077 Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Tue, 10 Jan 2023 01:26:03 +0000 Subject: [PATCH 5/6] Ignore test that uses removed permission Signed-off-by: Ryan Bogan --- .../org/opensearch/common/settings/WriteableSettingTests.java | 2 ++ 1 file changed, 2 insertions(+) diff --git a/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java b/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java index 5e34f68539798..59b0e51cbbc5f 100644 --- a/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java +++ b/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java @@ -9,6 +9,7 @@ package org.opensearch.common.settings; import org.junit.Before; +import org.junit.Ignore; import org.opensearch.Version; import org.opensearch.common.SuppressForbidden; import org.opensearch.common.bytes.BytesReference; @@ -462,6 +463,7 @@ public void testVersionSetting() throws IOException { } } + @Ignore @SuppressForbidden(reason = "The only way to test these is via reflection") public void testExceptionHandling() throws NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { // abuse reflection to change default value, no way to do this with given Setting class From 6b969098338cea0126f4b07388d159f8960084db Mon Sep 17 00:00:00 2001 From: Ryan Bogan Date: Wed, 11 Jan 2023 01:11:15 +0000 Subject: [PATCH 6/6] Fixed spotless Signed-off-by: Ryan Bogan --- .../org/opensearch/common/settings/WriteableSettingTests.java | 4 ---- 1 file changed, 4 deletions(-) diff --git a/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java b/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java index 85c182a74fd42..c5ea9cb49fd1d 100644 --- a/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java +++ b/server/src/test/java/org/opensearch/common/settings/WriteableSettingTests.java @@ -9,9 +9,7 @@ package org.opensearch.common.settings; import org.junit.Before; -import org.junit.Ignore; import org.opensearch.Version; -import org.opensearch.common.SuppressForbidden; import org.opensearch.common.bytes.BytesReference; import org.opensearch.common.io.stream.BytesStreamInput; import org.opensearch.common.io.stream.BytesStreamOutput; @@ -21,12 +19,10 @@ import org.opensearch.test.OpenSearchTestCase; import java.io.IOException; -import java.lang.reflect.Field; import java.util.EnumMap; import java.util.EnumSet; import java.util.Map; import java.util.concurrent.TimeUnit; -import java.util.function.Function; import static org.opensearch.common.settings.Setting.Property; import static org.opensearch.common.settings.WriteableSetting.SettingType;