/* * SPDX-License-Identifier: Apache-2.0 * * The OpenSearch Contributors require contributions made to * this file be licensed under the Apache-2.0 license or a * compatible open source license. */ /* * Licensed to Elasticsearch under one or more contributor * license agreements. See the NOTICE file distributed with * this work for additional information regarding copyright * ownership. Elasticsearch licenses this file to you under * the Apache License, Version 2.0 (the "License"); you may * not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ /* * Modifications Copyright OpenSearch Contributors. See * GitHub history for details. */ grant { // needed because of problems in ClientConfiguration // TODO: get these fixed in aws sdk permission java.lang.RuntimePermission "accessDeclaredMembers"; permission java.lang.RuntimePermission "getClassLoader"; permission java.lang.RuntimePermission "setContextClassLoader"; // Needed because of problems in AmazonS3Client: // When no region is set on a AmazonS3Client instance, the // AWS SDK loads all known partitions from a JSON file and // uses a Jackson's ObjectMapper for that: this one, in // version 2.5.3 with the default binding options, tries // to suppress access checks of ctor/field/method and thus // requires this special permission. AWS must be fixed to // uses Jackson correctly and have the correct modifiers // on binded classes. // TODO: get these fixed in aws sdk // See https://github.com/aws/aws-sdk-java/issues/766 permission java.lang.reflect.ReflectPermission "suppressAccessChecks"; // s3 client opens socket connections for to access repository permission java.net.SocketPermission "*", "connect"; // s3 client set Authenticator for proxy username/password permission java.net.NetPermission "setDefaultAuthenticator"; // only for tests : org.opensearch.repositories.s3.S3RepositoryPlugin permission java.util.PropertyPermission "opensearch.allow_insecure_settings", "read,write"; permission java.util.PropertyPermission "aws.sharedCredentialsFile", "read,write"; permission java.util.PropertyPermission "aws.configFile", "read,write"; permission java.util.PropertyPermission "opensearch.path.conf", "read,write"; permission java.io.FilePermission "config", "read"; permission java.lang.RuntimePermission "accessDeclaredMembers"; };