Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016

cwperks · 2024-07-30T02:25:53Z

Description

This PR replaces a previous PR and takes a different approach to protect methods in the ThreadContext class. Instead of changing the access modifier, this PR shows how permissions can be declared to protect methods within the ThreadContext class that should not be accessible outside of the core without explicit permission.

With this change, plugins would be able to utilize the method but permission needs to be granted through an entry in the plugin-security.policy file. The permissions would be:

permission java.lang.RuntimePermission "markAsSystemContext";

Related Issues

Resolves #14931

Check List

Functionality includes testing.
API changes companion pull request created, if applicable.
Public documentation issue/PR created, if applicable.

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

…rm the method Signed-off-by: Craig Perkins <cwperx@amazon.com>

Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks · 2024-07-30T20:25:51Z

for 2.x we could consider replacing the permission check with deprecation warning.

@reta How can the deprecation warning differentiate who the caller is though? The usage of the method is not deprecated in this repo so I would not want the message to display every time the method is called, only if its called from a class outside of the core.

Signed-off-by: Craig Perkins <cwperx@amazon.com>

reta · 2024-07-30T20:31:58Z

@reta How can the deprecation warning differentiate who the caller is though?

@cwperks Something along these lines:

 SecurityManager sm = System.getSecurityManager();
        if (sm != null) {
            try {
                sm.checkPermission(ACCESS_SYSTEM_THREAD_CONTEXT_PERMISSION);
            } catch (SecurityException ex) {
                deprecationLogger.warn( .,... )
            }
        }

cwperks · 2024-07-30T20:34:09Z

That's smart. Thanks @reta!

cwperks · 2024-07-30T21:05:54Z

Should I open up a manual backport with the change from here or wait for backport bot to create a backport and push a commit to the branch?

github-actions · 2024-07-30T21:22:53Z

✅ Gradle check result for 1ff09c2: SUCCESS

reta · 2024-07-30T21:25:59Z

Should I open up a manual backport with the change from here or wait for backport bot to create a backport and push a commit to the branch?

I will add backport label (so the changelog check passes), but we could take it from there

server/src/test/resources/org/opensearch/bootstrap/test.policy

… perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> (cherry picked from commit 597747d) Signed-off-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>

… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

…d allow core to perform the method (#15038) * Add ThreadContextPermission for markAsSystemContext and allow core to perform the method (#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add deprecationLogger Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

… perform the method (opensearch-project#15016) * Add RuntimePermission for markAsSystemContext and allow core to perform the method Signed-off-by: Craig Perkins <cwperx@amazon.com> * private Signed-off-by: Craig Perkins <cwperx@amazon.com> * Surround with doPrivileged Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create ThreadContextAccess Signed-off-by: Craig Perkins <cwperx@amazon.com> * Create notion of ThreadContextPermission Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to CHANGELOG Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add javadoc Signed-off-by: Craig Perkins <cwperx@amazon.com> * Add to test-framework.policy file Signed-off-by: Craig Perkins <cwperx@amazon.com> * Mark as internal Signed-off-by: Craig Perkins <cwperx@amazon.com> --------- Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks added 2 commits July 29, 2024 22:21

Add RuntimePermission for markAsSystemContext and allow core to perfo…

518c9d2

…rm the method Signed-off-by: Craig Perkins <cwperx@amazon.com>

private

0360a5e

Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks requested review from anasalkouz, andrross, ashking94, Bukhtawar, CEHENKLE, dblock, dbwiddis, gbbafna, kotwanikunal, mch2, msfroh, nknize, owaiskazi19, reta, Rishikesh1159, sachinpkale, saratvemulapalli, shwetathareja, sohami and VachaShah as code owners July 30, 2024 02:25

github-actions bot added enhancement Enhancement or improvement to existing feature or request Identity PR/Issues associated with Authentication or Authorization Plugins security Anything security related labels Jul 30, 2024

Mark as internal

1ff09c2

Signed-off-by: Craig Perkins <cwperx@amazon.com>

cwperks mentioned this pull request Jul 30, 2024

Make ThreadContext.markAsSystemContext package-private #14988

Closed

3 tasks

reta added v2.17.0 backport 2.x Backport to 2.x branch labels Jul 30, 2024

reta reviewed Jul 30, 2024

View reviewed changes

server/src/test/resources/org/opensearch/bootstrap/test.policy Show resolved Hide resolved

reta approved these changes Jul 30, 2024

View reviewed changes

reta merged commit 597747d into opensearch-project:main Jul 31, 2024
37 of 43 checks passed

opensearch-trigger-bot bot mentioned this pull request Jul 31, 2024

[Backport 2.x] Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15035

Closed

This was referenced Jul 31, 2024

[Backport 2.x] Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15038

Merged

Add ThreadContextPermission for stashAndMergeHeaders and stashWithOrigin #15039

Merged

This was referenced Jul 31, 2024

[META] Breaking changes in 3.0 #3351

Open

[Backport 2.x] Add ThreadContextPermission for stashAndMergeHeaders and stashWithOrigin #15046

Closed

BrewTestBot mentioned this pull request Sep 18, 2024

opensearch 2.17.0 Homebrew/homebrew-core#191052

Merged

opensearch-ci-bot mentioned this pull request Sep 6, 2024

[AUTOCUT] Gradle Check Flaky Test Report for IndexServiceTests #14407

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016

Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016

cwperks commented Jul 30, 2024

cwperks commented Jul 30, 2024 •

edited

Loading

reta commented Jul 30, 2024 •

edited

Loading

cwperks commented Jul 30, 2024

cwperks commented Jul 30, 2024

github-actions bot commented Jul 30, 2024

reta commented Jul 30, 2024

Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016

Add ThreadContextPermission for markAsSystemContext and allow core to perform the method #15016

Conversation

cwperks commented Jul 30, 2024

Description

Related Issues

Check List

cwperks commented Jul 30, 2024 • edited Loading

reta commented Jul 30, 2024 • edited Loading

cwperks commented Jul 30, 2024

cwperks commented Jul 30, 2024

github-actions bot commented Jul 30, 2024

reta commented Jul 30, 2024

cwperks commented Jul 30, 2024 •

edited

Loading

reta commented Jul 30, 2024 •

edited

Loading