/** Adds access to all configurable paths. */
static void addFilePermissions(Permissions policy, Environment environment) {
// read-only dirs
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.binFile(), "read,readlink");
addPath(policy, Environment.PATH_HOME_SETTING.getKey(), environment.libFile(), "read,readlink");
addPath(
policy, Environment.PATH_HOME_SETTING.getKey(), environment.modulesFile(), "read,readlink");
addPath(
policy, Environment.PATH_HOME_SETTING.getKey(), environment.pluginsFile(), "read,readlink");
addPath(
policy, Environment.PATH_CONF_SETTING.getKey(), environment.configFile(), "read,readlink");
addPath(
policy,
Environment.PATH_SCRIPTS_SETTING.getKey(),
environment.scriptsFile(),
"read,readlink");
// read-write dirs
addPath(policy, "java.io.tmpdir", environment.tmpFile(), "read,readlink,write,delete");
addPath(
policy,
Environment.PATH_LOGS_SETTING.getKey(),
environment.logsFile(),
"read,readlink,write,delete");
if (environment.sharedDataFile() != null) {
addPath(
policy,
Environment.PATH_SHARED_DATA_SETTING.getKey(),
environment.sharedDataFile(),
"read,readlink,write,delete");
}
for (Path path : environment.dataFiles()) {
addPath(policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
}
// TODO: this should be removed in ES 6.0! We will no longer support data paths with the cluster
// as a folder
assert Version.CURRENT.major < 6 : "cluster name is no longer used in data path";
for (Path path : environment.dataWithClusterFiles()) {
addPathIfExists(
policy, Environment.PATH_DATA_SETTING.getKey(), path, "read,readlink,write,delete");
}
for (Path path : environment.repoFiles()) {
addPath(policy, Environment.PATH_REPO_SETTING.getKey(), path, "read,readlink,write,delete");
}
if (environment.pidFile() != null) {
// we just need permission to remove the file if its elsewhere.
policy.add(new FilePermission(environment.pidFile().toString(), "delete"));
}
}
/**
* Prepares the settings by gathering all elasticsearch system properties, optionally loading the
* configuration settings, and then replacing all property placeholders. If a {@link Terminal} is
* provided and configuration settings are loaded, settings with a value of <code>${prompt.text}
* </code> or <code>${prompt.secret}</code> will result in a prompt for the setting to the user.
*
* @param input The custom settings to use. These are not overwritten by settings in the
* configuration file.
* @param terminal the Terminal to use for input/output
* @return the {@link Settings} and {@link Environment} as a {@link Tuple}
*/
public static Environment prepareEnvironment(Settings input, Terminal terminal) {
// just create enough settings to build the environment, to get the config dir
Settings.Builder output = settingsBuilder();
initializeSettings(output, input, true);
Environment environment = new Environment(output.build());
boolean settingsFileFound = false;
Set<String> foundSuffixes = new HashSet<>();
for (String allowedSuffix : ALLOWED_SUFFIXES) {
Path path = environment.configFile().resolve("elasticsearch" + allowedSuffix);
if (Files.exists(path)) {
if (!settingsFileFound) {
output.loadFromPath(path);
}
settingsFileFound = true;
foundSuffixes.add(allowedSuffix);
}
}
if (foundSuffixes.size() > 1) {
throw new SettingsException(
"multiple settings files found with suffixes: "
+ Strings.collectionToDelimitedString(foundSuffixes, ","));
}
// re-initialize settings now that the config file has been loaded
// TODO: only re-initialize if a config file was actually loaded
initializeSettings(output, input, false);
finalizeSettings(output, terminal, environment.configFile());
environment = new Environment(output.build());
// we put back the path.logs so we can use it in the logging configuration file
output.put(
Environment.PATH_LOGS_SETTING.getKey(),
cleanPath(environment.logsFile().toAbsolutePath().toString()));
return new Environment(output.build());
}