Skip to content

Commit

Permalink
[BUG] Fix java.lang.SecurityException in repository-gcs plugin (#10642)
Browse files Browse the repository at this point in the history
Signed-off-by: Andriy Redko <[email protected]>
  • Loading branch information
reta authored Oct 16, 2023
1 parent a8574cd commit ec0cbb3
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 1 deletion.
1 change: 1 addition & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
- Force merge with `only_expunge_deletes` honors max segment size ([#10036](https://github.com/opensearch-project/OpenSearch/pull/10036))
- Add the means to extract the contextual properties from HttpChannel, TcpCChannel and TrasportChannel without excessive typecasting ([#10562](https://github.com/opensearch-project/OpenSearch/pull/10562))
- [Remote Store] Add Remote Store backpressure rejection stats to `_nodes/stats` ([#10524](https://github.com/opensearch-project/OpenSearch/pull/10524))
- [BUG] Fix java.lang.SecurityException in repository-gcs plugin ([#10642](https://github.com/opensearch-project/OpenSearch/pull/10642))

### Deprecated

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -228,7 +228,7 @@ StorageOptions createStorageOptions(
}
storageOptionsBuilder.setCredentials(serviceAccountCredentials);
}
return storageOptionsBuilder.build();
return SocketAccess.doPrivilegedException(() -> storageOptionsBuilder.build());
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@

package org.opensearch.repositories.gcs;

import org.apache.logging.log4j.core.util.Throwables;
import org.opensearch.SpecialPermission;
import org.opensearch.common.CheckedRunnable;

Expand Down Expand Up @@ -71,4 +72,16 @@ public static void doPrivilegedVoidIOException(CheckedRunnable<IOException> acti
throw (IOException) e.getCause();
}
}

public static <T> T doPrivilegedException(PrivilegedExceptionAction<T> operation) {
SpecialPermission.check();
try {
return AccessController.doPrivileged(operation);
} catch (PrivilegedActionException e) {
Throwables.rethrow(e.getCause());
assert false : "always throws";
return null;
}
}

}

0 comments on commit ec0cbb3

Please sign in to comment.