[refactor] add Environment in BootstrapContext (elastic#36573)

There are certain BootstrapCheck checks that may need access environment-specific values. Watcher's EncryptSensitiveDataBootstrapCheck passes in the node's environment via a constructor to bypass the shortcoming in BootstrapContext. This commit pulls in the node's environment into BootstrapContext. Another case is found in elastic#36519, where it is useful to check the state of the data-path. Since PathUtils.get and Paths.get are forbidden APIs, we rely on the environment to retrieve references to things like node data paths. This means that the BootstrapContext will have the same Settings used in the Environment, which currently differs from the Node's settings.
talevy · Dec 13, 2018 · 1995509 · 1995509
1 parent 5885141
commit 1995509
Show file tree

Hide file tree

Showing 25 changed files with 210 additions and 189 deletions.
diff --git a/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java b/qa/evil-tests/src/test/java/org/elasticsearch/bootstrap/EvilBootstrapChecksTests.java
@@ -21,9 +21,8 @@
 
 import org.apache.logging.log4j.Logger;
 import org.elasticsearch.common.SuppressForbidden;
-import org.elasticsearch.common.settings.Settings;
 import org.elasticsearch.node.NodeValidationException;
-import org.elasticsearch.test.ESTestCase;
+import org.elasticsearch.test.AbstractBootstrapCheckTestCase;
 import org.hamcrest.Matcher;
 import org.junit.After;
 import org.junit.Before;
@@ -40,7 +39,7 @@
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.verifyNoMoreInteractions;
 
-public class EvilBootstrapChecksTests extends ESTestCase {
+public class EvilBootstrapChecksTests extends AbstractBootstrapCheckTestCase {
 
     private String esEnforceBootstrapChecks = System.getProperty(ES_ENFORCE_BOOTSTRAP_CHECKS);
 
@@ -65,7 +64,7 @@ public void testEnforceBootstrapChecks() throws NodeValidationException {
 
         final NodeValidationException e = expectThrows(
                 NodeValidationException.class,
-                () -> BootstrapChecks.check(new BootstrapContext(Settings.EMPTY, null), false, checks, logger));
+                () -> BootstrapChecks.check(emptyContext, false, checks, logger));
         final Matcher<String> allOf =
                 allOf(containsString("bootstrap checks failed"), containsString("error"));
         assertThat(e, hasToString(allOf));
@@ -77,7 +76,7 @@ public void testNonEnforcedBootstrapChecks() throws NodeValidationException {
         setEsEnforceBootstrapChecks(null);
         final Logger logger = mock(Logger.class);
         // nothing should happen
-        BootstrapChecks.check(new BootstrapContext(Settings.EMPTY, null), false, emptyList(), logger);
+        BootstrapChecks.check(emptyContext, false, emptyList(), logger);
         verifyNoMoreInteractions(logger);
     }
 
@@ -87,7 +86,7 @@ public void testInvalidValue() {
         final boolean enforceLimits = randomBoolean();
         final IllegalArgumentException e = expectThrows(
                 IllegalArgumentException.class,
-                () -> BootstrapChecks.check(new BootstrapContext(Settings.EMPTY, null), enforceLimits, emptyList()));
+                () -> BootstrapChecks.check(emptyContext, enforceLimits, emptyList()));
         final Matcher<String> matcher = containsString(
                 "[es.enforce.bootstrap.checks] must be [true] but was [" + value + "]");
         assertThat(e, hasToString(matcher));

diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapChecks.java
@@ -73,7 +73,7 @@ static void check(final BootstrapContext context, final BoundTransportAddress bo
         final List<BootstrapCheck> combinedChecks = new ArrayList<>(builtInChecks);
         combinedChecks.addAll(additionalChecks);
         check(  context,
-                enforceLimits(boundTransportAddress, DiscoveryModule.DISCOVERY_TYPE_SETTING.get(context.settings)),
+                enforceLimits(boundTransportAddress, DiscoveryModule.DISCOVERY_TYPE_SETTING.get(context.settings())),
                 Collections.unmodifiableList(combinedChecks));
     }
 
@@ -293,7 +293,7 @@ static class MlockallCheck implements BootstrapCheck {
 
         @Override
         public BootstrapCheckResult check(BootstrapContext context) {
-            if (BootstrapSettings.MEMORY_LOCK_SETTING.get(context.settings) && !isMemoryLocked()) {
+            if (BootstrapSettings.MEMORY_LOCK_SETTING.get(context.settings()) && !isMemoryLocked()) {
                 return BootstrapCheckResult.failure("memory locking requested for elasticsearch process but memory is not locked");
             } else {
                 return BootstrapCheckResult.success();
@@ -399,7 +399,7 @@ static class MaxMapCountCheck implements BootstrapCheck {
         @Override
         public BootstrapCheckResult check(final BootstrapContext context) {
             // we only enforce the check if mmapfs is an allowed store type
-            if (IndexModule.NODE_STORE_ALLOW_MMAPFS.get(context.settings)) {
+            if (IndexModule.NODE_STORE_ALLOW_MMAPFS.get(context.settings())) {
                 if (getMaxMapCount() != -1 && getMaxMapCount() < LIMIT) {
                     final String message = String.format(
                             Locale.ROOT,
@@ -516,7 +516,7 @@ static class SystemCallFilterCheck implements BootstrapCheck {
 
         @Override
         public BootstrapCheckResult check(BootstrapContext context) {
-            if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings) && !isSystemCallFilterInstalled()) {
+            if (BootstrapSettings.SYSTEM_CALL_FILTER_SETTING.get(context.settings()) && !isSystemCallFilterInstalled()) {
                 final String message =  "system call filters failed to install; " +
                         "check the logs and fix your configuration or disable system call filters at your own risk";
                 return BootstrapCheckResult.failure(message);
@@ -712,5 +712,4 @@ boolean isAllPermissionGranted() {
         }
 
     }
-
 }
diff --git a/server/src/main/java/org/elasticsearch/bootstrap/BootstrapContext.java b/server/src/main/java/org/elasticsearch/bootstrap/BootstrapContext.java
@@ -20,22 +20,36 @@
 
 import org.elasticsearch.cluster.metadata.MetaData;
 import org.elasticsearch.common.settings.Settings;
+import org.elasticsearch.env.Environment;
 
 /**
  * Context that is passed to every bootstrap check to make decisions on.
  */
 public class BootstrapContext {
     /**
-     * The nodes settings
+     * The node's environment
      */
-    public final Settings settings;
+    private final Environment environment;
+
     /**
-     * The nodes local state metadata loaded on startup
+     * The node's local state metadata loaded on startup
      */
-    public final MetaData metaData;
+    private final MetaData metaData;
 
-    public BootstrapContext(Settings settings, MetaData metaData) {
-        this.settings = settings;
+    public BootstrapContext(Environment environment, MetaData metaData) {
+        this.environment = environment;
         this.metaData = metaData;
     }
+
+    public Environment environment() {
+        return environment;
+    }
+
+    public Settings settings() {
+        return environment.settings();
+    }
+
+    public MetaData metaData() {
+        return metaData;
+    }
 }
diff --git a/server/src/main/java/org/elasticsearch/node/Node.java b/server/src/main/java/org/elasticsearch/node/Node.java
@@ -738,7 +738,7 @@ public Node start() throws NodeValidationException {
         } catch (IOException e) {
             throw new UncheckedIOException(e);
         }
-        validateNodeBeforeAcceptingRequests(new BootstrapContext(settings, onDiskMetadata), transportService.boundAddress(), pluginsService
+        validateNodeBeforeAcceptingRequests(new BootstrapContext(environment, onDiskMetadata), transportService.boundAddress(), pluginsService
             .filterPlugins(Plugin
             .class)
             .stream()