/*
 * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
 * or more contributor license agreements. Licensed under the Elastic License
 * 2.0 and the Server Side Public License, v 1; you may not use this file except
 * in compliance with, at your election, the Elastic License 2.0 or the Server
 * Side Public License, v 1.
 */

grant {

  // needed because of problems in ClientConfiguration
  // TODO: get these fixed in aws sdk
  permission java.lang.RuntimePermission "accessDeclaredMembers";
  permission java.lang.RuntimePermission "getClassLoader";
  // Needed because of problems in AmazonS3Client:
  // When no region is set on a AmazonS3Client instance, the
  // AWS SDK loads all known partitions from a JSON file and
  // uses a Jackson's ObjectMapper for that: this one, in
  // version 2.5.3 with the default binding options, tries
  // to suppress access checks of ctor/field/method and thus
  // requires this special permission. AWS must be fixed to
  // uses Jackson correctly and have the correct modifiers
  // on binded classes.
  // TODO: get these fixed in aws sdk
  // See https://github.com/aws/aws-sdk-java/issues/766
  permission java.lang.reflect.ReflectPermission "suppressAccessChecks";

  // s3 client opens socket connections for to access repository
  permission java.net.SocketPermission "*", "connect";

  // only for tests : org.elasticsearch.repositories.s3.S3RepositoryPlugin
  permission java.util.PropertyPermission "es.allow_insecure_settings", "read,write";
};