OpenSearch/x-pack/plugin/identity-provider/build.gradle

372 lines
18 KiB
Groovy
Raw Normal View History

import org.elasticsearch.gradle.info.BuildParams
evaluationDependsOn(xpackModule('core'))
apply plugin: 'elasticsearch.esplugin'
apply plugin: 'nebula.maven-base-publish'
esplugin {
name 'x-pack-identity-provider'
description 'Elasticsearch Expanded Pack Plugin - Identity Provider'
classname 'org.elasticsearch.xpack.idp.IdentityProviderPlugin'
extendedPlugins = ['x-pack-core']
}
archivesBaseName = 'x-pack-identity-provider'
dependencies {
compileOnly project(path: xpackModule('core'), configuration: 'default')
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
// So that we can extend LocalStateCompositeXPackPlugin
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
// the following are all SAML dependencies - might as well download the whole internet
compile "org.opensaml:opensaml-core:3.4.5"
compile "org.opensaml:opensaml-saml-api:3.4.5"
compile "org.opensaml:opensaml-saml-impl:3.4.5"
compile "org.opensaml:opensaml-messaging-api:3.4.5"
compile "org.opensaml:opensaml-messaging-impl:3.4.5"
compile "org.opensaml:opensaml-security-api:3.4.5"
compile "org.opensaml:opensaml-security-impl:3.4.5"
compile "org.opensaml:opensaml-profile-api:3.4.5"
compile "org.opensaml:opensaml-profile-impl:3.4.5"
compile "org.opensaml:opensaml-xmlsec-api:3.4.5"
compile "org.opensaml:opensaml-xmlsec-impl:3.4.5"
compile "org.opensaml:opensaml-soap-api:3.4.5"
compile "org.opensaml:opensaml-soap-impl:3.4.5"
compile "org.opensaml:opensaml-storage-api:3.4.5"
compile "org.opensaml:opensaml-storage-impl:3.4.5"
compile "net.shibboleth.utilities:java-support:7.5.1"
compile "org.apache.santuario:xmlsec:2.1.4"
compile "io.dropwizard.metrics:metrics-core:3.2.2"
compile ("org.cryptacular:cryptacular:1.2.4") {
exclude group: 'org.bouncycastle'
}
compile "org.slf4j:slf4j-api:${versions.slf4j}"
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
runtimeOnly 'com.google.guava:guava:19.0'
testCompile 'org.elasticsearch:securemock:1.2'
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
}
compileJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
dependencyLicenses {
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
mapping from: /http.*/, to: 'httpclient'
}
forbiddenPatterns {
exclude '**/*.key'
exclude '**/*.p12'
exclude '**/*.der'
exclude '**/*.zip'
}
tasks.named('forbiddenApisMain').configure {
signaturesFiles += files('forbidden/xml-signatures.txt')
}
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
thirdPartyAudit {
ignoreMissingClasses (
// SAML dependencies
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
'com.beust.jcommander.JCommander',
'com.beust.jcommander.converters.BaseConverter',
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
'javax.servlet.AsyncContext',
'javax.servlet.DispatcherType',
'javax.servlet.Filter',
'javax.servlet.FilterChain',
'javax.servlet.FilterConfig',
'javax.servlet.RequestDispatcher',
'javax.servlet.ServletContext',
'javax.servlet.ServletException',
'javax.servlet.ServletInputStream',
'javax.servlet.ServletOutputStream',
'javax.servlet.ServletRequest',
'javax.servlet.ServletResponse',
'javax.servlet.http.Cookie',
'javax.servlet.http.HttpServletRequest',
'javax.servlet.http.HttpServletResponse',
'javax.servlet.http.HttpServletResponseWrapper',
'javax.servlet.http.HttpSession',
'javax.servlet.http.Part',
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
'org.apache.velocity.VelocityContext',
'org.apache.velocity.app.VelocityEngine',
'org.apache.velocity.context.Context',
'org.apache.velocity.exception.VelocityException',
'org.apache.velocity.runtime.RuntimeServices',
'org.apache.velocity.runtime.log.LogChute',
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
'org.apache.xml.dtm.DTM',
'org.apache.xml.utils.PrefixResolver',
'org.apache.xml.utils.PrefixResolverDefault',
'org.apache.xpath.Expression',
'org.apache.xpath.NodeSetDTM',
'org.apache.xpath.XPath',
'org.apache.xpath.XPathContext',
'org.apache.xpath.compiler.FunctionTable',
'org.apache.xpath.functions.Function',
'org.apache.xpath.objects.XNodeSet',
'org.apache.xpath.objects.XObject',
// [missing classes] OpenSAML storage has an optional LDAP storage impl
'org.ldaptive.AttributeModification',
'org.ldaptive.AttributeModificationType',
'org.ldaptive.Connection',
'org.ldaptive.DeleteOperation',
'org.ldaptive.DeleteRequest',
'org.ldaptive.LdapAttribute',
'org.ldaptive.LdapEntry',
'org.ldaptive.LdapException',
'org.ldaptive.ModifyOperation',
'org.ldaptive.ModifyRequest',
'org.ldaptive.Response',
'org.ldaptive.ResultCode',
'org.ldaptive.SearchOperation',
'org.ldaptive.SearchRequest',
'org.ldaptive.SearchResult',
'org.ldaptive.ext.MergeOperation',
'org.ldaptive.ext.MergeRequest',
'org.ldaptive.pool.ConnectionPool',
'org.ldaptive.pool.PooledConnectionFactory',
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
'javax.json.Json',
'javax.json.JsonException',
'javax.json.JsonNumber',
'javax.json.JsonObject',
'javax.json.JsonReader',
'javax.json.JsonValue$ValueType',
'javax.json.JsonValue',
'javax.json.stream.JsonGenerator',
// [missing classes] OpenSAML storage has an optional JPA storage impl
'javax.persistence.EntityManager',
'javax.persistence.EntityManagerFactory',
'javax.persistence.EntityTransaction',
'javax.persistence.LockModeType',
'javax.persistence.Query',
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
'net.spy.memcached.CASResponse',
'net.spy.memcached.CASValue',
'net.spy.memcached.MemcachedClient',
'net.spy.memcached.MemcachedClientIF',
'net.spy.memcached.CachedData',
'net.spy.memcached.internal.OperationFuture',
'net.spy.memcached.transcoders.Transcoder',
// [missing classes] Http Client cache has optional ehcache support
'net.sf.ehcache.Ehcache',
'net.sf.ehcache.Element',
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
'org.slf4j.ext.EventData',
// Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
// acknowledge them here instead of adding bouncy castle as a compileOnly dependency
'org.bouncycastle.asn1.ASN1Encodable',
'org.bouncycastle.asn1.ASN1InputStream',
'org.bouncycastle.asn1.ASN1Integer',
'org.bouncycastle.asn1.ASN1ObjectIdentifier',
'org.bouncycastle.asn1.ASN1OctetString',
'org.bouncycastle.asn1.ASN1Primitive',
'org.bouncycastle.asn1.ASN1Sequence',
'org.bouncycastle.asn1.ASN1TaggedObject',
'org.bouncycastle.asn1.DEROctetString',
'org.bouncycastle.asn1.DERSequence',
'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
'org.bouncycastle.asn1.pkcs.EncryptionScheme',
'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
'org.bouncycastle.asn1.pkcs.PBEParameter',
'org.bouncycastle.asn1.pkcs.PBES2Parameters',
'org.bouncycastle.asn1.pkcs.PBKDF2Params',
'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
'org.bouncycastle.asn1.x500.RDN',
'org.bouncycastle.asn1.x500.X500Name',
'org.bouncycastle.asn1.x509.AccessDescription',
'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
'org.bouncycastle.asn1.x509.BasicConstraints',
'org.bouncycastle.asn1.x509.DistributionPoint',
'org.bouncycastle.asn1.x509.Extension',
'org.bouncycastle.asn1.x509.GeneralName',
'org.bouncycastle.asn1.x509.GeneralNames',
'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
'org.bouncycastle.asn1.x509.KeyPurposeId',
'org.bouncycastle.asn1.x509.KeyUsage',
'org.bouncycastle.asn1.x509.PolicyInformation',
'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
'org.bouncycastle.asn1.x9.X9ECParameters',
'org.bouncycastle.cert.X509v3CertificateBuilder',
'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
'org.bouncycastle.crypto.BlockCipher',
'org.bouncycastle.crypto.BufferedBlockCipher',
'org.bouncycastle.crypto.CipherParameters',
'org.bouncycastle.crypto.Digest',
'org.bouncycastle.crypto.PBEParametersGenerator',
'org.bouncycastle.crypto.StreamCipher',
'org.bouncycastle.crypto.digests.GOST3411Digest',
'org.bouncycastle.crypto.digests.MD2Digest',
'org.bouncycastle.crypto.digests.MD4Digest',
'org.bouncycastle.crypto.digests.MD5Digest',
'org.bouncycastle.crypto.digests.RIPEMD128Digest',
'org.bouncycastle.crypto.digests.RIPEMD160Digest',
'org.bouncycastle.crypto.digests.RIPEMD256Digest',
'org.bouncycastle.crypto.digests.RIPEMD320Digest',
'org.bouncycastle.crypto.digests.SHA1Digest',
'org.bouncycastle.crypto.digests.SHA224Digest',
'org.bouncycastle.crypto.digests.SHA256Digest',
'org.bouncycastle.crypto.digests.SHA384Digest',
'org.bouncycastle.crypto.digests.SHA3Digest',
'org.bouncycastle.crypto.digests.SHA512Digest',
'org.bouncycastle.crypto.digests.TigerDigest',
'org.bouncycastle.crypto.digests.WhirlpoolDigest',
'org.bouncycastle.crypto.engines.AESEngine',
'org.bouncycastle.crypto.engines.BlowfishEngine',
'org.bouncycastle.crypto.engines.CAST5Engine',
'org.bouncycastle.crypto.engines.CAST6Engine',
'org.bouncycastle.crypto.engines.CamelliaEngine',
'org.bouncycastle.crypto.engines.DESEngine',
'org.bouncycastle.crypto.engines.DESedeEngine',
'org.bouncycastle.crypto.engines.GOST28147Engine',
'org.bouncycastle.crypto.engines.Grain128Engine',
'org.bouncycastle.crypto.engines.HC128Engine',
'org.bouncycastle.crypto.engines.HC256Engine',
'org.bouncycastle.crypto.engines.ISAACEngine',
'org.bouncycastle.crypto.engines.NoekeonEngine',
'org.bouncycastle.crypto.engines.RC2Engine',
'org.bouncycastle.crypto.engines.RC4Engine',
'org.bouncycastle.crypto.engines.RC532Engine',
'org.bouncycastle.crypto.engines.RC564Engine',
'org.bouncycastle.crypto.engines.RC6Engine',
'org.bouncycastle.crypto.engines.SEEDEngine',
'org.bouncycastle.crypto.engines.Salsa20Engine',
'org.bouncycastle.crypto.engines.SerpentEngine',
'org.bouncycastle.crypto.engines.SkipjackEngine',
'org.bouncycastle.crypto.engines.TEAEngine',
'org.bouncycastle.crypto.engines.TwofishEngine',
'org.bouncycastle.crypto.engines.VMPCEngine',
'org.bouncycastle.crypto.engines.XTEAEngine',
'org.bouncycastle.crypto.generators.BCrypt',
'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
'org.bouncycastle.crypto.io.CipherInputStream',
'org.bouncycastle.crypto.io.CipherOutputStream',
'org.bouncycastle.crypto.macs.HMac',
'org.bouncycastle.crypto.modes.AEADBlockCipher',
'org.bouncycastle.crypto.modes.CBCBlockCipher',
'org.bouncycastle.crypto.modes.CCMBlockCipher',
'org.bouncycastle.crypto.modes.CFBBlockCipher',
'org.bouncycastle.crypto.modes.EAXBlockCipher',
'org.bouncycastle.crypto.modes.GCMBlockCipher',
'org.bouncycastle.crypto.modes.OCBBlockCipher',
'org.bouncycastle.crypto.modes.OFBBlockCipher',
'org.bouncycastle.crypto.paddings.BlockCipherPadding',
'org.bouncycastle.crypto.paddings.ISO10126d2Padding',
'org.bouncycastle.crypto.paddings.ISO7816d4Padding',
'org.bouncycastle.crypto.paddings.PKCS7Padding',
'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
'org.bouncycastle.crypto.paddings.TBCPadding',
'org.bouncycastle.crypto.paddings.X923Padding',
'org.bouncycastle.crypto.paddings.ZeroBytePadding',
'org.bouncycastle.crypto.params.AEADParameters',
'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
'org.bouncycastle.crypto.params.DSAKeyParameters',
'org.bouncycastle.crypto.params.DSAParameters',
'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
'org.bouncycastle.crypto.params.ECDomainParameters',
'org.bouncycastle.crypto.params.ECKeyParameters',
'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
'org.bouncycastle.crypto.params.ECPublicKeyParameters',
'org.bouncycastle.crypto.params.KeyParameter',
'org.bouncycastle.crypto.params.ParametersWithIV',
'org.bouncycastle.crypto.params.RC2Parameters',
'org.bouncycastle.crypto.params.RC5Parameters',
'org.bouncycastle.crypto.params.RSAKeyParameters',
'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
'org.bouncycastle.crypto.prng.EntropySource',
'org.bouncycastle.crypto.prng.SP800SecureRandom',
'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
'org.bouncycastle.crypto.prng.drbg.HashSP800DRBG',
'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
'org.bouncycastle.crypto.signers.DSASigner',
'org.bouncycastle.crypto.signers.ECDSASigner',
'org.bouncycastle.crypto.signers.RSADigestSigner',
'org.bouncycastle.crypto.util.PrivateKeyFactory',
'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
'org.bouncycastle.crypto.util.PublicKeyFactory',
'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec',
'org.bouncycastle.math.ec.ECFieldElement',
'org.bouncycastle.math.ec.ECPoint',
'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
'org.bouncycastle.util.Arrays',
'org.bouncycastle.util.Strings',
'org.bouncycastle.util.io.Streams',
'org.bouncycastle.x509.extension.X509ExtensionUtil'
)
ignoreViolations(
// Guava uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
)
}
if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses(
'javax.xml.bind.JAXBContext',
'javax.xml.bind.JAXBElement',
'javax.xml.bind.JAXBException',
'javax.xml.bind.Unmarshaller',
'javax.xml.bind.UnmarshallerHandler',
)
}
test {
/*
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
* other if we allow them to set the number of available processors as it's set-once in Netty.
*/
systemProperty 'es.set.netty.runtime.available.processors', 'false'
}
// xpack modules are installed in real clusters as the meta plugin, so
// installing them as individual plugins for integ tests doesn't make sense,
// so we disable integ tests
integTest.enabled = false
// add all sub-projects of the qa sub-project
gradle.projectsEvaluated {
project.subprojects
.find { it.path == project.path + ":qa" }
.subprojects
.findAll { it.path.startsWith(project.path + ":qa") }
.each { check.dependsOn it.check }
}