2018-01-22 10:55:03 -05:00
|
|
|
evaluationDependsOn(':x-pack-elasticsearch:plugin:core')
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
apply plugin: 'elasticsearch.esplugin'
|
|
|
|
|
esplugin {
|
|
|
|
|
name 'x-pack-security'
|
|
|
|
|
description 'Elasticsearch Expanded Pack Plugin - Security'
|
|
|
|
|
classname 'org.elasticsearch.xpack.security.Security'
|
2018-01-21 11:00:51 -05:00
|
|
|
hasNativeController false
|
2018-01-20 00:30:17 -05:00
|
|
|
requiresKeystore true
|
|
|
|
|
extendedPlugins = ['x-pack-core']
|
|
|
|
|
licenseFile project(':x-pack-elasticsearch').file('LICENSE.txt')
|
|
|
|
|
noticeFile project(':x-pack-elasticsearch').file('NOTICE.txt')
|
|
|
|
|
}
|
2017-12-08 11:41:32 -05:00
|
|
|
|
|
|
|
|
archivesBaseName = 'x-pack-security'
|
|
|
|
|
|
|
|
|
|
licenseHeaders.enabled = false
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
integTest.enabled = false
|
|
|
|
|
|
2017-12-08 11:41:32 -05:00
|
|
|
dependencies {
|
|
|
|
|
provided "org.elasticsearch:elasticsearch:${version}"
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
provided "org.elasticsearch.plugin:x-pack-core:${version}"
|
|
|
|
|
compileOnly project(path: ':modules:transport-netty4', configuration: 'runtime')
|
|
|
|
|
provided project(path: ':plugins:transport-nio', configuration: 'runtime')
|
|
|
|
|
|
|
|
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin:monitoring')
|
|
|
|
|
|
|
|
|
|
testCompile project(path: ':x-pack-elasticsearch:plugin:core', configuration: 'testArtifacts')
|
|
|
|
|
|
|
|
|
|
//compile project(path: ':modules:transport-netty4')
|
2017-12-08 11:41:32 -05:00
|
|
|
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
|
|
|
|
|
compile 'org.bouncycastle:bcprov-jdk15on:1.58'
|
|
|
|
|
compile 'org.bouncycastle:bcpkix-jdk15on:1.58'
|
2018-01-20 17:43:00 -05:00
|
|
|
|
|
|
|
|
// the following are all SAML dependencies - might as well download the whole internet
|
|
|
|
|
compile "org.opensaml:opensaml-core:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-saml-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-saml-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-messaging-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-messaging-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-security-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-security-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-profile-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-profile-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-xmlsec-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-xmlsec-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-soap-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-soap-impl:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-storage-api:3.3.0"
|
|
|
|
|
compile "org.opensaml:opensaml-storage-impl:3.3.0"
|
|
|
|
|
compile "net.shibboleth.utilities:java-support:7.3.0"
|
|
|
|
|
compile "org.apache.santuario:xmlsec:2.0.8"
|
|
|
|
|
compile "io.dropwizard.metrics:metrics-core:3.2.2"
|
|
|
|
|
compile "org.cryptacular:cryptacular:1.2.0"
|
|
|
|
|
compile "org.slf4j:slf4j-api:${versions.slf4j}"
|
|
|
|
|
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
|
|
|
|
|
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
|
|
|
|
|
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
|
|
|
|
|
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
|
|
|
|
|
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
|
|
|
|
|
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
|
|
|
|
|
compile 'com.google.guava:guava:19.0'
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
testCompile 'org.elasticsearch:securemock:1.2'
|
|
|
|
|
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
|
|
|
|
|
//testCompile "org.yaml:snakeyaml:${versions.snakeyaml}"
|
|
|
|
|
|
2017-12-08 11:41:32 -05:00
|
|
|
}
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
compileJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
|
|
|
|
|
compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
|
|
|
|
|
|
|
|
|
|
configurations {
|
|
|
|
|
testArtifacts.extendsFrom testRuntime
|
|
|
|
|
}
|
|
|
|
|
task testJar(type: Jar) {
|
|
|
|
|
appendix 'test'
|
|
|
|
|
from sourceSets.test.output
|
|
|
|
|
}
|
|
|
|
|
artifacts {
|
|
|
|
|
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
|
|
|
|
|
archives jar
|
|
|
|
|
testArtifacts testJar
|
|
|
|
|
}
|
|
|
|
|
//testClasses {
|
|
|
|
|
// dependsOn project(":x-pack-elasticsearch:plugin:core").testJar
|
|
|
|
|
//}
|
|
|
|
|
// TestUtils creates things in core, and the cli thinks that it needs to read from the core testArtifacts
|
|
|
|
|
// jar, so it fails with a zip file resource not found in getResource(Path)
|
|
|
|
|
sourceSets.test.resources {
|
|
|
|
|
srcDir '../core/src/test/resources'
|
|
|
|
|
}
|
2017-12-08 11:41:32 -05:00
|
|
|
dependencyLicenses {
|
2017-12-08 16:42:50 -05:00
|
|
|
mapping from: /netty-.*/, to: 'netty'
|
|
|
|
|
mapping from: /bc.*/, to: 'bouncycastle'
|
|
|
|
|
mapping from: /transport-netty.*/, to: 'elasticsearch'
|
2018-01-20 17:43:00 -05:00
|
|
|
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
|
|
|
|
|
mapping from: /http.*/, to: 'httpclient'
|
2017-12-08 16:42:50 -05:00
|
|
|
ignoreSha 'x-pack-core'
|
|
|
|
|
ignoreSha 'transport-netty4'
|
2017-12-08 11:41:32 -05:00
|
|
|
}
|
|
|
|
|
|
2018-01-20 00:30:17 -05:00
|
|
|
forbiddenPatterns {
|
|
|
|
|
exclude '**/*.key'
|
|
|
|
|
exclude '**/*.p12'
|
|
|
|
|
exclude '**/*.der'
|
|
|
|
|
exclude '**/*.zip'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
forbiddenApisMain {
|
|
|
|
|
signaturesURLs += file('forbidden/ldap-signatures.txt').toURI().toURL()
|
2018-01-20 17:43:00 -05:00
|
|
|
signaturesURLs += file('forbidden/xml-signatures.txt').toURI().toURL()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
|
|
|
|
|
thirdPartyAudit.excludes = [
|
|
|
|
|
// SAML dependencies
|
|
|
|
|
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
|
|
|
|
|
'com.beust.jcommander.JCommander',
|
|
|
|
|
'com.beust.jcommander.converters.BaseConverter',
|
|
|
|
|
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
|
|
|
|
|
'javax.servlet.AsyncContext',
|
|
|
|
|
'javax.servlet.DispatcherType',
|
|
|
|
|
'javax.servlet.Filter',
|
|
|
|
|
'javax.servlet.FilterChain',
|
|
|
|
|
'javax.servlet.FilterConfig',
|
|
|
|
|
'javax.servlet.RequestDispatcher',
|
|
|
|
|
'javax.servlet.ServletContext',
|
|
|
|
|
'javax.servlet.ServletException',
|
|
|
|
|
'javax.servlet.ServletInputStream',
|
|
|
|
|
'javax.servlet.ServletOutputStream',
|
|
|
|
|
'javax.servlet.ServletRequest',
|
|
|
|
|
'javax.servlet.ServletResponse',
|
|
|
|
|
'javax.servlet.http.Cookie',
|
|
|
|
|
'javax.servlet.http.HttpServletRequest',
|
|
|
|
|
'javax.servlet.http.HttpServletResponse',
|
|
|
|
|
'javax.servlet.http.HttpServletResponseWrapper',
|
|
|
|
|
'javax.servlet.http.HttpSession',
|
|
|
|
|
'javax.servlet.http.Part',
|
|
|
|
|
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
|
|
|
|
|
'org.apache.velocity.VelocityContext',
|
|
|
|
|
'org.apache.velocity.app.VelocityEngine',
|
|
|
|
|
'org.apache.velocity.context.Context',
|
|
|
|
|
'org.apache.velocity.exception.VelocityException',
|
|
|
|
|
'org.apache.velocity.runtime.RuntimeServices',
|
|
|
|
|
'org.apache.velocity.runtime.log.LogChute',
|
|
|
|
|
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
|
|
|
|
|
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
|
|
|
|
|
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
|
|
|
|
|
'org.apache.xml.dtm.DTM',
|
|
|
|
|
'org.apache.xml.utils.PrefixResolver',
|
|
|
|
|
'org.apache.xml.utils.PrefixResolverDefault',
|
|
|
|
|
'org.apache.xpath.Expression',
|
|
|
|
|
'org.apache.xpath.NodeSetDTM',
|
|
|
|
|
'org.apache.xpath.XPath',
|
|
|
|
|
'org.apache.xpath.XPathContext',
|
|
|
|
|
'org.apache.xpath.compiler.FunctionTable',
|
|
|
|
|
'org.apache.xpath.functions.Function',
|
|
|
|
|
'org.apache.xpath.objects.XNodeSet',
|
|
|
|
|
'org.apache.xpath.objects.XObject',
|
|
|
|
|
// [missing classes] OpenSAML storage has an optional LDAP storage impl
|
|
|
|
|
'org.ldaptive.AttributeModification',
|
|
|
|
|
'org.ldaptive.AttributeModificationType',
|
|
|
|
|
'org.ldaptive.Connection',
|
|
|
|
|
'org.ldaptive.DeleteOperation',
|
|
|
|
|
'org.ldaptive.DeleteRequest',
|
|
|
|
|
'org.ldaptive.LdapAttribute',
|
|
|
|
|
'org.ldaptive.LdapEntry',
|
|
|
|
|
'org.ldaptive.LdapException',
|
|
|
|
|
'org.ldaptive.ModifyOperation',
|
|
|
|
|
'org.ldaptive.ModifyRequest',
|
|
|
|
|
'org.ldaptive.Response',
|
|
|
|
|
'org.ldaptive.ResultCode',
|
|
|
|
|
'org.ldaptive.SearchOperation',
|
|
|
|
|
'org.ldaptive.SearchRequest',
|
|
|
|
|
'org.ldaptive.SearchResult',
|
|
|
|
|
'org.ldaptive.ext.MergeOperation',
|
|
|
|
|
'org.ldaptive.ext.MergeRequest',
|
|
|
|
|
'org.ldaptive.pool.ConnectionPool',
|
|
|
|
|
'org.ldaptive.pool.PooledConnectionFactory',
|
|
|
|
|
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
|
|
|
|
|
'javax.json.Json',
|
|
|
|
|
'javax.json.JsonException',
|
|
|
|
|
'javax.json.JsonNumber',
|
|
|
|
|
'javax.json.JsonObject',
|
|
|
|
|
'javax.json.JsonReader',
|
|
|
|
|
'javax.json.JsonValue$ValueType',
|
|
|
|
|
'javax.json.JsonValue',
|
|
|
|
|
'javax.json.stream.JsonGenerator',
|
|
|
|
|
// [missing classes] OpenSAML storage has an optional JPA storage impl
|
|
|
|
|
'javax.persistence.EntityManager',
|
|
|
|
|
'javax.persistence.EntityManagerFactory',
|
|
|
|
|
'javax.persistence.EntityTransaction',
|
|
|
|
|
'javax.persistence.LockModeType',
|
|
|
|
|
'javax/persistence/Query',
|
|
|
|
|
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
|
|
|
|
|
'net.spy.memcached.CASResponse',
|
|
|
|
|
'net.spy.memcached.CASValue',
|
|
|
|
|
'net.spy.memcached.MemcachedClient',
|
|
|
|
|
'net.spy.memcached.MemcachedClientIF',
|
|
|
|
|
'net.spy.memcached.CachedData',
|
|
|
|
|
'net.spy.memcached.internal.OperationFuture',
|
|
|
|
|
'net.spy.memcached.transcoders.Transcoder',
|
|
|
|
|
// [missing classes] Http Client cache has optional ehcache support
|
|
|
|
|
'net.sf.ehcache.Ehcache',
|
|
|
|
|
'net.sf.ehcache.Element',
|
|
|
|
|
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
|
|
|
|
|
'org.slf4j.ext.EventData',
|
|
|
|
|
// Guava uses internal java api: sun.misc.Unsafe
|
|
|
|
|
'com.google.common.cache.Striped64',
|
|
|
|
|
'com.google.common.cache.Striped64$1',
|
|
|
|
|
'com.google.common.cache.Striped64$Cell',
|
|
|
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
|
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
|
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
|
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
|
|
|
|
|
]
|
|
|
|
|
|
|
|
|
|
if (JavaVersion.current() > JavaVersion.VERSION_1_8) {
|
|
|
|
|
thirdPartyAudit.excludes += [
|
|
|
|
|
'javax.xml.bind.JAXBContext',
|
|
|
|
|
'javax.xml.bind.JAXBElement',
|
|
|
|
|
'javax.xml.bind.JAXBException',
|
|
|
|
|
'javax.xml.bind.Unmarshaller',
|
|
|
|
|
'javax.xml.bind.UnmarshallerHandler',
|
|
|
|
|
];
|
2018-01-20 00:30:17 -05:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
run {
|
|
|
|
|
plugin ':x-pack-elasticsearch:plugin:core'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
test {
|
|
|
|
|
/*
|
|
|
|
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
|
|
|
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
|
|
|
|
*/
|
|
|
|
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
integTestRunner {
|
|
|
|
|
/*
|
|
|
|
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
|
|
|
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
|
|
|
|
*/
|
|
|
|
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
2017-12-08 11:41:32 -05:00
|
|
|
}
|
