OpenSearch/x-pack/plugin/security/cli/build.gradle

import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask

apply plugin: 'elasticsearch.build'

archivesBaseName = 'elasticsearch-security-cli'

dependencies {
    compileOnly "org.elasticsearch:elasticsearch:${version}"
    // "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
    compileOnly project(path: xpackModule('core'), configuration: 'default')
    compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
    compile 'org.bouncycastle:bcprov-jdk15on:1.59'
    testImplementation 'com.google.jimfs:jimfs:1.1'
    testCompile "junit:junit:${versions.junit}"
    testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"
    testCompile 'org.elasticsearch:securemock:1.2'
    testCompile "org.elasticsearch.test:framework:${version}"
    testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
}

dependencyLicenses {
    mapping from: /bc.*/, to: 'bouncycastle'
}

if (project.inFipsJvm) {
    test.enabled = false
    // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
    // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
    tasks.withType(ForbiddenApisCliTask) {
        bundledSignatures -= "jdk-non-portable"
    }
    // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
    // rather than provide a long list of exclusions, disable the check on FIPS.
    thirdPartyAudit.enabled = false
}
Fix forbidden apis on FIPS (#33202) - third party audit detects jar hell with JDK so we disable it - jdk non portable in forbiddenapis detects classes being used from the JDK ( for fips ) that are not portable, this is intended so we don't scan for it on fips. - different exclusion rules for third party audit on fips Closes #33179 2018-08-29 10:43:40 -04:00			`import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask`

Remove BouncyCastle dependency from runtime (#32193) * Remove BouncyCastle dependency from runtime This commit introduces a new gradle project that contains the classes that have a dependency on BouncyCastle. For the default distribution, It builds a jar from those and in puts it in a subdirectory of lib (/tools/security-cli) along with the BouncyCastle jars. This directory is then passed in the ES_ADDITIONAL_CLASSPATH_DIRECTORIES of the CLI tools that use these classes. BouncyCastle is removed as a runtime dependency (remains as a compileOnly one) from x-pack core and x-pack security. 2018-07-20 17:03:58 -04:00			`apply plugin: 'elasticsearch.build'`

			`archivesBaseName = 'elasticsearch-security-cli'`

			`dependencies {`
			`compileOnly "org.elasticsearch:elasticsearch:${version}"`
Build: Rework shadow plugin configuration (#32409) This reworks how we configure the `shadow` plugin in the build. The major change is that we no longer bundle dependencies in the `compile` configuration, instead we bundle dependencies in the new `bundle` configuration. This feels more right because it is a little more "opt in" rather than "opt out" and the name of the `bundle` configuration is a little more obvious. As an neat side effect of this, the `runtimeElements` configuration used when one project depends on another now contains exactly the dependencies needed to run the project so you no longer need to reference projects that use the shadow plugin like this: ``` testCompile project(path: ':client:rest-high-level', configuration: 'shadow') ``` You can instead use the much more normal: ``` testCompile "org.elasticsearch.client:elasticsearch-rest-high-level-client:${version}" ``` 2018-08-21 20:03:28 -04:00			`// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here`
			`compileOnly project(path: xpackModule('core'), configuration: 'default')`
Remove BouncyCastle dependency from runtime (#32193) * Remove BouncyCastle dependency from runtime This commit introduces a new gradle project that contains the classes that have a dependency on BouncyCastle. For the default distribution, It builds a jar from those and in puts it in a subdirectory of lib (/tools/security-cli) along with the BouncyCastle jars. This directory is then passed in the ES_ADDITIONAL_CLASSPATH_DIRECTORIES of the CLI tools that use these classes. BouncyCastle is removed as a runtime dependency (remains as a compileOnly one) from x-pack core and x-pack security. 2018-07-20 17:03:58 -04:00			`compile 'org.bouncycastle:bcpkix-jdk15on:1.59'`
Fix forbidden apis on FIPS (#33202) - third party audit detects jar hell with JDK so we disable it - jdk non portable in forbiddenapis detects classes being used from the JDK ( for fips ) that are not portable, this is intended so we don't scan for it on fips. - different exclusion rules for third party audit on fips Closes #33179 2018-08-29 10:43:40 -04:00			`compile 'org.bouncycastle:bcprov-jdk15on:1.59'`
Remove BouncyCastle dependency from runtime (#32193) * Remove BouncyCastle dependency from runtime This commit introduces a new gradle project that contains the classes that have a dependency on BouncyCastle. For the default distribution, It builds a jar from those and in puts it in a subdirectory of lib (/tools/security-cli) along with the BouncyCastle jars. This directory is then passed in the ES_ADDITIONAL_CLASSPATH_DIRECTORIES of the CLI tools that use these classes. BouncyCastle is removed as a runtime dependency (remains as a compileOnly one) from x-pack core and x-pack security. 2018-07-20 17:03:58 -04:00			`testImplementation 'com.google.jimfs:jimfs:1.1'`
			`testCompile "junit:junit:${versions.junit}"`
			`testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"`
			`testCompile 'org.elasticsearch:securemock:1.2'`
			`testCompile "org.elasticsearch.test:framework:${version}"`
			`testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')`
			`}`

			`dependencyLicenses {`
			`mapping from: /bc.*/, to: 'bouncycastle'`
Build: Shadow x-pack:protocol into x-pack:plugin:core (#32240) This bundles the x-pack:protocol project into the x-pack:plugin:core project because we'd like folks to consider it an implementation detail of our build rather than a separate artifact to be managed and depended on. It is now bundled into both x-pack:plugin:core and client:rest-high-level. To make this work I had to fix a few things. Firstly, I had to make PluginBuildPlugin work with the shadow plugin. In that case we have to bundle only the `shadow` dependencies and the shadow jar. Secondly, every reference to x-pack:plugin:core has to use the `shadow` configuration. Without that the reference is missing all of the un-shadowed dependencies. I tried to make it so that applying the shadow plugin automatically redefines the `default` configuration to mirror the `shadow` configuration which would allow us to use bare project references to the x-pack:plugin:core project but I couldn't make it work. It'd look like it works but then fail for transitive dependencies anyway. I think it is still a good thing to do but I don't have the willpower to do it now. Finally, I had to fix an issue where Eclipse and IntelliJ didn't properly reference shadowed transitive dependencies. Neither IDE supports shadowing natively so they have to reference the shadowed projects. We fix this by detecting `shadow` dependencies when in "Intellij mode" or "Eclipse mode" and adding `runtime` dependencies to the same target. This convinces IntelliJ and Eclipse to play nice. 2018-07-24 11:53:04 -04:00			`}`
Mute security-cli tests in FIPS JVM (#32812) All Unit tests in this module are muted in FIPS 140 JVMs and as such the CI run fails. This commit disables test task for the module in a FIPS JVM and reverts adding a dummy test in 4cbcc1. 2018-08-13 14:27:06 -04:00
Fix forbidden apis on FIPS (#33202) - third party audit detects jar hell with JDK so we disable it - jdk non portable in forbiddenapis detects classes being used from the JDK ( for fips ) that are not portable, this is intended so we don't scan for it on fips. - different exclusion rules for third party audit on fips Closes #33179 2018-08-29 10:43:40 -04:00			`if (project.inFipsJvm) {`
Mute security-cli tests in FIPS JVM (#32812) All Unit tests in this module are muted in FIPS 140 JVMs and as such the CI run fails. This commit disables test task for the module in a FIPS JVM and reverts adding a dummy test in 4cbcc1. 2018-08-13 14:27:06 -04:00			`test.enabled = false`
Fix forbidden apis on FIPS (#33202) - third party audit detects jar hell with JDK so we disable it - jdk non portable in forbiddenapis detects classes being used from the JDK ( for fips ) that are not portable, this is intended so we don't scan for it on fips. - different exclusion rules for third party audit on fips Closes #33179 2018-08-29 10:43:40 -04:00			`// Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are`
			`// not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.`
			`tasks.withType(ForbiddenApisCliTask) {`
			`bundledSignatures -= "jdk-non-portable"`
			`}`
			`// FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,`
			`// rather than provide a long list of exclusions, disable the check on FIPS.`
			`thirdPartyAudit.enabled = false`
Build: Rework shadow plugin configuration (#32409) This reworks how we configure the `shadow` plugin in the build. The major change is that we no longer bundle dependencies in the `compile` configuration, instead we bundle dependencies in the new `bundle` configuration. This feels more right because it is a little more "opt in" rather than "opt out" and the name of the `bundle` configuration is a little more obvious. As an neat side effect of this, the `runtimeElements` configuration used when one project depends on another now contains exactly the dependencies needed to run the project so you no longer need to reference projects that use the shadow plugin like this: ``` testCompile project(path: ':client:rest-high-level', configuration: 'shadow') ``` You can instead use the much more normal: ``` testCompile "org.elasticsearch.client:elasticsearch-rest-high-level-client:${version}" ``` 2018-08-21 20:03:28 -04:00			`}`