honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enforce Java version 

The Elastic Secrets vault is served via HTTPS with a Let's Encrypt
certificate. The root certificate that cross-signed the Let's Encrypt
certificates were not trusted by the JDK until 8u101. This commit adds a
version check at the start of the build to make it clear the cause of
the underlying issue, and what the fix is.

Relates elastic/x-pack-elasticsearch#541

Original commit: elastic/x-pack-elasticsearch@6bf8076cb6
This commit is contained in:
Jason Tedor 2017-02-11 12:12:26 -05:00 committed by GitHub
parent 89f996eed2
commit 1b4fec642c
1 changed files with 27 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
plugin/build.gradle
View File

@ -1,17 +1,14 @@
import org.elasticsearch.gradle.MavenFilteringHack
import org.elasticsearch.gradle.test.NodeInfo
import org.gradle.plugins.ide.eclipse.model.SourceFolder
import org.elasticsearch.gradle.precommit.LicenseHeadersTask
import org.elasticsearch.gradle.VersionProperties
import com.bettercloud.vault.Vault
import com.bettercloud.vault.VaultConfig
import com.bettercloud.vault.response.LogicalResponse
import com.amazonaws.AmazonServiceException import com.amazonaws.AmazonServiceException
import com.amazonaws.ClientConfiguration import com.amazonaws.ClientConfiguration
import com.amazonaws.auth.AWSCredentials import com.amazonaws.auth.AWSCredentials
import com.amazonaws.auth.BasicAWSCredentials import com.amazonaws.auth.BasicAWSCredentials
import com.amazonaws.services.s3.AmazonS3Client import com.amazonaws.services.s3.AmazonS3Client
import com.amazonaws.services.s3.model.HeadBucketRequest import com.amazonaws.services.s3.model.HeadBucketRequest
import com.bettercloud.vault.Vault
import com.bettercloud.vault.VaultConfig
import com.bettercloud.vault.response.LogicalResponse
import org.elasticsearch.gradle.MavenFilteringHack
import org.elasticsearch.gradle.test.NodeInfo
import java.nio.charset.StandardCharsets import java.nio.charset.StandardCharsets
import java.nio.file.Files import java.nio.file.Files
@ -41,7 +38,28 @@ buildscript {
} }
Closure setAwsCreds = { Closure setAwsCreds = {
// first need to get an authentication token with vault
/**
* The Elastic Secrets vault is served via HTTPS with a Let's Encrypt certificate. The root certificates that cross-signed the Let's
* Encrypt certificates were not trusted by the JDK until 8u101. Therefore, we enforce that the JDK is at least 8u101 here.
*/
final String javaVersion = System.getProperty('java.version')
final String javaVendor = System.getProperty('java.vendor')
def matcher = javaVersion =~ /1\.8\.0(?:_(\d+))?/
boolean matches = matcher.matches()
assert matches
final int update
if (matcher.group(1) == null) {
update = 0
} else {
update = matcher.group(1).toInteger()
}
if (update < 101) {
throw new GradleException("JDK ${javaVendor} ${javaVersion} does not have necessary root certificates " +
"(https://bugs.openjdk.java.net/browse/JDK-8154757), update your JDK to at least JDK 8u101+")
}
// get an authentication token with vault
String homePath = System.properties['user.home'] String homePath = System.properties['user.home']
File githubToken = file("${homePath}/.elastic/github.token") File githubToken = file("${homePath}/.elastic/github.token")
final String VAULT_URL = 'https://secrets.elastic.co:8200' final String VAULT_URL = 'https://secrets.elastic.co:8200'