Use task avoidance with forbidden apis (#55034)

Currently forbidden apis accounts for 800+ tasks in the build. These tasks are aggressively created by the plugin. In forbidden apis 3.0, we will get task avoidance (https://github.com/policeman-tools/forbidden-apis/pull/162), but we need to ourselves use the same task avoidance mechanisms to not trigger these task creations. This commit does that for our foribdden apis usages, in preparation for upgrading to 3.0 when it is released.
2020-04-15 13:23:55 -07:00 · 2020-04-15 13:23:55 -07:00 · 29b70733ae
parent b88dd47de3
commit 29b70733ae
36 changed files with 49 additions and 44 deletions
--- a/benchmarks/build.gradle
+++ b/benchmarks/build.gradle
@ -48,7 +48,7 @@ compileJava.options.compilerArgs.addAll(["-processor", "org.openjdk.jmh.generato
 run.executable = "${BuildParams.runtimeJavaHome}/bin/java"

 // classes generated by JMH can use all sorts of forbidden APIs but we have no influence at all and cannot exclude these classes
-forbiddenApisMain.enabled = false
+disableTasks('forbiddenApisMain')

 // No licenses for our benchmark deps (we don't ship benchmarks)
 dependencyLicenses.enabled = false
--- a/build.gradle
+++ b/build.gradle
@ -537,3 +537,11 @@ subprojects {
    }
  }
 }
+
+subprojects {
+  project.ext.disableTasks = { String... tasknames ->
+    for (String taskname : tasknames) {
+      project.tasks.named(taskname).configure { onlyIf { false } }
+    }
+  }
+}
--- a/buildSrc/build.gradle
+++ b/buildSrc/build.gradle
@ -168,9 +168,7 @@ if (project != rootProject) {
  // build-tools is not ready for primetime with these...
  dependencyLicenses.enabled = false
  dependenciesInfo.enabled = false
-  forbiddenApisMain.enabled = false
-  forbiddenApisMinimumRuntime.enabled = false
-  forbiddenApisTest.enabled = false
+  disableTasks('forbiddenApisMain', 'forbiddenApisMinimumRuntime', 'forbiddenApisTest')
  jarHell.enabled = false
  thirdPartyAudit.enabled = false
  if (Boolean.parseBoolean(System.getProperty("tests.fips.enabled"))){
--- a/buildSrc/src/testKit/elasticsearch.build/build.gradle
+++ b/buildSrc/src/testKit/elasticsearch.build/build.gradle
@ -17,8 +17,8 @@ repositories {
 }

 // todo remove offending rules
-forbiddenApisMain.enabled = false
-forbiddenApisTest.enabled = false
+tasks.named('forbiddenApisMain').configure { onlyIf { false } }
+tasks.named('forbiddenApisTest').configure { onlyIf { false } }
 // requires dependency on testing fw
 jarHell.enabled = false
 // we don't have tests for now
--- a/client/rest-high-level/build.gradle
+++ b/client/rest-high-level/build.gradle
@ -78,7 +78,7 @@ dependencyLicenses {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // core does not depend on the httpclient for compile so we add the signatures here. We don't add them for test as they are already
  // specified
  addSignatureFiles 'http-signatures'
--- a/client/rest/build.gradle
+++ b/client/rest/build.gradle
@ -51,7 +51,7 @@ dependencies {
  testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
 }

-tasks.withType(CheckForbiddenApis) {
+tasks.withType(CheckForbiddenApis).configureEach {
  //client does not depend on server, so only jdk and http signatures should be checked
  replaceSignatureFiles('jdk-signatures', 'http-signatures')
 }
@ -60,7 +60,7 @@ forbiddenPatterns {
  exclude '**/*.der'
 }

-forbiddenApisTest {
+tasks.named('forbiddenApisTest').configure {
  //we are using jdk-internal instead of jdk-non-portable to allow for com.sun.net.httpserver.* usage
  bundledSignatures -= 'jdk-non-portable'
  bundledSignatures += 'jdk-internal'
--- a/client/sniffer/build.gradle
+++ b/client/sniffer/build.gradle
@ -48,12 +48,12 @@ dependencies {
  testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  //client does not depend on server, so only jdk signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }

-forbiddenApisTest {
+tasks.named('forbiddenApisTest').configure {
  //we are using jdk-internal instead of jdk-non-portable to allow for com.sun.net.httpserver.* usage
  bundledSignatures -= 'jdk-non-portable'
  bundledSignatures += 'jdk-internal'
--- a/client/test/build.gradle
+++ b/client/test/build.gradle
@ -30,12 +30,12 @@ dependencies {
  compile "org.hamcrest:hamcrest:${versions.hamcrest}"
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  //client does not depend on core, so only jdk signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }

-forbiddenApisTest {
+tasks.named('forbiddenApisTest').configure {
  //we are using jdk-internal instead of jdk-non-portable to allow for com.sun.net.httpserver.* usage
  bundledSignatures -= 'jdk-non-portable'
  bundledSignatures += 'jdk-internal'
--- a/distribution/tools/java-version-checker/build.gradle
+++ b/distribution/tools/java-version-checker/build.gradle
@ -3,7 +3,7 @@ apply plugin: 'elasticsearch.build'
 targetCompatibility = JavaVersion.VERSION_1_7

 // java_version_checker do not depend on core so only JDK signatures should be checked
-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }

--- a/distribution/tools/launchers/build.gradle
+++ b/distribution/tools/launchers/build.gradle
@ -29,7 +29,7 @@ dependencies {

 archivesBaseName = 'elasticsearch-launchers'

-tasks.withType(CheckForbiddenApis) {
+tasks.withType(CheckForbiddenApis).configureEach {
  replaceSignatureFiles 'jdk-signatures'
 }

--- a/libs/cli/build.gradle
+++ b/libs/cli/build.gradle
@ -29,6 +29,6 @@ test.enabled = false
 // Since CLI does not depend on :server, it cannot run the jarHell task
 jarHell.enabled = false

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }
--- a/libs/core/build.gradle
+++ b/libs/core/build.gradle
@ -88,7 +88,7 @@ dependencies {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // :libs:elasticsearch-core does not depend on server
  // TODO: Need to decide how we want to handle for forbidden signatures with the changes to server
  replaceSignatureFiles 'jdk-signatures'
--- a/libs/dissect/build.gradle
+++ b/libs/dissect/build.gradle
@ -26,7 +26,7 @@ dependencies {
  testCompile "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }

--- a/libs/geo/build.gradle
+++ b/libs/geo/build.gradle
@ -26,7 +26,7 @@ dependencies {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // geo does not depend on server
  // TODO: Need to decide how we want to handle for forbidden signatures with the changes to core
  replaceSignatureFiles 'jdk-signatures'
--- a/libs/grok/build.gradle
+++ b/libs/grok/build.gradle
@ -27,6 +27,6 @@ dependencies {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }
--- a/libs/nio/build.gradle
+++ b/libs/nio/build.gradle
@ -31,7 +31,7 @@ dependencies {
 }


-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // nio does not depend on core, so only jdk signatures should be checked
  // es-all is not checked as we connect and accept sockets
  replaceSignatureFiles 'jdk-signatures'
--- a/libs/plugin-classloader/build.gradle
+++ b/libs/plugin-classloader/build.gradle
@ -20,5 +20,5 @@
 test.enabled = false

 // test depend on ES core...
-forbiddenApisMain.enabled = false
+disableTasks('forbiddenApisMain')
 jarHell.enabled = false
--- a/libs/secure-sm/build.gradle
+++ b/libs/secure-sm/build.gradle
@ -30,7 +30,7 @@ dependencies {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }

--- a/libs/ssl-config/build.gradle
+++ b/libs/ssl-config/build.gradle
@ -31,7 +31,7 @@ dependencies {
 }


-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures'
 }

--- a/libs/x-content/build.gradle
+++ b/libs/x-content/build.gradle
@ -39,7 +39,7 @@ dependencies {

 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // x-content does not depend on server
  // TODO: Need to decide how we want to handle for forbidden signatures with the changes to core
  replaceSignatureFiles 'jdk-signatures'
--- a/plugins/analysis-icu/build.gradle
+++ b/plugins/analysis-icu/build.gradle
@ -25,7 +25,7 @@ esplugin {
  hasClientJar = true
 }

-tasks.withType(CheckForbiddenApis) {
+tasks.withType(CheckForbiddenApis).configureEach {
  signatures += [
    "com.ibm.icu.text.Collator#getInstance() @ Don't use default locale, use getInstance(ULocale) instead"
  ]
--- a/qa/os/build.gradle
+++ b/qa/os/build.gradle
@ -42,7 +42,7 @@ dependencies {
  testCompile "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
 }

-forbiddenApisTest {
+tasks.named('forbiddenApisTest').configure {
  replaceSignatureFiles 'jdk-signatures'
 }

@ -58,7 +58,7 @@ tasks.dependenciesInfo.enabled = false
 tasks.thirdPartyAudit.ignoreMissingClasses()

 tasks.register('destructivePackagingTest') {
-  dependsOn 'destructiveDistroTest' 
+  dependsOn 'destructiveDistroTest'
 }

 processTestResources {
--- a/server/build.gradle
+++ b/server/build.gradle
@ -56,7 +56,7 @@ if (!isEclipse) {
    targetCompatibility = 11
  }

-  forbiddenApisJava11 {
+  tasks.named('forbiddenApisJava11').configure {
    doFirst {
      if (BuildParams.runtimeJavaVersion < JavaVersion.VERSION_11) {
        targetCompatibility = JavaVersion.VERSION_11.getMajorVersion()
--- a/test/fixtures/build.gradle
+++ b/test/fixtures/build.gradle
@ -1,4 +1,4 @@
 subprojects {
  // fixtures are mostly external and by default we don't want to check forbidden apis
-  forbiddenApisMain.enabled = false
+  disableTasks('forbiddenApisMain')
 }
--- a/test/framework/build.gradle
+++ b/test/framework/build.gradle
@ -38,7 +38,7 @@ compileJava.options.compilerArgs << '-Xlint:-cast,-rawtypes,-unchecked'
 compileTestJava.options.compilerArgs << '-Xlint:-rawtypes'

 // the main files are actually test files, so use the appropriate forbidden api sigs
-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures', 'es-all-signatures', 'es-test-signatures'
 }

--- a/test/logger-usage/build.gradle
+++ b/test/logger-usage/build.gradle
@ -27,8 +27,7 @@ dependencies {

 loggerUsageCheck.enabled = false

-forbiddenApisMain.enabled = true // disabled by parent project
-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'jdk-signatures' // does not depend on core, only jdk signatures
 }
 jarHell.enabled = true // disabled by parent project
--- a/x-pack/plugin/core/build.gradle
+++ b/x-pack/plugin/core/build.gradle
@ -90,7 +90,7 @@ forbiddenPatterns {
  exclude '**/*.zip'
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  signaturesFiles += files('forbidden/hasher-signatures.txt')
 }

--- a/x-pack/plugin/identity-provider/build.gradle
+++ b/x-pack/plugin/identity-provider/build.gradle
@ -69,7 +69,7 @@ forbiddenPatterns {
  exclude '**/*.zip'
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  signaturesFiles += files('forbidden/xml-signatures.txt')
 }

--- a/x-pack/plugin/security/build.gradle
+++ b/x-pack/plugin/security/build.gradle
@ -172,7 +172,7 @@ forbiddenPatterns {
  exclude '**/*.zip'
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  signaturesFiles += files('forbidden/ldap-signatures.txt', 'forbidden/xml-signatures.txt', 'forbidden/oidc-signatures.txt')
 }

--- a/x-pack/plugin/security/cli/build.gradle
+++ b/x-pack/plugin/security/cli/build.gradle
@ -42,7 +42,7 @@ if (BuildParams.inFipsJvm) {
  testingConventions.enabled = false
  // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
  // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
-  tasks.withType(CheckForbiddenApis) {
+  tasks.withType(CheckForbiddenApis).configureEach {
    bundledSignatures -= "jdk-non-portable"
  }
 }
--- a/x-pack/plugin/sql/jdbc/build.gradle
+++ b/x-pack/plugin/sql/jdbc/build.gradle
@ -5,7 +5,7 @@ apply plugin: 'com.github.johnrengelman.shadow'
 description = 'JDBC driver for Elasticsearch'
 archivesBaseName = "x-pack-sql-jdbc"

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // does not depend on core, so only jdk and http signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }
--- a/x-pack/plugin/sql/qa/build.gradle
+++ b/x-pack/plugin/sql/qa/build.gradle
@ -39,7 +39,7 @@ dependencyLicenses.enabled = false
 dependenciesInfo.enabled = false

 // the main files are actually test files, so use the appropriate forbidden api sigs
-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  replaceSignatureFiles 'es-all-signatures', 'es-test-signatures'
 }

--- a/x-pack/plugin/sql/sql-action/build.gradle
+++ b/x-pack/plugin/sql/sql-action/build.gradle
@ -28,7 +28,7 @@ dependencies {
  testCompile project(":test:framework")
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  //sql does not depend on server, so only jdk signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }
--- a/x-pack/plugin/sql/sql-cli/build.gradle
+++ b/x-pack/plugin/sql/sql-cli/build.gradle
@ -55,7 +55,7 @@ shadowJar {
  }
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  //sql does not depend on server, so only jdk signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
  signaturesFiles += files('src/forbidden/cli-signatures.txt')
--- a/x-pack/plugin/sql/sql-client/build.gradle
+++ b/x-pack/plugin/sql/sql-client/build.gradle
@ -21,12 +21,12 @@ dependencyLicenses {
  ignoreSha 'elasticsearch-core'
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  // does not depend on core, so only jdk and http signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }

-forbiddenApisTest {
+tasks.named('forbiddenApisTest').configure {
  bundledSignatures -= 'jdk-non-portable'
  bundledSignatures += 'jdk-internal'
 }
--- a/x-pack/plugin/sql/sql-proto/build.gradle
+++ b/x-pack/plugin/sql/sql-proto/build.gradle
@ -18,7 +18,7 @@ dependencies {
  testCompile project(":test:framework")
 }

-forbiddenApisMain {
+tasks.named('forbiddenApisMain').configure {
  //sql does not depend on server, so only jdk signatures should be checked
  replaceSignatureFiles 'jdk-signatures'
 }