[Backport] Improve build configuration time (#42674)

This commit is contained in:
Mark Vieira 2019-05-30 10:29:42 -07:00 committed by GitHub
parent d14799f0a5
commit c1816354ed
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
39 changed files with 1333 additions and 947 deletions

View File

@ -31,6 +31,7 @@ import org.gradle.plugins.ide.eclipse.model.SourceFolder
plugins { plugins {
id 'com.gradle.build-scan' version '2.2.1' id 'com.gradle.build-scan' version '2.2.1'
id 'base' id 'base'
id 'elasticsearch.global-build-info'
} }
if (properties.get("org.elasticsearch.acceptScanTOS", "false") == "true") { if (properties.get("org.elasticsearch.acceptScanTOS", "false") == "true") {
buildScan { buildScan {
@ -263,7 +264,7 @@ allprojects {
} }
project.afterEvaluate { project.afterEvaluate {
configurations.all { configurations.matching { it.canBeResolved }.all {
resolutionStrategy.dependencySubstitution { DependencySubstitutions subs -> resolutionStrategy.dependencySubstitution { DependencySubstitutions subs ->
projectSubstitutions.each { k,v -> projectSubstitutions.each { k,v ->
subs.substitute(subs.module(k)).with(subs.project(v)) subs.substitute(subs.module(k)).with(subs.project(v))
@ -337,7 +338,7 @@ gradle.projectsEvaluated {
if (tasks.findByPath('test') != null && tasks.findByPath('integTest') != null) { if (tasks.findByPath('test') != null && tasks.findByPath('integTest') != null) {
integTest.mustRunAfter test integTest.mustRunAfter test
} }
configurations.all { Configuration configuration -> configurations.matching { it.canBeResolved }.all { Configuration configuration ->
dependencies.all { Dependency dep -> dependencies.all { Dependency dep ->
Project upstreamProject = dependencyToProject(dep) Project upstreamProject = dependencyToProject(dep)
if (upstreamProject != null) { if (upstreamProject != null) {
@ -593,7 +594,3 @@ allprojects {
} }
} }
} }

View File

@ -65,39 +65,10 @@ processResources {
if (JavaVersion.current() < JavaVersion.VERSION_11) { if (JavaVersion.current() < JavaVersion.VERSION_11) {
throw new GradleException('At least Java 11 is required to build elasticsearch gradle tools') throw new GradleException('At least Java 11 is required to build elasticsearch gradle tools')
} }
// Gradle 4.10 does not support setting this to 11 yet
targetCompatibility = "10"
sourceCompatibility = "10"
// We have a few classes that need to be compiled for older java versions because these are used to run checks against
// those
sourceSets {
minimumRuntime {
// We only want Java here, but the Groovy doesn't configure javadoc correctly if we don't define this as groovy
groovy {
srcDirs = ['src/main/minimumRuntime']
}
}
}
compileMinimumRuntimeGroovy {
// We can't use BuildPlugin here, so read from file
String minimumRuntimeVersion = file('src/main/resources/minimumRuntimeVersion').text.trim()
targetCompatibility = minimumRuntimeVersion
sourceCompatibility = minimumRuntimeVersion
}
dependencies {
if (project.ext.has("isEclipse") == false || project.ext.isEclipse == false) {
// eclipse is confused if this is set explicitly
compile sourceSets.minimumRuntime.output
}
minimumRuntimeCompile "junit:junit:${props.getProperty('junit')}"
minimumRuntimeCompile localGroovy()
minimumRuntimeCompile gradleApi()
}
jar {
from sourceSets.minimumRuntime.output
}
// Keep compatibility with Java 8 for external users of build-tools that haven't migrated to Java 11
targetCompatibility = '8'
sourceCompatibility = '8'
/***************************************************************************** /*****************************************************************************
* Dependencies used by the entire build * * Dependencies used by the entire build *
@ -117,7 +88,7 @@ dependencies {
compile 'com.perforce:p4java:2012.3.551082' // THIS IS SUPPOSED TO BE OPTIONAL IN THE FUTURE.... compile 'com.perforce:p4java:2012.3.551082' // THIS IS SUPPOSED TO BE OPTIONAL IN THE FUTURE....
compile 'org.apache.rat:apache-rat:0.11' compile 'org.apache.rat:apache-rat:0.11'
compile "org.elasticsearch:jna:4.5.1" compile "org.elasticsearch:jna:4.5.1"
compile 'com.github.jengelman.gradle.plugins:shadow:2.0.4' compile 'com.github.jengelman.gradle.plugins:shadow:4.0.3'
compile 'de.thetaphi:forbiddenapis:2.6' compile 'de.thetaphi:forbiddenapis:2.6'
compile 'com.avast.gradle:gradle-docker-compose-plugin:0.8.12' compile 'com.avast.gradle:gradle-docker-compose-plugin:0.8.12'
testCompile "junit:junit:${props.getProperty('junit')}" testCompile "junit:junit:${props.getProperty('junit')}"
@ -162,7 +133,6 @@ if (project != rootProject) {
dependenciesInfo.enabled = false dependenciesInfo.enabled = false
forbiddenApisMain.enabled = false forbiddenApisMain.enabled = false
forbiddenApisTest.enabled = false forbiddenApisTest.enabled = false
forbiddenApisMinimumRuntime.enabled = false
jarHell.enabled = false jarHell.enabled = false
thirdPartyAudit.enabled = false thirdPartyAudit.enabled = false
@ -185,15 +155,6 @@ if (project != rootProject) {
into localDownloads into localDownloads
} }
test {
// The test task is configured to runtimeJava version, but build-tools doesn't support all of them, so test
// with compiler instead on the ones that are too old.
if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_10) {
executable = "${project.compilerJavaHome}/bin/java"
}
}
// This can't be an RandomizedTestingTask because we can't yet reference it
task integTest(type: Test) { task integTest(type: Test) {
// integration test requires the local testing repo for example plugin builds // integration test requires the local testing repo for example plugin builds
dependsOn project.rootProject.allprojects.collect { dependsOn project.rootProject.allprojects.collect {

View File

@ -28,6 +28,7 @@ import org.elasticsearch.gradle.test.RestIntegTestTask
import org.elasticsearch.gradle.test.RunTask import org.elasticsearch.gradle.test.RunTask
import org.elasticsearch.gradle.testclusters.TestClustersPlugin import org.elasticsearch.gradle.testclusters.TestClustersPlugin
import org.gradle.api.InvalidUserDataException import org.gradle.api.InvalidUserDataException
import org.gradle.api.Plugin
import org.gradle.api.Project import org.gradle.api.Project
import org.gradle.api.Task import org.gradle.api.Task
import org.gradle.api.publish.maven.MavenPublication import org.gradle.api.publish.maven.MavenPublication
@ -43,13 +44,13 @@ import java.util.regex.Pattern
/** /**
* Encapsulates build configuration for an Elasticsearch plugin. * Encapsulates build configuration for an Elasticsearch plugin.
*/ */
class PluginBuildPlugin extends BuildPlugin { class PluginBuildPlugin implements Plugin<Project> {
public static final String PLUGIN_EXTENSION_NAME = 'esplugin' public static final String PLUGIN_EXTENSION_NAME = 'esplugin'
@Override @Override
void apply(Project project) { void apply(Project project) {
super.apply(project) project.pluginManager.apply(BuildPlugin)
PluginPropertiesExtension extension = project.extensions.create(PLUGIN_EXTENSION_NAME, PluginPropertiesExtension, project) PluginPropertiesExtension extension = project.extensions.create(PLUGIN_EXTENSION_NAME, PluginPropertiesExtension, project)
configureDependencies(project) configureDependencies(project)

View File

@ -116,15 +116,13 @@ class PrecommitTasks {
} }
private static Task configureThirdPartyAudit(Project project) { private static Task configureThirdPartyAudit(Project project) {
ThirdPartyAuditTask thirdPartyAuditTask = project.tasks.create('thirdPartyAudit', ThirdPartyAuditTask.class)
ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources') ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources')
thirdPartyAuditTask.configure { return project.tasks.create('thirdPartyAudit', ThirdPartyAuditTask.class) { task ->
dependsOn(buildResources) task.dependsOn(buildResources)
signatureFile = buildResources.copy("forbidden/third-party-audit.txt") task.signatureFile = buildResources.copy("forbidden/third-party-audit.txt")
javaHome = project.runtimeJavaHome task.javaHome = project.runtimeJavaHome
targetCompatibility = project.runtimeJavaVersion task.targetCompatibility.set(project.provider({ project.runtimeJavaVersion }))
} }
return thirdPartyAuditTask
} }
private static Task configureForbiddenApisCli(Project project) { private static Task configureForbiddenApisCli(Project project) {
@ -132,17 +130,17 @@ class PrecommitTasks {
ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources') ExportElasticsearchBuildResourcesTask buildResources = project.tasks.getByName('buildResources')
project.tasks.withType(CheckForbiddenApis) { project.tasks.withType(CheckForbiddenApis) {
dependsOn(buildResources) dependsOn(buildResources)
targetCompatibility = project.runtimeJavaVersion >= JavaVersion.VERSION_1_9 ? doFirst {
project.runtimeJavaVersion.getMajorVersion() : project.runtimeJavaVersion // we need to defer this configuration since we don't know the runtime java version until execution time
targetCompatibility = project.runtimeJavaVersion.getMajorVersion()
if (project.runtimeJavaVersion > JavaVersion.VERSION_11) { if (project.runtimeJavaVersion > JavaVersion.VERSION_11) {
doLast {
project.logger.info( project.logger.info(
"Forbidden APIs does not support java version past 11. Will use the signatures from 11 for ", "Forbidden APIs does not support java version past 11. Will use the signatures from 11 for ",
project.runtimeJavaVersion project.runtimeJavaVersion
) )
}
targetCompatibility = JavaVersion.VERSION_11.getMajorVersion() targetCompatibility = JavaVersion.VERSION_11.getMajorVersion()
} }
}
bundledSignatures = [ bundledSignatures = [
"jdk-unsafe", "jdk-deprecated", "jdk-non-portable", "jdk-system-out" "jdk-unsafe", "jdk-deprecated", "jdk-non-portable", "jdk-system-out"
] ]

View File

@ -317,12 +317,6 @@ class ClusterFormationTasks {
// its run after plugins have been installed, as the extra config files may belong to plugins // its run after plugins have been installed, as the extra config files may belong to plugins
setup = configureExtraConfigFilesTask(taskName(prefix, node, 'extraConfig'), project, setup, node) setup = configureExtraConfigFilesTask(taskName(prefix, node, 'extraConfig'), project, setup, node)
// If the node runs in a FIPS 140-2 JVM, the BCFKS default keystore will be password protected
if (project.inFipsJvm){
node.config.systemProperties.put('javax.net.ssl.trustStorePassword', 'password')
node.config.systemProperties.put('javax.net.ssl.keyStorePassword', 'password')
}
// extra setup commands // extra setup commands
for (Map.Entry<String, Object[]> command : node.config.setupCommands.entrySet()) { for (Map.Entry<String, Object[]> command : node.config.setupCommands.entrySet()) {
// the first argument is the actual script name, relative to home // the first argument is the actual script name, relative to home
@ -430,6 +424,9 @@ class ClusterFormationTasks {
if (node.nodeVersion.major >= 7) { if (node.nodeVersion.major >= 7) {
esConfig['indices.breaker.total.use_real_memory'] = false esConfig['indices.breaker.total.use_real_memory'] = false
} }
Task writeConfig = project.tasks.create(name: name, type: DefaultTask, dependsOn: setup)
writeConfig.doFirst {
for (Map.Entry<String, Object> setting : node.config.settings) { for (Map.Entry<String, Object> setting : node.config.settings) {
if (setting.value == null) { if (setting.value == null) {
esConfig.remove(setting.key) esConfig.remove(setting.key)
@ -438,8 +435,6 @@ class ClusterFormationTasks {
} }
} }
Task writeConfig = project.tasks.create(name: name, type: DefaultTask, dependsOn: setup)
writeConfig.doFirst {
esConfig = configFilter.call(esConfig) esConfig = configFilter.call(esConfig)
File configFile = new File(node.pathConf, 'elasticsearch.yml') File configFile = new File(node.pathConf, 'elasticsearch.yml')
logger.info("Configuring ${configFile}") logger.info("Configuring ${configFile}")
@ -760,6 +755,12 @@ class ClusterFormationTasks {
} }
start.doLast(elasticsearchRunner) start.doLast(elasticsearchRunner)
start.doFirst { start.doFirst {
// If the node runs in a FIPS 140-2 JVM, the BCFKS default keystore will be password protected
if (project.inFipsJvm){
node.config.systemProperties.put('javax.net.ssl.trustStorePassword', 'password')
node.config.systemProperties.put('javax.net.ssl.keyStorePassword', 'password')
}
// Configure ES JAVA OPTS - adds system properties, assertion flags, remote debug etc // Configure ES JAVA OPTS - adds system properties, assertion flags, remote debug etc
List<String> esJavaOpts = [node.env.get('ES_JAVA_OPTS', '')] List<String> esJavaOpts = [node.env.get('ES_JAVA_OPTS', '')]
String collectedSystemProperties = node.config.systemProperties.collect { key, value -> "-D${key}=${value}" }.join(" ") String collectedSystemProperties = node.config.systemProperties.collect { key, value -> "-D${key}=${value}" }.join(" ")

View File

@ -86,50 +86,23 @@ class RestIntegTestTask extends DefaultTask {
runner.include('**/*IT.class') runner.include('**/*IT.class')
runner.systemProperty('tests.rest.load_packaged', 'false') runner.systemProperty('tests.rest.load_packaged', 'false')
/*
* We use lazy-evaluated strings in order to configure system properties whose value will not be known until
* execution time (e.g. cluster port numbers). Adding these via the normal DSL doesn't work as these get treated
* as task inputs and therefore Gradle attempts to snapshot them before/after task execution. This fails due
* to the GStrings containing references to non-serializable objects.
*
* We bypass this by instead passing this system properties vi a CommandLineArgumentProvider. This has the added
* side-effect that these properties are NOT treated as inputs, therefore they don't influence things like the
* build cache key or up to date checking.
*/
def nonInputProperties = new CommandLineArgumentProvider() {
private final Map<String, Object> systemProperties = [:]
void systemProperty(String key, Object value) {
systemProperties.put(key, value)
}
@Override
Iterable<String> asArguments() {
return systemProperties.collect { key, value ->
"-D${key}=${value.toString()}".toString()
}
}
}
runner.jvmArgumentProviders.add(nonInputProperties)
runner.ext.nonInputProperties = nonInputProperties
if (System.getProperty("tests.rest.cluster") == null) { if (System.getProperty("tests.rest.cluster") == null) {
if (System.getProperty("tests.cluster") != null) { if (System.getProperty("tests.cluster") != null) {
throw new IllegalArgumentException("tests.rest.cluster and tests.cluster must both be null or non-null") throw new IllegalArgumentException("tests.rest.cluster and tests.cluster must both be null or non-null")
} }
if (usesTestclusters == true) { if (usesTestclusters == true) {
ElasticsearchCluster cluster = project.testClusters."${name}" ElasticsearchCluster cluster = project.testClusters."${name}"
nonInputProperties.systemProperty('tests.rest.cluster', "${-> cluster.allHttpSocketURI.join(",") }") runner.nonInputProperties.systemProperty('tests.rest.cluster', "${-> cluster.allHttpSocketURI.join(",") }")
nonInputProperties.systemProperty('tests.cluster', "${-> cluster.transportPortURI }") runner.nonInputProperties.systemProperty('tests.cluster', "${-> cluster.transportPortURI }")
} else { } else {
// we pass all nodes to the rest cluster to allow the clients to round-robin between them // we pass all nodes to the rest cluster to allow the clients to round-robin between them
// this is more realistic than just talking to a single node // this is more realistic than just talking to a single node
nonInputProperties.systemProperty('tests.rest.cluster', "${-> nodes.collect { it.httpUri() }.join(",")}") runner.nonInputProperties.systemProperty('tests.rest.cluster', "${-> nodes.collect { it.httpUri() }.join(",")}")
nonInputProperties.systemProperty('tests.config.dir', "${-> nodes[0].pathConf}") runner.nonInputProperties.systemProperty('tests.config.dir', "${-> nodes[0].pathConf}")
// TODO: our "client" qa tests currently use the rest-test plugin. instead they should have their own plugin // TODO: our "client" qa tests currently use the rest-test plugin. instead they should have their own plugin
// that sets up the test cluster and passes this transport uri instead of http uri. Until then, we pass // that sets up the test cluster and passes this transport uri instead of http uri. Until then, we pass
// both as separate sysprops // both as separate sysprops
nonInputProperties.systemProperty('tests.cluster', "${-> nodes[0].transportUri()}") runner.nonInputProperties.systemProperty('tests.cluster', "${-> nodes[0].transportUri()}")
// dump errors and warnings from cluster log on failure // dump errors and warnings from cluster log on failure
TaskExecutionAdapter logDumpListener = new TaskExecutionAdapter() { TaskExecutionAdapter logDumpListener = new TaskExecutionAdapter() {

View File

@ -27,11 +27,14 @@ import org.elasticsearch.gradle.ExportElasticsearchBuildResourcesTask
import org.elasticsearch.gradle.VersionProperties import org.elasticsearch.gradle.VersionProperties
import org.elasticsearch.gradle.precommit.PrecommitTasks import org.elasticsearch.gradle.precommit.PrecommitTasks
import org.gradle.api.InvalidUserDataException import org.gradle.api.InvalidUserDataException
import org.gradle.api.JavaVersion
import org.gradle.api.Plugin import org.gradle.api.Plugin
import org.gradle.api.Project import org.gradle.api.Project
import org.gradle.api.artifacts.Configuration import org.gradle.api.artifacts.Configuration
import org.gradle.api.plugins.ExtraPropertiesExtension
import org.gradle.api.plugins.JavaBasePlugin import org.gradle.api.plugins.JavaBasePlugin
import org.gradle.api.plugins.JavaPlugin import org.gradle.api.plugins.JavaPlugin
import org.gradle.api.plugins.JavaPluginExtension
import org.gradle.api.tasks.SourceSet import org.gradle.api.tasks.SourceSet
import org.gradle.api.tasks.SourceSetContainer import org.gradle.api.tasks.SourceSetContainer
import org.gradle.api.tasks.compile.JavaCompile import org.gradle.api.tasks.compile.JavaCompile
@ -57,11 +60,14 @@ class StandaloneRestTestPlugin implements Plugin<Project> {
project.pluginManager.apply(JavaBasePlugin) project.pluginManager.apply(JavaBasePlugin)
project.getTasks().create("buildResources", ExportElasticsearchBuildResourcesTask) project.getTasks().create("buildResources", ExportElasticsearchBuildResourcesTask)
BuildPlugin.globalBuildInfo(project)
BuildPlugin.configureRepositories(project) BuildPlugin.configureRepositories(project)
BuildPlugin.configureTestTasks(project) BuildPlugin.configureTestTasks(project)
BuildPlugin.configureInputNormalization(project) BuildPlugin.configureInputNormalization(project)
ExtraPropertiesExtension ext = project.extensions.getByType(ExtraPropertiesExtension)
project.extensions.getByType(JavaPluginExtension).sourceCompatibility = ext.get('minimumRuntimeVersion') as JavaVersion
project.extensions.getByType(JavaPluginExtension).targetCompatibility = ext.get('minimumRuntimeVersion') as JavaVersion
// only setup tests to build // only setup tests to build
SourceSetContainer sourceSets = project.extensions.getByType(SourceSetContainer) SourceSetContainer sourceSets = project.extensions.getByType(SourceSetContainer)
SourceSet testSourceSet = sourceSets.create('test') SourceSet testSourceSet = sourceSets.create('test')

View File

@ -0,0 +1,276 @@
package org.elasticsearch.gradle.info;
import org.elasticsearch.gradle.OS;
import org.gradle.api.DefaultTask;
import org.gradle.api.GradleException;
import org.gradle.api.JavaVersion;
import org.gradle.api.file.RegularFileProperty;
import org.gradle.api.model.ObjectFactory;
import org.gradle.api.tasks.CacheableTask;
import org.gradle.api.tasks.Input;
import org.gradle.api.tasks.InputDirectory;
import org.gradle.api.tasks.Nested;
import org.gradle.api.tasks.OutputFile;
import org.gradle.api.tasks.PathSensitive;
import org.gradle.api.tasks.PathSensitivity;
import org.gradle.api.tasks.TaskAction;
import org.gradle.internal.jvm.Jvm;
import org.gradle.process.ExecResult;
import javax.inject.Inject;
import java.io.BufferedWriter;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.io.UncheckedIOException;
import java.io.Writer;
import java.nio.file.Files;
import java.util.Arrays;
import java.util.List;
import static java.nio.charset.StandardCharsets.UTF_8;
@CacheableTask
public class GenerateGlobalBuildInfoTask extends DefaultTask {
private JavaVersion minimumCompilerVersion;
private JavaVersion minimumRuntimeVersion;
private File compilerJavaHome;
private File runtimeJavaHome;
private List<JavaHome> javaVersions;
private final RegularFileProperty outputFile;
private final RegularFileProperty compilerVersionFile;
private final RegularFileProperty runtimeVersionFile;
private final RegularFileProperty fipsJvmFile;
@Inject
public GenerateGlobalBuildInfoTask(ObjectFactory objectFactory) {
this.outputFile = objectFactory.fileProperty();
this.compilerVersionFile = objectFactory.fileProperty();
this.runtimeVersionFile = objectFactory.fileProperty();
this.fipsJvmFile = objectFactory.fileProperty();
}
@Input
public JavaVersion getMinimumCompilerVersion() {
return minimumCompilerVersion;
}
public void setMinimumCompilerVersion(JavaVersion minimumCompilerVersion) {
this.minimumCompilerVersion = minimumCompilerVersion;
}
@Input
public JavaVersion getMinimumRuntimeVersion() {
return minimumRuntimeVersion;
}
public void setMinimumRuntimeVersion(JavaVersion minimumRuntimeVersion) {
this.minimumRuntimeVersion = minimumRuntimeVersion;
}
@InputDirectory
@PathSensitive(PathSensitivity.RELATIVE)
public File getCompilerJavaHome() {
return compilerJavaHome;
}
public void setCompilerJavaHome(File compilerJavaHome) {
this.compilerJavaHome = compilerJavaHome;
}
@InputDirectory
@PathSensitive(PathSensitivity.RELATIVE)
public File getRuntimeJavaHome() {
return runtimeJavaHome;
}
public void setRuntimeJavaHome(File runtimeJavaHome) {
this.runtimeJavaHome = runtimeJavaHome;
}
@Nested
public List<JavaHome> getJavaVersions() {
return javaVersions;
}
public void setJavaVersions(List<JavaHome> javaVersions) {
this.javaVersions = javaVersions;
}
@OutputFile
public RegularFileProperty getOutputFile() {
return outputFile;
}
@OutputFile
public RegularFileProperty getCompilerVersionFile() {
return compilerVersionFile;
}
@OutputFile
public RegularFileProperty getRuntimeVersionFile() {
return runtimeVersionFile;
}
@OutputFile
public RegularFileProperty getFipsJvmFile() {
return fipsJvmFile;
}
@TaskAction
public void generate() {
String javaVendor = System.getProperty("java.vendor");
String gradleJavaVersion = System.getProperty("java.version");
String gradleJavaVersionDetails = javaVendor + " " + gradleJavaVersion + " [" + System.getProperty("java.vm.name")
+ " " + System.getProperty("java.vm.version") + "]";
String compilerJavaVersionDetails = gradleJavaVersionDetails;
JavaVersion compilerJavaVersionEnum = JavaVersion.current();
String runtimeJavaVersionDetails = gradleJavaVersionDetails;
JavaVersion runtimeJavaVersionEnum = JavaVersion.current();
File gradleJavaHome = Jvm.current().getJavaHome();
boolean inFipsJvm = false;
try {
if (Files.isSameFile(compilerJavaHome.toPath(), gradleJavaHome.toPath()) == false) {
if (compilerJavaHome.exists()) {
compilerJavaVersionDetails = findJavaVersionDetails(compilerJavaHome);
compilerJavaVersionEnum = JavaVersion.toVersion(findJavaSpecificationVersion(compilerJavaHome));
} else {
throw new RuntimeException("Compiler Java home path of '" + compilerJavaHome + "' does not exist");
}
}
if (Files.isSameFile(runtimeJavaHome.toPath(), gradleJavaHome.toPath()) == false) {
if (runtimeJavaHome.exists()) {
runtimeJavaVersionDetails = findJavaVersionDetails(runtimeJavaHome);
runtimeJavaVersionEnum = JavaVersion.toVersion(findJavaSpecificationVersion(runtimeJavaHome));
// We don't expect Gradle to be running in a FIPS JVM
String inFipsJvmScript = "print(java.security.Security.getProviders()[0].name.toLowerCase().contains(\"fips\"));";
inFipsJvm = Boolean.parseBoolean(runJavaAsScript(runtimeJavaHome, inFipsJvmScript));
} else {
throw new RuntimeException("Runtime Java home path of '" + compilerJavaHome + "' does not exist");
}
}
} catch (IOException e) {
throw new UncheckedIOException(e);
}
try (BufferedWriter writer = new BufferedWriter(new FileWriter(outputFile.getAsFile().get()))) {
writer.write(" Gradle Version : " + getProject().getGradle().getGradleVersion() + "\n");
writer.write(" OS Info : " + System.getProperty("os.name") + " " + System.getProperty("os.version")
+ " (" + System.getProperty("os.arch") + ")\n");
if (gradleJavaVersionDetails.equals(compilerJavaVersionDetails) == false
|| gradleJavaVersionDetails.equals(runtimeJavaVersionDetails) == false) {
writer.write(" Compiler JDK Version : " + compilerJavaVersionEnum + " (" + compilerJavaVersionDetails + ")\n");
writer.write(" Compiler java.home : " + compilerJavaHome + "\n");
writer.write(" Runtime JDK Version : " + runtimeJavaVersionEnum + " (" + runtimeJavaVersionDetails + ")\n");
writer.write(" Runtime java.home : " + runtimeJavaHome + "\n");
writer.write(" Gradle JDK Version : " + JavaVersion.toVersion(gradleJavaVersion)
+ " (" + gradleJavaVersionDetails + ")\n");
writer.write(" Gradle java.home : " + gradleJavaHome);
} else {
writer.write(" JDK Version : " + JavaVersion.toVersion(gradleJavaVersion)
+ " (" + gradleJavaVersionDetails + ")\n");
writer.write(" JAVA_HOME : " + gradleJavaHome);
}
} catch (IOException e) {
throw new UncheckedIOException(e);
}
// enforce Java version
if (compilerJavaVersionEnum.compareTo(minimumCompilerVersion) < 0) {
String message = "The compiler java.home must be set to a JDK installation directory for Java " + minimumCompilerVersion +
" but is [" + compilerJavaHome + "] corresponding to [" + compilerJavaVersionEnum + "]";
throw new GradleException(message);
}
if (runtimeJavaVersionEnum.compareTo(minimumRuntimeVersion) < 0) {
String message = "The runtime java.home must be set to a JDK installation directory for Java " + minimumRuntimeVersion +
" but is [" + runtimeJavaHome + "] corresponding to [" + runtimeJavaVersionEnum + "]";
throw new GradleException(message);
}
for (JavaHome javaVersion : javaVersions) {
File javaHome = javaVersion.getJavaHome();
if (javaHome == null) {
continue;
}
JavaVersion javaVersionEnum = JavaVersion.toVersion(findJavaSpecificationVersion(javaHome));
JavaVersion expectedJavaVersionEnum;
int version = javaVersion.getVersion();
if (version < 9) {
expectedJavaVersionEnum = JavaVersion.toVersion("1." + version);
} else {
expectedJavaVersionEnum = JavaVersion.toVersion(Integer.toString(version));
}
if (javaVersionEnum != expectedJavaVersionEnum) {
String message = "The environment variable JAVA" + version + "_HOME must be set to a JDK installation directory for Java " +
expectedJavaVersionEnum + " but is [" + javaHome + "] corresponding to [" + javaVersionEnum + "]";
throw new GradleException(message);
}
}
writeToFile(compilerVersionFile.getAsFile().get(), compilerJavaVersionEnum.name());
writeToFile(runtimeVersionFile.getAsFile().get(), runtimeJavaVersionEnum.name());
writeToFile(fipsJvmFile.getAsFile().get(), Boolean.toString(inFipsJvm));
}
private void writeToFile(File file, String content) {
try (Writer writer = new FileWriter(file)) {
writer.write(content);
} catch (IOException e) {
throw new UncheckedIOException(e);
}
}
/**
* Finds printable java version of the given JAVA_HOME
*/
private String findJavaVersionDetails(File javaHome) {
String versionInfoScript = "print(" +
"java.lang.System.getProperty(\"java.vendor\") + \" \" + java.lang.System.getProperty(\"java.version\") + " +
"\" [\" + java.lang.System.getProperty(\"java.vm.name\") + \" \" + java.lang.System.getProperty(\"java.vm.version\") + \"]\");";
return runJavaAsScript(javaHome, versionInfoScript).trim();
}
/**
* Finds the parsable java specification version
*/
private String findJavaSpecificationVersion(File javaHome) {
String versionScript = "print(java.lang.System.getProperty(\"java.specification.version\"));";
return runJavaAsScript(javaHome, versionScript);
}
/**
* Runs the given javascript using jjs from the jdk, and returns the output
*/
private String runJavaAsScript(File javaHome, String script) {
ByteArrayOutputStream stdout = new ByteArrayOutputStream();
ByteArrayOutputStream stderr = new ByteArrayOutputStream();
if (OS.current() == OS.WINDOWS) {
// gradle/groovy does not properly escape the double quote for windows
script = script.replace("\"", "\\\"");
}
File jrunscriptPath = new File(javaHome, "bin/jrunscript");
String finalScript = script;
ExecResult result = getProject().exec(spec -> {
spec.setExecutable(jrunscriptPath);
spec.args("-e", finalScript);
spec.setStandardOutput(stdout);
spec.setErrorOutput(stderr);
spec.setIgnoreExitValue(true);
});
if (result.getExitValue() != 0) {
getLogger().error("STDOUT:");
Arrays.stream(stdout.toString(UTF_8).split(System.getProperty("line.separator"))).forEach(getLogger()::error);
getLogger().error("STDERR:");
Arrays.stream(stderr.toString(UTF_8).split(System.getProperty("line.separator"))).forEach(getLogger()::error);
result.rethrowFailure();
}
return stdout.toString(UTF_8).trim();
}
}

View File

@ -0,0 +1,198 @@
package org.elasticsearch.gradle.info;
import org.elasticsearch.gradle.OS;
import org.gradle.api.GradleException;
import org.gradle.api.JavaVersion;
import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.plugins.ExtraPropertiesExtension;
import org.gradle.internal.jvm.Jvm;
import java.io.BufferedReader;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.UncheckedIOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
public class GlobalBuildInfoPlugin implements Plugin<Project> {
private static final String GLOBAL_INFO_EXTENSION_NAME = "globalInfo";
private static Integer _defaultParallel = null;
@Override
public void apply(Project project) {
if (project != project.getRootProject()) {
throw new IllegalStateException(this.getClass().getName() + " can only be applied to the root project.");
}
GlobalInfoExtension extension = project.getExtensions().create(GLOBAL_INFO_EXTENSION_NAME, GlobalInfoExtension.class);
JavaVersion minimumCompilerVersion = JavaVersion.toVersion(getResourceContents("/minimumCompilerVersion"));
JavaVersion minimumRuntimeVersion = JavaVersion.toVersion(getResourceContents("/minimumRuntimeVersion"));
File compilerJavaHome = findCompilerJavaHome();
File runtimeJavaHome = findRuntimeJavaHome(compilerJavaHome);
final List<JavaHome> javaVersions = new ArrayList<>();
for (int version = 8; version <= Integer.parseInt(minimumCompilerVersion.getMajorVersion()); version++) {
if (System.getenv(getJavaHomeEnvVarName(Integer.toString(version))) != null) {
javaVersions.add(JavaHome.of(version, new File(findJavaHome(Integer.toString(version)))));
}
}
GenerateGlobalBuildInfoTask generateTask = project.getTasks().create("generateGlobalBuildInfo",
GenerateGlobalBuildInfoTask.class, task -> {
task.setJavaVersions(javaVersions);
task.setMinimumCompilerVersion(minimumCompilerVersion);
task.setMinimumRuntimeVersion(minimumRuntimeVersion);
task.setCompilerJavaHome(compilerJavaHome);
task.setRuntimeJavaHome(runtimeJavaHome);
task.getOutputFile().set(new File(project.getBuildDir(), "global-build-info"));
task.getCompilerVersionFile().set(new File(project.getBuildDir(), "java-compiler-version"));
task.getRuntimeVersionFile().set(new File(project.getBuildDir(), "java-runtime-version"));
task.getFipsJvmFile().set(new File(project.getBuildDir(), "in-fips-jvm"));
});
PrintGlobalBuildInfoTask printTask = project.getTasks().create("printGlobalBuildInfo", PrintGlobalBuildInfoTask.class, task -> {
task.getBuildInfoFile().set(generateTask.getOutputFile());
task.getCompilerVersionFile().set(generateTask.getCompilerVersionFile());
task.getRuntimeVersionFile().set(generateTask.getRuntimeVersionFile());
task.getFipsJvmFile().set(generateTask.getFipsJvmFile());
task.setGlobalInfoListeners(extension.listeners);
});
project.getExtensions().getByType(ExtraPropertiesExtension.class).set("defaultParallel", findDefaultParallel(project));
project.allprojects(p -> {
// Make sure than any task execution generates and prints build info
p.getTasks().all(task -> {
if (task != generateTask && task != printTask) {
task.dependsOn(printTask);
}
});
ExtraPropertiesExtension ext = p.getExtensions().getByType(ExtraPropertiesExtension.class);
ext.set("compilerJavaHome", compilerJavaHome);
ext.set("runtimeJavaHome", runtimeJavaHome);
ext.set("isRuntimeJavaHomeSet", compilerJavaHome.equals(runtimeJavaHome) == false);
ext.set("javaVersions", javaVersions);
ext.set("minimumCompilerVersion", minimumCompilerVersion);
ext.set("minimumRuntimeVersion", minimumRuntimeVersion);
ext.set("gradleJavaVersion", Jvm.current().getJavaVersion());
});
}
private static File findCompilerJavaHome() {
String compilerJavaHome = System.getenv("JAVA_HOME");
String compilerJavaProperty = System.getProperty("compiler.java");
if (compilerJavaProperty != null) {
compilerJavaHome = findJavaHome(compilerJavaProperty);
}
// if JAVA_HOME is not set,so we use the JDK that Gradle was run with.
return compilerJavaHome == null ? Jvm.current().getJavaHome() : new File(compilerJavaHome);
}
private static File findRuntimeJavaHome(final File compilerJavaHome) {
String runtimeJavaProperty = System.getProperty("runtime.java");
if (runtimeJavaProperty != null) {
return new File(findJavaHome(runtimeJavaProperty));
}
return System.getenv("RUNTIME_JAVA_HOME") == null ? compilerJavaHome : new File(System.getenv("RUNTIME_JAVA_HOME"));
}
private static String findJavaHome(String version) {
String versionedJavaHome = System.getenv(getJavaHomeEnvVarName(version));
if (versionedJavaHome == null) {
throw new GradleException(
"$versionedVarName must be set to build Elasticsearch. " +
"Note that if the variable was just set you might have to run `./gradlew --stop` for " +
"it to be picked up. See https://github.com/elastic/elasticsearch/issues/31399 details."
);
}
return versionedJavaHome;
}
private static String getJavaHomeEnvVarName(String version) {
return "JAVA" + version + "_HOME";
}
private static String getResourceContents(String resourcePath) {
try (BufferedReader reader = new BufferedReader(
new InputStreamReader(GlobalBuildInfoPlugin.class.getResourceAsStream(resourcePath))
)) {
StringBuilder b = new StringBuilder();
for (String line = reader.readLine(); line != null; line = reader.readLine()) {
if (b.length() != 0) {
b.append('\n');
}
b.append(line);
}
return b.toString();
} catch (IOException e) {
throw new UncheckedIOException("Error trying to read classpath resource: " + resourcePath, e);
}
}
private static int findDefaultParallel(Project project) {
// Since it costs IO to compute this, and is done at configuration time we want to cache this if possible
// It's safe to store this in a static variable since it's just a primitive so leaking memory isn't an issue
if (_defaultParallel == null) {
File cpuInfoFile = new File("/proc/cpuinfo");
if (cpuInfoFile.exists()) {
// Count physical cores on any Linux distro ( don't count hyper-threading )
Map<String, Integer> socketToCore = new HashMap<>();
String currentID = "";
try (BufferedReader reader = new BufferedReader(new FileReader(cpuInfoFile))) {
for (String line = reader.readLine(); line != null; line = reader.readLine()) {
if (line.contains(":")) {
List<String> parts = Arrays.stream(line.split(":", 2)).map(String::trim).collect(Collectors.toList());
String name = parts.get(0);
String value = parts.get(1);
// the ID of the CPU socket
if (name.equals("physical id")) {
currentID = value;
}
// Number of cores not including hyper-threading
if (name.equals("cpu cores")) {
assert currentID.isEmpty() == false;
socketToCore.put("currentID", Integer.valueOf(value));
currentID = "";
}
}
}
} catch (IOException e) {
throw new UncheckedIOException(e);
}
_defaultParallel = socketToCore.values().stream().mapToInt(i -> i).sum();
} else if (OS.current() == OS.MAC) {
// Ask macOS to count physical CPUs for us
ByteArrayOutputStream stdout = new ByteArrayOutputStream();
project.exec(spec -> {
spec.setExecutable("sysctl");
spec.args("-n", "hw.physicalcpu");
spec.setStandardOutput(stdout);
});
_defaultParallel = Integer.parseInt(stdout.toString().trim());
}
_defaultParallel = Runtime.getRuntime().availableProcessors() / 2;
}
return _defaultParallel;
}
}

View File

@ -0,0 +1,12 @@
package org.elasticsearch.gradle.info;
import java.util.ArrayList;
import java.util.List;
public class GlobalInfoExtension {
final List<Runnable> listeners = new ArrayList<>();
public void ready(Runnable block) {
listeners.add(block);
}
}

View File

@ -0,0 +1,35 @@
package org.elasticsearch.gradle.info;
import org.gradle.api.tasks.Input;
import org.gradle.api.tasks.InputDirectory;
import org.gradle.api.tasks.Optional;
import org.gradle.api.tasks.PathSensitive;
import org.gradle.api.tasks.PathSensitivity;
import java.io.File;
public class JavaHome {
private Integer version;
private File javaHome;
private JavaHome(int version, File javaHome) {
this.version = version;
this.javaHome = javaHome;
}
public static JavaHome of(int version, File javaHome) {
return new JavaHome(version, javaHome);
}
@Input
public Integer getVersion() {
return version;
}
@InputDirectory
@Optional
@PathSensitive(PathSensitivity.RELATIVE)
public File getJavaHome() {
return javaHome;
}
}

View File

@ -0,0 +1,84 @@
package org.elasticsearch.gradle.info;
import org.gradle.api.DefaultTask;
import org.gradle.api.JavaVersion;
import org.gradle.api.file.RegularFileProperty;
import org.gradle.api.model.ObjectFactory;
import org.gradle.api.plugins.ExtraPropertiesExtension;
import org.gradle.api.resources.TextResource;
import org.gradle.api.tasks.InputFile;
import org.gradle.api.tasks.TaskAction;
import javax.inject.Inject;
import java.util.ArrayList;
import java.util.List;
public class PrintGlobalBuildInfoTask extends DefaultTask {
private final RegularFileProperty buildInfoFile;
private final RegularFileProperty compilerVersionFile;
private final RegularFileProperty runtimeVersionFile;
private final RegularFileProperty fipsJvmFile;
private List<Runnable> globalInfoListeners = new ArrayList<>();
@Inject
public PrintGlobalBuildInfoTask(ObjectFactory objectFactory) {
this.buildInfoFile = objectFactory.fileProperty();
this.compilerVersionFile = objectFactory.fileProperty();
this.runtimeVersionFile = objectFactory.fileProperty();
this.fipsJvmFile = objectFactory.fileProperty();
}
@InputFile
public RegularFileProperty getBuildInfoFile() {
return buildInfoFile;
}
@InputFile
public RegularFileProperty getCompilerVersionFile() {
return compilerVersionFile;
}
@InputFile
public RegularFileProperty getRuntimeVersionFile() {
return runtimeVersionFile;
}
@InputFile
public RegularFileProperty getFipsJvmFile() {
return fipsJvmFile;
}
public void setGlobalInfoListeners(List<Runnable> globalInfoListeners) {
this.globalInfoListeners = globalInfoListeners;
}
@TaskAction
public void print() {
getLogger().quiet("=======================================");
getLogger().quiet("Elasticsearch Build Hamster says Hello!");
getLogger().quiet(getFileText(getBuildInfoFile()).asString());
getLogger().quiet(" Random Testing Seed : " + getProject().property("testSeed"));
getLogger().quiet("=======================================");
setGlobalProperties();
globalInfoListeners.forEach(Runnable::run);
// Since all tasks depend on this task, and it always runs for every build, this makes sure that lifecycle tasks will still
// correctly report as UP-TO-DATE, since the convention is a lifecycle task (i.e. assemble, build, etc) will only be marked as
// UP-TO-DATE if all upstream tasks were also UP-TO-DATE.
setDidWork(false);
}
private TextResource getFileText(RegularFileProperty regularFileProperty) {
return getProject().getResources().getText().fromFile(regularFileProperty.getAsFile().get());
}
private void setGlobalProperties() {
getProject().getRootProject().allprojects(p -> {
ExtraPropertiesExtension ext = p.getExtensions().getByType(ExtraPropertiesExtension.class);
ext.set("compilerJavaVersion", JavaVersion.valueOf(getFileText(getCompilerVersionFile()).asString()));
ext.set("runtimeJavaVersion", JavaVersion.valueOf(getFileText(getRuntimeVersionFile()).asString()));
ext.set("inFipsJvm", Boolean.valueOf(getFileText(getFipsJvmFile()).asString()));
});
}
}

View File

@ -26,6 +26,7 @@ import org.gradle.api.JavaVersion;
import org.gradle.api.artifacts.Configuration; import org.gradle.api.artifacts.Configuration;
import org.gradle.api.artifacts.Dependency; import org.gradle.api.artifacts.Dependency;
import org.gradle.api.file.FileTree; import org.gradle.api.file.FileTree;
import org.gradle.api.provider.Property;
import org.gradle.api.specs.Spec; import org.gradle.api.specs.Spec;
import org.gradle.api.tasks.CacheableTask; import org.gradle.api.tasks.CacheableTask;
import org.gradle.api.tasks.Classpath; import org.gradle.api.tasks.Classpath;
@ -79,17 +80,13 @@ public class ThirdPartyAuditTask extends DefaultTask {
private String javaHome; private String javaHome;
private JavaVersion targetCompatibility; private final Property<JavaVersion> targetCompatibility = getProject().getObjects().property(JavaVersion.class);
@Input @Input
public JavaVersion getTargetCompatibility() { public Property<JavaVersion> getTargetCompatibility() {
return targetCompatibility; return targetCompatibility;
} }
public void setTargetCompatibility(JavaVersion targetCompatibility) {
this.targetCompatibility = targetCompatibility;
}
@InputFiles @InputFiles
@PathSensitive(PathSensitivity.NAME_ONLY) @PathSensitive(PathSensitivity.NAME_ONLY)
public Configuration getForbiddenAPIsConfiguration() { public Configuration getForbiddenAPIsConfiguration() {
@ -287,7 +284,7 @@ public class ThirdPartyAuditTask extends DefaultTask {
// pther version specific implementation of said classes. // pther version specific implementation of said classes.
IntStream.rangeClosed( IntStream.rangeClosed(
Integer.parseInt(JavaVersion.VERSION_1_9.getMajorVersion()), Integer.parseInt(JavaVersion.VERSION_1_9.getMajorVersion()),
Integer.parseInt(targetCompatibility.getMajorVersion()) Integer.parseInt(targetCompatibility.get().getMajorVersion())
).forEach(majorVersion -> getProject().copy(spec -> { ).forEach(majorVersion -> getProject().copy(spec -> {
spec.from(getProject().zipTree(jar)); spec.from(getProject().zipTree(jar));
spec.into(jarExpandDir); spec.into(jarExpandDir);

View File

@ -0,0 +1 @@
implementation-class=org.elasticsearch.gradle.info.GlobalBuildInfoPlugin

View File

@ -29,6 +29,7 @@ forbiddenApisTest.enabled = false
jarHell.enabled = false jarHell.enabled = false
// we don't have tests for now // we don't have tests for now
test.enabled = false test.enabled = false
thirdPartyAudit.enabled = false
task hello { task hello {
doFirst { doFirst {

View File

@ -40,8 +40,8 @@ test {
systemProperty 'tests.security.manager', 'false' systemProperty 'tests.security.manager', 'false'
} }
if (project.inFipsJvm) { thirdPartyAudit.onlyIf {
// FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit, // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
// rather than provide a long list of exclusions, disable the check on FIPS. // rather than provide a long list of exclusions, disable the check on FIPS.
thirdPartyAudit.enabled = false project.inFipsJvm == false
} }

View File

@ -47,11 +47,13 @@ if (!isEclipse && !isIdea) {
} }
forbiddenApisJava9 { forbiddenApisJava9 {
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) { if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) {
targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion() targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion()
} }
replaceSignatureFiles 'jdk-signatures' replaceSignatureFiles 'jdk-signatures'
} }
}
jar { jar {
metaInf { metaInf {

View File

@ -172,6 +172,7 @@ thirdPartyAudit {
) )
} }
rootProject.globalInfo.ready {
if (project.inFipsJvm == false) { if (project.inFipsJvm == false) {
// BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
// a FIPS JVM with BouncyCastleFIPS Provider // a FIPS JVM with BouncyCastleFIPS Provider
@ -179,3 +180,4 @@ if (project.inFipsJvm == false) {
'org.bouncycastle.asn1.x500.X500Name' 'org.bouncycastle.asn1.x500.X500Name'
) )
} }
}

View File

@ -135,6 +135,7 @@ thirdPartyAudit.ignoreMissingClasses (
) )
// jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9) // jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9)
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreJarHellWithJDK( thirdPartyAudit.ignoreJarHellWithJDK(
'javax.xml.bind.Binder', 'javax.xml.bind.Binder',
@ -251,3 +252,4 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
'javax.activation.MimeTypeParseException', 'javax.activation.MimeTypeParseException',
) )
} }
}

View File

@ -108,9 +108,11 @@ thirdPartyAudit.ignoreMissingClasses (
'org.apache.log.Logger' 'org.apache.log.Logger'
) )
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses( thirdPartyAudit.ignoreMissingClasses(
'javax.xml.bind.DatatypeConverter', 'javax.xml.bind.DatatypeConverter',
'javax.xml.bind.JAXBContext' 'javax.xml.bind.JAXBContext'
) )
} }
}

View File

@ -84,8 +84,8 @@ thirdPartyAudit{
ignoreMissingClasses() ignoreMissingClasses()
} }
if (project.inFipsJvm) { thirdPartyAudit.onlyIf {
// FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit, // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
// rather than provide a long list of exclusions, disable the check on FIPS. // rather than provide a long list of exclusions, disable the check on FIPS.
thirdPartyAudit.enabled = false project.inFipsJvm == false
} }

View File

@ -93,10 +93,12 @@ for (String fixtureName : ['hdfsFixture', 'haHdfsFixture', 'secureHdfsFixture',
// If it's a secure fixture, then depend on Kerberos Fixture and principals + add the krb5conf to the JVM options // If it's a secure fixture, then depend on Kerberos Fixture and principals + add the krb5conf to the JVM options
if (fixtureName.equals('secureHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) { if (fixtureName.equals('secureHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) {
miniHDFSArgs.add("-Djava.security.krb5.conf=${project(':test:fixtures:krb5kdc-fixture').ext.krb5Conf("hdfs")}"); miniHDFSArgs.add("-Djava.security.krb5.conf=${project(':test:fixtures:krb5kdc-fixture').ext.krb5Conf("hdfs")}");
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion == JavaVersion.VERSION_1_9) { if (project.runtimeJavaVersion == JavaVersion.VERSION_1_9) {
miniHDFSArgs.add('--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED') miniHDFSArgs.add('--add-opens=java.security.jgss/sun.security.krb5=ALL-UNNAMED')
} }
} }
}
// If it's an HA fixture, set a nameservice to use in the JVM options // If it's an HA fixture, set a nameservice to use in the JVM options
if (fixtureName.equals('haHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) { if (fixtureName.equals('haHdfsFixture') || fixtureName.equals('secureHaHdfsFixture')) {
miniHDFSArgs.add("-Dha-nameservice=ha-hdfs") miniHDFSArgs.add("-Dha-nameservice=ha-hdfs")

View File

@ -336,6 +336,7 @@ thirdPartyAudit.ignoreMissingClasses (
) )
// jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9) // jarhell with jdk (intentionally, because jaxb was removed from default modules in java 9)
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreJarHellWithJDK( thirdPartyAudit.ignoreJarHellWithJDK(
'javax.xml.bind.Binder', 'javax.xml.bind.Binder',
@ -443,3 +444,4 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
} else { } else {
thirdPartyAudit.ignoreMissingClasses 'javax.activation.DataHandler' thirdPartyAudit.ignoreMissingClasses 'javax.activation.DataHandler'
} }
}

View File

@ -149,6 +149,7 @@ thirdPartyAudit {
'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator' 'io.netty.handler.ssl.util.OpenJdkSelfSignedCertGenerator'
) )
} }
rootProject.globalInfo.ready {
if (project.inFipsJvm == false) { if (project.inFipsJvm == false) {
// BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in // BouncyCastleFIPS provides this class, so the exclusion is invalid when running CI in
// a FIPS JVM with BouncyCastleFIPS Provider // a FIPS JVM with BouncyCastleFIPS Provider
@ -156,3 +157,4 @@ if (project.inFipsJvm == false) {
'org.bouncycastle.asn1.x500.X500Name' 'org.bouncycastle.asn1.x500.X500Name'
) )
} }
}

View File

@ -56,10 +56,12 @@ if (!isEclipse && !isIdea) {
} }
forbiddenApisJava9 { forbiddenApisJava9 {
doFirst {
if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) { if (project.runtimeJavaVersion < JavaVersion.VERSION_1_9) {
targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion() targetCompatibility = JavaVersion.VERSION_1_9.getMajorVersion()
} }
} }
}
jar { jar {
metaInf { metaInf {
@ -314,9 +316,11 @@ thirdPartyAudit.ignoreMissingClasses (
'com.google.common.geometry.S2LatLng' 'com.google.common.geometry.S2LatLng'
) )
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses 'javax.xml.bind.DatatypeConverter' thirdPartyAudit.ignoreMissingClasses 'javax.xml.bind.DatatypeConverter'
} }
}
dependencyLicenses { dependencyLicenses {
mapping from: /lucene-.*/, to: 'lucene' mapping from: /lucene-.*/, to: 'lucene'

View File

@ -41,7 +41,7 @@ followClusterTestRunner {
task followClusterRestartTest(type: RestIntegTestTask) {} task followClusterRestartTest(type: RestIntegTestTask) {}
followClusterRestartTestCluster { followClusterRestartTestCluster {
dependsOn followClusterTestRunner dependsOn followClusterTestRunner, 'followClusterTestCluster#stop'
numNodes = 1 numNodes = 1
clusterName = 'follow-cluster' clusterName = 'follow-cluster'
dataDir = { nodeNumber -> followClusterTest.nodes[0].dataDir } dataDir = { nodeNumber -> followClusterTest.nodes[0].dataDir }

View File

@ -286,6 +286,7 @@ thirdPartyAudit {
) )
} }
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses( thirdPartyAudit.ignoreMissingClasses(
'javax.xml.bind.JAXBContext', 'javax.xml.bind.JAXBContext',
@ -301,6 +302,7 @@ if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
'javax.activation.FileTypeMap' 'javax.activation.FileTypeMap'
) )
} }
}
test { test {
/* /*

View File

@ -19,6 +19,7 @@ dependencyLicenses {
mapping from: /bc.*/, to: 'bouncycastle' mapping from: /bc.*/, to: 'bouncycastle'
} }
rootProject.globalInfo.ready {
if (project.inFipsJvm) { if (project.inFipsJvm) {
test.enabled = false test.enabled = false
testingConventions.enabled = false testingConventions.enabled = false
@ -32,3 +33,4 @@ if (project.inFipsJvm) {
thirdPartyAudit.enabled = false thirdPartyAudit.enabled = false
} }
}

View File

@ -207,18 +207,16 @@ integTestCluster {
return tmpFile.exists() return tmpFile.exists()
} }
} }
Closure notRunningFips = {
Boolean.parseBoolean(BuildPlugin.runJavaAsScript(project, project.runtimeJavaHome,
'print(java.security.Security.getProviders()[0].name.toLowerCase().contains("fips"));')) == false
}
// Do not attempt to form a cluster in a FIPS JVM, as doing so with a JKS keystore will fail. // Do not attempt to form a cluster in a FIPS JVM, as doing so with a JKS keystore will fail.
// TODO Revisit this when SQL CLI client can handle key/certificate instead of only Keystores. // TODO Revisit this when SQL CLI client can handle key/certificate instead of only Keystores.
// https://github.com/elastic/elasticsearch/issues/32306 // https://github.com/elastic/elasticsearch/issues/32306
tasks.matching({ it.name == "integTestCluster#init" }).all { onlyIf notRunningFips } tasks.matching { it.name in ["integTestCluster#init", "integTestCluster#start", "integTestCluster#wait", "integTestRunner"] }.all {
tasks.matching({ it.name == "integTestCluster#start" }).all { onlyIf notRunningFips } onlyIf {
tasks.matching({ it.name == "integTestCluster#wait" }).all { onlyIf notRunningFips } project.inFipsJvm == false
tasks.matching({ it.name == "integTestRunner" }).all { onlyIf notRunningFips } }
}
/** A lazy evaluator to find the san to use for certificate generation. */ /** A lazy evaluator to find the san to use for certificate generation. */
class SanEvaluator { class SanEvaluator {

View File

@ -70,6 +70,7 @@ thirdPartyAudit {
} }
// pulled in as external dependency to work on java 9 // pulled in as external dependency to work on java 9
rootProject.globalInfo.ready {
if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) { if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreJarHellWithJDK( thirdPartyAudit.ignoreJarHellWithJDK(
// pulled in as external dependency to work on java 9 // pulled in as external dependency to work on java 9
@ -110,6 +111,7 @@ if (project.runtimeJavaVersion <= JavaVersion.VERSION_1_8) {
'javax.activation.UnsupportedDataTypeException' 'javax.activation.UnsupportedDataTypeException'
) )
} }
}
test { test {
/* /*

View File

@ -116,6 +116,7 @@ for (Version version : bwcVersions.indexCompatible) {
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
setting 'xpack.security.transport.ssl.enabled', 'true' setting 'xpack.security.transport.ssl.enabled', 'true'
rootProject.globalInfo.ready {
if (project.inFipsJvm) { if (project.inFipsJvm) {
setting 'xpack.security.transport.ssl.key', 'testnode.pem' setting 'xpack.security.transport.ssl.key', 'testnode.pem'
setting 'xpack.security.transport.ssl.certificate', 'testnode.crt' setting 'xpack.security.transport.ssl.certificate', 'testnode.crt'
@ -124,6 +125,7 @@ for (Version version : bwcVersions.indexCompatible) {
setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks' setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks'
setting 'xpack.security.transport.ssl.keystore.password', 'testnode' setting 'xpack.security.transport.ssl.keystore.password', 'testnode'
} }
}
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
dependsOn copyTestNodeKeyMaterial dependsOn copyTestNodeKeyMaterial
extraConfigFile 'testnode.pem', new File(outputDir + '/testnode.pem') extraConfigFile 'testnode.pem', new File(outputDir + '/testnode.pem')
@ -160,6 +162,7 @@ for (Version version : bwcVersions.indexCompatible) {
// some tests rely on the translog not being flushed // some tests rely on the translog not being flushed
setting 'indices.memory.shard_inactive_time', '20m' setting 'indices.memory.shard_inactive_time', '20m'
setting 'xpack.security.enabled', 'true' setting 'xpack.security.enabled', 'true'
rootProject.globalInfo.ready {
if (project.inFipsJvm) { if (project.inFipsJvm) {
setting 'xpack.security.transport.ssl.key', 'testnode.pem' setting 'xpack.security.transport.ssl.key', 'testnode.pem'
setting 'xpack.security.transport.ssl.certificate', 'testnode.crt' setting 'xpack.security.transport.ssl.certificate', 'testnode.crt'
@ -168,6 +171,7 @@ for (Version version : bwcVersions.indexCompatible) {
setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks' setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks'
setting 'xpack.security.transport.ssl.keystore.password', 'testnode' setting 'xpack.security.transport.ssl.keystore.password', 'testnode'
} }
}
setting 'xpack.license.self_generated.type', 'trial' setting 'xpack.license.self_generated.type', 'trial'
dependsOn copyTestNodeKeyMaterial dependsOn copyTestNodeKeyMaterial
extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks') extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks')

View File

@ -38,9 +38,11 @@ integTestCluster {
setting 'reindex.ssl.truststore.password', 'password' setting 'reindex.ssl.truststore.password', 'password'
// Workaround for JDK-8212885 // Workaround for JDK-8212885
rootProject.globalInfo.ready {
if (project.ext.runtimeJavaVersion.isJava12Compatible() == false) { if (project.ext.runtimeJavaVersion.isJava12Compatible() == false) {
setting 'reindex.ssl.supported_protocols', 'TLSv1.2' setting 'reindex.ssl.supported_protocols', 'TLSv1.2'
} }
}
extraConfigFile 'roles.yml', 'roles.yml' extraConfigFile 'roles.yml', 'roles.yml'
[ [

View File

@ -123,6 +123,7 @@ for (Version version : bwcVersions.wireCompatible) {
setting 'xpack.security.authc.token.timeout', '60m' setting 'xpack.security.authc.token.timeout', '60m'
setting 'logger.org.elasticsearch.xpack.security.authc.TokenService', 'trace' setting 'logger.org.elasticsearch.xpack.security.authc.TokenService', 'trace'
setting 'xpack.security.audit.enabled', 'true' setting 'xpack.security.audit.enabled', 'true'
rootProject.globalInfo.ready {
if (project.inFipsJvm) { if (project.inFipsJvm) {
setting 'xpack.security.transport.ssl.key', 'testnode.pem' setting 'xpack.security.transport.ssl.key', 'testnode.pem'
setting 'xpack.security.transport.ssl.certificate', 'testnode.crt' setting 'xpack.security.transport.ssl.certificate', 'testnode.crt'
@ -131,6 +132,7 @@ for (Version version : bwcVersions.wireCompatible) {
setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks' setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks'
setting 'xpack.security.transport.ssl.keystore.password', 'testnode' setting 'xpack.security.transport.ssl.keystore.password', 'testnode'
} }
}
dependsOn copyTestNodeKeyMaterial dependsOn copyTestNodeKeyMaterial
extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks') extraConfigFile 'testnode.jks', new File(outputDir + '/testnode.jks')
extraConfigFile 'testnode.pem', new File(outputDir + '/testnode.pem') extraConfigFile 'testnode.pem', new File(outputDir + '/testnode.pem')
@ -190,6 +192,7 @@ for (Version version : bwcVersions.wireCompatible) {
setting 'xpack.security.transport.ssl.enabled', 'true' setting 'xpack.security.transport.ssl.enabled', 'true'
setting 'xpack.security.authc.token.timeout', '60m' setting 'xpack.security.authc.token.timeout', '60m'
setting 'logger.org.elasticsearch.xpack.security.authc.TokenService', 'trace' setting 'logger.org.elasticsearch.xpack.security.authc.TokenService', 'trace'
rootProject.globalInfo.ready {
if (project.inFipsJvm) { if (project.inFipsJvm) {
setting 'xpack.security.transport.ssl.key', 'testnode.pem' setting 'xpack.security.transport.ssl.key', 'testnode.pem'
setting 'xpack.security.transport.ssl.certificate', 'testnode.crt' setting 'xpack.security.transport.ssl.certificate', 'testnode.crt'
@ -198,6 +201,7 @@ for (Version version : bwcVersions.wireCompatible) {
setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks' setting 'xpack.security.transport.ssl.keystore.path', 'testnode.jks'
setting 'xpack.security.transport.ssl.keystore.password', 'testnode' setting 'xpack.security.transport.ssl.keystore.password', 'testnode'
} }
}
setting 'node.attr.upgraded', 'true' setting 'node.attr.upgraded', 'true'
setting 'xpack.security.authc.token.enabled', 'true' setting 'xpack.security.authc.token.enabled', 'true'
setting 'xpack.security.audit.enabled', 'true' setting 'xpack.security.audit.enabled', 'true'