Build: Make ml credentials load only if necessary (elastic/elasticsearch#4938)

Also, this change allows the credentials to be passed in through
gradle properties, which will allow the unified release to use its own
aws credentials, supplied securely to the build.


Original commit: elastic/x-pack-elasticsearch@62f7a30e59

elasticsearch/build.gradle

@@ -40,8 +40,7 @@ buildscript {
   }
 }
 
-// Vault auth to get keys for access to cpp artifacts
+Closure setAwsCreds = {
-
 // first need to get an authentication token with vault
   String homePath = System.properties['user.home']
   File githubToken = file("${homePath}/.elastic/github.token")
@@ -79,12 +78,12 @@ Object authResponse = new groovy.json.JsonSlurper().parseText(vaultConn.content.
   VaultConfig config = new VaultConfig(VAULT_URL, authResponse.auth.client_token)
   Vault vault = new Vault(config)
   LogicalResponse secret = vault.logical().read("aws-dev/creds/prelertartifacts")
-String mlAwsAccessKey = secret.data.get('access_key')
+  project.ext.mlAwsAccessKey = secret.data.get('access_key')
-String mlAwsSecretKey = secret.data.get('secret_key')
+  project.ext.mlAwsSecretKey = secret.data.get('secret_key')
   // Retrying 10 times to give AWS a chance to propagate the credentials
   int retries = 60
   while (retries > 0) {
-  AWSCredentials creds = new BasicAWSCredentials(mlAwsAccessKey, mlAwsSecretKey)
+    AWSCredentials creds = new BasicAWSCredentials(project.mlAwsAccessKey, project.mlAwsSecretKey)
 
     ClientConfiguration clientConfiguration = new ClientConfiguration()
     // the response metadata cache is only there for diagnostics purposes,
@@ -103,15 +102,33 @@ while (retries > 0) {
     sleep(500)
     retries--
   }
+}
 
+gradle.taskGraph.whenReady { taskGraph ->
+  // Vault auth to get keys for access to cpp artifacts
 
+  if (taskGraph.hasTask(bundlePlugin)) {
+    if (project.hasProperty("mlAwsAccessKey") == false && project.hasProperty("mlAwsSecretKey") == false) {
+      setAwsCreds()
+    }
 
     repositories {
       maven {
         url "s3://prelert-artifacts/maven"
         credentials(AwsCredentials) {
-          accessKey "${mlAwsAccessKey}"
+          accessKey "${project.mlAwsAccessKey}"
-          secretKey "${mlAwsSecretKey}"
+          secretKey "${project.mlAwsSecretKey}"
+        }
+      }
+    }
+    // For some unknown reason, this from statement triggers
+    // a resolve of the nativeBundle configuration. It should
+    // be delayed until the bundlePlugin task is executed, but
+    // it is not. So for now, we add the extra files to bundlePlugin
+    // here right after configuring the prelert maven, which
+    // will only happen when bundlePlugin will be run anyways.
+    project.bundlePlugin.from {
+      zipTree(configurations.nativeBundle.singleFile)
     }
   }
 }
@@ -164,9 +181,9 @@ dependencies {
   compile "org.elasticsearch.client:sniffer:${version}"
 
   // ml deps
-  compile group: 'net.sf.supercsv', name: 'super-csv', version:'2.4.0'
+  compile 'net.sf.supercsv:super-csv:2.4.0'
-  nativeBundle group: 'org.elasticsearch.ml', name: 'ml-cpp', version:"${project.version}", ext: 'zip'
+  nativeBundle "org.elasticsearch.ml:ml-cpp:${project.version}@zip"
-  testCompile group: 'org.ini4j', name: 'ini4j', version:'0.5.2'
+  testCompile 'org.ini4j:ini4j:0.5.2'
 
   // common test deps
   testCompile 'org.elasticsearch:securemock:1.2'
@@ -210,11 +227,6 @@ forbiddenPatterns {
 
 // TODO: standardize packaging config for plugins
 bundlePlugin {
-  for (outputFile in configurations.nativeBundle) {
-      from(zipTree(outputFile)) {
-        duplicatesStrategy 'exclude'
-      }
-    }
   from(project(':x-pack').projectDir) {
     include 'LICENSE.txt'
   }