import org.elasticsearch.gradle.info.BuildParams apply plugin: 'elasticsearch.esplugin' apply plugin: 'elasticsearch.publish' apply plugin: 'elasticsearch.internal-cluster-test' esplugin { name 'x-pack-security' description 'Elasticsearch Expanded Pack Plugin - Security' classname 'org.elasticsearch.xpack.security.Security' requiresKeystore true extendedPlugins = ['x-pack-core'] } archivesBaseName = 'x-pack-security' dependencies { compileOnly project(path: xpackModule('core'), configuration: 'default') compileOnly project(path: ':modules:transport-netty4') compileOnly project(path: ':plugins:transport-nio') testImplementation project(path: xpackModule('monitoring')) testImplementation project(path: xpackModule('sql:sql-action')) testImplementation project(path: xpackModule('core'), configuration: 'testArtifacts') internalClusterTestImplementation project(path: xpackModule('core'), configuration: 'testArtifacts') api 'com.unboundid:unboundid-ldapsdk:4.0.8' // the following are all SAML dependencies - might as well download the whole internet api "org.opensaml:opensaml-core:3.4.5" api "org.opensaml:opensaml-saml-api:3.4.5" api "org.opensaml:opensaml-saml-impl:3.4.5" api "org.opensaml:opensaml-messaging-api:3.4.5" api "org.opensaml:opensaml-messaging-impl:3.4.5" api "org.opensaml:opensaml-security-api:3.4.5" api "org.opensaml:opensaml-security-impl:3.4.5" api "org.opensaml:opensaml-profile-api:3.4.5" api "org.opensaml:opensaml-profile-impl:3.4.5" api "org.opensaml:opensaml-xmlsec-api:3.4.5" api "org.opensaml:opensaml-xmlsec-impl:3.4.5" api "org.opensaml:opensaml-soap-api:3.4.5" api "org.opensaml:opensaml-soap-impl:3.4.5" api "org.opensaml:opensaml-storage-api:3.4.5" api "org.opensaml:opensaml-storage-impl:3.4.5" api "net.shibboleth.utilities:java-support:7.5.1" api "org.apache.santuario:xmlsec:2.1.4" api "io.dropwizard.metrics:metrics-core:3.2.2" api ("org.cryptacular:cryptacular:1.2.4") { exclude group: 'org.bouncycastle' } api "org.slf4j:slf4j-api:${versions.slf4j}" api "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}" api "org.apache.httpcomponents:httpclient:${versions.httpclient}" api "org.apache.httpcomponents:httpcore:${versions.httpcore}" api "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}" api "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}" api "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}" runtimeOnly 'com.google.guava:guava:19.0' // Dependencies for oidc api "com.nimbusds:oauth2-oidc-sdk:7.0.2" api "com.nimbusds:nimbus-jose-jwt:8.6" api "com.nimbusds:lang-tag:1.4.4" api "com.sun.mail:jakarta.mail:1.6.3" api "net.jcip:jcip-annotations:1.0" api "net.minidev:json-smart:2.3" api "net.minidev:accessors-smart:1.2" api "org.ow2.asm:asm:7.3.1" testImplementation 'org.elasticsearch:securemock:1.2' testImplementation "org.elasticsearch:mocksocket:${versions.mocksocket}" // Test dependencies for Kerberos (MiniKdc) testImplementation('commons-io:commons-io:2.5') testImplementation('org.apache.kerby:kerb-simplekdc:1.1.1') testImplementation('org.apache.kerby:kerb-client:1.1.1') testImplementation('org.apache.kerby:kerby-config:1.1.1') testImplementation('org.apache.kerby:kerb-core:1.1.1') testImplementation('org.apache.kerby:kerby-pkix:1.1.1') testImplementation('org.apache.kerby:kerby-asn1:1.1.1') testImplementation('org.apache.kerby:kerby-util:1.1.1') testImplementation('org.apache.kerby:kerb-common:1.1.1') testImplementation('org.apache.kerby:kerb-crypto:1.1.1') testImplementation('org.apache.kerby:kerb-util:1.1.1') testImplementation('org.apache.kerby:token-provider:1.1.1') testImplementation('com.nimbusds:nimbus-jose-jwt:8.6') testImplementation('net.jcip:jcip-annotations:1.0') testImplementation('org.apache.kerby:kerb-admin:1.1.1') testImplementation('org.apache.kerby:kerb-server:1.1.1') testImplementation('org.apache.kerby:kerb-identity:1.1.1') testImplementation('org.apache.kerby:kerby-xdr:1.1.1') // LDAP backend support for SimpleKdcServer testImplementation('org.apache.kerby:kerby-backend:1.1.1') testImplementation('org.apache.kerby:ldap-backend:1.1.1') testImplementation('org.apache.kerby:kerb-identity:1.1.1') testImplementation('org.apache.directory.api:api-ldap-client-api:1.0.0') testImplementation('org.apache.directory.api:api-ldap-schema-data:1.0.0') testImplementation('org.apache.directory.api:api-ldap-codec-core:1.0.0') testImplementation('org.apache.directory.api:api-ldap-extras-aci:1.0.0') testImplementation('org.apache.directory.api:api-ldap-extras-codec:1.0.0') testImplementation('org.apache.directory.api:api-ldap-extras-codec-api:1.0.0') testImplementation('commons-pool:commons-pool:1.6') testImplementation('commons-collections:commons-collections:3.2.2') testImplementation('org.apache.mina:mina-core:2.0.17') testImplementation('org.apache.directory.api:api-util:1.0.1') testImplementation('org.apache.directory.api:api-i18n:1.0.1') testImplementation('org.apache.directory.api:api-ldap-model:1.0.1') testImplementation('org.apache.directory.api:api-asn1-api:1.0.1') testImplementation('org.apache.directory.api:api-asn1-ber:1.0.1') testImplementation('org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:2.7.7_5') testImplementation('org.apache.directory.server:apacheds-core-api:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-i18n:2.0.0-M24') testImplementation('org.apache.directory.api:api-ldap-extras-util:1.0.0') testImplementation('net.sf.ehcache:ehcache:2.10.4') testImplementation('org.apache.directory.server:apacheds-kerberos-codec:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-protocol-ldap:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-protocol-shared:2.0.0-M24') testImplementation('org.apache.directory.jdbm:apacheds-jdbm1:2.0.0-M3') testImplementation('org.apache.directory.server:apacheds-jdbm-partition:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-xdbm-partition:2.0.0-M24') testImplementation('org.apache.directory.api:api-ldap-extras-sp:1.0.0') testImplementation('org.apache.directory.server:apacheds-test-framework:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-core-annotations:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-ldif-partition:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-mavibot-partition:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-protocol-kerberos:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-server-annotations:2.0.0-M24') testImplementation('org.apache.directory.api:api-ldap-codec-standalone:1.0.0') testImplementation('org.apache.directory.api:api-ldap-net-mina:1.0.0') testImplementation('org.apache.directory.server:ldap-client-test:2.0.0-M24') testImplementation('org.apache.directory.server:apacheds-interceptor-kerberos:2.0.0-M24') testImplementation('org.apache.directory.mavibot:mavibot:1.0.0-M8') } compileJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked" compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked" processInternalClusterTestResources { from(project(xpackModule('core')).file('src/main/config')) from(project(xpackModule('core')).file('src/test/resources')) } processTestResources { from(project(xpackModule('core')).file('src/main/config')) from(project(xpackModule('core')).file('src/test/resources')) } configurations { testArtifacts.extendsFrom testRuntime testArtifacts.extendsFrom testImplementation } TaskProvider testJar = tasks.register("testJar", Jar) { appendix 'test' from sourceSets.test.output } artifacts { // normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions archives tasks.named('jar') testArtifacts testJar } tasks.named("dependencyLicenses").configure { mapping from: /java-support|opensaml-.*/, to: 'shibboleth' mapping from: /http.*/, to: 'httpclient' } forbiddenPatterns { exclude '**/*.key' exclude '**/*.p12' exclude '**/*.der' exclude '**/*.zip' } tasks.named('forbiddenApisMain').configure { signaturesFiles += files('forbidden/ldap-signatures.txt', 'forbidden/xml-signatures.txt', 'forbidden/oidc-signatures.txt') } // classes are missing, e.g. com.ibm.icu.lang.UCharacter thirdPartyAudit { ignoreMissingClasses ( // SAML dependencies // [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes 'com.beust.jcommander.JCommander', 'com.beust.jcommander.converters.BaseConverter', // [missing classes] Shibboleth + OpenSAML have servlet support that we don't use 'javax.servlet.AsyncContext', 'javax.servlet.DispatcherType', 'javax.servlet.Filter', 'javax.servlet.FilterChain', 'javax.servlet.FilterConfig', 'javax.servlet.RequestDispatcher', 'javax.servlet.ServletContext', 'javax.servlet.ServletException', 'javax.servlet.ServletInputStream', 'javax.servlet.ServletOutputStream', 'javax.servlet.ServletRequest', 'javax.servlet.ServletResponse', 'javax.servlet.http.Cookie', 'javax.servlet.http.HttpServletRequest', 'javax.servlet.http.HttpServletResponse', 'javax.servlet.http.HttpServletResponseWrapper', 'javax.servlet.http.HttpSession', 'javax.servlet.http.Part', // [missing classes] Shibboleth + OpenSAML have velocity support that we don't use 'org.apache.velocity.VelocityContext', 'org.apache.velocity.app.VelocityEngine', 'org.apache.velocity.context.Context', 'org.apache.velocity.exception.VelocityException', 'org.apache.velocity.runtime.RuntimeServices', 'org.apache.velocity.runtime.log.LogChute', 'org.apache.velocity.runtime.resource.loader.StringResourceLoader', 'org.apache.velocity.runtime.resource.util.StringResourceRepository', // [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use 'org.apache.xml.dtm.DTM', 'org.apache.xml.utils.PrefixResolver', 'org.apache.xml.utils.PrefixResolverDefault', 'org.apache.xpath.Expression', 'org.apache.xpath.NodeSetDTM', 'org.apache.xpath.XPath', 'org.apache.xpath.XPathContext', 'org.apache.xpath.compiler.FunctionTable', 'org.apache.xpath.functions.Function', 'org.apache.xpath.objects.XNodeSet', 'org.apache.xpath.objects.XObject', // [missing classes] OpenSAML storage has an optional LDAP storage impl 'org.ldaptive.AttributeModification', 'org.ldaptive.AttributeModificationType', 'org.ldaptive.Connection', 'org.ldaptive.DeleteOperation', 'org.ldaptive.DeleteRequest', 'org.ldaptive.LdapAttribute', 'org.ldaptive.LdapEntry', 'org.ldaptive.LdapException', 'org.ldaptive.ModifyOperation', 'org.ldaptive.ModifyRequest', 'org.ldaptive.Response', 'org.ldaptive.ResultCode', 'org.ldaptive.SearchOperation', 'org.ldaptive.SearchRequest', 'org.ldaptive.SearchResult', 'org.ldaptive.ext.MergeOperation', 'org.ldaptive.ext.MergeRequest', 'org.ldaptive.pool.ConnectionPool', 'org.ldaptive.pool.PooledConnectionFactory', // [missing classes] OpenSAML storage has an optional JSON-backed storage impl 'javax.json.Json', 'javax.json.JsonException', 'javax.json.JsonNumber', 'javax.json.JsonObject', 'javax.json.JsonReader', 'javax.json.JsonValue$ValueType', 'javax.json.JsonValue', 'javax.json.stream.JsonGenerator', // [missing classes] OpenSAML storage has an optional JPA storage impl 'javax.persistence.EntityManager', 'javax.persistence.EntityManagerFactory', 'javax.persistence.EntityTransaction', 'javax.persistence.LockModeType', 'javax.persistence.Query', // [missing classes] OpenSAML storage and HttpClient cache have optional memcache support 'net.spy.memcached.CASResponse', 'net.spy.memcached.CASValue', 'net.spy.memcached.MemcachedClient', 'net.spy.memcached.MemcachedClientIF', 'net.spy.memcached.CachedData', 'net.spy.memcached.internal.OperationFuture', 'net.spy.memcached.transcoders.Transcoder', // [missing classes] Http Client cache has optional ehcache support 'net.sf.ehcache.Ehcache', 'net.sf.ehcache.Element', // [missing classes] SLF4j includes an optional class that depends on an extension class (!) 'org.slf4j.ext.EventData', // Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE 'org.cryptomator.siv.SivMode', 'com.nimbusds.common.contenttype.ContentType', // Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037) 'com.google.crypto.tink.subtle.Ed25519Sign', 'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair', 'com.google.crypto.tink.subtle.Ed25519Verify', 'com.google.crypto.tink.subtle.X25519', // Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We // acknowledge them here instead of adding bouncy castle as a compileOnly dependency 'org.bouncycastle.asn1.ASN1Encodable', 'org.bouncycastle.asn1.ASN1InputStream', 'org.bouncycastle.asn1.ASN1Integer', 'org.bouncycastle.asn1.ASN1ObjectIdentifier', 'org.bouncycastle.asn1.ASN1OctetString', 'org.bouncycastle.asn1.ASN1Primitive', 'org.bouncycastle.asn1.ASN1Sequence', 'org.bouncycastle.asn1.ASN1TaggedObject', 'org.bouncycastle.asn1.DEROctetString', 'org.bouncycastle.asn1.DERSequence', 'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo', 'org.bouncycastle.asn1.pkcs.EncryptionScheme', 'org.bouncycastle.asn1.pkcs.KeyDerivationFunc', 'org.bouncycastle.asn1.pkcs.PBEParameter', 'org.bouncycastle.asn1.pkcs.PBES2Parameters', 'org.bouncycastle.asn1.pkcs.PBKDF2Params', 'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers', 'org.bouncycastle.asn1.pkcs.PrivateKeyInfo', 'org.bouncycastle.asn1.x500.AttributeTypeAndValue', 'org.bouncycastle.asn1.x500.RDN', 'org.bouncycastle.asn1.x500.X500Name', 'org.bouncycastle.asn1.x509.AccessDescription', 'org.bouncycastle.asn1.x509.AlgorithmIdentifier', 'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier', 'org.bouncycastle.asn1.x509.BasicConstraints', 'org.bouncycastle.asn1.x509.DistributionPoint', 'org.bouncycastle.asn1.x509.Extension', 'org.bouncycastle.asn1.x509.GeneralName', 'org.bouncycastle.asn1.x509.GeneralNames', 'org.bouncycastle.asn1.x509.GeneralNamesBuilder', 'org.bouncycastle.asn1.x509.KeyPurposeId', 'org.bouncycastle.asn1.x509.KeyUsage', 'org.bouncycastle.asn1.x509.PolicyInformation', 'org.bouncycastle.asn1.x509.SubjectKeyIdentifier', 'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo', 'org.bouncycastle.asn1.x9.X9ECParameters', 'org.bouncycastle.cert.X509v3CertificateBuilder', 'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter', 'org.bouncycastle.cert.jcajce.JcaX509CertificateHolder', 'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils', 'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder', 'org.bouncycastle.crypto.BlockCipher', 'org.bouncycastle.crypto.BufferedBlockCipher', 'org.bouncycastle.crypto.CipherParameters', 'org.bouncycastle.crypto.Digest', 'org.bouncycastle.crypto.InvalidCipherTextException', 'org.bouncycastle.crypto.PBEParametersGenerator', 'org.bouncycastle.crypto.StreamCipher', 'org.bouncycastle.crypto.digests.GOST3411Digest', 'org.bouncycastle.crypto.digests.MD2Digest', 'org.bouncycastle.crypto.digests.MD4Digest', 'org.bouncycastle.crypto.digests.MD5Digest', 'org.bouncycastle.crypto.digests.RIPEMD128Digest', 'org.bouncycastle.crypto.digests.RIPEMD160Digest', 'org.bouncycastle.crypto.digests.RIPEMD256Digest', 'org.bouncycastle.crypto.digests.RIPEMD320Digest', 'org.bouncycastle.crypto.digests.SHA1Digest', 'org.bouncycastle.crypto.digests.SHA224Digest', 'org.bouncycastle.crypto.digests.SHA256Digest', 'org.bouncycastle.crypto.digests.SHA384Digest', 'org.bouncycastle.crypto.digests.SHA3Digest', 'org.bouncycastle.crypto.digests.SHA512Digest', 'org.bouncycastle.crypto.digests.TigerDigest', 'org.bouncycastle.crypto.digests.WhirlpoolDigest', 'org.bouncycastle.crypto.engines.AESEngine', 'org.bouncycastle.crypto.engines.BlowfishEngine', 'org.bouncycastle.crypto.engines.CAST5Engine', 'org.bouncycastle.crypto.engines.CAST6Engine', 'org.bouncycastle.crypto.engines.CamelliaEngine', 'org.bouncycastle.crypto.engines.DESEngine', 'org.bouncycastle.crypto.engines.DESedeEngine', 'org.bouncycastle.crypto.engines.GOST28147Engine', 'org.bouncycastle.crypto.engines.Grain128Engine', 'org.bouncycastle.crypto.engines.HC128Engine', 'org.bouncycastle.crypto.engines.HC256Engine', 'org.bouncycastle.crypto.engines.ISAACEngine', 'org.bouncycastle.crypto.engines.NoekeonEngine', 'org.bouncycastle.crypto.engines.RC2Engine', 'org.bouncycastle.crypto.engines.RC4Engine', 'org.bouncycastle.crypto.engines.RC532Engine', 'org.bouncycastle.crypto.engines.RC564Engine', 'org.bouncycastle.crypto.engines.RC6Engine', 'org.bouncycastle.crypto.engines.SEEDEngine', 'org.bouncycastle.crypto.engines.Salsa20Engine', 'org.bouncycastle.crypto.engines.SerpentEngine', 'org.bouncycastle.crypto.engines.SkipjackEngine', 'org.bouncycastle.crypto.engines.TEAEngine', 'org.bouncycastle.crypto.engines.TwofishEngine', 'org.bouncycastle.crypto.engines.VMPCEngine', 'org.bouncycastle.crypto.engines.XTEAEngine', 'org.bouncycastle.crypto.generators.BCrypt', 'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator', 'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator', 'org.bouncycastle.crypto.io.CipherInputStream', 'org.bouncycastle.crypto.io.CipherOutputStream', 'org.bouncycastle.crypto.macs.HMac', 'org.bouncycastle.crypto.modes.AEADBlockCipher', 'org.bouncycastle.crypto.modes.CBCBlockCipher', 'org.bouncycastle.crypto.modes.CCMBlockCipher', 'org.bouncycastle.crypto.modes.CFBBlockCipher', 'org.bouncycastle.crypto.modes.EAXBlockCipher', 'org.bouncycastle.crypto.modes.GCMBlockCipher', 'org.bouncycastle.crypto.modes.OCBBlockCipher', 'org.bouncycastle.crypto.modes.OFBBlockCipher', 'org.bouncycastle.crypto.paddings.BlockCipherPadding', 'org.bouncycastle.crypto.paddings.ISO10126d2Padding', 'org.bouncycastle.crypto.paddings.ISO7816d4Padding', 'org.bouncycastle.crypto.paddings.PKCS7Padding', 'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher', 'org.bouncycastle.crypto.paddings.TBCPadding', 'org.bouncycastle.crypto.paddings.X923Padding', 'org.bouncycastle.crypto.paddings.ZeroBytePadding', 'org.bouncycastle.crypto.params.AEADParameters', 'org.bouncycastle.crypto.params.AsymmetricKeyParameter', 'org.bouncycastle.crypto.params.DSAKeyParameters', 'org.bouncycastle.crypto.params.DSAParameters', 'org.bouncycastle.crypto.params.DSAPrivateKeyParameters', 'org.bouncycastle.crypto.params.DSAPublicKeyParameters', 'org.bouncycastle.crypto.params.ECDomainParameters', 'org.bouncycastle.crypto.params.ECKeyParameters', 'org.bouncycastle.crypto.params.ECPrivateKeyParameters', 'org.bouncycastle.crypto.params.ECPublicKeyParameters', 'org.bouncycastle.crypto.params.KeyParameter', 'org.bouncycastle.crypto.params.ParametersWithIV', 'org.bouncycastle.crypto.params.RC2Parameters', 'org.bouncycastle.crypto.params.RC5Parameters', 'org.bouncycastle.crypto.params.RSAKeyParameters', 'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters', 'org.bouncycastle.crypto.prng.EntropySource', 'org.bouncycastle.crypto.prng.SP800SecureRandom', 'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder', 'org.bouncycastle.crypto.prng.drbg.HashSP800DRBG', 'org.bouncycastle.crypto.prng.drbg.SP80090DRBG', 'org.bouncycastle.crypto.signers.DSASigner', 'org.bouncycastle.crypto.signers.ECDSASigner', 'org.bouncycastle.crypto.signers.RSADigestSigner', 'org.bouncycastle.crypto.util.PrivateKeyFactory', 'org.bouncycastle.crypto.util.PrivateKeyInfoFactory', 'org.bouncycastle.crypto.util.PublicKeyFactory', 'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory', 'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi', 'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC', 'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi', 'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util', 'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil', 'org.bouncycastle.jce.provider.BouncyCastleProvider', 'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec', 'org.bouncycastle.math.ec.ECFieldElement', 'org.bouncycastle.math.ec.ECPoint', 'org.bouncycastle.openssl.jcajce.JcaPEMWriter', 'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder', 'org.bouncycastle.util.Arrays', 'org.bouncycastle.util.Strings', 'org.bouncycastle.util.io.Streams', 'org.bouncycastle.x509.extension.X509ExtensionUtil', 'org.bouncycastle.cert.X509CertificateHolder', 'org.bouncycastle.openssl.PEMKeyPair', 'org.bouncycastle.openssl.PEMParser', 'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter' ) ignoreViolations( // Guava uses internal java api: sun.misc.Unsafe 'com.google.common.cache.Striped64', 'com.google.common.cache.Striped64$1', 'com.google.common.cache.Striped64$Cell', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator', 'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper', 'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1', ) } if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) { thirdPartyAudit.ignoreMissingClasses( 'javax.xml.bind.JAXBContext', 'javax.xml.bind.JAXBElement', 'javax.xml.bind.JAXBException', 'javax.xml.bind.Unmarshaller', 'javax.xml.bind.UnmarshallerHandler', 'javax.activation.ActivationDataFlavor', 'javax.activation.DataContentHandler', 'javax.activation.DataHandler', 'javax.activation.DataSource', 'javax.activation.FileDataSource', 'javax.activation.FileTypeMap' ) } internalClusterTest { /* * We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each * other if we allow them to set the number of available processors as it's set-once in Netty. */ systemProperty 'es.set.netty.runtime.available.processors', 'false' /* * Some tests in this module set up a lot of transport threads so we reduce the buffer size per transport thread from the 1M default * to keep direct memory usage under control. */ systemProperty 'es.transport.buffer.size', '256k' } // xpack modules are installed in real clusters as the meta plugin, so // installing them as individual plugins for integ tests doesn't make sense, // so we disable integ tests integTest.enabled = false // add all sub-projects of the qa sub-project gradle.projectsEvaluated { project.subprojects .find { it.path == project.path + ":qa" } .subprojects .findAll { it.path.startsWith(project.path + ":qa") } .each { check.dependsOn it.check } }