honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-12 07:55:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/plugin/security/cli/build.gradle
Ryan Ernst 37795d259a
Remove guava from transitive compile classpath (#54309) (#54695) 
Guava was removed from Elasticsearch many years ago, but remnants of it
remain due to transitive dependencies. When a dependency pulls guava
into the compile classpath, devs can inadvertently begin using methods
from guava without realizing it. This commit moves guava to a runtime
dependency in the modules that it is needed.

Note that one special case is the html sanitizer in watcher. The third
party dep uses guava in the PolicyFactory class signature. However, only
calling a method on the PolicyFactory actually causes the class to be
loaded, a reference alone does not trigger compilation to look at the
class implementation. There we utilize a MethodHandle for invoking the
relevant method at runtime, where guava will continue to exist.
2020-04-07 23:20:17 -07:00

49 lines
1.5 KiB
Groovy
Raw Blame History

import de.thetaphi.forbiddenapis.gradle.CheckForbiddenApis
import org.elasticsearch.gradle.info.BuildParams
apply plugin: 'elasticsearch.build'
archivesBaseName = 'elasticsearch-security-cli'
dependencies {
compileOnly project(":server")
compileOnly project(path: xpackModule('core'), configuration: 'default')
compile "org.bouncycastle:bcpkix-jdk15on:${versions.bouncycastle}"
compile "org.bouncycastle:bcprov-jdk15on:${versions.bouncycastle}"
testImplementation('com.google.jimfs:jimfs:1.1') {
// this is provided by the runtime classpath, from the security project
exclude group: 'com.google.guava', module: 'guava'
}
testRuntimeOnly 'com.google.guava:guava:19.0'
testCompile project(":test:framework")
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
}
dependencyLicenses {
mapping from: /bc.*/, to: 'bouncycastle'
}
forbiddenPatterns {
exclude '**/*.p12'
exclude '**/*.jks'
}
thirdPartyAudit {
ignoreMissingClasses(
// Used in org.bouncycastle.pqc.crypto.qtesla.QTeslaKeyEncodingTests
'junit.framework.Assert',
'junit.framework.TestCase'
)
}
if (BuildParams.inFipsJvm) {
test.enabled = false
jarHell.enabled = false
testingConventions.enabled = false
// Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
// not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
tasks.withType(CheckForbiddenApis) {
bundledSignatures -= "jdk-non-portable"
}
}
Reference in New Issue View Git Blame Copy Permalink