mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-05 20:48:22 +00:00
37795d259a
Guava was removed from Elasticsearch many years ago, but remnants of it remain due to transitive dependencies. When a dependency pulls guava into the compile classpath, devs can inadvertently begin using methods from guava without realizing it. This commit moves guava to a runtime dependency in the modules that it is needed. Note that one special case is the html sanitizer in watcher. The third party dep uses guava in the PolicyFactory class signature. However, only calling a method on the PolicyFactory actually causes the class to be loaded, a reference alone does not trigger compilation to look at the class implementation. There we utilize a MethodHandle for invoking the relevant method at runtime, where guava will continue to exist.
28 lines
947 B
Groovy
28 lines
947 B
Groovy
|
|
// we do not want any of these dependencies on the compilation classpath
|
|
// because they could then be used within Elasticsearch
|
|
List<String> FORBIDDEN_DEPENDENCIES = [
|
|
'guava'
|
|
]
|
|
|
|
Closure checkDeps = { Configuration configuration ->
|
|
configuration.resolutionStrategy.eachDependency {
|
|
String artifactName = it.target.name
|
|
if (FORBIDDEN_DEPENDENCIES.contains(artifactName)) {
|
|
throw new GradleException("Dependency '${artifactName}' on configuration '${configuration.name}' is not allowed. " +
|
|
"If it is needed as a transitive depenency, try adding it to the runtime classpath")
|
|
}
|
|
}
|
|
}
|
|
|
|
subprojects {
|
|
if (project.path.startsWith(':test:fixtures:') || project.path.equals(':build-tools')) {
|
|
// fixtures are allowed to use whatever dependencies they want...
|
|
return
|
|
}
|
|
pluginManager.withPlugin('java') {
|
|
checkDeps(configurations.compileClasspath)
|
|
checkDeps(configurations.testCompileClasspath)
|
|
}
|
|
}
|