mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 04:58:50 +00:00
37795d259a
Guava was removed from Elasticsearch many years ago, but remnants of it remain due to transitive dependencies. When a dependency pulls guava into the compile classpath, devs can inadvertently begin using methods from guava without realizing it. This commit moves guava to a runtime dependency in the modules that it is needed. Note that one special case is the html sanitizer in watcher. The third party dep uses guava in the PolicyFactory class signature. However, only calling a method on the PolicyFactory actually causes the class to be loaded, a reference alone does not trigger compilation to look at the class implementation. There we utilize a MethodHandle for invoking the relevant method at runtime, where guava will continue to exist.
24 lines
752 B
Groovy
24 lines
752 B
Groovy
apply plugin: 'elasticsearch.standalone-test'
|
|
|
|
dependencies {
|
|
testCompile project(xpackModule('security'))
|
|
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
|
|
testCompile 'com.google.jimfs:jimfs:1.1'
|
|
testRuntimeOnly 'com.google.guava:guava:16.0.1'
|
|
}
|
|
|
|
// add test resources from security, so certificate tool tests can use example certs
|
|
processTestResources {
|
|
from(project(xpackModule('security')).sourceSets.test.resources.srcDirs)
|
|
}
|
|
|
|
// we have to repeate these patterns because the security test resources are effectively in the src of this project
|
|
forbiddenPatterns {
|
|
exclude '**/*.key'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.der'
|
|
}
|
|
|
|
// these are just tests, no need to audit
|
|
thirdPartyAudit.enabled = false
|