mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 04:58:50 +00:00
70cfedf542
This commit removes the configuration time vs execution time distinction with regards to certain BuildParms properties. Because of the cost of determining Java versions for configuration JDK locations we deferred this until execution time. This had two main downsides. First, we had to implement all this build logic in tasks, which required a bunch of additional plumbing and complexity. Second, because some information wasn't known during configuration time, we had to nest any build logic that depended on this in awkward callbacks. We now defer to the JavaInstallationRegistry recently added in Gradle. This utility uses a much more efficient method for probing Java installations vs our jrunscript implementation. This, combined with some optimizations to avoid probing the current JVM as well as deferring some evaluation via Providers when probing installations for BWC builds we can maintain effectively the same configuration time performance while removing a bunch of complexity and runtime cost (snapshotting inputs for the GenerateGlobalBuildInfoTask was very expensive). The end result should be a much more responsive build execution in almost all scenarios. (cherry picked from commit ecdbd37f2e0f0447ed574b306adb64c19adc3ce1)
502 lines
24 KiB
Groovy
502 lines
24 KiB
Groovy
import org.elasticsearch.gradle.info.BuildParams
|
|
|
|
evaluationDependsOn(xpackModule('core'))
|
|
|
|
apply plugin: 'elasticsearch.esplugin'
|
|
apply plugin: 'nebula.maven-scm'
|
|
esplugin {
|
|
name 'x-pack-security'
|
|
description 'Elasticsearch Expanded Pack Plugin - Security'
|
|
classname 'org.elasticsearch.xpack.security.Security'
|
|
requiresKeystore true
|
|
extendedPlugins = ['x-pack-core']
|
|
}
|
|
|
|
archivesBaseName = 'x-pack-security'
|
|
|
|
dependencies {
|
|
compileOnly project(path: xpackModule('core'), configuration: 'default')
|
|
compileOnly project(path: ':modules:transport-netty4', configuration: 'runtime')
|
|
compileOnly project(path: ':plugins:transport-nio', configuration: 'runtime')
|
|
|
|
testCompile project(path: xpackModule('monitoring'))
|
|
testCompile project(path: xpackModule('sql:sql-action'))
|
|
|
|
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
|
|
|
|
compile 'com.unboundid:unboundid-ldapsdk:4.0.8'
|
|
|
|
// the following are all SAML dependencies - might as well download the whole internet
|
|
compile "org.opensaml:opensaml-core:3.4.5"
|
|
compile "org.opensaml:opensaml-saml-api:3.4.5"
|
|
compile "org.opensaml:opensaml-saml-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-messaging-api:3.4.5"
|
|
compile "org.opensaml:opensaml-messaging-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-security-api:3.4.5"
|
|
compile "org.opensaml:opensaml-security-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-profile-api:3.4.5"
|
|
compile "org.opensaml:opensaml-profile-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-xmlsec-api:3.4.5"
|
|
compile "org.opensaml:opensaml-xmlsec-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-soap-api:3.4.5"
|
|
compile "org.opensaml:opensaml-soap-impl:3.4.5"
|
|
compile "org.opensaml:opensaml-storage-api:3.4.5"
|
|
compile "org.opensaml:opensaml-storage-impl:3.4.5"
|
|
compile "net.shibboleth.utilities:java-support:7.5.1"
|
|
compile "org.apache.santuario:xmlsec:2.1.4"
|
|
compile "io.dropwizard.metrics:metrics-core:3.2.2"
|
|
compile ("org.cryptacular:cryptacular:1.2.4") {
|
|
exclude group: 'org.bouncycastle'
|
|
}
|
|
compile "org.slf4j:slf4j-api:${versions.slf4j}"
|
|
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
|
|
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
|
|
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
|
|
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
|
|
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
|
|
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
|
|
compile 'com.google.guava:guava:19.0'
|
|
|
|
// Dependencies for oidc
|
|
compile "com.nimbusds:oauth2-oidc-sdk:7.0.2"
|
|
compile "com.nimbusds:nimbus-jose-jwt:8.6"
|
|
compile "com.nimbusds:lang-tag:1.4.4"
|
|
compile "com.sun.mail:jakarta.mail:1.6.3"
|
|
compile "net.jcip:jcip-annotations:1.0"
|
|
compile "net.minidev:json-smart:2.3"
|
|
compile "net.minidev:accessors-smart:1.2"
|
|
compile "org.ow2.asm:asm:7.1"
|
|
|
|
testCompile 'org.elasticsearch:securemock:1.2'
|
|
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
|
|
//testCompile "org.yaml:snakeyaml:${versions.snakeyaml}"
|
|
|
|
// Test dependencies for Kerberos (MiniKdc)
|
|
testCompile('commons-io:commons-io:2.5')
|
|
testCompile('org.apache.kerby:kerb-simplekdc:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-client:1.1.1')
|
|
testCompile('org.apache.kerby:kerby-config:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-core:1.1.1')
|
|
testCompile('org.apache.kerby:kerby-pkix:1.1.1')
|
|
testCompile('org.apache.kerby:kerby-asn1:1.1.1')
|
|
testCompile('org.apache.kerby:kerby-util:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-common:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-crypto:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-util:1.1.1')
|
|
testCompile('org.apache.kerby:token-provider:1.1.1')
|
|
testCompile('com.nimbusds:nimbus-jose-jwt:8.6')
|
|
testCompile('net.jcip:jcip-annotations:1.0')
|
|
testCompile('org.apache.kerby:kerb-admin:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-server:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-identity:1.1.1')
|
|
testCompile('org.apache.kerby:kerby-xdr:1.1.1')
|
|
|
|
// LDAP backend support for SimpleKdcServer
|
|
testCompile('org.apache.kerby:kerby-backend:1.1.1')
|
|
testCompile('org.apache.kerby:ldap-backend:1.1.1')
|
|
testCompile('org.apache.kerby:kerb-identity:1.1.1')
|
|
testCompile('org.apache.directory.api:api-ldap-client-api:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-schema-data:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-codec-core:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-extras-aci:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-extras-codec:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-extras-codec-api:1.0.0')
|
|
testCompile('commons-pool:commons-pool:1.6')
|
|
testCompile('commons-collections:commons-collections:3.2.2')
|
|
testCompile('org.apache.mina:mina-core:2.0.17')
|
|
testCompile('org.apache.directory.api:api-util:1.0.1')
|
|
testCompile('org.apache.directory.api:api-i18n:1.0.1')
|
|
testCompile('org.apache.directory.api:api-ldap-model:1.0.1')
|
|
testCompile('org.apache.directory.api:api-asn1-api:1.0.1')
|
|
testCompile('org.apache.directory.api:api-asn1-ber:1.0.1')
|
|
testCompile('org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:2.7.7_5')
|
|
testCompile('org.apache.directory.server:apacheds-core-api:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-i18n:2.0.0-M24')
|
|
testCompile('org.apache.directory.api:api-ldap-extras-util:1.0.0')
|
|
testCompile('net.sf.ehcache:ehcache:2.10.4')
|
|
testCompile('org.apache.directory.server:apacheds-kerberos-codec:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-protocol-ldap:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-protocol-shared:2.0.0-M24')
|
|
testCompile('org.apache.directory.jdbm:apacheds-jdbm1:2.0.0-M3')
|
|
testCompile('org.apache.directory.server:apacheds-jdbm-partition:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-xdbm-partition:2.0.0-M24')
|
|
testCompile('org.apache.directory.api:api-ldap-extras-sp:1.0.0')
|
|
testCompile('org.apache.directory.server:apacheds-test-framework:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-core-annotations:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-ldif-partition:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-mavibot-partition:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-protocol-kerberos:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-server-annotations:2.0.0-M24')
|
|
testCompile('org.apache.directory.api:api-ldap-codec-standalone:1.0.0')
|
|
testCompile('org.apache.directory.api:api-ldap-net-mina:1.0.0')
|
|
testCompile('org.apache.directory.server:ldap-client-test:2.0.0-M24')
|
|
testCompile('org.apache.directory.server:apacheds-interceptor-kerberos:2.0.0-M24')
|
|
testCompile('org.apache.directory.mavibot:mavibot:1.0.0-M8')
|
|
}
|
|
|
|
compileJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
|
|
compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
|
|
|
|
processTestResources {
|
|
from(project(xpackModule('core')).file('src/main/config'))
|
|
from(project(xpackModule('core')).file('src/test/resources'))
|
|
}
|
|
|
|
configurations {
|
|
testArtifacts.extendsFrom testRuntime
|
|
}
|
|
task testJar(type: Jar) {
|
|
appendix 'test'
|
|
from sourceSets.test.output
|
|
}
|
|
artifacts {
|
|
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
|
|
archives jar
|
|
testArtifacts testJar
|
|
}
|
|
|
|
dependencyLicenses {
|
|
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
|
|
mapping from: /http.*/, to: 'httpclient'
|
|
}
|
|
|
|
licenseHeaders {
|
|
// This class was sourced from apache directory studio for some microsoft-specific logic
|
|
excludes << 'org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySIDUtil.java'
|
|
}
|
|
|
|
forbiddenPatterns {
|
|
exclude '**/*.key'
|
|
exclude '**/*.p12'
|
|
exclude '**/*.der'
|
|
exclude '**/*.zip'
|
|
}
|
|
|
|
forbiddenApisMain {
|
|
signaturesFiles += files('forbidden/ldap-signatures.txt', 'forbidden/xml-signatures.txt', 'forbidden/oidc-signatures.txt')
|
|
}
|
|
|
|
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
|
|
thirdPartyAudit {
|
|
ignoreMissingClasses (
|
|
// SAML dependencies
|
|
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
|
|
'com.beust.jcommander.JCommander',
|
|
'com.beust.jcommander.converters.BaseConverter',
|
|
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
|
|
'javax.servlet.AsyncContext',
|
|
'javax.servlet.DispatcherType',
|
|
'javax.servlet.Filter',
|
|
'javax.servlet.FilterChain',
|
|
'javax.servlet.FilterConfig',
|
|
'javax.servlet.RequestDispatcher',
|
|
'javax.servlet.ServletContext',
|
|
'javax.servlet.ServletException',
|
|
'javax.servlet.ServletInputStream',
|
|
'javax.servlet.ServletOutputStream',
|
|
'javax.servlet.ServletRequest',
|
|
'javax.servlet.ServletResponse',
|
|
'javax.servlet.http.Cookie',
|
|
'javax.servlet.http.HttpServletRequest',
|
|
'javax.servlet.http.HttpServletResponse',
|
|
'javax.servlet.http.HttpServletResponseWrapper',
|
|
'javax.servlet.http.HttpSession',
|
|
'javax.servlet.http.Part',
|
|
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
|
|
'org.apache.velocity.VelocityContext',
|
|
'org.apache.velocity.app.VelocityEngine',
|
|
'org.apache.velocity.context.Context',
|
|
'org.apache.velocity.exception.VelocityException',
|
|
'org.apache.velocity.runtime.RuntimeServices',
|
|
'org.apache.velocity.runtime.log.LogChute',
|
|
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
|
|
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
|
|
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
|
|
'org.apache.xml.dtm.DTM',
|
|
'org.apache.xml.utils.PrefixResolver',
|
|
'org.apache.xml.utils.PrefixResolverDefault',
|
|
'org.apache.xpath.Expression',
|
|
'org.apache.xpath.NodeSetDTM',
|
|
'org.apache.xpath.XPath',
|
|
'org.apache.xpath.XPathContext',
|
|
'org.apache.xpath.compiler.FunctionTable',
|
|
'org.apache.xpath.functions.Function',
|
|
'org.apache.xpath.objects.XNodeSet',
|
|
'org.apache.xpath.objects.XObject',
|
|
// [missing classes] OpenSAML storage has an optional LDAP storage impl
|
|
'org.ldaptive.AttributeModification',
|
|
'org.ldaptive.AttributeModificationType',
|
|
'org.ldaptive.Connection',
|
|
'org.ldaptive.DeleteOperation',
|
|
'org.ldaptive.DeleteRequest',
|
|
'org.ldaptive.LdapAttribute',
|
|
'org.ldaptive.LdapEntry',
|
|
'org.ldaptive.LdapException',
|
|
'org.ldaptive.ModifyOperation',
|
|
'org.ldaptive.ModifyRequest',
|
|
'org.ldaptive.Response',
|
|
'org.ldaptive.ResultCode',
|
|
'org.ldaptive.SearchOperation',
|
|
'org.ldaptive.SearchRequest',
|
|
'org.ldaptive.SearchResult',
|
|
'org.ldaptive.ext.MergeOperation',
|
|
'org.ldaptive.ext.MergeRequest',
|
|
'org.ldaptive.pool.ConnectionPool',
|
|
'org.ldaptive.pool.PooledConnectionFactory',
|
|
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
|
|
'javax.json.Json',
|
|
'javax.json.JsonException',
|
|
'javax.json.JsonNumber',
|
|
'javax.json.JsonObject',
|
|
'javax.json.JsonReader',
|
|
'javax.json.JsonValue$ValueType',
|
|
'javax.json.JsonValue',
|
|
'javax.json.stream.JsonGenerator',
|
|
// [missing classes] OpenSAML storage has an optional JPA storage impl
|
|
'javax.persistence.EntityManager',
|
|
'javax.persistence.EntityManagerFactory',
|
|
'javax.persistence.EntityTransaction',
|
|
'javax.persistence.LockModeType',
|
|
'javax.persistence.Query',
|
|
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
|
|
'net.spy.memcached.CASResponse',
|
|
'net.spy.memcached.CASValue',
|
|
'net.spy.memcached.MemcachedClient',
|
|
'net.spy.memcached.MemcachedClientIF',
|
|
'net.spy.memcached.CachedData',
|
|
'net.spy.memcached.internal.OperationFuture',
|
|
'net.spy.memcached.transcoders.Transcoder',
|
|
// [missing classes] Http Client cache has optional ehcache support
|
|
'net.sf.ehcache.Ehcache',
|
|
'net.sf.ehcache.Element',
|
|
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
|
|
'org.slf4j.ext.EventData',
|
|
// Optional dependency of oauth2-oidc-sdk that we don't need since we do not support AES-SIV for JWE
|
|
'org.cryptomator.siv.SivMode',
|
|
'com.nimbusds.common.contenttype.ContentType',
|
|
// Optional dependency of nimbus-jose-jwt for handling Ed25519 signatures and ECDH with X25519 (RFC 8037)
|
|
'com.google.crypto.tink.subtle.Ed25519Sign',
|
|
'com.google.crypto.tink.subtle.Ed25519Sign$KeyPair',
|
|
'com.google.crypto.tink.subtle.Ed25519Verify',
|
|
'com.google.crypto.tink.subtle.X25519',
|
|
// Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
|
|
// acknowledge them here instead of adding bouncy castle as a compileOnly dependency
|
|
'org.bouncycastle.asn1.ASN1Encodable',
|
|
'org.bouncycastle.asn1.ASN1InputStream',
|
|
'org.bouncycastle.asn1.ASN1Integer',
|
|
'org.bouncycastle.asn1.ASN1ObjectIdentifier',
|
|
'org.bouncycastle.asn1.ASN1OctetString',
|
|
'org.bouncycastle.asn1.ASN1Primitive',
|
|
'org.bouncycastle.asn1.ASN1Sequence',
|
|
'org.bouncycastle.asn1.ASN1TaggedObject',
|
|
'org.bouncycastle.asn1.DEROctetString',
|
|
'org.bouncycastle.asn1.DERSequence',
|
|
'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
|
|
'org.bouncycastle.asn1.pkcs.EncryptionScheme',
|
|
'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
|
|
'org.bouncycastle.asn1.pkcs.PBEParameter',
|
|
'org.bouncycastle.asn1.pkcs.PBES2Parameters',
|
|
'org.bouncycastle.asn1.pkcs.PBKDF2Params',
|
|
'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
|
|
'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
|
|
'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
|
|
'org.bouncycastle.asn1.x500.RDN',
|
|
'org.bouncycastle.asn1.x500.X500Name',
|
|
'org.bouncycastle.asn1.x509.AccessDescription',
|
|
'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
|
|
'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
|
|
'org.bouncycastle.asn1.x509.BasicConstraints',
|
|
'org.bouncycastle.asn1.x509.DistributionPoint',
|
|
'org.bouncycastle.asn1.x509.Extension',
|
|
'org.bouncycastle.asn1.x509.GeneralName',
|
|
'org.bouncycastle.asn1.x509.GeneralNames',
|
|
'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
|
|
'org.bouncycastle.asn1.x509.KeyPurposeId',
|
|
'org.bouncycastle.asn1.x509.KeyUsage',
|
|
'org.bouncycastle.asn1.x509.PolicyInformation',
|
|
'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
|
|
'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
|
|
'org.bouncycastle.asn1.x9.X9ECParameters',
|
|
'org.bouncycastle.cert.X509v3CertificateBuilder',
|
|
'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
|
|
'org.bouncycastle.cert.jcajce.JcaX509CertificateHolder',
|
|
'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
|
|
'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
|
|
'org.bouncycastle.crypto.BlockCipher',
|
|
'org.bouncycastle.crypto.BufferedBlockCipher',
|
|
'org.bouncycastle.crypto.CipherParameters',
|
|
'org.bouncycastle.crypto.Digest',
|
|
'org.bouncycastle.crypto.InvalidCipherTextException',
|
|
'org.bouncycastle.crypto.PBEParametersGenerator',
|
|
'org.bouncycastle.crypto.StreamCipher',
|
|
'org.bouncycastle.crypto.digests.GOST3411Digest',
|
|
'org.bouncycastle.crypto.digests.MD2Digest',
|
|
'org.bouncycastle.crypto.digests.MD4Digest',
|
|
'org.bouncycastle.crypto.digests.MD5Digest',
|
|
'org.bouncycastle.crypto.digests.RIPEMD128Digest',
|
|
'org.bouncycastle.crypto.digests.RIPEMD160Digest',
|
|
'org.bouncycastle.crypto.digests.RIPEMD256Digest',
|
|
'org.bouncycastle.crypto.digests.RIPEMD320Digest',
|
|
'org.bouncycastle.crypto.digests.SHA1Digest',
|
|
'org.bouncycastle.crypto.digests.SHA224Digest',
|
|
'org.bouncycastle.crypto.digests.SHA256Digest',
|
|
'org.bouncycastle.crypto.digests.SHA384Digest',
|
|
'org.bouncycastle.crypto.digests.SHA3Digest',
|
|
'org.bouncycastle.crypto.digests.SHA512Digest',
|
|
'org.bouncycastle.crypto.digests.TigerDigest',
|
|
'org.bouncycastle.crypto.digests.WhirlpoolDigest',
|
|
'org.bouncycastle.crypto.engines.AESEngine',
|
|
'org.bouncycastle.crypto.engines.BlowfishEngine',
|
|
'org.bouncycastle.crypto.engines.CAST5Engine',
|
|
'org.bouncycastle.crypto.engines.CAST6Engine',
|
|
'org.bouncycastle.crypto.engines.CamelliaEngine',
|
|
'org.bouncycastle.crypto.engines.DESEngine',
|
|
'org.bouncycastle.crypto.engines.DESedeEngine',
|
|
'org.bouncycastle.crypto.engines.GOST28147Engine',
|
|
'org.bouncycastle.crypto.engines.Grain128Engine',
|
|
'org.bouncycastle.crypto.engines.HC128Engine',
|
|
'org.bouncycastle.crypto.engines.HC256Engine',
|
|
'org.bouncycastle.crypto.engines.ISAACEngine',
|
|
'org.bouncycastle.crypto.engines.NoekeonEngine',
|
|
'org.bouncycastle.crypto.engines.RC2Engine',
|
|
'org.bouncycastle.crypto.engines.RC4Engine',
|
|
'org.bouncycastle.crypto.engines.RC532Engine',
|
|
'org.bouncycastle.crypto.engines.RC564Engine',
|
|
'org.bouncycastle.crypto.engines.RC6Engine',
|
|
'org.bouncycastle.crypto.engines.SEEDEngine',
|
|
'org.bouncycastle.crypto.engines.Salsa20Engine',
|
|
'org.bouncycastle.crypto.engines.SerpentEngine',
|
|
'org.bouncycastle.crypto.engines.SkipjackEngine',
|
|
'org.bouncycastle.crypto.engines.TEAEngine',
|
|
'org.bouncycastle.crypto.engines.TwofishEngine',
|
|
'org.bouncycastle.crypto.engines.VMPCEngine',
|
|
'org.bouncycastle.crypto.engines.XTEAEngine',
|
|
'org.bouncycastle.crypto.generators.BCrypt',
|
|
'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
|
|
'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
|
|
'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
|
|
'org.bouncycastle.crypto.io.CipherInputStream',
|
|
'org.bouncycastle.crypto.io.CipherOutputStream',
|
|
'org.bouncycastle.crypto.macs.HMac',
|
|
'org.bouncycastle.crypto.modes.AEADBlockCipher',
|
|
'org.bouncycastle.crypto.modes.CBCBlockCipher',
|
|
'org.bouncycastle.crypto.modes.CCMBlockCipher',
|
|
'org.bouncycastle.crypto.modes.CFBBlockCipher',
|
|
'org.bouncycastle.crypto.modes.EAXBlockCipher',
|
|
'org.bouncycastle.crypto.modes.GCMBlockCipher',
|
|
'org.bouncycastle.crypto.modes.OCBBlockCipher',
|
|
'org.bouncycastle.crypto.modes.OFBBlockCipher',
|
|
'org.bouncycastle.crypto.paddings.BlockCipherPadding',
|
|
'org.bouncycastle.crypto.paddings.ISO10126d2Padding',
|
|
'org.bouncycastle.crypto.paddings.ISO7816d4Padding',
|
|
'org.bouncycastle.crypto.paddings.PKCS7Padding',
|
|
'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
|
|
'org.bouncycastle.crypto.paddings.TBCPadding',
|
|
'org.bouncycastle.crypto.paddings.X923Padding',
|
|
'org.bouncycastle.crypto.paddings.ZeroBytePadding',
|
|
'org.bouncycastle.crypto.params.AEADParameters',
|
|
'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
|
|
'org.bouncycastle.crypto.params.DSAKeyParameters',
|
|
'org.bouncycastle.crypto.params.DSAParameters',
|
|
'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
|
|
'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECDomainParameters',
|
|
'org.bouncycastle.crypto.params.ECKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
|
|
'org.bouncycastle.crypto.params.ECPublicKeyParameters',
|
|
'org.bouncycastle.crypto.params.KeyParameter',
|
|
'org.bouncycastle.crypto.params.ParametersWithIV',
|
|
'org.bouncycastle.crypto.params.RC2Parameters',
|
|
'org.bouncycastle.crypto.params.RC5Parameters',
|
|
'org.bouncycastle.crypto.params.RSAKeyParameters',
|
|
'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
|
|
'org.bouncycastle.crypto.prng.EntropySource',
|
|
'org.bouncycastle.crypto.prng.SP800SecureRandom',
|
|
'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
|
|
'org.bouncycastle.crypto.prng.drbg.HashSP800DRBG',
|
|
'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
|
|
'org.bouncycastle.crypto.signers.DSASigner',
|
|
'org.bouncycastle.crypto.signers.ECDSASigner',
|
|
'org.bouncycastle.crypto.signers.RSADigestSigner',
|
|
'org.bouncycastle.crypto.util.PrivateKeyFactory',
|
|
'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
|
|
'org.bouncycastle.crypto.util.PublicKeyFactory',
|
|
'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
|
|
'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
|
|
'org.bouncycastle.jce.provider.BouncyCastleProvider',
|
|
'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec',
|
|
'org.bouncycastle.math.ec.ECFieldElement',
|
|
'org.bouncycastle.math.ec.ECPoint',
|
|
'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
|
|
'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
|
|
'org.bouncycastle.util.Arrays',
|
|
'org.bouncycastle.util.Strings',
|
|
'org.bouncycastle.util.io.Streams',
|
|
'org.bouncycastle.x509.extension.X509ExtensionUtil',
|
|
'org.bouncycastle.cert.X509CertificateHolder',
|
|
'org.bouncycastle.openssl.PEMKeyPair',
|
|
'org.bouncycastle.openssl.PEMParser',
|
|
'org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter'
|
|
)
|
|
|
|
ignoreViolations(
|
|
// Guava uses internal java api: sun.misc.Unsafe
|
|
'com.google.common.cache.Striped64',
|
|
'com.google.common.cache.Striped64$1',
|
|
'com.google.common.cache.Striped64$Cell',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
|
|
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
|
|
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
|
|
)
|
|
}
|
|
|
|
if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
|
|
thirdPartyAudit.ignoreMissingClasses(
|
|
'javax.xml.bind.JAXBContext',
|
|
'javax.xml.bind.JAXBElement',
|
|
'javax.xml.bind.JAXBException',
|
|
'javax.xml.bind.Unmarshaller',
|
|
'javax.xml.bind.UnmarshallerHandler',
|
|
'javax.activation.ActivationDataFlavor',
|
|
'javax.activation.DataContentHandler',
|
|
'javax.activation.DataHandler',
|
|
'javax.activation.DataSource',
|
|
'javax.activation.FileDataSource',
|
|
'javax.activation.FileTypeMap'
|
|
)
|
|
}
|
|
|
|
test {
|
|
/*
|
|
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
|
|
* other if we allow them to set the number of available processors as it's set-once in Netty.
|
|
*/
|
|
systemProperty 'es.set.netty.runtime.available.processors', 'false'
|
|
|
|
/*
|
|
* Some tests in this module set up a lot of transport threads so we reduce the buffer size per transport thread from the 1M default
|
|
* to keep direct memory usage under control.
|
|
*/
|
|
systemProperty 'es.transport.buffer.size', '256k'
|
|
}
|
|
|
|
// xpack modules are installed in real clusters as the meta plugin, so
|
|
// installing them as individual plugins for integ tests doesn't make sense,
|
|
// so we disable integ tests
|
|
integTest.enabled = false
|
|
|
|
// add all sub-projects of the qa sub-project
|
|
gradle.projectsEvaluated {
|
|
project.subprojects
|
|
.find { it.path == project.path + ":qa" }
|
|
.subprojects
|
|
.findAll { it.path.startsWith(project.path + ":qa") }
|
|
.each { check.dependsOn it.check }
|
|
}
|
|
|