honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-24 05:44:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/elasticsearch/x-pack/build.gradle
jaymode 59fcb205b5 security: active directory and ldap realm improvements 
This commit is a combination of enhancements and fixes to the active directory
and ldap realms. The active directory realm has been enhanced to add support
for authentication against multiple domains in a forest. The ldap realm has
been updated so that:

* attributes required for group resolution are loaded eagerly if possible
* user search can now be executed using unpooled connections
* the default search filter for groups now includes posixGroup and memberUid
to avoid users needed to understand ldap filters

Finally, the UnboundID LDAP SDK was upgraded to the latest version and some
long standing AwaitsFix were addressed.

Closes elastic/elasticsearch#20
Closes elastic/elasticsearch#26
Closes elastic/elasticsearch#1950
Closes elastic/elasticsearch#2145
Closes elastic/elasticsearch#2363

Original commit: elastic/x-pack-elasticsearch@63c9be2337
2016-07-18 08:39:57 -04:00

267 lines
9.2 KiB
Groovy
Raw Blame History

import org.elasticsearch.gradle.MavenFilteringHack
import org.elasticsearch.gradle.test.NodeInfo
import java.nio.charset.StandardCharsets
group 'org.elasticsearch.plugin'
apply plugin: 'elasticsearch.esplugin'
esplugin {
name 'x-pack'
description 'Elasticsearch Expanded Pack Plugin'
classname 'org.elasticsearch.xpack.XPackPlugin'
}
ext.versions = [
okhttp: '2.7.5'
]
// TODO: fix this! https://github.com/elastic/x-plugins/issues/1066
ext.compactProfile = 'full'
dependencyLicenses.enabled = false
dependencies {
// license deps
compile project(':x-plugins:elasticsearch:license:base')
testCompile project(':x-plugins:elasticsearch:license:licensor')
// security deps
compile project(path: ':modules:transport-netty3', configuration: 'runtime')
compile 'dk.brics.automaton:automaton:1.11-8'
compile 'com.unboundid:unboundid-ldapsdk:3.1.1'
compile 'org.bouncycastle:bcprov-jdk15on:1.54'
compile 'org.bouncycastle:bcpkix-jdk15on:1.54'
testCompile 'com.google.jimfs:jimfs:1.1'
// watcher deps
compile 'com.googlecode.owasp-java-html-sanitizer:owasp-java-html-sanitizer:r239'
compile 'com.google.guava:guava:16.0.1' // needed by watcher for the html sanitizer and security tests for jimfs
compile 'com.sun.mail:javax.mail:1.5.3'
// HACK: java 9 removed javax.activation from the default modules, so instead of trying to add modules, which would have
// to be conditionalized for java 8/9, we pull in the classes directly
compile 'javax.activation:activation:1.1'
testCompile 'org.subethamail:subethasmtp:3.1.7'
// needed for subethasmtp, has @GuardedBy annotation
testCompile 'com.google.code.findbugs:jsr305:3.0.1'
// common test deps
testCompile 'org.elasticsearch:securemock:1.2'
testCompile 'org.slf4j:slf4j-log4j12:1.6.2'
testCompile 'org.slf4j:slf4j-api:1.6.2'
// mock web server
testCompile "com.squareup.okhttp:mockwebserver:${versions.okhttp}"
testCompile "com.squareup.okhttp:okhttp:${versions.okhttp}"
testCompile "com.squareup.okhttp:okhttp-ws:${versions.okhttp}"
testCompile 'com.squareup.okio:okio:1.6.0'
}
// we keep the source directories in the original structure of split plugins,
// in order to facilitate backports to 2.x. TODO: remove after 5.0 release
for (String module : ['', 'license-plugin/', 'security/', 'watcher/', 'monitoring/', 'graph/']) {
sourceSets {
main {
java.srcDir("${module}src/main/java")
resources.srcDir("${module}src/main/resources")
}
test {
java.srcDir("${module}src/test/java")
resources.srcDir("${module}src/test/resources")
}
}
}
compileJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
ext.expansions = [
'project.version': version,
]
processResources {
from(sourceSets.main.resources.srcDirs) {
exclude '**/public.key'
inputs.properties(expansions)
MavenFilteringHack.filter(it, expansions)
}
String licenseKeyName = System.getProperty('license.key', 'dev')
String licenseKeyPath = "license-plugin/keys/${licenseKeyName}/public.key"
if (file(licenseKeyPath).exists() == false) {
throw new GradleException("no public key found for '${licenseKeyName}'")
}
from licenseKeyPath
}
processTestResources {
from(sourceSets.test.resources.srcDirs) {
exclude '**/*.key'
exclude '**/*.jks'
exclude '**/*.p12'
inputs.properties(expansions)
MavenFilteringHack.filter(it, expansions)
}
}
forbiddenPatterns {
exclude '**/*.key'
exclude '**/*.p12'
exclude '**/*.der'
}
// TODO: standardize packaging config for plugins
bundlePlugin {
from(projectDir) {
include 'LICENSE.txt'
include 'NOTICE.txt'
}
from('bin/x-pack') {
into 'bin'
}
from('security/bin/x-pack') {
into 'bin'
}
from('security/config/x-pack') {
into 'config'
}
from('watcher/bin/x-pack') {
into 'bin'
}
}
integTest {
// TODO: fix this rest test to not depend on a hardcoded port!
systemProperty 'tests.rest.blacklist', 'getting_started/10_monitor_cluster_health/*,bulk/10_basic/*'
cluster {
setting 'xpack.monitoring.collection.interval', '3s'
waitCondition = { NodeInfo node, AntBuilder ant ->
File tmpFile = new File(node.cwd, 'wait.success')
for (int i = 0; i < 10; i++) {
// we use custom wait logic here as the elastic user is not available immediately and ant.get will fail when a 401 is returned
HttpURLConnection httpURLConnection = null;
try {
httpURLConnection = (HttpURLConnection) new URL("http://${node.httpUri()}").openConnection();
httpURLConnection.setRequestProperty("Authorization", "Basic " +
Base64.getEncoder().encodeToString("elastic:changeme".getBytes(StandardCharsets.UTF_8)));
httpURLConnection.setRequestMethod("GET");
httpURLConnection.connect();
if (httpURLConnection.getResponseCode() == 200) {
tmpFile.withWriter StandardCharsets.UTF_8.name(), {
it.write(httpURLConnection.getInputStream().getText(StandardCharsets.UTF_8.name()))
}
}
} catch (Exception e) {
e.printStackTrace()
} finally {
if (httpURLConnection != null) {
httpURLConnection.disconnect();
}
}
// did not start, so wait a bit before trying again
Thread.sleep(500L);
}
return tmpFile.exists()
}
}
}
// TODO: don't publish test artifacts just to run messy tests, fix the tests!
// https://github.com/elastic/x-plugins/issues/724
configurations {
testArtifacts.extendsFrom testRuntime
}
task testJar(type: Jar) {
classifier "test"
from sourceSets.test.output
}
artifacts {
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
archives jar
testArtifacts testJar
}
run {
setupCommand 'setupDummyUser', 'bin/x-pack/users', 'useradd', 'test_user', '-p', 'changeme', '-r', 'superuser'
}
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
thirdPartyAudit.excludes = [
// uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
// pulled in as external dependency to work on java 9
'com.sun.activation.registries.LineTokenizer',
'com.sun.activation.registries.LogSupport',
'com.sun.activation.registries.MailcapFile',
'com.sun.activation.registries.MailcapParseException',
'com.sun.activation.registries.MailcapTokenizer',
'com.sun.activation.registries.MimeTypeEntry',
'com.sun.activation.registries.MimeTypeFile',
'javax.activation.ActivationDataFlavor',
'javax.activation.CommandInfo',
'javax.activation.CommandMap',
'javax.activation.CommandObject',
'javax.activation.DataContentHandler',
'javax.activation.DataContentHandlerFactory',
'javax.activation.DataHandler$1',
'javax.activation.DataHandler',
'javax.activation.DataHandlerDataSource',
'javax.activation.DataSource',
'javax.activation.DataSourceDataContentHandler',
'javax.activation.FileDataSource',
'javax.activation.FileTypeMap',
'javax.activation.MailcapCommandMap',
'javax.activation.MimeType',
'javax.activation.MimeTypeParameterList',
'javax.activation.MimeTypeParseException',
'javax.activation.MimetypesFileTypeMap',
'javax.activation.ObjectDataContentHandler',
'javax.activation.SecuritySupport$1',
'javax.activation.SecuritySupport$2',
'javax.activation.SecuritySupport$3',
'javax.activation.SecuritySupport$4',
'javax.activation.SecuritySupport$5',
'javax.activation.SecuritySupport',
'javax.activation.URLDataSource',
'javax.activation.UnsupportedDataTypeException'
]
// someone figure out what the x-plugins logic should be
licenseHeaders.enabled = false
forbiddenApisMain {
signaturesURLs += [file('signatures.txt').toURI().toURL()]
}
modifyPom { MavenPom pom ->
pom.withXml { XmlProvider xml ->
// first find if we have dependencies at all, and grab the node
NodeList depsNodes = xml.asNode().get('dependencies')
if (depsNodes.isEmpty()) {
return
}
// find the 'base' dependency and replace it with the correct name because the project name is
// always used even when the pom of the other project is correct
Iterator<Node> childNodeIter = depsNodes.get(0).children().iterator()
while (childNodeIter.hasNext()) {
Node depNode = childNodeIter.next()
String groupId = depNode.get('groupId').get(0).text()
Node artifactIdNode = depNode.get('artifactId').get(0)
String artifactId = artifactIdNode.text()
String scope = depNode.get("scope").get(0).text()
if (groupId.equals('org.elasticsearch') && artifactId.equals('base')) {
artifactIdNode.replaceNode(new Node(null, 'artifactId', 'license-core'))
} else if ('test'.equals(scope)) {
childNodeIter.remove()
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink