honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-06 04:58:50 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/plugin/identity-provider/build.gradle
Ryan Ernst 29b70733ae
Use task avoidance with forbidden apis (#55034) 
Currently forbidden apis accounts for 800+ tasks in the build. These
tasks are aggressively created by the plugin. In forbidden apis 3.0, we
will get task avoidance
(https://github.com/policeman-tools/forbidden-apis/pull/162), but we
need to ourselves use the same task avoidance mechanisms to not trigger
these task creations. This commit does that for our foribdden apis
usages, in preparation for upgrading to 3.0 when it is released.
2020-04-15 13:27:53 -07:00

372 lines
18 KiB
Groovy
Raw Blame History

import org.elasticsearch.gradle.info.BuildParams
evaluationDependsOn(xpackModule('core'))
apply plugin: 'elasticsearch.esplugin'
apply plugin: 'nebula.maven-base-publish'
esplugin {
name 'x-pack-identity-provider'
description 'Elasticsearch Expanded Pack Plugin - Identity Provider'
classname 'org.elasticsearch.xpack.idp.IdentityProviderPlugin'
extendedPlugins = ['x-pack-core']
}
archivesBaseName = 'x-pack-identity-provider'
dependencies {
compileOnly project(path: xpackModule('core'), configuration: 'default')
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
// So that we can extend LocalStateCompositeXPackPlugin
testCompile project(path: xpackModule('security'), configuration: 'testArtifacts')
// the following are all SAML dependencies - might as well download the whole internet
compile "org.opensaml:opensaml-core:3.4.5"
compile "org.opensaml:opensaml-saml-api:3.4.5"
compile "org.opensaml:opensaml-saml-impl:3.4.5"
compile "org.opensaml:opensaml-messaging-api:3.4.5"
compile "org.opensaml:opensaml-messaging-impl:3.4.5"
compile "org.opensaml:opensaml-security-api:3.4.5"
compile "org.opensaml:opensaml-security-impl:3.4.5"
compile "org.opensaml:opensaml-profile-api:3.4.5"
compile "org.opensaml:opensaml-profile-impl:3.4.5"
compile "org.opensaml:opensaml-xmlsec-api:3.4.5"
compile "org.opensaml:opensaml-xmlsec-impl:3.4.5"
compile "org.opensaml:opensaml-soap-api:3.4.5"
compile "org.opensaml:opensaml-soap-impl:3.4.5"
compile "org.opensaml:opensaml-storage-api:3.4.5"
compile "org.opensaml:opensaml-storage-impl:3.4.5"
compile "net.shibboleth.utilities:java-support:7.5.1"
compile "org.apache.santuario:xmlsec:2.1.4"
compile "io.dropwizard.metrics:metrics-core:3.2.2"
compile ("org.cryptacular:cryptacular:1.2.4") {
exclude group: 'org.bouncycastle'
}
compile "org.slf4j:slf4j-api:${versions.slf4j}"
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
runtimeOnly 'com.google.guava:guava:19.0'
testCompile 'org.elasticsearch:securemock:1.2'
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
}
compileJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
compileTestJava.options.compilerArgs << "-Xlint:-rawtypes,-unchecked"
dependencyLicenses {
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
mapping from: /http.*/, to: 'httpclient'
}
forbiddenPatterns {
exclude '**/*.key'
exclude '**/*.p12'
exclude '**/*.der'
exclude '**/*.zip'
}
tasks.named('forbiddenApisMain').configure {
signaturesFiles += files('forbidden/xml-signatures.txt')
}
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
thirdPartyAudit {
ignoreMissingClasses (
// SAML dependencies
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
'com.beust.jcommander.JCommander',
'com.beust.jcommander.converters.BaseConverter',
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
'javax.servlet.AsyncContext',
'javax.servlet.DispatcherType',
'javax.servlet.Filter',
'javax.servlet.FilterChain',
'javax.servlet.FilterConfig',
'javax.servlet.RequestDispatcher',
'javax.servlet.ServletContext',
'javax.servlet.ServletException',
'javax.servlet.ServletInputStream',
'javax.servlet.ServletOutputStream',
'javax.servlet.ServletRequest',
'javax.servlet.ServletResponse',
'javax.servlet.http.Cookie',
'javax.servlet.http.HttpServletRequest',
'javax.servlet.http.HttpServletResponse',
'javax.servlet.http.HttpServletResponseWrapper',
'javax.servlet.http.HttpSession',
'javax.servlet.http.Part',
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
'org.apache.velocity.VelocityContext',
'org.apache.velocity.app.VelocityEngine',
'org.apache.velocity.context.Context',
'org.apache.velocity.exception.VelocityException',
'org.apache.velocity.runtime.RuntimeServices',
'org.apache.velocity.runtime.log.LogChute',
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
'org.apache.xml.dtm.DTM',
'org.apache.xml.utils.PrefixResolver',
'org.apache.xml.utils.PrefixResolverDefault',
'org.apache.xpath.Expression',
'org.apache.xpath.NodeSetDTM',
'org.apache.xpath.XPath',
'org.apache.xpath.XPathContext',
'org.apache.xpath.compiler.FunctionTable',
'org.apache.xpath.functions.Function',
'org.apache.xpath.objects.XNodeSet',
'org.apache.xpath.objects.XObject',
// [missing classes] OpenSAML storage has an optional LDAP storage impl
'org.ldaptive.AttributeModification',
'org.ldaptive.AttributeModificationType',
'org.ldaptive.Connection',
'org.ldaptive.DeleteOperation',
'org.ldaptive.DeleteRequest',
'org.ldaptive.LdapAttribute',
'org.ldaptive.LdapEntry',
'org.ldaptive.LdapException',
'org.ldaptive.ModifyOperation',
'org.ldaptive.ModifyRequest',
'org.ldaptive.Response',
'org.ldaptive.ResultCode',
'org.ldaptive.SearchOperation',
'org.ldaptive.SearchRequest',
'org.ldaptive.SearchResult',
'org.ldaptive.ext.MergeOperation',
'org.ldaptive.ext.MergeRequest',
'org.ldaptive.pool.ConnectionPool',
'org.ldaptive.pool.PooledConnectionFactory',
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
'javax.json.Json',
'javax.json.JsonException',
'javax.json.JsonNumber',
'javax.json.JsonObject',
'javax.json.JsonReader',
'javax.json.JsonValue$ValueType',
'javax.json.JsonValue',
'javax.json.stream.JsonGenerator',
// [missing classes] OpenSAML storage has an optional JPA storage impl
'javax.persistence.EntityManager',
'javax.persistence.EntityManagerFactory',
'javax.persistence.EntityTransaction',
'javax.persistence.LockModeType',
'javax.persistence.Query',
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
'net.spy.memcached.CASResponse',
'net.spy.memcached.CASValue',
'net.spy.memcached.MemcachedClient',
'net.spy.memcached.MemcachedClientIF',
'net.spy.memcached.CachedData',
'net.spy.memcached.internal.OperationFuture',
'net.spy.memcached.transcoders.Transcoder',
// [missing classes] Http Client cache has optional ehcache support
'net.sf.ehcache.Ehcache',
'net.sf.ehcache.Element',
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
'org.slf4j.ext.EventData',
// Bouncycastle is an optional dependency for apache directory, cryptacular and opensaml packages. We
// acknowledge them here instead of adding bouncy castle as a compileOnly dependency
'org.bouncycastle.asn1.ASN1Encodable',
'org.bouncycastle.asn1.ASN1InputStream',
'org.bouncycastle.asn1.ASN1Integer',
'org.bouncycastle.asn1.ASN1ObjectIdentifier',
'org.bouncycastle.asn1.ASN1OctetString',
'org.bouncycastle.asn1.ASN1Primitive',
'org.bouncycastle.asn1.ASN1Sequence',
'org.bouncycastle.asn1.ASN1TaggedObject',
'org.bouncycastle.asn1.DEROctetString',
'org.bouncycastle.asn1.DERSequence',
'org.bouncycastle.asn1.pkcs.EncryptedPrivateKeyInfo',
'org.bouncycastle.asn1.pkcs.EncryptionScheme',
'org.bouncycastle.asn1.pkcs.KeyDerivationFunc',
'org.bouncycastle.asn1.pkcs.PBEParameter',
'org.bouncycastle.asn1.pkcs.PBES2Parameters',
'org.bouncycastle.asn1.pkcs.PBKDF2Params',
'org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers',
'org.bouncycastle.asn1.pkcs.PrivateKeyInfo',
'org.bouncycastle.asn1.x500.AttributeTypeAndValue',
'org.bouncycastle.asn1.x500.RDN',
'org.bouncycastle.asn1.x500.X500Name',
'org.bouncycastle.asn1.x509.AccessDescription',
'org.bouncycastle.asn1.x509.AlgorithmIdentifier',
'org.bouncycastle.asn1.x509.AuthorityKeyIdentifier',
'org.bouncycastle.asn1.x509.BasicConstraints',
'org.bouncycastle.asn1.x509.DistributionPoint',
'org.bouncycastle.asn1.x509.Extension',
'org.bouncycastle.asn1.x509.GeneralName',
'org.bouncycastle.asn1.x509.GeneralNames',
'org.bouncycastle.asn1.x509.GeneralNamesBuilder',
'org.bouncycastle.asn1.x509.KeyPurposeId',
'org.bouncycastle.asn1.x509.KeyUsage',
'org.bouncycastle.asn1.x509.PolicyInformation',
'org.bouncycastle.asn1.x509.SubjectKeyIdentifier',
'org.bouncycastle.asn1.x509.SubjectPublicKeyInfo',
'org.bouncycastle.asn1.x9.X9ECParameters',
'org.bouncycastle.cert.X509v3CertificateBuilder',
'org.bouncycastle.cert.jcajce.JcaX509CertificateConverter',
'org.bouncycastle.cert.jcajce.JcaX509ExtensionUtils',
'org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder',
'org.bouncycastle.crypto.BlockCipher',
'org.bouncycastle.crypto.BufferedBlockCipher',
'org.bouncycastle.crypto.CipherParameters',
'org.bouncycastle.crypto.Digest',
'org.bouncycastle.crypto.PBEParametersGenerator',
'org.bouncycastle.crypto.StreamCipher',
'org.bouncycastle.crypto.digests.GOST3411Digest',
'org.bouncycastle.crypto.digests.MD2Digest',
'org.bouncycastle.crypto.digests.MD4Digest',
'org.bouncycastle.crypto.digests.MD5Digest',
'org.bouncycastle.crypto.digests.RIPEMD128Digest',
'org.bouncycastle.crypto.digests.RIPEMD160Digest',
'org.bouncycastle.crypto.digests.RIPEMD256Digest',
'org.bouncycastle.crypto.digests.RIPEMD320Digest',
'org.bouncycastle.crypto.digests.SHA1Digest',
'org.bouncycastle.crypto.digests.SHA224Digest',
'org.bouncycastle.crypto.digests.SHA256Digest',
'org.bouncycastle.crypto.digests.SHA384Digest',
'org.bouncycastle.crypto.digests.SHA3Digest',
'org.bouncycastle.crypto.digests.SHA512Digest',
'org.bouncycastle.crypto.digests.TigerDigest',
'org.bouncycastle.crypto.digests.WhirlpoolDigest',
'org.bouncycastle.crypto.engines.AESEngine',
'org.bouncycastle.crypto.engines.BlowfishEngine',
'org.bouncycastle.crypto.engines.CAST5Engine',
'org.bouncycastle.crypto.engines.CAST6Engine',
'org.bouncycastle.crypto.engines.CamelliaEngine',
'org.bouncycastle.crypto.engines.DESEngine',
'org.bouncycastle.crypto.engines.DESedeEngine',
'org.bouncycastle.crypto.engines.GOST28147Engine',
'org.bouncycastle.crypto.engines.Grain128Engine',
'org.bouncycastle.crypto.engines.HC128Engine',
'org.bouncycastle.crypto.engines.HC256Engine',
'org.bouncycastle.crypto.engines.ISAACEngine',
'org.bouncycastle.crypto.engines.NoekeonEngine',
'org.bouncycastle.crypto.engines.RC2Engine',
'org.bouncycastle.crypto.engines.RC4Engine',
'org.bouncycastle.crypto.engines.RC532Engine',
'org.bouncycastle.crypto.engines.RC564Engine',
'org.bouncycastle.crypto.engines.RC6Engine',
'org.bouncycastle.crypto.engines.SEEDEngine',
'org.bouncycastle.crypto.engines.Salsa20Engine',
'org.bouncycastle.crypto.engines.SerpentEngine',
'org.bouncycastle.crypto.engines.SkipjackEngine',
'org.bouncycastle.crypto.engines.TEAEngine',
'org.bouncycastle.crypto.engines.TwofishEngine',
'org.bouncycastle.crypto.engines.VMPCEngine',
'org.bouncycastle.crypto.engines.XTEAEngine',
'org.bouncycastle.crypto.generators.BCrypt',
'org.bouncycastle.crypto.generators.OpenSSLPBEParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S1ParametersGenerator',
'org.bouncycastle.crypto.generators.PKCS5S2ParametersGenerator',
'org.bouncycastle.crypto.io.CipherInputStream',
'org.bouncycastle.crypto.io.CipherOutputStream',
'org.bouncycastle.crypto.macs.HMac',
'org.bouncycastle.crypto.modes.AEADBlockCipher',
'org.bouncycastle.crypto.modes.CBCBlockCipher',
'org.bouncycastle.crypto.modes.CCMBlockCipher',
'org.bouncycastle.crypto.modes.CFBBlockCipher',
'org.bouncycastle.crypto.modes.EAXBlockCipher',
'org.bouncycastle.crypto.modes.GCMBlockCipher',
'org.bouncycastle.crypto.modes.OCBBlockCipher',
'org.bouncycastle.crypto.modes.OFBBlockCipher',
'org.bouncycastle.crypto.paddings.BlockCipherPadding',
'org.bouncycastle.crypto.paddings.ISO10126d2Padding',
'org.bouncycastle.crypto.paddings.ISO7816d4Padding',
'org.bouncycastle.crypto.paddings.PKCS7Padding',
'org.bouncycastle.crypto.paddings.PaddedBufferedBlockCipher',
'org.bouncycastle.crypto.paddings.TBCPadding',
'org.bouncycastle.crypto.paddings.X923Padding',
'org.bouncycastle.crypto.paddings.ZeroBytePadding',
'org.bouncycastle.crypto.params.AEADParameters',
'org.bouncycastle.crypto.params.AsymmetricKeyParameter',
'org.bouncycastle.crypto.params.DSAKeyParameters',
'org.bouncycastle.crypto.params.DSAParameters',
'org.bouncycastle.crypto.params.DSAPrivateKeyParameters',
'org.bouncycastle.crypto.params.DSAPublicKeyParameters',
'org.bouncycastle.crypto.params.ECDomainParameters',
'org.bouncycastle.crypto.params.ECKeyParameters',
'org.bouncycastle.crypto.params.ECPrivateKeyParameters',
'org.bouncycastle.crypto.params.ECPublicKeyParameters',
'org.bouncycastle.crypto.params.KeyParameter',
'org.bouncycastle.crypto.params.ParametersWithIV',
'org.bouncycastle.crypto.params.RC2Parameters',
'org.bouncycastle.crypto.params.RC5Parameters',
'org.bouncycastle.crypto.params.RSAKeyParameters',
'org.bouncycastle.crypto.params.RSAPrivateCrtKeyParameters',
'org.bouncycastle.crypto.prng.EntropySource',
'org.bouncycastle.crypto.prng.SP800SecureRandom',
'org.bouncycastle.crypto.prng.SP800SecureRandomBuilder',
'org.bouncycastle.crypto.prng.drbg.HashSP800DRBG',
'org.bouncycastle.crypto.prng.drbg.SP80090DRBG',
'org.bouncycastle.crypto.signers.DSASigner',
'org.bouncycastle.crypto.signers.ECDSASigner',
'org.bouncycastle.crypto.signers.RSADigestSigner',
'org.bouncycastle.crypto.util.PrivateKeyFactory',
'org.bouncycastle.crypto.util.PrivateKeyInfoFactory',
'org.bouncycastle.crypto.util.PublicKeyFactory',
'org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory',
'org.bouncycastle.jcajce.provider.asymmetric.dsa.KeyPairGeneratorSpi',
'org.bouncycastle.jcajce.provider.asymmetric.ec.KeyPairGeneratorSpi$EC',
'org.bouncycastle.jcajce.provider.asymmetric.rsa.KeyPairGeneratorSpi',
'org.bouncycastle.jcajce.provider.asymmetric.util.EC5Util',
'org.bouncycastle.jcajce.provider.asymmetric.util.ECUtil',
'org.bouncycastle.jce.spec.ECNamedCurveGenParameterSpec',
'org.bouncycastle.math.ec.ECFieldElement',
'org.bouncycastle.math.ec.ECPoint',
'org.bouncycastle.openssl.jcajce.JcaPEMWriter',
'org.bouncycastle.operator.jcajce.JcaContentSignerBuilder',
'org.bouncycastle.util.Arrays',
'org.bouncycastle.util.Strings',
'org.bouncycastle.util.io.Streams',
'org.bouncycastle.x509.extension.X509ExtensionUtil'
)
ignoreViolations(
// Guava uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
)
}
if (BuildParams.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.ignoreMissingClasses(
'javax.xml.bind.JAXBContext',
'javax.xml.bind.JAXBElement',
'javax.xml.bind.JAXBException',
'javax.xml.bind.Unmarshaller',
'javax.xml.bind.UnmarshallerHandler',
)
}
test {
/*
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
* other if we allow them to set the number of available processors as it's set-once in Netty.
*/
systemProperty 'es.set.netty.runtime.available.processors', 'false'
}
// xpack modules are installed in real clusters as the meta plugin, so
// installing them as individual plugins for integ tests doesn't make sense,
// so we disable integ tests
integTest.enabled = false
// add all sub-projects of the qa sub-project
gradle.projectsEvaluated {
project.subprojects
.find { it.path == project.path + ":qa" }
.subprojects
.findAll { it.path.startsWith(project.path + ":qa") }
.each { check.dependsOn it.check }
}
Reference in New Issue View Git Blame Copy Permalink