mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-06 13:08:29 +00:00
6ccdceec79
This commit moves the configuration of all test jvms for fips to a script plugin. Fips testing is something very specific to the Elasticsearch build and does not need to be passed on to plugin authors.
58 lines
3.0 KiB
Groovy
58 lines
3.0 KiB
Groovy
import org.elasticsearch.gradle.ExportElasticsearchBuildResourcesTask
|
|
import org.elasticsearch.gradle.info.BuildParams
|
|
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster
|
|
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster
|
|
|
|
// Common config when running with a FIPS-140 runtime JVM
|
|
if (BuildParams.inFipsJvm) {
|
|
allprojects {
|
|
File fipsResourcesDir = new File(project.buildDir, 'fips-resources')
|
|
boolean java8 = BuildParams.runtimeJavaVersion == JavaVersion.VERSION_1_8
|
|
File fipsSecurity = new File(fipsResourcesDir, "fips_java${java8 ? '8' : ''}.security")
|
|
File fipsPolicy = new File(fipsResourcesDir, "fips_java${java8 ? '8' : ''}.policy")
|
|
File fipsTrustStore = new File(fipsResourcesDir, 'cacerts.bcfks')
|
|
project.pluginManager.withPlugin('elasticsearch.java') {
|
|
TaskProvider<ExportElasticsearchBuildResourcesTask> fipsResourcesTask = project.tasks.register('fipsResources', ExportElasticsearchBuildResourcesTask)
|
|
fipsResourcesTask.configure {
|
|
outputDir = fipsResourcesDir
|
|
copy fipsSecurity.name
|
|
copy fipsPolicy.name
|
|
copy 'cacerts.bcfks'
|
|
}
|
|
// This configuration can be removed once system modules are available
|
|
configurations.create('extraFipsJars')
|
|
dependencies {
|
|
extraFipsJars 'org.bouncycastle:bc-fips:1.0.1'
|
|
extraFipsJars 'org.bouncycastle:bctls-fips:1.0.9'
|
|
}
|
|
pluginManager.withPlugin("elasticsearch.testclusters") {
|
|
testClusters.all {
|
|
for (File dep : project.configurations.extraFipsJars.files) {
|
|
extraJarFile dep
|
|
}
|
|
extraConfigFile "fips_java.security", fipsSecurity
|
|
extraConfigFile "fips_java.policy", fipsPolicy
|
|
extraConfigFile "cacerts.bcfks", fipsTrustStore
|
|
systemProperty 'java.security.properties', '=${ES_PATH_CONF}/fips_java.security'
|
|
systemProperty 'java.security.policy', '=${ES_PATH_CONF}/fips_java.policy'
|
|
systemProperty 'javax.net.ssl.trustStore', '${ES_PATH_CONF}/cacerts.bcfks'
|
|
systemProperty 'javax.net.ssl.trustStorePassword', 'password'
|
|
systemProperty 'javax.net.ssl.keyStorePassword', 'password'
|
|
systemProperty 'javax.net.ssl.keyStoreType', 'BCFKS'
|
|
}
|
|
}
|
|
project.tasks.withType(Test).configureEach { Test task ->
|
|
task.dependsOn('fipsResources')
|
|
task.systemProperty('javax.net.ssl.trustStorePassword', 'password')
|
|
task.systemProperty('javax.net.ssl.keyStorePassword', 'password')
|
|
task.systemProperty('javax.net.ssl.trustStoreType', 'BCFKS')
|
|
// Using the key==value format to override default JVM security settings and policy
|
|
// see also: https://docs.oracle.com/javase/8/docs/technotes/guides/security/PolicyFiles.html
|
|
task.systemProperty('java.security.properties', String.format(Locale.ROOT, "=%s", fipsSecurity))
|
|
task.systemProperty('java.security.policy', String.format(Locale.ROOT, "=%s", fipsPolicy))
|
|
task.systemProperty('javax.net.ssl.trustStore', fipsTrustStore)
|
|
}
|
|
}
|
|
}
|
|
}
|