honeymoose/OpenSearch
1
0
Fork 0
mirror of https://github.com/honeymoose/OpenSearch.git synced 2025-02-07 05:28:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/plugin/security/build.gradle
Albert Zaharovits c86e2d5211
Structured audit logging (#31931) 
Changes the format of log events in the audit logfile.
It also changes the filename suffix from `_access` to `_audit`.
The new entry format is consistent with Elastic Common Schema.
Entries are formatted as JSON with no nested objects and field
names have a dotted syntax. Moreover, log entries themselves
are not spaced by commas and there is exactly one entry per line.
In addition, entry fields are ordered, unlike a typical JSON doc,
such that a human would not strain his eyes over jumbled 
fields from one line to the other; the order is defined in the log4j2
properties file.
The implementation utilizes the log4j2's `StringMapMessage`.
This means that the application builds the log event as a map
and the log4j logic (the appender's layout) handle the format
internally. The layout, such as the set of printed fields and their
order, can be changed at runtime without restarting the node.
2018-09-14 15:25:53 +03:00

296 lines
14 KiB
Groovy
Raw Blame History

evaluationDependsOn(xpackModule('core'))
apply plugin: 'elasticsearch.esplugin'
apply plugin: 'nebula.maven-scm'
esplugin {
name 'x-pack-security'
description 'Elasticsearch Expanded Pack Plugin - Security'
classname 'org.elasticsearch.xpack.security.Security'
requiresKeystore true
extendedPlugins = ['x-pack-core']
}
archivesBaseName = 'x-pack-security'
dependencies {
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
compileOnly project(path: xpackModule('core'), configuration: 'default')
compileOnly project(path: ':modules:transport-netty4', configuration: 'runtime')
compileOnly project(path: ':plugins:transport-nio', configuration: 'runtime')
testCompile project(path: xpackModule('monitoring'))
testCompile project(path: xpackModule('sql:sql-action'))
testCompile project(path: xpackModule('core'), configuration: 'testArtifacts')
compile 'com.unboundid:unboundid-ldapsdk:3.2.0'
compileOnly 'org.bouncycastle:bcprov-jdk15on:1.59'
compileOnly 'org.bouncycastle:bcpkix-jdk15on:1.59'
// the following are all SAML dependencies - might as well download the whole internet
compile "org.opensaml:opensaml-core:3.3.0"
compile "org.opensaml:opensaml-saml-api:3.3.0"
compile "org.opensaml:opensaml-saml-impl:3.3.0"
compile "org.opensaml:opensaml-messaging-api:3.3.0"
compile "org.opensaml:opensaml-messaging-impl:3.3.0"
compile "org.opensaml:opensaml-security-api:3.3.0"
compile "org.opensaml:opensaml-security-impl:3.3.0"
compile "org.opensaml:opensaml-profile-api:3.3.0"
compile "org.opensaml:opensaml-profile-impl:3.3.0"
compile "org.opensaml:opensaml-xmlsec-api:3.3.0"
compile "org.opensaml:opensaml-xmlsec-impl:3.3.0"
compile "org.opensaml:opensaml-soap-api:3.3.0"
compile "org.opensaml:opensaml-soap-impl:3.3.0"
compile "org.opensaml:opensaml-storage-api:3.3.0"
compile "org.opensaml:opensaml-storage-impl:3.3.0"
compile "net.shibboleth.utilities:java-support:7.3.0"
compile "org.apache.santuario:xmlsec:2.0.8"
compile "io.dropwizard.metrics:metrics-core:3.2.2"
compile "org.cryptacular:cryptacular:1.2.0"
compile "org.slf4j:slf4j-api:${versions.slf4j}"
compile "org.apache.logging.log4j:log4j-slf4j-impl:${versions.log4j}"
compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
compile "org.apache.httpcomponents:httpasyncclient:${versions.httpasyncclient}"
compile "org.apache.httpcomponents:httpcore-nio:${versions.httpcore}"
compile "org.apache.httpcomponents:httpclient-cache:${versions.httpclient}"
compile 'com.google.guava:guava:19.0'
testCompile 'org.elasticsearch:securemock:1.2'
testCompile "org.elasticsearch:mocksocket:${versions.mocksocket}"
//testCompile "org.yaml:snakeyaml:${versions.snakeyaml}"
// Test dependencies for Kerberos (MiniKdc)
testCompile('commons-io:commons-io:2.5')
testCompile('org.apache.kerby:kerb-simplekdc:1.1.1')
testCompile('org.apache.kerby:kerb-client:1.1.1')
testCompile('org.apache.kerby:kerby-config:1.1.1')
testCompile('org.apache.kerby:kerb-core:1.1.1')
testCompile('org.apache.kerby:kerby-pkix:1.1.1')
testCompile('org.apache.kerby:kerby-asn1:1.1.1')
testCompile('org.apache.kerby:kerby-util:1.1.1')
testCompile('org.apache.kerby:kerb-common:1.1.1')
testCompile('org.apache.kerby:kerb-crypto:1.1.1')
testCompile('org.apache.kerby:kerb-util:1.1.1')
testCompile('org.apache.kerby:token-provider:1.1.1')
testCompile('com.nimbusds:nimbus-jose-jwt:4.41.2')
testCompile('net.jcip:jcip-annotations:1.0')
testCompile('org.apache.kerby:kerb-admin:1.1.1')
testCompile('org.apache.kerby:kerb-server:1.1.1')
testCompile('org.apache.kerby:kerb-identity:1.1.1')
testCompile('org.apache.kerby:kerby-xdr:1.1.1')
// LDAP backend support for SimpleKdcServer
testCompile('org.apache.kerby:kerby-backend:1.1.1')
testCompile('org.apache.kerby:ldap-backend:1.1.1')
testCompile('org.apache.kerby:kerb-identity:1.1.1')
testCompile('org.apache.directory.api:api-ldap-client-api:1.0.0')
testCompile('org.apache.directory.api:api-ldap-schema-data:1.0.0')
testCompile('org.apache.directory.api:api-ldap-codec-core:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-aci:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-codec:1.0.0')
testCompile('org.apache.directory.api:api-ldap-extras-codec-api:1.0.0')
testCompile('commons-pool:commons-pool:1.6')
testCompile('commons-collections:commons-collections:3.2')
testCompile('org.apache.mina:mina-core:2.0.17')
testCompile('org.apache.directory.api:api-util:1.0.1')
testCompile('org.apache.directory.api:api-i18n:1.0.1')
testCompile('org.apache.directory.api:api-ldap-model:1.0.1')
testCompile('org.apache.directory.api:api-asn1-api:1.0.1')
testCompile('org.apache.directory.api:api-asn1-ber:1.0.1')
testCompile('org.apache.servicemix.bundles:org.apache.servicemix.bundles.antlr:2.7.7_5')
testCompile('org.apache.directory.server:apacheds-core-api:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-i18n:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-extras-util:1.0.0')
testCompile('net.sf.ehcache:ehcache:2.10.4')
testCompile('org.apache.directory.server:apacheds-kerberos-codec:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-ldap:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-shared:2.0.0-M24')
testCompile('org.apache.directory.jdbm:apacheds-jdbm1:2.0.0-M3')
testCompile('org.apache.directory.server:apacheds-jdbm-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-xdbm-partition:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-extras-sp:1.0.0')
testCompile('org.apache.directory.server:apacheds-test-framework:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-core-annotations:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-ldif-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-mavibot-partition:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-protocol-kerberos:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-server-annotations:2.0.0-M24')
testCompile('org.apache.directory.api:api-ldap-codec-standalone:1.0.0')
testCompile('org.apache.directory.api:api-ldap-net-mina:1.0.0')
testCompile('org.apache.directory.server:ldap-client-test:2.0.0-M24')
testCompile('org.apache.directory.server:apacheds-interceptor-kerberos:2.0.0-M24')
testCompile('org.apache.directory.mavibot:mavibot:1.0.0-M8')
}
compileJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
compileTestJava.options.compilerArgs << "-Xlint:-deprecation,-rawtypes,-serial,-try,-unchecked"
configurations {
testArtifacts.extendsFrom testRuntime
}
task testJar(type: Jar) {
appendix 'test'
from sourceSets.test.output
}
artifacts {
// normal es plugins do not publish the jar but we need to since users need it for Transport Clients and extensions
archives jar
testArtifacts testJar
}
sourceSets.test.resources {
srcDir '../core/src/test/resources'
srcDir '../core/src/main/config'
}
dependencyLicenses {
mapping from: /java-support|opensaml-.*/, to: 'shibboleth'
mapping from: /http.*/, to: 'httpclient'
}
licenseHeaders {
// This class was sourced from apache directory studio for some microsoft-specific logic
excludes << 'org/elasticsearch/xpack/security/authc/ldap/ActiveDirectorySIDUtil.java'
}
forbiddenPatterns {
exclude '**/*.key'
exclude '**/*.p12'
exclude '**/*.der'
exclude '**/*.zip'
}
forbiddenApisMain {
signaturesFiles += files('forbidden/ldap-signatures.txt', 'forbidden/xml-signatures.txt')
}
// classes are missing, e.g. com.ibm.icu.lang.UCharacter
thirdPartyAudit.excludes = [
// SAML dependencies
// [missing classes] Some cli utilities that we don't use depend on these missing JCommander classes
'com.beust.jcommander.JCommander',
'com.beust.jcommander.converters.BaseConverter',
// [missing classes] Shibboleth + OpenSAML have servlet support that we don't use
'javax.servlet.AsyncContext',
'javax.servlet.DispatcherType',
'javax.servlet.Filter',
'javax.servlet.FilterChain',
'javax.servlet.FilterConfig',
'javax.servlet.RequestDispatcher',
'javax.servlet.ServletContext',
'javax.servlet.ServletException',
'javax.servlet.ServletInputStream',
'javax.servlet.ServletOutputStream',
'javax.servlet.ServletRequest',
'javax.servlet.ServletResponse',
'javax.servlet.http.Cookie',
'javax.servlet.http.HttpServletRequest',
'javax.servlet.http.HttpServletResponse',
'javax.servlet.http.HttpServletResponseWrapper',
'javax.servlet.http.HttpSession',
'javax.servlet.http.Part',
// [missing classes] Shibboleth + OpenSAML have velocity support that we don't use
'org.apache.velocity.VelocityContext',
'org.apache.velocity.app.VelocityEngine',
'org.apache.velocity.context.Context',
'org.apache.velocity.exception.VelocityException',
'org.apache.velocity.runtime.RuntimeServices',
'org.apache.velocity.runtime.log.LogChute',
'org.apache.velocity.runtime.resource.loader.StringResourceLoader',
'org.apache.velocity.runtime.resource.util.StringResourceRepository',
// [missing classes] OpenSAML depends on Apache XML security which depends on Xalan, but only for functionality that OpenSAML doesn't use
'org.apache.xml.dtm.DTM',
'org.apache.xml.utils.PrefixResolver',
'org.apache.xml.utils.PrefixResolverDefault',
'org.apache.xpath.Expression',
'org.apache.xpath.NodeSetDTM',
'org.apache.xpath.XPath',
'org.apache.xpath.XPathContext',
'org.apache.xpath.compiler.FunctionTable',
'org.apache.xpath.functions.Function',
'org.apache.xpath.objects.XNodeSet',
'org.apache.xpath.objects.XObject',
// [missing classes] OpenSAML storage has an optional LDAP storage impl
'org.ldaptive.AttributeModification',
'org.ldaptive.AttributeModificationType',
'org.ldaptive.Connection',
'org.ldaptive.DeleteOperation',
'org.ldaptive.DeleteRequest',
'org.ldaptive.LdapAttribute',
'org.ldaptive.LdapEntry',
'org.ldaptive.LdapException',
'org.ldaptive.ModifyOperation',
'org.ldaptive.ModifyRequest',
'org.ldaptive.Response',
'org.ldaptive.ResultCode',
'org.ldaptive.SearchOperation',
'org.ldaptive.SearchRequest',
'org.ldaptive.SearchResult',
'org.ldaptive.ext.MergeOperation',
'org.ldaptive.ext.MergeRequest',
'org.ldaptive.pool.ConnectionPool',
'org.ldaptive.pool.PooledConnectionFactory',
// [missing classes] OpenSAML storage has an optional JSON-backed storage impl
'javax.json.Json',
'javax.json.JsonException',
'javax.json.JsonNumber',
'javax.json.JsonObject',
'javax.json.JsonReader',
'javax.json.JsonValue$ValueType',
'javax.json.JsonValue',
'javax.json.stream.JsonGenerator',
// [missing classes] OpenSAML storage has an optional JPA storage impl
'javax.persistence.EntityManager',
'javax.persistence.EntityManagerFactory',
'javax.persistence.EntityTransaction',
'javax.persistence.LockModeType',
'javax.persistence.Query',
// [missing classes] OpenSAML storage and HttpClient cache have optional memcache support
'net.spy.memcached.CASResponse',
'net.spy.memcached.CASValue',
'net.spy.memcached.MemcachedClient',
'net.spy.memcached.MemcachedClientIF',
'net.spy.memcached.CachedData',
'net.spy.memcached.internal.OperationFuture',
'net.spy.memcached.transcoders.Transcoder',
// [missing classes] Http Client cache has optional ehcache support
'net.sf.ehcache.Ehcache',
'net.sf.ehcache.Element',
// [missing classes] SLF4j includes an optional class that depends on an extension class (!)
'org.slf4j.ext.EventData',
// Guava uses internal java api: sun.misc.Unsafe
'com.google.common.cache.Striped64',
'com.google.common.cache.Striped64$1',
'com.google.common.cache.Striped64$Cell',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator',
'com.google.common.primitives.UnsignedBytes$LexicographicalComparatorHolder$UnsafeComparator$1',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper',
'com.google.common.util.concurrent.AbstractFuture$UnsafeAtomicHelper$1',
]
if (project.runtimeJavaVersion > JavaVersion.VERSION_1_8) {
thirdPartyAudit.excludes += [
'javax.xml.bind.JAXBContext',
'javax.xml.bind.JAXBElement',
'javax.xml.bind.JAXBException',
'javax.xml.bind.Unmarshaller',
'javax.xml.bind.UnmarshallerHandler',
];
}
run {
plugin xpackModule('core')
}
test {
/*
* We have to disable setting the number of available processors as tests in the same JVM randomize processors and will step on each
* other if we allow them to set the number of available processors as it's set-once in Netty.
*/
systemProperty 'es.set.netty.runtime.available.processors', 'false'
}
// xpack modules are installed in real clusters as the meta plugin, so
// installing them as individual plugins for integ tests doesn't make sense,
// so we disable integ tests
integTest.enabled = false
Reference in New Issue View Git Blame Copy Permalink