|
@@ -1,3 +1,5 @@
|
|
|
+import org.elasticsearch.gradle.precommit.ForbiddenApisCliTask
|
|
|
+
|
|
|
apply plugin: 'elasticsearch.build'
|
|
|
|
|
|
archivesBaseName = 'elasticsearch-security-cli'
|
|
@@ -6,8 +8,8 @@ dependencies {
|
|
|
compileOnly "org.elasticsearch:elasticsearch:${version}"
|
|
|
// "org.elasticsearch.plugin:x-pack-core:${version}" doesn't work with idea because the testArtifacts are also here
|
|
|
compileOnly project(path: xpackModule('core'), configuration: 'default')
|
|
|
- compile 'org.bouncycastle:bcprov-jdk15on:1.59'
|
|
|
compile 'org.bouncycastle:bcpkix-jdk15on:1.59'
|
|
|
+ compile 'org.bouncycastle:bcprov-jdk15on:1.59'
|
|
|
testImplementation 'com.google.jimfs:jimfs:1.1'
|
|
|
testCompile "junit:junit:${versions.junit}"
|
|
|
testCompile "org.hamcrest:hamcrest-all:${versions.hamcrest}"
|
|
@@ -20,6 +22,14 @@ dependencyLicenses {
|
|
|
mapping from: /bc.*/, to: 'bouncycastle'
|
|
|
}
|
|
|
|
|
|
-if (inFipsJvm) {
|
|
|
+if (project.inFipsJvm) {
|
|
|
test.enabled = false
|
|
|
+ // Forbiden APIs non-portable checks fail because bouncy castle classes being used from the FIPS JDK since those are
|
|
|
+ // not part of the Java specification - all of this is as designed, so we have to relax this check for FIPS.
|
|
|
+ tasks.withType(ForbiddenApisCliTask) {
|
|
|
+ bundledSignatures -= "jdk-non-portable"
|
|
|
+ }
|
|
|
+ // FIPS JVM includes manny classes from bouncycastle which count as jar hell for the third party audit,
|
|
|
+ // rather than provide a long list of exclusions, disable the check on FIPS.
|
|
|
+ thirdPartyAudit.enabled = false
|
|
|
}
|