elasticsearch/plugins/discovery-ec2/build.gradle

import org.elasticsearch.gradle.info.BuildParams

/*
 * Licensed to Elasticsearch under one or more contributor
 * license agreements. See the NOTICE file distributed with
 * this work for additional information regarding copyright
 * ownership. Elasticsearch licenses this file to you under
 * the Apache License, Version 2.0 (the "License"); you may
 * not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied.  See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

esplugin {
  description 'The EC2 discovery plugin allows to use AWS API for the unicast discovery mechanism.'
  classname 'org.elasticsearch.discovery.ec2.Ec2DiscoveryPlugin'
}

versions << [
  'aws': '1.11.749'
]

dependencies {
  compile "com.amazonaws:aws-java-sdk-ec2:${versions.aws}"
  compile "com.amazonaws:aws-java-sdk-core:${versions.aws}"
  compile "org.apache.httpcomponents:httpclient:${versions.httpclient}"
  compile "org.apache.httpcomponents:httpcore:${versions.httpcore}"
  compile "commons-logging:commons-logging:${versions.commonslogging}"
  compile "org.apache.logging.log4j:log4j-1.2-api:${versions.log4j}"
  compile "commons-codec:commons-codec:${versions.commonscodec}"
  compile "com.fasterxml.jackson.core:jackson-databind:${versions.jackson}"
  compile "com.fasterxml.jackson.core:jackson-annotations:${versions.jackson}"
}

restResources {
  restApi {
    includeCore '_common', 'cluster', 'nodes'
  }
}

tasks.named("dependencyLicenses").configure {
  mapping from: /aws-java-sdk-.*/, to: 'aws-java-sdk'
  mapping from: /jackson-.*/, to: 'jackson'
}

bundlePlugin {
  from('config/discovery-ec2') {
    into 'config'
  }
}

task writeTestJavaPolicy {
  doLast {
    final File tmp = file("${buildDir}/tmp")
    if (tmp.exists() == false && tmp.mkdirs() == false) {
      throw new GradleException("failed to create temporary directory [${tmp}]")
    }
    final File javaPolicy = file("${tmp}/java.policy")
    if (BuildParams.inFipsJvm) {
      javaPolicy.write(
        [
          "grant {",
          "permission java.security.SecurityPermission \"putProviderProperty.BCFIPS\";",
          "permission java.security.SecurityPermission \"putProviderProperty.BCJSSE\";",
          "permission java.lang.RuntimePermission \"getProtectionDomain\";",
          "permission java.util.PropertyPermission \"java.runtime.name\", \"read\";",
          "permission org.bouncycastle.crypto.CryptoServicesPermission \"tlsAlgorithmsEnabled\";",
          "permission java.lang.RuntimePermission \"accessClassInPackage.sun.security.internal.spec\";",
          "permission java.lang.RuntimePermission \"accessDeclaredMembers\";",
          "permission java.util.PropertyPermission \"intellij.debug.agent\", \"read\";",
          "permission java.util.PropertyPermission \"intellij.debug.agent\", \"write\";",
          "permission org.bouncycastle.crypto.CryptoServicesPermission \"exportSecretKey\";",
          "permission org.bouncycastle.crypto.CryptoServicesPermission \"exportPrivateKey\";",
          "permission java.io.FilePermission \"\${javax.net.ssl.trustStore}\", \"read\";",
          "  permission java.util.PropertyPermission \"com.amazonaws.sdk.ec2MetadataServiceEndpointOverride\", \"write\";",
          "};"
        ].join("\n")
      )
    } else {
      javaPolicy.write(
        [
          "grant {",
          "  permission java.util.PropertyPermission \"com.amazonaws.sdk.ec2MetadataServiceEndpointOverride\", \"write\";",
          "};"
        ].join("\n"))
    }
  }
}

test {
  dependsOn writeTestJavaPolicy
  // this is needed for insecure plugins, remove if possible!
  systemProperty 'tests.artifact', project.name

  // this is needed to manipulate com.amazonaws.sdk.ec2MetadataServiceEndpointOverride system property
  // it is better rather disable security manager at all with `systemProperty 'tests.security.manager', 'false'`
  if (BuildParams.inFipsJvm){
    systemProperty 'java.security.policy', "=file://${buildDir}/tmp/java.policy"
  } else {
    systemProperty 'java.security.policy', "file://${buildDir}/tmp/java.policy"
  }
}

check {
  // also execute the QA tests when testing the plugin
  dependsOn 'qa:amazon-ec2:check'
}

thirdPartyAudit.ignoreMissingClasses(
  // classes are missing
  'com.amazonaws.jmespath.JmesPathEvaluationVisitor',
  'com.amazonaws.jmespath.JmesPathExpression',
  'com.amazonaws.jmespath.JmesPathField',
  'com.amazonaws.jmespath.JmesPathFlatten',
  'com.amazonaws.jmespath.JmesPathIdentity',
  'com.amazonaws.jmespath.JmesPathLengthFunction',
  'com.amazonaws.jmespath.JmesPathLiteral',
  'com.amazonaws.jmespath.JmesPathProjection',
  'com.amazonaws.jmespath.JmesPathSubExpression',
  'com.amazonaws.jmespath.ObjectMapperSingleton',
  'com.amazonaws.jmespath.OpGreaterThan',
  'software.amazon.ion.IonReader',
  'software.amazon.ion.IonSystem',
  'software.amazon.ion.IonType',
  'software.amazon.ion.IonWriter',
  'software.amazon.ion.Timestamp',
  'software.amazon.ion.system.IonBinaryWriterBuilder',
  'software.amazon.ion.system.IonSystemBuilder',
  'software.amazon.ion.system.IonTextWriterBuilder',
  'software.amazon.ion.system.IonWriterBuilder',
  'javax.servlet.ServletContextEvent',
  'javax.servlet.ServletContextListener',
  'org.apache.avalon.framework.logger.Logger',
  'org.apache.log.Hierarchy',
  'org.apache.log.Logger'
)

thirdPartyAudit.ignoreMissingClasses(
  'javax.xml.bind.DatatypeConverter',
  'javax.xml.bind.JAXBContext'
)