Skip to content

Commit

Permalink
Introduce Gradle plugin for setup gradle test security policies (#76167)
Browse files Browse the repository at this point in the history
Test execution hangs when building Elasticsearch plugins and extending ESTestCase

fixes #76136
  • Loading branch information
breskeby committed Aug 10, 2021
1 parent 31fb67e commit efd365c
Show file tree
Hide file tree
Showing 9 changed files with 113 additions and 15 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,8 @@
import com.github.jengelman.gradle.plugins.shadow.ShadowBasePlugin;
import org.elasticsearch.gradle.OS;
import org.elasticsearch.gradle.internal.test.SimpleCommandLineArgumentProvider;
import org.elasticsearch.gradle.internal.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.test.GradleTestPolicySetupPlugin;
import org.elasticsearch.gradle.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.internal.info.BuildParams;
import org.elasticsearch.gradle.internal.info.GlobalBuildInfoPlugin;
import org.elasticsearch.gradle.internal.test.ErrorReportingTestListener;
Expand Down Expand Up @@ -41,6 +42,7 @@ public class ElasticsearchTestBasePlugin implements Plugin<Project> {

@Override
public void apply(Project project) {
project.getPluginManager().apply(GradleTestPolicySetupPlugin.class);
// for fips mode check
project.getRootProject().getPluginManager().apply(GlobalBuildInfoPlugin.class);
// Default test task should run only unit tests
Expand Down Expand Up @@ -125,12 +127,8 @@ public void execute(Task t) {
Map<String, String> sysprops = Map.of(
"java.awt.headless",
"true",
"tests.gradle",
"true",
"tests.artifact",
project.getName(),
"tests.task",
test.getPath(),
"tests.security.manager",
"true",
"jna.nosys",
Expand All @@ -146,14 +144,8 @@ public void execute(Task t) {
}

// don't track these as inputs since they contain absolute paths and break cache relocatability
File gradleHome = project.getGradle().getGradleUserHomeDir();
String gradleVersion = project.getGradle().getGradleVersion();
nonInputProperties.systemProperty("gradle.dist.lib", new File(project.getGradle().getGradleHomeDir(), "lib"));
nonInputProperties.systemProperty(
"gradle.worker.jar",
gradleHome + "/caches/" + gradleVersion + "/workerMain/gradle-worker.jar"
);
nonInputProperties.systemProperty("gradle.user.home", gradleHome);
File gradleUserHome = project.getGradle().getGradleUserHomeDir();
nonInputProperties.systemProperty("gradle.user.home", gradleUserHome);
// we use 'temp' relative to CWD since this is per JVM and tests are forbidden from writing to CWD
nonInputProperties.systemProperty("java.io.tmpdir", test.getWorkingDir().toPath().resolve("temp"));

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import org.elasticsearch.gradle.internal.docker.DockerSupportService;
import org.elasticsearch.gradle.internal.info.BuildParams;
import org.elasticsearch.gradle.internal.InternalDistributionDownloadPlugin;
import org.elasticsearch.gradle.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.util.GradleUtils;
import org.elasticsearch.gradle.internal.conventions.util.Util;
import org.elasticsearch.gradle.internal.vagrant.VagrantBasePlugin;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
import org.elasticsearch.gradle.internal.ElasticsearchTestBasePlugin;
import org.elasticsearch.gradle.internal.FixtureStop;
import org.elasticsearch.gradle.internal.InternalTestClustersPlugin;
import org.elasticsearch.gradle.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster;
import org.elasticsearch.gradle.testclusters.StandaloneRestIntegTestTask;
import org.elasticsearch.gradle.testclusters.TestClustersPlugin;
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import com.avast.gradle.dockercompose.tasks.ComposeDown;
import com.avast.gradle.dockercompose.tasks.ComposePull;
import com.avast.gradle.dockercompose.tasks.ComposeUp;
import org.elasticsearch.gradle.internal.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.test.SystemPropertyCommandLineArgumentProvider;
import org.elasticsearch.gradle.internal.docker.DockerSupportPlugin;
import org.elasticsearch.gradle.internal.docker.DockerSupportService;
import org.elasticsearch.gradle.internal.info.BuildParams;
Expand Down
4 changes: 4 additions & 0 deletions build-tools/build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,10 @@ gradlePlugin {
id = 'elasticsearch.reaper'
implementationClass = 'org.elasticsearch.gradle.ReaperPlugin'
}
testpermissions {
id = 'elasticsearch.test-gradle-policy'
implementationClass = 'org.elasticsearch.gradle.test.GradleTestPolicySetupPlugin'
}
}
}

Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

package org.elasticsearch.gradle.test

import org.elasticsearch.gradle.fixtures.AbstractGradleFuncTest
import org.gradle.testkit.runner.TaskOutcome

class GradleTestPolicySetupPluginFuncTest extends AbstractGradleFuncTest {

def "configures test tasks"() {
given:
file("src/test/java/org/acme/SysPropTest.java") << """
package org.acme;
import static org.junit.Assert.*;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
public class SysPropTest {
@Test
public void verifySysProps() {
assertNotNull(System.getProperty("gradle.dist.lib"));
assertNotNull(System.getProperty("gradle.worker.jar"));
assertEquals(System.getProperty("tests.gradle"), "true");
assertEquals(System.getProperty("tests.task"), ":test");
}
}
"""

buildFile << """
plugins {
id "elasticsearch.test-gradle-policy"
id "java"
}
repositories {
mavenCentral()
}
dependencies {
testImplementation "junit:junit:4.13"
}
"""

when:
def result = gradleRunner('test', '-g', "guh1").build()

then:
result.task(":test").outcome == TaskOutcome.SUCCESS

when: // changing gradle user home
result = gradleRunner('test', '-g', "guh2").build()
then: // still up-to-date
result.task(":test").outcome == TaskOutcome.UP_TO_DATE
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@
import org.elasticsearch.gradle.VersionProperties;
import org.elasticsearch.gradle.dependencies.CompileOnlyResolvePlugin;
import org.elasticsearch.gradle.jarhell.JarHellPlugin;
import org.elasticsearch.gradle.test.GradleTestPolicySetupPlugin;
import org.elasticsearch.gradle.testclusters.ElasticsearchCluster;
import org.elasticsearch.gradle.testclusters.RunTask;
import org.elasticsearch.gradle.testclusters.TestClustersPlugin;
Expand Down Expand Up @@ -64,6 +65,7 @@ public void apply(final Project project) {
project.getPluginManager().apply(TestClustersPlugin.class);
project.getPluginManager().apply(CompileOnlyResolvePlugin.class);
project.getPluginManager().apply(JarHellPlugin.class);
project.getPluginManager().apply(GradleTestPolicySetupPlugin.class);

PluginPropertiesExtension extension = project.getExtensions().create(PLUGIN_EXTENSION_NAME, PluginPropertiesExtension.class, project);
configureDependencies(project);
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/*
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
* or more contributor license agreements. Licensed under the Elastic License
* 2.0 and the Server Side Public License, v 1; you may not use this file except
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/

package org.elasticsearch.gradle.test;

import org.gradle.api.Plugin;
import org.gradle.api.Project;
import org.gradle.api.invocation.Gradle;
import org.gradle.api.tasks.testing.Test;

public class GradleTestPolicySetupPlugin implements Plugin<Project> {

@Override
public void apply(Project project) {
Gradle gradle = project.getGradle();
project.getTasks().withType(Test.class).configureEach(test -> {
test.systemProperty("tests.gradle", true);
test.systemProperty("tests.task", test.getPath());

SystemPropertyCommandLineArgumentProvider nonInputProperties = new SystemPropertyCommandLineArgumentProvider();
// don't track these as inputs since they contain absolute paths and break cache relocatability
nonInputProperties.systemProperty("gradle.dist.lib", gradle.getGradleHomeDir().getAbsolutePath() + "/lib");
nonInputProperties.systemProperty(
"gradle.worker.jar",
gradle.getGradleUserHomeDir().getAbsolutePath() + "/caches/" + gradle.getGradleVersion() + "/workerMain/gradle-worker.jar"
);
test.getJvmArgumentProviders().add(nonInputProperties);
});
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
* in compliance with, at your election, the Elastic License 2.0 or the Server
* Side Public License, v 1.
*/
package org.elasticsearch.gradle.internal.test;
package org.elasticsearch.gradle.test;

import org.gradle.api.tasks.Input;
import org.gradle.process.CommandLineArgumentProvider;
Expand Down

0 comments on commit efd365c

Please sign in to comment.