[
https://issues.apache.org/jira/browse/BEAM-2080?focusedWorklogId=111712&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-111712
]
ASF GitHub Bot logged work on BEAM-2080:
----------------------------------------
Author: ASF GitHub Bot
Created on: 13/Jun/18 22:49
Start Date: 13/Jun/18 22:49
Worklog Time Spent: 10m
Work Description: davorbonaci closed pull request #2688: [BEAM-2080]: Add
a custom enforcer rule to check for banned classes.
URL: https://github.com/apache/beam/pull/2688
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/.test-infra/maven/enforcer-rules/pom.xml
b/.test-infra/maven/enforcer-rules/pom.xml
new file mode 100644
index 00000000000..af85a773e5f
--- /dev/null
+++ b/.test-infra/maven/enforcer-rules/pom.xml
@@ -0,0 +1,93 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ Licensed to the Apache Software Foundation (ASF) under one or more
+ contributor license agreements. See the NOTICE file distributed with
+ this work for additional information regarding copyright ownership.
+ The ASF licenses this file to You under the Apache License, Version 2.0
+ (the "License"); you may not use this file except in compliance with
+ the License. You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0";
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0
http://maven.apache.org/xsd/maven-4.0.0.xsd";>
+ <parent>
+ <artifactId>beam-parent</artifactId>
+ <groupId>org.apache.beam</groupId>
+ <version>2.1.0-SNAPSHOT</version>
+ <relativePath>../../../pom.xml</relativePath>
+ </parent>
+ <modelVersion>4.0.0</modelVersion>
+ <artifactId>beam-maven-enforcer-rules</artifactId>
+ <name>Apache Beam :: Maven Enforcer Rules</name>
+
+ <dependencies>
+ <dependency>
+ <groupId>org.apache.maven.enforcer</groupId>
+ <artifactId>enforcer-api</artifactId>
+ <version>1.4.1</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven</groupId>
+ <artifactId>maven-project</artifactId>
+ <version>2.0.11</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven</groupId>
+ <artifactId>maven-artifact</artifactId>
+ <version>3.5.0</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven</groupId>
+ <artifactId>maven-plugin-api</artifactId>
+ <version>2.0.11</version>
+ </dependency>
+ <dependency>
+ <groupId>org.codehaus.plexus</groupId>
+ <artifactId>plexus-container-default</artifactId>
+ <version>1.0-alpha-9</version>
+ </dependency>
+ <dependency>
+ <groupId>junit</groupId>
+ <artifactId>junit</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-shade-plugin</artifactId>
+ <version>3.0.0</version>
+ </dependency>
+ </dependencies>
+ <build>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <!-- Do no execute this plugin in the parent pom as this leads to
cirular dependecy issue
+ with custom rules.
+ -->
+ <executions>
+ <execution>
+ <id>enforce</id>
+ <phase>none</phase>
+ </execution>
+ <execution>
+ <id>enforce-banned-dependencies</id>
+ <phase>none</phase>
+ </execution>
+ <execution>
+ <id>enforce-banned-classes</id>
+ <phase>none</phase>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
+ </build>
+</project>
\ No newline at end of file
diff --git
a/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/BannedClasses.java
b/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/BannedClasses.java
new file mode 100644
index 00000000000..f6cbdd70f46
--- /dev/null
+++
b/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/BannedClasses.java
@@ -0,0 +1,124 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.beam.maven.enforcer.rules;
+
+import java.io.IOException;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.jar.JarEntry;
+import java.util.jar.JarFile;
+import org.apache.maven.artifact.Artifact;
+import org.apache.maven.enforcer.rule.api.EnforcerRule;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleException;
+import org.apache.maven.enforcer.rule.api.EnforcerRuleHelper;
+import org.apache.maven.plugin.logging.Log;
+import org.apache.maven.plugins.shade.filter.SimpleFilter;
+import org.apache.maven.project.MavenProject;
+import
org.codehaus.plexus.component.configurator.expression.ExpressionEvaluationException;
+
+/**
+ * A custom {@link EnforcerRule} that looks at the artifact jar to ensure it
does not contain any
+ * of the banned classes provided as input to this rule.
+ *
+ * <p>The banned class is specified as a relative path in the artifact jar. A
fully qualified class
+ * file path or a wildcard path (ending with / or **) is allowed. For example:
+ * <ul>
+ * <li>a/b/c/d.class</li>
+ * <li>m/n/**</li>
+ * <li>x/y/z/</li>
+ * </ul>
+ *
+ * <p>Note: This rule is specifically useful for uber jars.</p>
+ */
+public class BannedClasses implements EnforcerRule {
+
+ private String[] excludes;
+
+ @Override
+ public void execute(EnforcerRuleHelper helper) throws EnforcerRuleException {
+ Log log = helper.getLog();
+ log.info("Executing BannedClasses enforcer rule.");
+ try {
+ MavenProject project = (MavenProject) helper.evaluate("${project}");
+
+ // Find banned classes from the current artifact.
+ if (excludes != null) {
+ Set<String> bannedClassesInArtifact =
findBannedClasses(project.getArtifact(), excludes);
+ if (!bannedClassesInArtifact.isEmpty()) {
+ throw new EnforcerRuleException(
+ String.format("Found following banned classes in artifact %s:
\n%s",
+ project.getArtifact(), bannedClassesInArtifact));
+ }
+ }
+ } catch (ExpressionEvaluationException e) {
+ throw new EnforcerRuleException(
+ "Unable to lookup an expression " + e.getLocalizedMessage(), e);
+ }
+ }
+
+ private static Set<String> findBannedClasses(Artifact artifact, String[]
bannedClasses)
+ throws EnforcerRuleException {
+ Set<String> found = new HashSet<>();
+ if (artifact.getFile() != null
+ && artifact.getFile().isFile()
+ && "jar".equals(artifact.getType())) {
+ try (JarFile jarFile = new JarFile(artifact.getFile())) {
+ // A filter that excludes the specified banned classes. It matches the
full path or a
+ // wildcard path that ends with / or **.
+ SimpleFilter filter = new SimpleFilter(null, null,
+ bannedClasses == null ? null : new
HashSet(Arrays.asList(bannedClasses)));
+
+ for (JarEntry entry: Collections.list(jarFile.entries())) {
+ if (!entry.isDirectory() && filter.isFiltered(entry.getName())) {
+ found.add(entry.getName());
+ }
+ }
+ } catch (IOException e) {
+ throw new EnforcerRuleException("Cannot find artifact jar " +
e.getLocalizedMessage(), e);
+ }
+ } else {
+ // If artifact file is empty when executed for an empty parent pom, we
just ignore them.
+ if (artifact.getFile() != null) {
+ String message = String.format("The artifact type should be a jar, but
found: '%s' "
+ + "of type: %s. Make sure that this rule is bound to a phase
that includes "
+ + "'package' phase",
+ artifact.getFile(), artifact.getType());
+ throw new EnforcerRuleException(message);
+ }
+ }
+ return found;
+ }
+
+ @Override
+ public boolean isCacheable() {
+ return false;
+ }
+
+ @Override
+ public boolean isResultValid(EnforcerRule cachedRule) {
+ return false;
+ }
+
+ @Override
+ public String getCacheId() {
+ return null;
+ }
+}
diff --git
a/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/package-info.java
b/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/package-info.java
new file mode 100644
index 00000000000..804a1fcef0c
--- /dev/null
+++
b/.test-infra/maven/enforcer-rules/src/main/java/org/apache/beam/maven/enforcer/rules/package-info.java
@@ -0,0 +1,21 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Provides custom maven enforcer rules for managing dependencies.
+ */
+package org.apache.beam.maven.enforcer.rules;
diff --git a/examples/pom.xml b/examples/pom.xml
index a7e61dd2ff1..0b1bcc53459 100644
--- a/examples/pom.xml
+++ b/examples/pom.xml
@@ -65,6 +65,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ </plugin>
</plugins>
</build>
diff --git a/pom.xml b/pom.xml
index eaca6b7ff66..133e4ce0c7a 100644
--- a/pom.xml
+++ b/pom.xml
@@ -155,6 +155,7 @@
<modules>
<!-- sdks/java/build-tools has project-wide configuration. To make these
available
in all modules, link it directly to the parent pom.xml. -->
+ <module>.test-infra/maven/enforcer-rules</module>
<module>sdks/java/build-tools</module>
<module>sdks</module>
<module>runners</module>
@@ -164,8 +165,8 @@
</modules>
<profiles>
- <!-- A global profile defined for all modules for release-level
verification.
- Optional processes such as building source and javadoc should be limited
+ <!-- A global profile defined for all modules for release-level
verification.
+ Optional processes such as building source and javadoc should be limited
to this profile. -->
<profile>
<id>release</id>
@@ -482,7 +483,7 @@
<artifactId>beam-sdks-java-io-hadoop-input-format</artifactId>
<version>${project.version}</version>
</dependency>
-
+
<dependency>
<groupId>org.apache.beam</groupId>
<artifactId>beam-runners-core-construction-java</artifactId>
@@ -720,13 +721,13 @@
<artifactId>google-auth-library-credentials</artifactId>
<version>${google-auth.version}</version>
</dependency>
-
+
<dependency>
<groupId>com.google.auth</groupId>
<artifactId>google-auth-library-oauth2-http</artifactId>
<version>${google-auth.version}</version>
<exclusions>
- <!-- Exclude an old version of guava that is being pulled in by a
transitive
+ <!-- Exclude an old version of guava that is being pulled in by a
transitive
dependency of google-api-client -->
<exclusion>
<groupId>com.google.guava</groupId>
@@ -796,7 +797,7 @@
<artifactId>google-api-services-storage</artifactId>
<version>${storage.version}</version>
<exclusions>
- <!-- Exclude an old version of guava that is being pulled in by a
transitive
+ <!-- Exclude an old version of guava that is being pulled in by a
transitive
dependency of google-api-client -->
<exclusion>
<groupId>com.google.guava</groupId>
@@ -871,7 +872,7 @@
<artifactId>google-api-services-dataflow</artifactId>
<version>${dataflow.version}</version>
<exclusions>
- <!-- Exclude an old version of guava that is being pulled in by a
transitive
+ <!-- Exclude an old version of guava that is being pulled in by a
transitive
dependency of google-api-client -->
<exclusion>
<groupId>com.google.guava</groupId>
@@ -885,7 +886,7 @@
<artifactId>google-api-services-clouddebugger</artifactId>
<version>${clouddebugger.version}</version>
<exclusions>
- <!-- Exclude an old version of guava that is being pulled in by a
transitive
+ <!-- Exclude an old version of guava that is being pulled in by a
transitive
dependency of google-api-client -->
<exclusion>
<groupId>com.google.guava</groupId>
@@ -986,7 +987,7 @@
<artifactId>byte-buddy</artifactId>
<version>1.6.8</version>
</dependency>
-
+
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-expression</artifactId>
@@ -1087,7 +1088,7 @@
<artifactId>maven-antrun-plugin</artifactId>
<version>1.8</version>
</plugin>
-
+
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
@@ -1358,7 +1359,7 @@
</configuration>
</plugin>
- <!-- This plugin's configuration tells the m2e plugin how to import
this
+ <!-- This plugin's configuration tells the m2e plugin how to import
this
Maven project into the Eclipse environment. -->
<plugin>
<groupId>org.eclipse.m2e</groupId>
@@ -1586,6 +1587,86 @@
</execution>
</executions>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <version>1.4.1</version>
+ <executions>
+ <execution>
+ <id>enforce</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <enforceBytecodeVersion>
+ <maxJdkVersion>1.7</maxJdkVersion>
+ <excludes>
+ <!--
+ Supplied by the user JDK and compiled with matching
+ version. Is not shaded, so safe to ignore.
+ -->
+ <exclude>jdk.tools:jdk.tools</exclude>
+ </excludes>
+ </enforceBytecodeVersion>
+ <requireJavaVersion>
+ <version>[1.7,)</version>
+ </requireJavaVersion>
+ <requireMavenVersion>
+ <!-- Keep aligned with preqrequisite section below. -->
+ <version>[3.2,)</version>
+ </requireMavenVersion>
+ </rules>
+ </configuration>
+ </execution>
+ <execution>
+ <id>enforce-banned-dependencies</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <bannedDependencies>
+ <excludes>
+ <exclude>com.google.guava:guava-jdk5</exclude>
+ <exclude>com.google.protobuf:protobuf-lite</exclude>
+ </excludes>
+ </bannedDependencies>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ <execution>
+ <id>enforce-banned-classes</id>
+ <phase>verify</phase>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <bannedClasses
implementation="org.apache.beam.maven.enforcer.rules.BannedClasses">
+ <excludes>
+ <exclude>com/google/**</exclude>
+ <exclude>org/apache/maven/**</exclude>
+ </excludes>
+ </bannedClasses>
+ </rules>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>extra-enforcer-rules</artifactId>
+ <version>1.0-beta-6</version>
+ </dependency>
+ <dependency>
+ <groupId>org.apache.beam</groupId>
+ <artifactId>beam-maven-enforcer-rules</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
</pluginManagement>
@@ -1608,60 +1689,25 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-enforcer-plugin</artifactId>
- <version>1.4.1</version>
+ <!-- Do no execute this plugin in the parent pom as this leads to
cirular dependecy issue
+ with custom rules.
+ -->
<executions>
<execution>
<id>enforce</id>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <rules>
- <enforceBytecodeVersion>
- <maxJdkVersion>1.7</maxJdkVersion>
- <excludes>
- <!--
- Supplied by the user JDK and compiled with matching
- version. Is not shaded, so safe to ignore.
- -->
- <exclude>jdk.tools:jdk.tools</exclude>
- </excludes>
- </enforceBytecodeVersion>
- <requireJavaVersion>
- <version>[1.7,)</version>
- </requireJavaVersion>
- <requireMavenVersion>
- <!-- Keep aligned with preqrequisite section below. -->
- <version>[3.2,)</version>
- </requireMavenVersion>
- </rules>
- </configuration>
+ <phase>none</phase>
</execution>
<execution>
<id>enforce-banned-dependencies</id>
- <goals>
- <goal>enforce</goal>
- </goals>
- <configuration>
- <rules>
- <bannedDependencies>
- <excludes>
- <exclude>com.google.guava:guava-jdk5</exclude>
- <exclude>com.google.protobuf:protobuf-lite</exclude>
- </excludes>
- </bannedDependencies>
- </rules>
- <fail>true</fail>
- </configuration>
+ <phase>none</phase>
+ </execution>
+ <execution>
+ <id>enforce-banned-classes</id>
+ <phase>none</phase>
</execution>
</executions>
- <dependencies>
- <dependency>
- <groupId>org.codehaus.mojo</groupId>
- <artifactId>extra-enforcer-rules</artifactId>
- <version>1.0-beta-6</version>
- </dependency>
- </dependencies>
+ <!-- Child poms should not inherit this as this disables the plugin.
-->
+ <inherited>false</inherited>
</plugin>
<plugin>
<groupId>org.codehaus.mojo</groupId>
diff --git a/runners/pom.xml b/runners/pom.xml
index 38aada80aa2..7eaf1e19563 100644
--- a/runners/pom.xml
+++ b/runners/pom.xml
@@ -62,6 +62,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ </plugin>
</plugins>
</build>
</project>
diff --git a/sdks/java/maven-archetypes/pom.xml
b/sdks/java/maven-archetypes/pom.xml
index b7fe2747daa..5104f7b582d 100644
--- a/sdks/java/maven-archetypes/pom.xml
+++ b/sdks/java/maven-archetypes/pom.xml
@@ -69,7 +69,7 @@
</plugin>
</plugins>
</pluginManagement>
-
+
<plugins>
<!-- Disable the Maven jar plugin because Maven archetypes
are packaged using the Maven archetype packaging plugin. -->
@@ -83,6 +83,23 @@
</execution>
<execution>
<id>default-test-jar</id>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>enforce</id>
+ <phase>none</phase>
+ </execution>
+ <execution>
+ <id>enforce-banned-dependencies</id>
+ <phase>none</phase>
+ </execution>
+ <execution>
+ <id>enforce-banned-classes</id>
<phase>none</phase>
</execution>
</executions>
diff --git a/sdks/pom.xml b/sdks/pom.xml
index 27b9610d11e..ba54cbab4b5 100644
--- a/sdks/pom.xml
+++ b/sdks/pom.xml
@@ -58,6 +58,10 @@
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-checkstyle-plugin</artifactId>
</plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ </plugin>
</plugins>
</build>
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 111712)
Time Spent: 20m (was: 10m)
> Add custom maven enforcer rules to catch banned classes and dependencies
> ------------------------------------------------------------------------
>
> Key: BEAM-2080
> URL: https://issues.apache.org/jira/browse/BEAM-2080
> Project: Beam
> Issue Type: Improvement
> Components: build-system
> Affects Versions: Not applicable
> Reporter: Vikas Kedigehalli
> Assignee: Vikas Kedigehalli
> Priority: Minor
> Time Spent: 20m
> Remaining Estimate: 0h
>
> The maven enforcer plugin standard rules aren't sufficient to catch certain
> issues like:
> * An artifact built as an uber/bundled jar (usually with shade plugin)
> including banned classes.
> * An artifact pom that depends on banned dependencies. (bannedDependencies
> rule provided by enforcer plugin doesn't work always because it doesn't look
> at the dependency-reduced-pom generated by shade plugin)
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
