uschindler opened a new pull request #12170:
URL: https://github.com/apache/druid/pull/12170
Improves workaround introduced in #12158.
### Description
In #12158 the fix to workaround an issue with forbiddenapis parsing a
missing signature in later Guava versions (actualy it is two of them) was to
enable a now-deprecated maven plugin setting:
`<failOnUnresolvableSignatures>false</failOnUnresolvableSignatures>`
This flag is very risky as it ignores signatures with typos in it. This was
made as a workaround for subprojects where some dependencies are missing, but
birngs the risk of not cathcing bugs because of typos.
In forbiddenapis 3.1 / 3.2 a new setting was added
`ignoreSignaturesOfMissingClasses=true`, as this still prevents typos in
signatures and just ignores those where the class is not existent. It then also
prints no warnings anymore!
The problem with that is that in case of Guava, which uses a newer version
of Guava in telemetry-emitter, a deprecated method was removed, so it triggers
"class found, but method missing".
The "correct" fix for those issues is to use separate signatures files per
dependency and only load them in sub-projects when the dependency is used. For
guava there should be 2 separate files. Unfortunately Maven is a bit limited,
as you cannot make the signatures file names dynamic based on dependency
versions. Lucene has gone this approach (we have a set of files per dependency)
and based on the Maven coordinates our Gradle build script enables them.
In this PR I used a hack, which requires a bit copypaste, because you can't
modify configurations of plugin, just replace (default) or add new list items,
but not remove them:
- a new signatures file was added: `guava16-forbidden-apis.txt`
- it is enabled by default in parent POM
- for telemetry-emitters the signatures files property is duplicated, with
the above file removed.
This PR has:
- [x] been self-reviewed.
- [x] using the [concurrency
checklist](https://github.com/apache/druid/blob/master/dev/code-review/concurrency.md)
(Remove this item if the PR doesn't have any relation to concurrency.)
- [x] added documentation for new or modified features or behaviors.
- [x] added Javadocs for most classes and all non-trivial methods. Linked
related entities via Javadoc links.
- [x] added or updated version, license, or notice information in
[licenses.yaml](https://github.com/apache/druid/blob/master/dev/license.md)
- [x] added comments explaining the "why" and the intent of the code
wherever would not be obvious for an unfamiliar reader.
- [x] added unit tests or modified existing tests to cover new code paths,
ensuring the threshold for [code
coverage](https://github.com/apache/druid/blob/master/dev/code-review/code-coverage.md)
is met.
- [x] added integration tests.
- [x] been tested in a test Druid cluster.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
