This is an automated email from the ASF dual-hosted git repository.
snazy pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/polaris.git
The following commit(s) were added to refs/heads/main by this push:
new 2b994febd Ban `javax.*` dependencies (#3866)
2b994febd is described below
commit 2b994febd1a8f813df4d71a9363cf034573ca140
Author: Robert Stupp <[email protected]>
AuthorDate: Tue Feb 24 18:52:09 2026 +0100
Ban `javax.*` dependencies (#3866)
The `javax.*` group ID artifacts are often GPL+CE licensed, which is often
concerning, even if it is not a real issue. Technically, we do not need those
dependencies in production code. This means that we can savely remove those
dependencies from the Quarkus production runtime.
Due to the Spark integration tests, as Spark needs the old Servlet API in
the `javax.*` namespace, we cannot globally ban the old servlet API, which
causes some special handling.
---
.../src/main/kotlin/polaris-java.gradle.kts | 72 ++++++++++++++++------
gradle/banned-dependencies.txt | 7 +++
...es.txt => banned-quarkus-prod-dependencies.txt} | 9 +--
integration-tests/build.gradle.kts | 2 +
.../PolarisManagementServiceIntegrationTest.java | 53 ++++++++--------
5 files changed, 92 insertions(+), 51 deletions(-)
diff --git a/build-logic/src/main/kotlin/polaris-java.gradle.kts
b/build-logic/src/main/kotlin/polaris-java.gradle.kts
index f0c196b0a..43d6f0ccb 100644
--- a/build-logic/src/main/kotlin/polaris-java.gradle.kts
+++ b/build-logic/src/main/kotlin/polaris-java.gradle.kts
@@ -17,13 +17,13 @@
* under the License.
*/
+import asf.AsfProject.Companion.unsafeCast
import java.util.Properties
import kotlin.jvm.java
import net.ltgt.gradle.errorprone.CheckSeverity
import net.ltgt.gradle.errorprone.errorprone
import org.gradle.api.tasks.compile.JavaCompile
import org.gradle.api.tasks.testing.Test
-import org.gradle.kotlin.dsl.assign
import org.gradle.kotlin.dsl.named
import org.kordamp.gradle.plugin.jandex.JandexExtension
import org.kordamp.gradle.plugin.jandex.JandexPlugin
@@ -238,26 +238,62 @@ tasks.register("printRuntimeClasspath").configure {
}
}
-configurations.all {
- rootProject
- .file("gradle/banned-dependencies.txt")
- .readText(Charsets.UTF_8)
- .trim()
- .lines()
- .map { it.trim() }
- .filterNot { it.isBlank() || it.startsWith("#") }
- .forEach { line ->
- val idx = line.indexOf(':')
- if (idx == -1) {
- exclude(group = line)
- } else {
- val group = line.substring(0, idx)
- val module = line.substring(idx + 1)
- exclude(group = group, module = module)
- }
+class BannedDependency(val group: String, val module: String?) {
+ fun exclude(configuration: Configuration) = configuration.exclude(group =
group, module = module)
+
+ companion object {
+ fun parseList(file: File): List<BannedDependency> =
+ file
+ .readText(Charsets.UTF_8)
+ .trim()
+ .lines()
+ .map { it.trim() }
+ .filterNot { it.isBlank() || it.startsWith("#") }
+ .map { line ->
+ val idx = line.indexOf(':')
+ if (idx == -1) {
+ BannedDependency(line, null)
+ } else {
+ val group = line.substring(0, idx)
+ val module = line.substring(idx + 1)
+ BannedDependency(group, module)
+ }
+ }
+ }
+}
+
+class BannedDependencies(
+ val globallyBanned: List<BannedDependency>,
+ val quarkusProdBanned: List<BannedDependency>,
+) {
+ fun applyTo(configuration: Configuration) {
+ globallyBanned.forEach { it.exclude(configuration) }
+ if (configuration.name.startsWith("quarkusProd")) {
+ quarkusProdBanned.forEach { it.exclude(configuration) }
}
+ }
+
+ fun applyTo(configurations: ConfigurationContainer) {
+ configurations.all { applyTo(this) }
+ }
+}
+
+fun bannedDependencies(): BannedDependencies {
+ return if (rootProject.extra.has("bannedDependencies")) {
+ unsafeCast(rootProject.extra["bannedDependencies"]) as BannedDependencies
+ } else {
+ val bannedDependencies =
+ BannedDependencies(
+
BannedDependency.parseList(rootProject.file("gradle/banned-dependencies.txt")),
+
BannedDependency.parseList(rootProject.file("gradle/banned-quarkus-prod-dependencies.txt")),
+ )
+ rootProject.extra["bannedDependencies"] = bannedDependencies
+ bannedDependencies
+ }
}
+bannedDependencies().applyTo(configurations)
+
gradle.sharedServices.registerIfAbsent(
"intTestParallelismConstraint",
TestingParallelismHelper::class.java,
diff --git a/gradle/banned-dependencies.txt b/gradle/banned-dependencies.txt
index 39312e388..51aac28fa 100644
--- a/gradle/banned-dependencies.txt
+++ b/gradle/banned-dependencies.txt
@@ -18,6 +18,7 @@
#
# This file contains the globally banned dependencies.
+
# Each banned dependency must be in the form
# <group-id> ':' <module>
# or
@@ -26,6 +27,12 @@
# Contains old javax.* annotations that we do not want
com.google.code.findbugs:jsr305
+javax.annotation:javax.annotation-api
+javax.servlet.jsp:jsp-api
+# Cannot globally ban javax.servlet:javax.servlet-api, because it is needed by
Spark 3.5 integration tests
+javax.validation:validation-api
+javax.ws.rs:jsr311-api
+
# See https://github.com/RoaringBitmap/RoaringBitmap/issues/749, should only
use org.roaringbitmap:RoaringBitmap
com.github.RoaringBitmap.RoaringBitmap
diff --git a/gradle/banned-dependencies.txt
b/gradle/banned-quarkus-prod-dependencies.txt
similarity index 77%
copy from gradle/banned-dependencies.txt
copy to gradle/banned-quarkus-prod-dependencies.txt
index 39312e388..90b41d482 100644
--- a/gradle/banned-dependencies.txt
+++ b/gradle/banned-quarkus-prod-dependencies.txt
@@ -17,7 +17,8 @@
# under the License.
#
-# This file contains the globally banned dependencies.
+# This file contains the dependencies banned from Quarkus production runtime.
+
# Each banned dependency must be in the form
# <group-id> ':' <module>
# or
@@ -25,8 +26,4 @@
# Contains old javax.* annotations that we do not want
-com.google.code.findbugs:jsr305
-
-# See https://github.com/RoaringBitmap/RoaringBitmap/issues/749, should only
use org.roaringbitmap:RoaringBitmap
-com.github.RoaringBitmap.RoaringBitmap
-org.roaringbitmap:roaringbitmap
+javax.servlet:javax.servlet-api
diff --git a/integration-tests/build.gradle.kts
b/integration-tests/build.gradle.kts
index f91f327c9..2bb985545 100644
--- a/integration-tests/build.gradle.kts
+++ b/integration-tests/build.gradle.kts
@@ -58,6 +58,8 @@ dependencies {
exclude("org.slf4j", "jul-to-slf4j")
}
+ implementation(libs.jakarta.ws.rs.api)
+
implementation(platform(libs.junit.bom))
implementation("org.junit.jupiter:junit-jupiter")
implementation("org.junit.jupiter:junit-jupiter-api")
diff --git
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java
index 7b7d6febb..cd3f7f15d 100644
---
a/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java
+++
b/integration-tests/src/main/java/org/apache/polaris/service/it/test/PolarisManagementServiceIntegrationTest.java
@@ -18,8 +18,8 @@
*/
package org.apache.polaris.service.it.test;
-import static javax.ws.rs.core.Response.Status.CREATED;
-import static javax.ws.rs.core.Response.Status.FORBIDDEN;
+import static jakarta.ws.rs.core.Response.Status.CREATED;
+import static jakarta.ws.rs.core.Response.Status.FORBIDDEN;
import static org.apache.polaris.service.it.env.PolarisClient.polarisClient;
import static
org.apache.polaris.service.it.test.PolarisApplicationIntegrationTest.PRINCIPAL_ROLE_ALL;
import static org.assertj.core.api.Assertions.assertThat;
@@ -188,7 +188,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi.createPrincipal(client.newEntityName("a_new_user"));
String authToken = client.obtainToken(principal);
try (Response response =
client.managementApi(authToken).request("v1/catalogs").get()) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
}
@@ -200,7 +200,7 @@ public class PolarisManagementServiceIntegrationTest {
.post(
Entity.json(
"{\"catalog\":{\"type\":\"INTERNAL\",\"name\":\"my-catalog\",\"properties\":{\"default-base-location\":\"s3://my-bucket/path/to/data\"},\"storageConfigInfo\":{\"storageType\":\"S3\",\"roleArn\":\"arn:aws:iam::123456789012:role/my-role\",\"externalId\":\"externalId\",\"userArn\":\"userArn\",\"allowedLocations\":[\"s3://my-old-bucket/path/to/data\"]}}}")))
{
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// 204 Successful delete
@@ -230,7 +230,7 @@ public class PolarisManagementServiceIntegrationTest {
.setStorageConfigInfo(awsConfigModel)
.build();
try (Response response =
managementApi.request("v1/catalogs").post(Entity.json(catalog))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
String longInvalidName = newRandomString(MAX_IDENTIFIER_LENGTH + 1);
@@ -282,7 +282,7 @@ public class PolarisManagementServiceIntegrationTest {
.build();
try (Response response =
managementApi.request("v1/catalogs").post(Entity.json(new
CreateCatalogRequest(catalog)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
try (Response response =
managementApi.request("v1/catalogs/my-catalog").get()) {
assertThat(response).returns(Response.Status.OK.getStatusCode(),
Response::getStatus);
@@ -431,7 +431,7 @@ public class PolarisManagementServiceIntegrationTest {
.build();
try (Response response =
managementApi.request("v1/catalogs").post(Entity.json(new
CreateCatalogRequest(catalog)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// 200 successful GET after creation
@@ -819,7 +819,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi.createPrincipal(client.newEntityName("new_admin"));
String authToken = client.obtainToken(principal);
try (Response response =
client.managementApi(authToken).request("v1/principals").get()) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
}
@@ -842,7 +842,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi
.request("v1/principals/{p}/rotate", Map.of("p",
principal.getName()))
.post(Entity.json(""))) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
String oldUserToken = client.obtainToken(creds);
@@ -853,7 +853,7 @@ public class PolarisManagementServiceIntegrationTest {
.managementApi(oldUserToken)
.request("v1/principals/{p}", Map.of("p", principal.getName()))
.get()) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
ErrorResponse error = response.readEntity(ErrorResponse.class);
assertThat(error)
.isNotNull()
@@ -932,7 +932,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/principals/{p}/reset", Map.of("p",
principal.getName()))
.post(Entity.json(customBody))) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
}
@@ -1288,7 +1288,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/catalogs/{cat}/catalog-roles", Map.of("cat",
catalogName))
.post(Entity.json(new CreateCatalogRoleRequest(catalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// Second attempt to create the same entity should fail with CONFLICT.
@@ -1428,7 +1428,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/principals")
.post(Entity.json(new CreatePrincipalRequest(principal1, false))))
{
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
Principal principal2 = new Principal(client.newEntityName("myprincipal2"));
@@ -1437,7 +1437,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/principals")
.post(Entity.json(new CreatePrincipalRequest(principal2, false))))
{
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// One PrincipalRole
@@ -1450,7 +1450,7 @@ public class PolarisManagementServiceIntegrationTest {
.request(
"v1/principals/{prince}/principal-roles", Map.of("prince",
principal1.getName()))
.put(Entity.json(principalRole))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// Should list myprincipalrole
@@ -1582,7 +1582,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/catalogs/{cat}/catalog-roles", Map.of("cat",
catalog.getName()))
.post(Entity.json(new CreateCatalogRoleRequest(catalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// Create another one in a different catalog.
@@ -1601,7 +1601,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/catalogs/{cat}/catalog-roles", Map.of("cat",
otherCatalog.getName()))
.post(Entity.json(new
CreateCatalogRoleRequest(otherCatalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// Assign both the roles to mypr1
@@ -1612,7 +1612,7 @@ public class PolarisManagementServiceIntegrationTest {
Map.of("pr", principalRole1.getName(), "cat",
catalog.getName()))
.put(Entity.json(new GrantCatalogRoleRequest(catalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
try (Response response =
managementApi
@@ -1621,7 +1621,7 @@ public class PolarisManagementServiceIntegrationTest {
Map.of("pr", principalRole1.getName(), "cat",
otherCatalog.getName()))
.put(Entity.json(new GrantCatalogRoleRequest(otherCatalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
// Should list only mycr
@@ -1787,7 +1787,7 @@ public class PolarisManagementServiceIntegrationTest {
+ "/"
+ catalogRoleName)
.delete()) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
// The service admin can revoke the role because it has the
@@ -1879,8 +1879,7 @@ public class PolarisManagementServiceIntegrationTest {
+ catalogName
+ "/catalog_admin")
.delete()) {
- assertThat(response)
- .returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
} finally {
// grant the admin role back to service_admin so that cleanup can happen
@@ -1953,7 +1952,7 @@ public class PolarisManagementServiceIntegrationTest {
.managementApi(catalogAdminToken)
.request("v1/principal-roles/" + principalRoleName +
"/catalog-roles/" + catalogName2)
.put(Entity.json(new GrantCatalogRoleRequest(new
CatalogRole(catalogRoleName))))) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
}
@@ -2046,7 +2045,7 @@ public class PolarisManagementServiceIntegrationTest {
.request("v1/principal-roles/" + principalRoleName +
"/catalog-roles/" + catalogName)
.put(
Entity.json(new GrantCatalogRoleRequest(new
CatalogRole("target_catalog_role"))))) {
- assertThat(response).returns(Response.Status.FORBIDDEN.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(FORBIDDEN.getStatusCode(),
Response::getStatus);
}
// The user cannot grant catalog-level privileges to the catalog role
@@ -2223,7 +2222,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi
.request("v1/catalogs/{cat}/catalog-roles", Map.of("cat",
catalogName))
.post(Entity.json(new CreateCatalogRoleRequest(okCatalogRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
UpdateCatalogRoleRequest updateRequest =
@@ -2271,7 +2270,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi
.request("v1/principal-roles")
.post(Entity.json(new
CreatePrincipalRoleRequest(goodPrincipalRole)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
UpdatePrincipalRoleRequest badUpdate =
@@ -2310,7 +2309,7 @@ public class PolarisManagementServiceIntegrationTest {
managementApi
.request("v1/principals")
.post(Entity.json(new CreatePrincipalRequest(goodPrincipal,
false)))) {
- assertThat(response).returns(Response.Status.CREATED.getStatusCode(),
Response::getStatus);
+ assertThat(response).returns(CREATED.getStatusCode(),
Response::getStatus);
}
UpdatePrincipalRequest badUpdate =
