joewitt commented on PR #8863: URL: https://github.com/apache/nifi/pull/8863#issuecomment-2125151038
Ok i'm getting closer to following what is going on. Let's keep the convo here instead of JIRA to be in one place. So the controller service uses com.google.auth:google-auth-library-oauth2-http which has a bunch of dependencies. You wanted to exclude all those in the nifi-gcp-nar so they're not duplicated. You added two more that were not part of the dependency chain of com.google.auth:google-auth-library-oauth2-http such as 'grpc-core' and 'grpc-util' because you discovered that 'grpc-api' has a reflective dependency on these libraries (which is wild). However, since it is loaded via reflection the classloader should be the child classloader and it seems to be should not be necessary to move them up to the top area. Did it fail for you otherwise or you chose to keep them together for consistency? I ask because if you look in the nifi-gcp-nar dependency tree there are many other 'io.grpc' dependencies that we do allow to remain in that child nar. This is a long winded way of saying I get why you're excluding all the items in the nifi-gcp-nar. Though I wonder why not simply mark the com.google.auth:google-auth-library-oauth2-http dependency as provided which then should address any dependencies it has naturally. To be clear we can just keep it as-is in the PR and move on. My concern is just to ensure we do the minimal pom magic and let the dependency management do its work as best we can. So before we throw in the towel and keep as-is i'd like to make sure we're there. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
