[TEST] Fix elasticsearch-security-cli JUnit runner #77800
Conversation
Using the JUnit test runner in this project failed when launched in an IDE. A "Jar Hell" error message was logged to console. Root cause was BC non-FIPS and BC FIPS on the test classpath at the same time. BC non-FIPS jars are imported by the project as api dependencies, and BC-FIPS jars were inherited as testImplementation dependencies from x-pack core module. JUnit test runner failures were triggered from ESTestCase. That super class loads BootstrapForTesting, which detects and rejects BC non-FIPS vs BC-FIPS on the classpath. Those two sets of jars conflict because they contain duplicate class names with different implementations. To fix the JUnit test runner error, build.gradle has been updated to exclude the BC-FIPS testImplementation dependencies inherited from x-pack core module. After the fix, the JUnit test runner works in an IDE for the elasticsearch-security-cli project. Reason for the fix is the JUnit test runner may be more convenient, or faster, to use in an IDE compared to the Gradle test runner. See also: elastic#69403
justincr-elastic
added
>bug
:Security/TLS
justincr-elastic
requested review from
albertzaharovits,
danhermann,
jkakavas and
tvernum
|
Pinging @elastic/es-security (Team:Security) |
justincr-elastic
added
>test
|
@elasticmachine run elasticsearch-ci/bwc |
|
@elasticmachine update branch |
jkakavas
left a comment
jkakavas
left a comment
There was a problem hiding this comment.
LGTM pending the one comment below. I was wondering if we should declare the dependency differently in
so that it doesn't leak intotestArtifact. Out of curiosity, I will defer to @elastic/es-delivery for an opinion, but I'm not sure it matters that much. The suggested solutions here works fine!
|
My other question is how do those tests not explode via JarHell when we run via Also another great reason why we should be using test fixtures, and not these "test artifact" dependencies because we end up pulling in way more than we need to 😦 I'll defer to @breskeby on what the best coarse of action is here. Removing the |
The answer will not delight you... |
|
I'm going to drop from the review list here. If @jkakavas and Delivery are happy, you don't need my opinions as well. |
Not delighted but not surprised either :D #51733 |
ywangd
left a comment
ywangd
left a comment
There was a problem hiding this comment.
LGTM
Thanks for getting to the bottom of this! I am OK with this approach since it fixes the problem at hand. Alternatively, I wonder whether we could eliminate the bc-fips jars from core's testArtifact when the test is not inFipsJvm (something like conditional dependency and compliation in core module). It has the advantage that individual consumer does not need to worry about excluding the jars on its own. So we don't get into this problem in another place or future.
the gradle default is that only |
|
I think the way to go forward to a proper fix is to only expose the api dependencies of the testartifact. That allows proper encapsulation of compile and runtime dependencies and is actually what api dependencies are about. You should not depend on a compileOnly or implementation dependency at compile time. |
Resolve review comment. Exclusions should be explicit. Only bc-fips is inherited from x-pack core module, so only exclude it. Do not exclude bcpg-fips. Although bcpg-fips is used in other projects like plugin-cli, it is not inherited from xpack core module. Proactively excluding it, in case it gets added to xpack core module later, is not a valid reason to proactively exclude it.
|
@elasticmachine update branch |
At least I'm not imagining things 😉 |
Yep, this makes sense to me. Essentially, |
|
@justincr-elastic @jkakavas I think this PR is outdated as the original problem should have been fixed by now via #78238 can you confirm this is no longer an issue for you? I just tested it manually in my idea setup with master |
|
@justincr-elastic can we close this ? |
|
Closing because it is addressed by the other PR. |
9 participants
Using the JUnit test runner in this project failed when launched in
an IDE. A "Jar Hell" error message was logged to console.
Root cause was BC non-FIPS and BC FIPS on the test classpath at the
same time. BC non-FIPS jars are imported by the project as api
dependencies, and BC-FIPS jars were inherited as testImplementation
dependencies from x-pack core module.
JUnit test runner failures were triggered from ESTestCase. That super
class loads BootstrapForTesting, which detects and rejects BC non-FIPS
vs BC-FIPS on the classpath. Those two sets of jars conflict because
they contain duplicate class names with different implementations.
To fix the JUnit test runner error, build.gradle has been updated to
exclude the BC-FIPS testImplementation dependencies inherited
from x-pack core module. After the fix, the JUnit test runner works
in an IDE for the elasticsearch-security-cli project.
Reason for the fix is the JUnit test runner may be more convenient,
or faster, to use in an IDE compared to the Gradle test runner.
See also: #69403