Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Produce Palantir CA Plugin #161

Merged
merged 4 commits into from
Feb 13, 2023
Merged

Produce Palantir CA Plugin #161

merged 4 commits into from
Feb 13, 2023

Conversation

CRogers
Copy link
Contributor

@CRogers CRogers commented Feb 13, 2023

Before this PR

We had a class that enabled other plugins to call it and it would include the Palantir corporate CA cert into JDKs, if it exists in the system truststore. This enables people to run tests in open source projects that hit public webservers from within the corporate VPN.

However, none of the other plugins (gradle-jdks-latest or gradle-jdks-internal) actually enable this.

After this PR

We now produce a plugin rather than a class so multiple other plugins can apply it without worrying if it's already been applied.

==COMMIT_MSG==
Produce com.palantir.jdks.palantir-ca plugin for use by other Gradle plugins to enable using open source projects from within the corporate VPN.
==COMMIT_MSG==

Possible downsides?

@changelog-app
Copy link

changelog-app bot commented Feb 13, 2023
edited by CRogers
Loading

Generate changelog in changelog/@unreleased

Type

  • Feature
  • Improvement
  • Fix
  • Break
  • Deprecation
  • Manual task
  • Migration

Description

Produce com.palantir.jdks.palantir-ca plugin for use by other Gradle plugins to enable using open source projects from within the corporate VPN.

Check the box to generate changelog(s)

  • Generate changelog entry

felixdesouza
felixdesouza reviewed Feb 13, 2023
View reviewed changes
gradle-jdks/src/main/java/com/palantir/gradle/jdks/PalantirCaPlugin.java
private static final BigInteger PALANTIR_3RD_GEN_SERIAL = new BigInteger("18126334688741185161");

public static void applyToRootProject(Project rootProject, boolean strict) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should strict still not be configurable via some extension? the failures will effectively be silent as most builds don't run with --info ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We want the failures to be silent, at least on open source, as external contributors who do not have the palantir CA in their truststore need to run the code.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Notable: public circleci

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Internally, it's a different matter - maybe it's good to have this explode if it can't find the cert. However, people shouldn't really be anything other than our internal mirror anyway. We'd probably need to have support for windows if we did do this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should warn rather than info internally, so at least it's obvious...

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It now has configurable log levels, which we can set to warn internally, so people will bug us if this starts to fail at least rather than going unnoticed.

@CRogers CRogers mentioned this pull request Feb 13, 2023
Merged
@bulldozer-bot bulldozer-bot bot merged commit feb8d4c into develop Feb 13, 2023
@bulldozer-bot bulldozer-bot bot deleted the callumr/actually-include-palantir-ca branch February 13, 2023 15:43
@svc-autorelease
Copy link
Collaborator

Released 0.29.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@felixdesouza felixdesouza felixdesouza approved these changes

Assignees
No one assigned
Labels
autorelease merge when ready
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@CRogers @svc-autorelease @felixdesouza @svc-changelog