Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prevent Elastic-licensed code from leaking into OSS distributions #38719

Closed
andrewkroh opened this issue Apr 3, 2024 · 2 comments · Fixed by #38720
Closed

Prevent Elastic-licensed code from leaking into OSS distributions #38719

andrewkroh opened this issue Apr 3, 2024 · 2 comments · Fixed by #38720
Labels
needs_team Indicates that the issue/PR needs a Team:* label

Comments

@andrewkroh
Copy link
Member

The Beats projects releases OSS-only artifacts (e.g. filebeat OSS-only). These artifacts should not contain code or features that have an Elastic license (aka "x-pack" code for legacy reasons). The project should have enforcement that there are no dependencies from OSS code to x-pack code.

This can be enforced with depguard check. For example:

# .golangci-lint.yml
linters:
  enable:
    - depguard
linters-settings:
  depguard:
    rules:
      apache-licensed-code:
        list-mode: lax
        files:
          - '!**/x-pack/**/*.go'
        deny:
          - pkg: github.com/elastic/beats/v7/x-pack
            desc: Apache 2.0 licensed code cannot depend on Elastic licensed code (x-pack/).

The current state is that there is a single violation:

filebeat/input/filestream/internal/input-logfile/harvester_test.go:36:2: import 'github.com/elastic/beats/v7/x-pack/dockerlogbeat/pipelinemock' is not allowed from list 'apache-licensed-code': Apache 2.0 licensed code cannot depend on Elastic licensed code (x-pack/). (depguard)
        "github.com/elastic/beats/v7/x-pack/dockerlogbeat/pipelinemock"
        ^

References
@botelastic botelastic bot added the needs_team Indicates that the issue/PR needs a Team:* label label Apr 3, 2024
@botelastic
Copy link

botelastic bot commented Apr 3, 2024

This issue doesn't have a Team:<team> label.

andrewkroh added a commit to andrewkroh/beats that referenced this issue Apr 3, 2024
@andrewkroh
.golangci.yml- Disallow OSS -> x-pack dependencies
3980134 
According to LICENSE.txt, the Beats project uses both Apache 2.0 (OSS)
and Elastic licenses. The OSS code may not depend on the Elastic
License code otherwise the OSS-only binaries become tainted.

This makes golangci-lint emit warnings for OSS code that depends on
x-pack code.

Closes elastic#38719
@andrewkroh andrewkroh mentioned this issue Apr 3, 2024
Merged
6 tasks
@andrewkroh
Copy link
Member Author

PR: #38720

andrewkroh added a commit that referenced this issue Apr 4, 2024
@andrewkroh
.golangci.yml- Disallow OSS -> x-pack dependencies (#38720)
84ba1ab 
According to LICENSE.txt, the Beats project uses both Apache 2.0 (OSS)
and Elastic licenses. The OSS code may not depend on the Elastic
License code otherwise the OSS-only binaries become tainted.

This makes golangci-lint emit warnings for OSS code that depends on
x-pack code.

Closes #38719
zeynepyz pushed a commit to zeynepyz/beats that referenced this issue Apr 7, 2024
@andrewkroh @zeynepyz
.golangci.yml- Disallow OSS -> x-pack dependencies (elastic#38720)
bdcce5c 
According to LICENSE.txt, the Beats project uses both Apache 2.0 (OSS)
and Elastic licenses. The OSS code may not depend on the Elastic
License code otherwise the OSS-only binaries become tainted.

This makes golangci-lint emit warnings for OSS code that depends on
x-pack code.

Closes elastic#38719
@andrewkroh andrewkroh mentioned this issue Jul 17, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs_team Indicates that the issue/PR needs a Team:* label
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

.golangci.yml - Disallow OSS -> x-pack dependencies andrewkroh/beats
1 participant
@andrewkroh