Skip to content

Add gradle.properties file to build sql with -Pcrypto.standard=FIPS=140-3 by default#5231

Open
cwperks wants to merge 1 commit intoopensearch-project:mainfrom
cwperks:fips-property
Open

Add gradle.properties file to build sql with -Pcrypto.standard=FIPS=140-3 by default#5231
cwperks wants to merge 1 commit intoopensearch-project:mainfrom
cwperks:fips-property

Conversation

@cwperks
Copy link
Member

@cwperks cwperks commented Mar 13, 2026

Description

Inspired by opensearch-project/ml-commons#4719, this PR adds a gradle.properties file so that we only need to declare -Pcrypto.standard=FIPS-140-3 in a single place. Now its not necessary to pass the build param in commands like ./gradlew assemble -Pcrypto.standard=FIPS-140-3 as it passes the arg by default.

In order to build without the flag, you would need to override like so: ./gradlew assemble -Pcrypto.standard=any-supported

  • Category (Enhancement, New feature, Bug fix, Test fix, Refactoring, Maintenance, Documentation)

Refactoring

Check List

  • New functionality includes testing
  • New functionality has been documented
  • New Roles/Permissions have a corresponding security dashboards plugin PR
  • API changes companion pull request created
  • Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

@cwperks
Add gradle.properties file to build sql with -Pcrypto.standard=FIPS=1…
c047f86 
…40-3 by default

Signed-off-by: Craig Perkins <cwperx@amazon.com>
@github-actions
Copy link
Contributor

github-actions bot commented Mar 13, 2026

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

🧪 No relevant tests
🔒 No security concerns identified
✅ No TODO sections
🔀 No multiple PR themes
⚡ Recommended focus areas for review

Default FIPS Mode

Setting crypto.standard=FIPS-140-3 as a default in gradle.properties means all builds (including local development, CI, and non-FIPS environments) will use FIPS mode by default. This could break developer workflows or environments that don't support FIPS, and may cause unexpected failures for contributors who are not aware of this default. The PR description mentions overriding with -Pcrypto.standard=any-supported, but this is a non-obvious requirement that could confuse contributors.

 
crypto.standard=FIPS-140-3
Missing Blank Line

After removing the -Pcrypto.standard=FIPS-140-3 flag from the gradlew assemble command, there is now an extra blank line (line 72) before the zipPath assignment. This is a minor cosmetic issue but worth cleaning up for consistency.

 
./gradlew assemble --no-daemon --refresh-dependencies -DskipTests=true -Dopensearch.version=$VERSION -Dbuild.snapshot=$SNAPSHOT -Dbuild.version_qualifier=$QUALIFIER

zipPath=$(find . -path \*build/distributions/*.zip)

@RyanL1997 RyanL1997 added maintenance Improves code quality, but not the product infrastructure Changes to infrastructure, testing, CI/CD, pipelines, etc. labels Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ahkcs ahkcs ahkcs approved these changes

@RyanL1997 RyanL1997 RyanL1997 approved these changes

@ps48 ps48 Awaiting requested review from ps48 ps48 is a code owner

@kavithacm kavithacm Awaiting requested review from kavithacm kavithacm is a code owner

@derek-ho derek-ho Awaiting requested review from derek-ho derek-ho is a code owner

@joshuali925 joshuali925 Awaiting requested review from joshuali925 joshuali925 is a code owner

@dai-chen dai-chen Awaiting requested review from dai-chen dai-chen is a code owner

@YANG-DB YANG-DB Awaiting requested review from YANG-DB YANG-DB is a code owner

@mengweieric mengweieric Awaiting requested review from mengweieric mengweieric is a code owner

@vamsimanohar vamsimanohar Awaiting requested review from vamsimanohar vamsimanohar is a code owner

@Swiddis Swiddis Awaiting requested review from Swiddis Swiddis is a code owner

@penghuo penghuo Awaiting requested review from penghuo penghuo is a code owner

@seankao-az seankao-az Awaiting requested review from seankao-az seankao-az is a code owner

@MaxKsyunz MaxKsyunz Awaiting requested review from MaxKsyunz MaxKsyunz is a code owner

@Yury-Fridlyand Yury-Fridlyand Awaiting requested review from Yury-Fridlyand Yury-Fridlyand is a code owner

@anirudha anirudha Awaiting requested review from anirudha anirudha is a code owner

@forestmvey forestmvey Awaiting requested review from forestmvey forestmvey is a code owner

@acarbonetto acarbonetto Awaiting requested review from acarbonetto acarbonetto is a code owner

@GumpacG GumpacG Awaiting requested review from GumpacG GumpacG is a code owner

@ykmr1224 ykmr1224 Awaiting requested review from ykmr1224 ykmr1224 is a code owner

@LantaoJin LantaoJin Awaiting requested review from LantaoJin LantaoJin is a code owner

@noCharger noCharger Awaiting requested review from noCharger noCharger is a code owner

@qianheng-aws qianheng-aws Awaiting requested review from qianheng-aws qianheng-aws is a code owner

@yuancu yuancu Awaiting requested review from yuancu yuancu is a code owner

Assignees

No one assigned

Labels

infrastructure Changes to infrastructure, testing, CI/CD, pipelines, etc. maintenance Improves code quality, but not the product

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@cwperks @ahkcs @RyanL1997