Policy merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests2023-10-16T11:59:29Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/442Cherry-pick 'Adding new tests and OPA response change' into release/0.242023-10-16T11:59:29ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Adding new tests and OPA response change' into release/0.24**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !441
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-441)M21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/441Adding new tests and OPA response change2023-10-14T05:07:16ZShane HutchinsAdding new tests and OPA response change- Adding new tests to validate all files that get updated as policies
- Updating OPA response handling connection issues to OPA (only seen during induced testing failures). API will return 503 instead of 500 as well.- Adding new tests to validate all files that get updated as policies
- Updating OPA response handling connection issues to OPA (only seen during induced testing failures). API will return 503 instead of 500 as well.M21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/440Rate limit and debugging for integration tests2023-10-13T17:54:11ZShane HutchinsRate limit and debugging for integration testsBetter support for issues with backend bundle service (for GC)
- Updated documentation
- Integration tests now sleep 1 second between updates/deletes to policy service. So now roughly 2 calls to bundles service a second.
- Updated API re...Better support for issues with backend bundle service (for GC)
- Updated documentation
- Integration tests now sleep 1 second between updates/deletes to policy service. So now roughly 2 calls to bundles service a second.
- Updated API response, was 500 now 503 when the bundle service has issues
- Improved logging
- Updated Makefile for testing
- Added validation response with put API requests
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/114M21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/439integration test fix2023-10-13T14:35:11ZShane Hutchinsintegration test fixRenaming search.rego to search1.rego in integration tests so it doesn't interfere with other usage via search service.
Fix GCP for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/114Renaming search.rego to search1.rego in integration tests so it doesn't interfere with other usage via search service.
Fix GCP for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/114M21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/438[GONRG-7917] added livenessProbe2023-10-13T12:24:33ZAleksandr Primachenko [EPAMĀ / GCP][GONRG-7917] added livenessProbeM21 - Release 0.24https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/437[GONRG-7917] added replicas variable in helm2023-10-13T10:53:05ZAleksandr Primachenko [EPAMĀ / GCP][GONRG-7917] added replicas variable in helmM21 - Release 0.24https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/435fixes and documentation2023-10-06T17:00:07ZShane Hutchinsfixes and documentation- Policy Service should handle entitlement service issues more gracefully
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/112
- Documentation updates
- Makefile update
- Security update for /validat...- Policy Service should handle entitlement service issues more gracefully
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/112
- Documentation updates
- Makefile update
- Security update for /validate API
- Updated NOTICE
- bugfix for validate when their are multiple OPA podsM21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/434Cherry-pick 'declaring variable for ssl_verify' into release/0.232023-10-02T05:44:25ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'declaring variable for ssl_verify' into release/0.23**Original MR**: !433
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !433
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-433)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/433declaring variable for ssl_verify2023-09-29T17:33:04ZAshwani Pandeydeclaring variable for ssl_verifydeclaring variable for ssl_verifydeclaring variable for ssl_verifyM20 - Release 0.23Ashwani PandeyAshwani Pandeyhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/432Merge branch 'GONRG-7679-update-policy-bootstrap' into 'master'2023-09-29T06:46:33ZAliaksandr Ramanovich (EPAM)Merge branch 'GONRG-7679-update-policy-bootstrap' into 'master'GONRG-7679: update policy bootstrap
See merge request osdu/platform/security-and-compliance/policy!410
(cherry picked from commit cf9da13dbce3109b9add7cbe4ca38fa3f3624681)
e64c478c GONRG-7679: update policy bootstrap
568f6bcf Merge br...GONRG-7679: update policy bootstrap
See merge request osdu/platform/security-and-compliance/policy!410
(cherry picked from commit cf9da13dbce3109b9add7cbe4ca38fa3f3624681)
e64c478c GONRG-7679: update policy bootstrap
568f6bcf Merge branch 'master' of...
fc55d5f8 GONRG-7679: update bootstrap
37ad7564 GONRG-7679: update bootstrap
63086ac8 GONRG-7679: update bootstrap
d043a163 GONRG-7679: update bootstrap
8fa9eed8 GONRG-7679: update bootstrapM21 - Release 0.24David Diederichd.diederich@opengroup.orgChad LeongYauheni Rykhter (EPAM)Srinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/431Cherry-pick 'Azure fix for M20 and M21' into release/0.232023-09-29T06:46:16ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Azure fix for M20 and M21' into release/0.23**Original MR**: !430
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !430
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-430)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/430Azure fix for M20 and M212023-09-26T18:15:21ZShane HutchinsAzure fix for M20 and M21Fix for M20 and M21 k8sFix for M20 and M21 k8sM20 - Release 0.23Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/429Rego Validation, Audit and tracing improvements2023-09-27T12:28:39ZShane HutchinsRego Validation, Audit and tracing improvementsRego Validation for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/80
And https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/111
- Added new API /validate/{polic...Rego Validation for https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/80
And https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/111
- Added new API /validate/{policy_id} that supports templating
- Validation now on by default for policy put (add/update) "/policies/osdu/partition/{data_partition}/{policy_id}"
- Validation for policies updates can be turned off by env variable ENABLE_VERIFY_POLICY
- New X-SHA-1 response headers
- New sha1 in json response from put "/policies/osdu/partition/{data_partition}/{policy_id}"
- SHA-1 in pod Audit log messages for updates
- New unit test and integration test for /validate API
- Updated Documentation
- Updated openapi.yaml. Please note gitlab does not support rendering of OpenAPI 3.1.0 yet.
- X-Debug-Result response header bugfix for use with ENABLE_DEV_DIAGNOSTICS
- Added client_host to /config API
- Envoy tracing support
- Improved audit logging
- Updated put response json message field if new (add) or updated (existing) in bundle and updated status code 202 for new/updated and 200 for no change detected.M21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/428Memory Leak fix for M182023-09-20T20:39:26ZShane HutchinsMemory Leak fix for M18Memory leak fix for M18, rolling coloredlogs back to 14.2.0 https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/110Memory leak fix for M18, rolling coloredlogs back to 14.2.0 https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/110M18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/426Cherry-pick 'azure build and doc update' into release/0.232023-09-11T15:36:18ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'azure build and doc update' into release/0.23**Original MR**: !423
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !423
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-423)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/425Notice update and Load test updates2023-09-08T20:19:56ZShane HutchinsNotice update and Load test updates- Notice update
- Load test debugging
- Gitlab updates - An azure update was impacting other CSPs.- Notice update
- Load test debugging
- Gitlab updates - An azure update was impacting other CSPs.M21 - Release 0.24Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/423azure build and doc update2023-09-11T14:17:16ZShane Hutchinsazure build and doc update- removing unused lib - Azure build still added coloredlogs
- minor doc update- removing unused lib - Azure build still added coloredlogs
- minor doc updateM20 - Release 0.23Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/422Cherry-pick 'another small doc update' into release/0.232023-09-05T19:35:57ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'another small doc update' into release/0.23**Original MR**: !418
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !418
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-418)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/421Cherry-pick 'Release notes update' into release/0.232023-09-05T19:30:41ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Release notes update' into release/0.23**Original MR**: !417
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !417
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-417)M20 - Release 0.23David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/420Cherry-pick: Merge branch 'doc-update' into 'master'2023-09-04T18:43:32ZChad LeongCherry-pick: Merge branch 'doc-update' into 'master'documentation update
See merge request osdu/platform/security-and-compliance/policy!415
(cherry picked from commit 380d897b8dd6af45a87a3d3f26ce17039013724a)
8870a55a documentation update
51cd29cf release notes updatedocumentation update
See merge request osdu/platform/security-and-compliance/policy!415
(cherry picked from commit 380d897b8dd6af45a87a3d3f26ce17039013724a)
8870a55a documentation update
51cd29cf release notes updateM20 - Release 0.23