Policy merge requestshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests2023-07-17T07:38:25Zhttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/393Cherry-pick 'Az/ah azure performance' into release/0.222023-07-17T07:38:25ZChad LeongCherry-pick 'Az/ah azure performance' into release/0.22**Original MR**: !390
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !390
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/pipelines/new?ref=cherry-pick-for-390)M19 - Release 0.22David Diederichd.diederich@opengroup.orgChad LeongSrinivasan NarayananDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/392Add global variable limitsEnabled (GONRG-7266)2023-06-27T07:23:51ZAndrei Skorkin [EPAM / GCP]Add global variable limitsEnabled (GONRG-7266)M19 - Release 0.22Andrei Skorkin [EPAM / GCP]Andrei Skorkin [EPAM / GCP]https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/391GONRG-3522: Run image as non-root user2023-06-30T12:08:19ZVolodymyr Pienskoi [EPAM / GCP]GONRG-3522: Run image as non-root userM19 - Release 0.22Volodymyr Pienskoi [EPAM / GCP]Volodymyr Pienskoi [EPAM / GCP]https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/390Az/ah azure performance2023-07-17T07:33:46ZArturo Hernandez [EPAM]Az/ah azure performance* Refactored azure container definition for policy service.
* Lighter image with only azure needed hard dependencies.
* Increased aggressively workers ammount in uvicorn.
* Using uvloop as loop engine instead of asyncio.
Would suggest a...* Refactored azure container definition for policy service.
* Lighter image with only azure needed hard dependencies.
* Increased aggressively workers ammount in uvicorn.
* Using uvloop as loop engine instead of asyncio.
Would suggest as well to update docs, and state that azure implementation requires at least `>2vcpu's` and `>2Gi` of memory.M19 - Release 0.22Arturo Hernandez [EPAM]shivani karipeArturo Hernandez [EPAM]https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/389Performance and logging updates2023-07-07T12:29:51ZShane HutchinsPerformance and logging updates- Multiple Performance fixes and updates
- Correcting blocking issue
- adding correlation-id in response headers
- audit log update
- configuration details can also now be provided by .env file (to support local development/testing, on-p...- Multiple Performance fixes and updates
- Correcting blocking issue
- adding correlation-id in response headers
- audit log update
- configuration details can also now be provided by .env file (to support local development/testing, on-premise, etc)
- better handling of OPA responses
- documentation update
- CSP build updates
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/93
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/98
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/99
https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/issues/100M19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/387Httpfix2023-07-13T15:26:36ZShane HutchinsHttpfixM19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/385[GONRG-7275]-Change request of memory2023-08-18T12:21:45ZYauheny Boika[EPAM / GCP][GONRG-7275]-Change request of memoryM19 - Release 0.22https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/383bugfix for eval and compile api based upon spec-based API tests2023-06-15T11:01:40ZShane Hutchinsbugfix for eval and compile api based upon spec-based API testsAfter working on some spec-based API tests for policy I found a bug eval and compile, which caused them to have server error 500.
I found this by running thousands of test scenarios based on the policy API specification. I will add these...After working on some spec-based API tests for policy I found a bug eval and compile, which caused them to have server error 500.
I found this by running thousands of test scenarios based on the policy API specification. I will add these scenarios to pipeline soon.
With this fix the API works as expected in all the scenarios.
While I consider this a bug, it's not likely to come into play or be seen in real life. Additionally these APIs are only known to be used by policy designers today. This would also apply to M18, but I don't see a need to cherry pick it.M19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/382Load test update for running in a different data_partition2023-06-08T15:51:57ZShane HutchinsLoad test update for running in a different data_partitionUpdating mini load test to be able to be provided the "DATA_PARTITION" of the policy service. This is needed for payload data (in template) and API paths (aka GET /api/policy/v1/policies/osdu/partition/<data partition>/dataauthz.rego)Updating mini load test to be able to be provided the "DATA_PARTITION" of the policy service. This is needed for payload data (in template) and API paths (aka GET /api/policy/v1/policies/osdu/partition/<data partition>/dataauthz.rego)M19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/381notice and makefile update2023-07-04T11:38:28ZShane Hutchinsnotice and makefile update- Minor update to Makefile for local testing
- Notice update- Minor update to Makefile for local testing
- Notice updateM19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/380Merge branch 'okosse' into 'master'2023-05-26T15:13:25ZOleksandr Kosse (EPAM)Merge branch 'okosse' into 'master'[GONRG-6949] Increase replicas, request and limits for Policy service
See merge request osdu/platform/security-and-compliance/policy!378
(cherry picked from commit 8857ae1a237d48173cf3a36d2c080ce1b2ed0e4e)
74ed53f0 [GONRG-6949] Increa...[GONRG-6949] Increase replicas, request and limits for Policy service
See merge request osdu/platform/security-and-compliance/policy!378
(cherry picked from commit 8857ae1a237d48173cf3a36d2c080ce1b2ed0e4e)
74ed53f0 [GONRG-6949] Increase replicas, request and limits for Policy serviceM18 - Release 0.21https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/379security patch2023-06-01T02:48:19ZShane Hutchinssecurity patch## Type of change
- [x] Bug Fix - security **requests to 2.31.0 for CVE-2023-32681**
- [ ] Feature
## Does this introduce a change in the core logic?
- [No]
## Does this introduce a change in the cloud provider implementation, if so ...## Type of change
- [x] Bug Fix - security **requests to 2.31.0 for CVE-2023-32681**
- [ ] Feature
## Does this introduce a change in the core logic?
- [No]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] GCP
- [ ] IBM
## Updates description?
Security fix for [CVE-2023-32681](https://github.com/advisories/GHSA-j8r2-6x86-q33q)
Waiting for release of updated 0.21 Python SDK osdu-api code of https://community.opengroup.org/osdu/platform/system/sdks/common-python-sdk/-/merge_requests/132
If fix in 0.22 then this MR will need to be updated.M19 - Release 0.22Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/378[GONRG-6949] Increase replicas, request and limits for Policy service2023-05-26T14:37:45ZOleksandr Kosse (EPAM)[GONRG-6949] Increase replicas, request and limits for Policy serviceM19 - Release 0.22https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/377Cherry pick version bugfixes2023-06-08T04:13:30ZMadalyn MarabellaCherry pick version bugfixesIncludes fixes for:
- python typing-extensions bug in 4.6.0
- k8s configmap read fix
- testing fixes - parts of unittest would attempt to connect to OPA even in MOCK and other fixes to integration tests.
- security fix - upgrade fastapi ...Includes fixes for:
- python typing-extensions bug in 4.6.0
- k8s configmap read fix
- testing fixes - parts of unittest would attempt to connect to OPA even in MOCK and other fixes to integration tests.
- security fix - upgrade fastapi to 0.95.2 and Starlette version to >=0.27.0 for a security release [PR #9541](https://github.com/tiangolo/fastapi/pull/9541). Details on [Starlette's security advisory](https://github.com/encode/starlette/security/advisories/GHSA-v5gw-mw7f-84px).M18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/376Update anthos and on-prem to baremetal (GONRG-7192)2023-05-26T17:05:56ZAndrei Skorkin [EPAM / GCP]Update anthos and on-prem to baremetal (GONRG-7192)M19 - Release 0.22https://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/375typing fix2023-05-25T07:28:35ZShane Hutchinstyping fixM18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/374Configmap2023-05-25T07:29:01ZShane HutchinsConfigmap- NOTICE update
- makefile update
- unittest test script- NOTICE update
- makefile update
- unittest test scriptM18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/373downgrading typing-extensions2023-05-25T07:29:24ZShane Hutchinsdowngrading typing-extensionsM18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/372attempt to fix pydantic issue in unittest2023-05-25T07:29:57ZShane Hutchinsattempt to fix pydantic issue in unittestM18 - Release 0.21Shane HutchinsShane Hutchinshttps://community.opengroup.org/osdu/platform/security-and-compliance/policy/-/merge_requests/371improved unit tests2023-05-25T07:30:06ZShane Hutchinsimproved unit testsImproved unit testsImproved unit testsM18 - Release 0.21Shane HutchinsShane Hutchins