Commit 2c4ce8f1 authored by David Diederich's avatar David Diederich
Browse files

Merge remote-tracking branch 'origin/master' into 26-upgrade-core-common-dependency

Conflicts:
	NOTICE
parents 01cada3e a4e088db
Pipeline #53323 failed with stages
in 1 minute and 45 seconds
......@@ -4,7 +4,7 @@ variables:
OSDU_GCP_VENDOR: gcp
OSDU_GCP_SERVICE: notification
OSDU_GCP_REGISTER_BASE_URL: https://os-register-attcrcktoa-uc.a.run.app/api/register/v1
OSDU_GCP_ENV_VARS: APP_PROJECT=$OSDU_GCP_PROJECT,APP_ENTITLEMENTS=$OSDU_GCP_ENTITLEMENTS_URL,APP_REGISTER=$OSDU_GCP_REGISTER_BASE_URL,APP_GOOGLEAUDIENCE=$GOOGLE_AUDIENCE,PARTITION_API=$OSDU_GCP_PARTITION_API,GOOGLE_AUDIENCES=$GOOGLE_AUDIENCE
OSDU_GCP_ENV_VARS: APP_PROJECT=$OSDU_GCP_PROJECT,APP_ENTITLEMENTS=$OSDU_GCP_ENTITLEMENTS_V2_URL,APP_REGISTER=$OSDU_GCP_REGISTER_BASE_URL,APP_GOOGLEAUDIENCE=$GOOGLE_AUDIENCE,PARTITION_API=$OSDU_GCP_PARTITION_API,GOOGLE_AUDIENCES=$GOOGLE_AUDIENCE
OSDU_GCP_ENVIRONMENT: dev_gke
OSDU_GCP_LOG_LEVEL: INFO
......
This diff is collapsed.
......@@ -79,6 +79,8 @@ spec:
value: osdu-db
- name: entitlements_service_endpoint
value: http://entitlements/api/entitlements/v2
- name: entitlements_service_api_key
value: "OBSOLETE"
- name: registeration_service_endpoint
value: http://register/api/register/v1
- name: partition_service_endpoint
......
......@@ -57,8 +57,8 @@ stages:
parameters:
mavenGoal: 'package'
mavenPublishJUnitResults: true
serviceCoreMavenOptions: '-P notification-core --settings .mvn/community-maven.settings.xml'
mavenOptions: '-P notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
serviceCoreMavenOptions: '-pl notification-core --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
mavenOptions: '-pl provider/notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
copyFileContents: |
pom.xml
provider/notification-azure/maven/settings.xml
......
......@@ -57,8 +57,9 @@ stages:
parameters:
mavenGoal: 'package'
mavenPublishJUnitResults: true
serviceCoreMavenOptions: '-P notification-core --settings .mvn/community-maven.settings.xml'
mavenOptions: '-P notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
serviceCoreMavenOptions: '-pl notification-core --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
mavenOptions: '-pl provider/notification-azure --settings .mvn/community-maven.settings.xml -Dmaven.repo.local=$(MAVEN_CACHE_FOLDER)'
copyFileContents: |
pom.xml
provider/notification-azure/maven/settings.xml
......
......@@ -36,6 +36,8 @@
<maven.compiler.target>${java.version}</maven.compiler.target>
<maven.compiler.source>${java.version}</maven.compiler.source>
<springfox-version>2.7.0</springfox-version>
<netty.version>4.1.65.Final</netty.version>
<undertow.version>2.1.7.Final</undertow.version>
</properties>
<dependencies>
......@@ -131,11 +133,6 @@
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
<version>2.0.27.Final</version>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-starter-validation</artifactId>
......@@ -215,6 +212,83 @@
<artifactId>spring-test</artifactId>
<scope>test</scope>
</dependency>
<!-- overriding packages with known vulnerabilities -->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Anetty&cpe_product=cpe%3A%2F%3Anetty%3Anetty&cpe_version=cpe%3A%2F%3Anetty%3Anetty%3A4.1.38-->
<!-- See: https://ossindex.sonatype.org/component/pkg:maven/com.google.oauth-client/google-oauth-client@1.30.1?utm_source=dependency-check&utm_medium=integration&utm_content=6.1.6-->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aredhat&cpe_product=cpe%3A%2F%3Aredhat%3Aundertow&cpe_version=cpe%3A%2F%3Aredhat%3Aundertow%3A2.0.23-->
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-unix-common</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-buffer</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-common</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-resolver</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-handler</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-http</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-codec-http2</artifactId>
<version>${netty.version}</version>
</dependency>
<dependency>
<groupId>io.netty</groupId>
<artifactId>netty-transport-native-epoll</artifactId>
<version>${netty.version}</version>
<classifier>linux-x86_64</classifier>
<type>jar</type>
</dependency>
<dependency>
<groupId>com.google.oauth-client</groupId>
<artifactId>google-oauth-client</artifactId>
<version>1.31.5</version>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-core</artifactId>
<version>${undertow.version}</version>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-servlet</artifactId>
<version>${undertow.version}</version>
</dependency>
<dependency>
<groupId>io.undertow</groupId>
<artifactId>undertow-websockets-jsr</artifactId>
<version>${undertow.version}</version>
</dependency>
</dependencies>
<build>
<plugins>
......
......@@ -99,12 +99,12 @@ public class PubsubEndpoint {
Map<String, String> requestHeader = new HashMap<>();
if (secretType.equalsIgnoreCase(HMAC_TYPE)) {
this.log.info("receiving pubsub message, will send out hmac type request, pubsub message: " + pubsubMessage);
this.log.debug("receiving pubsub message, will send out hmac type request, pubsub message: " + pubsubMessage);
HmacSecret hmacSecret = (HmacSecret) secret;
String signedjwt = this.signatureService.getSignedSignature(endpoint, hmacSecret.getValue());
pushUrl = endpoint + "?hmac=" + signedjwt;
} else if (secretType.equalsIgnoreCase(GSA_TYPE)) {
this.log.info("receiving pubsub message, will send out gsa type request, pubsub message: " + pubsubMessage);
this.log.debug("receiving pubsub message, will send out gsa type request, pubsub message: " + pubsubMessage);
GsaSecret gsaSecret = (GsaSecret) secret;
GsaSecretValue gsaSecretValue = gsaSecret.getValue();
......@@ -117,7 +117,7 @@ public class PubsubEndpoint {
requestHeader.put("Authorization", idToken);
}
this.log.info("sending out notification to endpoint: " + endpoint);
this.log.debug("sending out notification to endpoint: " + endpoint);
requestHeader.put(DpsHeaders.CONTENT_TYPE, "application/json");
requestHeader.put(DpsHeaders.CORRELATION_ID, headerAttributes.get(DpsHeaders.CORRELATION_ID));
requestHeader.put(DpsHeaders.DATA_PARTITION_ID, headerAttributes.get(DpsHeaders.DATA_PARTITION_ID));
......@@ -128,7 +128,7 @@ public class PubsubEndpoint {
this.log.error(NOT_ACKNOWLEDGE);
return ResponseEntity.badRequest().body(NOT_ACKNOWLEDGE);
}
this.log.info(ACKNOWLEDGE);
this.log.debug(ACKNOWLEDGE);
return ResponseEntity.ok(ACKNOWLEDGE);
}
......
......@@ -43,7 +43,7 @@
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-dependencies</artifactId>
<version>2.1.7.RELEASE</version>
<version>2.1.18.RELEASE</version>
<type>pom</type>
<scope>import</scope>
</dependency>
......@@ -53,6 +53,24 @@
<artifactId>os-core-common</artifactId>
<version>${os-core-common.version}</version>
</dependency>
<!-- overriding packages with known vulnerabilities -->
<!-- See: https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Afasterxml&cpe_product=cpe%3A%2F%3Afasterxml%3Ajackson-databind&cpe_version=cpe%3A%2F%3Afasterxml%3Ajackson-databind%3A2.9.9-->
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-core</artifactId>
<version>2.12.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId>
<version>2.12.3</version>
</dependency>
<dependency>
<groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId>
<version>2.12.3</version>
</dependency>
</dependencies>
</dependencyManagement>
......
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright © 2020 Amazon Web Services
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.​
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<settings xmlns="http://maven.apache.org/SETTINGS/1.0.0"
......@@ -63,15 +64,14 @@
</server>
</servers>
<!-- CodeArtifact doesn't support external repos yet that aren't Maven Central. ETA Q4 2020. -->
<!-- <mirrors> -->
<!-- <mirror> -->
<!-- <id>aws-osdu-dev-maven</id> -->
<!-- <name>aws-osdu-dev-maven</name> -->
<!-- <url>https://osdu-dev-888733619319.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url> -->
<!-- <mirrorOf>*,!gitlab-os-core-common-maven</mirrorOf> -->
<!-- </mirror> -->
<!-- </mirrors> -->
<mirrors>
<mirror>
<id>aws-osdu-dev-maven</id>
<name>aws-osdu-dev-maven</name>
<url>https://osdu-dev-${AWS_ACCOUNT_ID}.d.codeartifact.us-east-1.amazonaws.com/maven/osdu-maven/</url>
<mirrorOf>central,!gitlab-os-core-common-maven,!gitlab-os-core-lib-aws-maven</mirrorOf>
</mirror>
</mirrors>
<activeProfiles>
<activeProfile>credentialsConfiguration</activeProfile>
......
......@@ -39,16 +39,10 @@
</properties>
<dependencies>
<!-- <dependency>
<groupId>org.opengroup.osdu</groupId>
<artifactId>os-core-common</artifactId>
</dependency> -->
<dependency>
<groupId>org.opengroup.osdu.core.aws</groupId>
<artifactId>os-core-lib-aws</artifactId>
<version>0.9.0</version>
<version>0.10.0-SNAPSHOT</version>
</dependency>
<!-- https://mvnrepository.com/artifact/com.amazonaws/aws-java-sdk-secretsmanager -->
......@@ -94,6 +88,7 @@
<version>4.12</version>
<scope>test</scope>
</dependency>
</dependencies>
<build>
......
......@@ -48,3 +48,5 @@ server.ssl.key-store=${SSL_KEY_STORE_PATH:/certs/osduonaws.p12}
server.ssl.key-alias=${SSL_KEY_ALIAS:osduonaws}
server.ssl.key-password=${SSL_KEY_PASSWORD:}
server.ssl.key-store-password=${SSL_KEY_STORE_PASSWORD:}
spring.autoconfigure.exclude=org.springframework.boot.autoconfigure.security.SecurityAutoConfiguration
\ No newline at end of file
......@@ -39,7 +39,7 @@
<springframework.version>4.3.0.RELEASE</springframework.version>
<reactor.netty.version>0.9.0.RELEASE</reactor.netty.version>
<reactor.core.version>3.3.0.RELEASE</reactor.core.version>
<osdu.corelibazure.version>0.9.0</osdu.corelibazure.version>
<osdu.corelibazure.version>0.10.0-rc8</osdu.corelibazure.version>
<junit.version>5.6.0</junit.version>
<jjwt.version>3.8.1</jjwt.version>
<mockito.version>2.23.0</mockito.version>
......
......@@ -44,7 +44,7 @@ public class AzureServiceAccountValidatorImpl implements IServiceAccountValidato
String appIdClaim = jwt.getClaim(APP_ID_CLAIM).asString();
if(appIdClaim!= null && appIdClaim.equals(userIdentity)) {
logger.info("PubSub authorized");
logger.debug("PubSub authorized");
return true;
}
return false;
......
......@@ -26,6 +26,10 @@ logging.slf4jlogger.enabled=true
logging.mdccontext.enabled=false
logging.ignore.servlet.paths=/swagger-ui.html
# Need below two properties for Entitlements config bean initialization due to a primary bean added in core-lib-azure which takes precedence over EntitlementsClientFactory class in notification service
AUTHORIZE_API=${entitlements_service_endpoint}
AUTHORIZE_API_KEY=${entitlements_service_api_key}
# Service settings
PARTITION_API=${partition_service_endpoint}
app.entitlements=${entitlements_service_endpoint}
......
......@@ -98,7 +98,7 @@ public class TestPubsubEndpointHMAC extends PubsubEndpointHMACTests {
ClientResponse response = descriptor.run(this.getArg(), this.testUtils.getOpsToken());
Assert.assertEquals(this.error(response.getStatus() == 204 ? "" : (String)response.getEntity(String.class)), (long)this.expectedOkResponseCode(), (long)response.getStatus());
Assert.assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH", response.getHeaders().getFirst("Access-Control-Allow-Methods"));
Assert.assertEquals("origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey", response.getHeaders().getFirst("Access-Control-Allow-Headers"));
Assert.assertEquals("access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey", response.getHeaders().getFirst("Access-Control-Allow-Headers"));
Assert.assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
Assert.assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
Assert.assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
......
......@@ -89,7 +89,7 @@ public abstract class BaseTestTemplate extends TestBase {
assertEquals(error(response.getStatus() == 204 ? "" : response.getEntity(String.class)), expectedOkResponseCode(), response.getStatus());
assertEquals("GET, POST, PUT, DELETE, OPTIONS, HEAD, PATCH", response.getHeaders().getFirst("Access-Control-Allow-Methods"));
assertEquals("origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey", response.getHeaders().getFirst("Access-Control-Allow-Headers"));
assertEquals("access-control-allow-origin, origin, content-type, accept, authorization, data-partition-id, correlation-id, appkey", response.getHeaders().getFirst("Access-Control-Allow-Headers"));
assertEquals("*", response.getHeaders().getFirst("Access-Control-Allow-Origin"));
assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
assertEquals("DENY", response.getHeaders().getFirst("X-Frame-Options"));
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment