Search merge requestshttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests2023-11-20T20:24:58Zhttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/583Fix the json-smart version for vulnerabilities fix2023-11-20T20:24:58ZVaibhavi KamaniFix the json-smart version for vulnerabilities fix## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provi...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## Have you added/updated Unit Tests and Integration Tests?
No
## Testing
* Ran trivy image scan through the image right after the azure deploy step and seems there were no vulnerabilities as seen in the screenshot below.
![image](/uploads/49946a1333ba6ae9897efd82f2bd87aa/image.png)Vaibhavi KamaniVaibhavi Kamanihttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/586Fix vulnerabilities2023-11-27T21:57:31ZVaibhavi KamaniFix vulnerabilities## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] S360 fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in ...## Type of change
- [ ] Bug Fix
- [ ] Feature
- [x] S360 fix
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [x] Azure
- [ ] Google Cloud
- [ ] IBMVaibhavi KamaniVaibhavi Kamanihttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/55Fix whitesource2023-08-18T22:13:48ZPavel BachylaFix whitesource## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- No
## Does this introduce a change in the cloud provide...## Type of change
- [x] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- No
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] GCP
- [ ] IBM
## Does this introduce a breaking change?
- No
## What is the current behavior?
N/A
## What is the new/expected behavior?
N/A
## Have you added/updated Unit Tests and Integration Tests?
N/A
## Any other useful information
Fix Major/Critical/Blocker WhiteSource vulnerabilities except those related to ElasticSearch version limitations and log4j due to incompatibilities with other librariesM1 - Release 0.1ethiraj krishnamanaiduNeelesh ThakurSherman Yangethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/28fix whitesoure vulnerabilities2023-08-18T22:16:06ZAliaksei Darafeyeufix whitesoure vulnerabilities```
CORE:
| jackson-databind-2.9.9.jar
| hibernate-validator-6.0.17.Final.jar
| spring-web-5.1.9.RELEASE.jar
| elasticsearch-6.6.2.jar
| snakeyaml-1.23.jar
| commons-codec-1.11.jar
| tomcat-embed-core-9.0.21.jar
| netty-codec-4.1.38.Fina...```
CORE:
| jackson-databind-2.9.9.jar
| hibernate-validator-6.0.17.Final.jar
| spring-web-5.1.9.RELEASE.jar
| elasticsearch-6.6.2.jar
| snakeyaml-1.23.jar
| commons-codec-1.11.jar
| tomcat-embed-core-9.0.21.jar
| netty-codec-4.1.38.Final.jar
| resteasy-jaxrs-3.6.2.Final.jar
| spring-security-core-5.1.6.RELEASE.jar
AZURE:
| jackson-databind-2.9.9.jar
| netty-codec-http-4.1.38.Final.jar
| reactor-netty-0.8.10.RELEASE.jar
| netty-codec-http2-4.1.38.Final.jar
| hibernate-validator-6.0.12.Final.jar
| elasticsearch-6.4.3.jar
| spring-web-5.1.9.RELEASE.jar
| snakeyaml-1.23.jar
| commons-codec-1.11.jar
| tomcat-embed-core-9.0.22.jar
| netty-codec-4.1.38.Final.jar
| log4j-core-2.11.2.jar
| resteasy-jaxrs-3.6.2.Final.jar
```
Note: elasticsearch v6.8.1 due to infra limitationM1 - Release 0.1ethiraj krishnamanaiduNeelesh ThakurSherman YangPavel BachylaYauheni Lesnikauethiraj krishnamanaiduhttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/576Full Upgrade of First Party Library Dependencies2023-10-20T07:05:06ZChad LeongFull Upgrade of First Party Library DependenciesThis generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the C...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: c7afdbcf9d55ccf774a235d2a379bf99f37fec5a
Maven: 0.25.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| --------------------------------------------------- | ------ | -------------------------- |
| core-lib-azure | 0.23.2 | 0.23.2 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: c2881edf5bda5b8b13c42b8be203feccc9ed655b
Maven: 0.25.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| --------------------------------------------------- | ------ | -------------------------- |
| core-lib-azure | 0.24.0 | 0.24.0 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.24.0 | 0.24.0 |
| os-core-common | 0.24.0 | 0.24.0 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |M21 - Release 0.24https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/567Full Upgrade of First Party Library Dependencies2023-10-11T07:38:16ZDeepa KumariFull Upgrade of First Party Library Dependencies## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud p...## Type of change
- [ ] Bug Fix
- [ ] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
## Does this introduce a change in the core logic?
- [YES/NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] Google Cloud
- [ ] IBM
## Does this introduce a breaking change?
- [YES/NO]
## What is the current behavior?
## What is the new/expected behavior?
## Have you added/updated Unit Tests and Integration Tests?
## Any other useful informationDeepa KumariDeepa Kumarihttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/562Full Upgrade of First Party Library Dependencies2023-10-19T11:21:13ZChad LeongFull Upgrade of First Party Library DependenciesThis generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the C...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep all dependent libraries up to date.
This upgrade can be merged immediately without further approval if the CI pipeline reports success.
If this MR has failed, we need to work with the maintainers and affected provider teams to find a solution.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: d9ae2c1e397b62c2e9d9047349083b0f626c111b
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| ----------------------------------------------------- | ---------- | -------------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.13.0-rc6 |
| core-lib-gc | 0.21.0 | |
| os-core-lib-aws | 0.21.0 | 0.21.0 |
| os-core-common | 0.23.1 | 0.23.1 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26 |
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: 0b22dc076fb8cf40aefd0f375d8c22f8c5edbefa
Maven: 0.24.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| --------------------------------------------------- | ------ | -------------------------- |
| core-lib-azure | 0.23.2 | 0.23.2 |
| core-lib-gc | 0.23.1 | |
| os-core-lib-aws | 0.23.0 | 0.23.0 |
| os-core-common | 0.23.3 | 0.23.3 |
| os-core-lib-ibm | 0.23.0 | 0.23.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.27, 2.0 |M21 - Release 0.24Chad LeongChad Leonghttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/482Full Upgrade of First Party Library Dependencies for Release 0.202023-05-22T15:40:41ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.20This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: f702c5b2dbdc62ccc66d1b8177510493c56fb7df
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| ----------------------------------------------------- | ------------------ | -------------------------- |
| core-lib-azure | 0.20.0-rc5 | 0.13.0-rc6 |
| core-lib-gcp | 0.19.0-rc3 | |
| os-core-lib-aws | 0.21.0-rc1 | 0.21.0-rc1 |
| obm | 0.18.0 | |
| oqm | 0.18.0 | |
| os-core-common | 0.20.0-rc1, 0.19.0 | 0.19.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.15.2 |
| osm | 0.18.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-jul | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-slf4j-impl | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 1.33 | 1.26 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.opengroup.osdu.os-core-common == 0.20.0-rc1
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.6.6
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-byoc == 0.21.0-SNAPSHOT
│ │ └─ pl.allegro.tech.embedded-elasticsearch == 2.10.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.14.1
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-gc == 0.21.0-SNAPSHOT
│ │ └─ org.elasticsearch.elasticsearch == 7.8.1
│ │ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-aws == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-azure == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.20.0-rc5
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.search-ibm == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/integration-tests/
├─ org.opengroup.osdu.search.search-test-core == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-aws == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-azure == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-gc == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-ibm == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
└─ org.opengroup.osdu.search.search-test-anthos == 0.21.0-SNAPSHOT
└─ org.elasticsearch.elasticsearch == 7.8.1
└─ org.elasticsearch.elasticsearch-x-content == 7.8.1
└─ org.yaml.snakeyaml == 1.26
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade-2
SHA: f0dded7025b346166af1015cd2cd7bebc050f8a4
Maven: 0.21.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| --------------------------------------------------- | ---------- | -------------------------- |
| core-lib-azure | 0.20.0 | 0.20.0 |
| core-lib-gc | 0.20.0 | |
| os-core-lib-aws | 0.21.0-rc2 | 0.21.0-rc2 |
| obm | 0.20.0 | |
| oqm | 0.20.0 | |
| os-core-common | 0.20.1 | 0.20.1 |
| os-core-lib-ibm | 0.20.0 | 0.20.0 |
| osm | 0.20.0 | |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2 |
| (3rd Party) org.yaml.snakeyaml | 1.33 | 1.26, 1.27, 2.0 |
```
Critical: Found Vulnerable Snake YAML dependency (<2.0)
├─ _Root_
│ ├─ org.projectlombok.lombok == 1.18.8
│ │ └─ org.opengroup.osdu.os-core-common == 0.20.1
│ │ └─ org.springframework.boot.spring-boot-starter-web == 2.6.6
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-core == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-byoc == 0.21.0-SNAPSHOT
│ │ └─ pl.allegro.tech.embedded-elasticsearch == 2.10.0
│ │ └─ com.fasterxml.jackson.dataformat.jackson-dataformat-yaml == 2.14.1
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-gc == 0.21.0-SNAPSHOT
│ │ └─ org.elasticsearch.elasticsearch == 7.8.1
│ │ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-aws == 0.21.0-SNAPSHOT
│ │ └─ org.springframework.boot.spring-boot-starter-security == 2.7.7
│ │ └─ org.springframework.boot.spring-boot-starter == 2.7.7
│ │ └─ org.yaml.snakeyaml == 1.33
│ ├─ org.opengroup.osdu.search-azure == 0.21.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.core-lib-azure == 0.20.0
│ │ └─ org.redisson.redisson == 3.15.3
│ │ └─ org.yaml.snakeyaml == 1.33
│ └─ org.opengroup.osdu.search-ibm == 0.21.0-SNAPSHOT
│ └─ org.yaml.snakeyaml == 1.33
└─ testing/integration-tests/
├─ org.opengroup.osdu.search.search-test-core == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-aws == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
├─ org.opengroup.osdu.search.search-test-azure == 0.21.0-SNAPSHOT
│ └─ org.opengroup.osdu.core-lib-azure == 0.20.0
│ └─ org.redisson.redisson == 3.15.3
│ └─ org.yaml.snakeyaml == 1.27
├─ org.opengroup.osdu.search.search-test-gc == 0.21.0-SNAPSHOT
│ └─ org.elasticsearch.elasticsearch == 7.8.1
│ └─ org.elasticsearch.elasticsearch-x-content == 7.8.1
│ └─ org.yaml.snakeyaml == 1.26
└─ org.opengroup.osdu.search.search-test-anthos == 0.21.0-SNAPSHOT
└─ org.elasticsearch.elasticsearch == 7.8.1
└─ org.elasticsearch.elasticsearch-x-content == 7.8.1
└─ org.yaml.snakeyaml == 1.26
```M18 - Release 0.21Yauhen Shaliou [EPAM/GCP]Yauhen Shaliou [EPAM/GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/602Full Upgrade of First Party Library Dependencies for Release 0.252023-12-13T18:52:40ZDavid Diederichd.diederich@opengroup.orgFull Upgrade of First Party Library Dependencies for Release 0.25This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will ...This generated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to try to fully upgrade all dependent libraries to see if the latest code will work.
It is expected that these will often fail, since the upgrades were previously rejected for failing pipelines and have not been directly addressed yet.
This upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
This MR may co-exist with a separate, smaller upgrade MR.
If both pass, this one should be used instead.
### Dependency Information Before the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: master
SHA: 2bb7cb20ff73c74475032fba5d9e19bda5a460de
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| ------------------------------------------------------------------------- | ---------- | -------------------------- |
| core-lib-azure | 0.25.0-rc2 | 0.24.0 |
| core-lib-gc | 0.24.0 | |
| os-core-lib-aws | 0.25.0-rc3 | 0.25.0-rc3 |
| os-core-common | 0.25.0-rc2 | 0.25.0-rc2 |
| os-core-lib-ibm | 0.24.0 | 0.24.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.17.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.17.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.20.0 |
| (3rd Party) org.elasticsearch.client.elasticsearch-rest-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.client.elasticsearch-rest-high-level-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-cli | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-core | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-geo | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-lz4 | | 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-plugin-classloader | | 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-secure-sm | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-x-content | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.aggs-matrix-stats-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.lang-mustache-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.mapper-extras-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.parent-join-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.rank-eval-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.33, 1.27, 2.0 |
### Dependency Information After the Upgrade
```
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Branch: dependency-upgrade
SHA: 70b6e4ed7af0fae1e282ef5cf2beac3f18ae2dea
Maven: 0.26.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/integration-tests/ |
| ------------------------------------------------------------------------- | ------ | -------------------------- |
| core-lib-azure | 0.25.0 | 0.25.0 |
| core-lib-gc | 0.25.0 | |
| os-core-lib-aws | 0.25.0 | 0.25.0 |
| os-core-common | 0.25.0 | 0.25.0 |
| os-core-lib-ibm | 0.25.0 | 0.25.0 |
| (3rd Party) org.apache.logging.log4j.log4j-api | 2.17.1 | 2.11.1, 2.17.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-core | 2.17.1 | 2.17.1, 2.13.3 |
| (3rd Party) org.apache.logging.log4j.log4j-to-slf4j | 2.17.1 | 2.11.2, 2.20.0 |
| (3rd Party) org.elasticsearch.client.elasticsearch-rest-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.client.elasticsearch-rest-high-level-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-cli | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-core | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-geo | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-lz4 | | 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-plugin-classloader | | 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-secure-sm | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.elasticsearch-x-content | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.aggs-matrix-stats-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.lang-mustache-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.mapper-extras-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.parent-join-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.elasticsearch.plugin.rank-eval-client | 7.8.1 | 7.8.1, 7.17.15 |
| (3rd Party) org.yaml.snakeyaml | 2.0 | 1.26, 1.33, 1.27, 2.0 |M22 - Release 0.25https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/64Gcp fix elastic tests (GONRG-846)2023-08-18T22:13:33ZAnastasiia GelmutGcp fix elastic tests (GONRG-846)# Description:
ElasticClientHandlerTest was fixed.
# How to test:
mav clean install
# Changes include:
- [x] Refactor (a non-breaking change that improves code maintainability).
- [x] Bugfix (a non-breaking change that solves an issu...# Description:
ElasticClientHandlerTest was fixed.
# How to test:
mav clean install
# Changes include:
- [x] Refactor (a non-breaking change that improves code maintainability).
- [x] Bugfix (a non-breaking change that solves an issue).
- [ ] New feature (a non-breaking change that adds functionality).
- [ ] Breaking change (a change that is not backward-compatible and/or changes current functionality).
# Changes in:
- [x] GCP
- [ ] Azure
- [ ] AWS
- [ ] IBM
# Dev Checklist:
- [x] Added Unit Tests, wherever applicable.
- [ ] Updated the Readme, if applicable.
- [x] Existing Tests pass
- [x] Verified functionality locally
- [x] Self Reviewed my code for formatting and complex business logic.M1 - Release 0.1Rostislav Dublin (EPAM)Rostislav Dublin (EPAM)https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/135Gcp iam migration(GONRG-2518)2021-06-29T05:02:13ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comGcp iam migration(GONRG-2518)Starting July 1, 2021, calls to SignBlob and SignJwt (also known as JSON Web Tokens (JWT)) on the IAM API will no longer be supported and may fail.
Google is deprecating both authentication methods on: https://iam.googleapis.com Instead...Starting July 1, 2021, calls to SignBlob and SignJwt (also known as JSON Web Tokens (JWT)) on the IAM API will no longer be supported and may fail.
Google is deprecating both authentication methods on: https://iam.googleapis.com Instead, we can now use: https://iamcredentials.googleapis.com
We must migrate our projects off the IAM API to the new IAMCredentials API to avoid a service disruption. The IAMCredentials API supports higher traffic volumes across the network, giving you better access and reliability.M7 - Release 0.10Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/111Gcp properties2023-08-18T22:07:01ZRiabokon Stanislav(EPAM)[GCP]Gcp propertiesM6 - Release 0.9Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/63Gcp sonar comments fix (GONRG-1364)2023-08-18T22:13:34ZAnastasiia GelmutGcp sonar comments fix (GONRG-1364)# Description:
SonarLint comments were fixed. Non-breakable refactoring.
# How to test:
mvn clean install
# Changes include:
- [x] Refactor (a non-breaking change that improves code maintainability).
- [ ] Bugfix (a non-breaking chan...# Description:
SonarLint comments were fixed. Non-breakable refactoring.
# How to test:
mvn clean install
# Changes include:
- [x] Refactor (a non-breaking change that improves code maintainability).
- [ ] Bugfix (a non-breaking change that solves an issue).
- [ ] New feature (a non-breaking change that adds functionality).
- [ ] Breaking change (a change that is not backward-compatible and/or changes current functionality).
# Changes in:
- [x] GCP
- [ ] Azure
- [ ] AWS
- [ ] IBM
# Dev Checklist:
- [x] Added Unit Tests, wherever applicable.
- [ ] Updated the Readme, if applicable.
- [x] Existing Tests pass
- [x] Verified functionality locally
- [x] Self Reviewed my code for formatting and complex business logic.M1 - Release 0.1Rostislav Dublin (EPAM)Rostislav Dublin (EPAM)https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/104Gcp support partition service (GONRG-2164)2023-08-18T22:07:11ZRiabokon Stanislav(EPAM)[GCP]Gcp support partition service (GONRG-2164)## Type of change
- [ ] Bug Fix
- [X] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] GCP
- [ ] I...## Type of change
- [ ] Bug Fix
- [X] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] GCP
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
GCP provider does not support to use partition service under SA
## What is the new/expected behavior?
GCP provider supports to use partition service under SAM6 - Release 0.9Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/120GCP temp fix for policy integration2023-08-18T22:06:50ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comGCP temp fix for policy integrationM6 - Release 0.9Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/125Gcp timeout exception search (GONRG-2509)2023-08-18T22:06:45ZRiabokon Stanislav(EPAM)[GCP]Gcp timeout exception search (GONRG-2509)## Type of change
- [X] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] GCP
- [ ] IB...## Type of change
- [X] Bug Fix
- [ ] Feature
## Does this introduce a change in the core logic?
- [NO]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [X] GCP
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
It returns 500.
## What is the new/expected behavior?
Added java.net.SocketTimeoutException during search. It will return 408 instead of 500.
## Any other useful informationM7 - Release 0.10Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/459Generate Swagger using springdoc-openapi OAS 3.02023-03-21T09:17:29ZThulasi Dass SubramanianGenerate Swagger using springdoc-openapi OAS 3.0**Link to ADR(Architecture Decision Record)** : [Swagger using springdoc-openapi](https://community.opengroup.org/osdu/platform/system/home/-/issues/97)
## OpenAPI 3.0 related changes
* upgraded to latest **springdoc openapi** latest v...**Link to ADR(Architecture Decision Record)** : [Swagger using springdoc-openapi](https://community.opengroup.org/osdu/platform/system/home/-/issues/97)
## OpenAPI 3.0 related changes
* upgraded to latest **springdoc openapi** latest version [1.6.14](https://mvnrepository.com/artifact/org.springdoc/springdoc-openapi-ui/1.6.14)
* used **[@OpenAPIDefinition](https://docs.swagger.io/swagger-core/v2.0.9/apidocs/io/swagger/v3/oas/annotations/OpenAPIDefinition.html)** annotation to populate OpenAPI Object fields *\[info, tags, servers, security\]*
* Documented **Search, Info, Health Check** API with OpenAPI 3.0 **Annotations**
* Added the standard HTTP Response(4xx, 5x\*\*\*\*x) for API Responses
* Custom Path for
* **Swagger UI**: https://host/context-path/swagger (will redirect to https://host/context-path/swagger-ui/index.html)
* **api-docs (JSON)** : https://host/context-path/api-docs
* **api-docs (YAML)** : https://host/context-path/api-docs.yaml
* **Azure Swagger GLAB**(_for Reference_)
* **Swagger UI**: https://osdu-glab.msft-osdu-test.org/api/search/v2/swagger (will redirect to https://osdu-glab.msft-osdu-test.org/api/search/v2/swagger-ui/index.html)
* **api-docs (JSON)** : https://osdu-glab.msft-osdu-test.org/api/search/v2/api-docs
* **api-docs (YAML)** : https://osdu-glab.msft-osdu-test.org/api/search/v2/api-docs.yaml
## Other Changes
- **Configurable** descriptions managed in [swagger.properties](https://community.opengroup.org/osdu/platform/system/search/-/blob/az/td-oas/search-core/src/main/resources/swagger.properties)
- added **Integration Test** cases for _**Swagger api-docs**_ endpoint
- Deleted HomeController
- Hide the WhoamiController
- Updated Readme for swagger related information
## References
- https://springdoc.org/faq.html#_can_i_use_spring_property_with_swagger_annotations
- https://springdoc.org/migrating-from-springfox.htmlM17 - Release 0.20Thulasi Dass SubramanianThulasi Dass Subramanianhttps://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/493GONGR-6885 Reduce requests according to VPA2023-08-18T22:03:58ZAndriy Halka [EPAM / GCP]GONGR-6885 Reduce requests according to VPAM18 - Release 0.21https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/61GONRG-1125: removed include osdu-gcp from search pipeline2023-08-18T22:13:37ZAliaksandr Lubouski (EPAM)GONRG-1125: removed include osdu-gcp from search pipelineM1 - Release 0.1https://community.opengroup.org/osdu/platform/system/search-service/-/merge_requests/58GONRG-1125: variables OSDU_GCP_REDIS_SEARCH_PORT and...2023-08-18T22:13:43ZAliaksandr Lubouski (EPAM)GONRG-1125: variables OSDU_GCP_REDIS_SEARCH_PORT and...GONRG-1125: variables OSDU_GCP_REDIS_SEARCH_PORT and OSDU_GCP_SPRING_PROFILES_ACTIVE moved to ci-cd-pipelines cloudrun from searchGONRG-1125: variables OSDU_GCP_REDIS_SEARCH_PORT and OSDU_GCP_SPRING_PROFILES_ACTIVE moved to ci-cd-pipelines cloudrun from searchM1 - Release 0.1