Storage merge requestshttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests2023-08-18T22:21:06Zhttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/434GONRG-5051: refactor dev2 pipeline2023-08-18T22:21:06ZNastassia Rabeichykava (EPAM)GONRG-5051: refactor dev2 pipeline# Merge request template# Merge request templateM13 - Release 0.16https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/433Gonrg 5061 refactor community pipeline2023-08-18T22:21:08ZSiarhei Symanovich (EPAM)Gonrg 5061 refactor community pipelineGonrg 5061 refactor community pipelineGonrg 5061 refactor community pipelineM13 - Release 0.16Siarhei Symanovich (EPAM)Siarhei Symanovich (EPAM)https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/431Common pipeline for preship env [GONRG-5050]2023-08-18T22:21:10ZMikhail Piatliou (EPAM)Common pipeline for preship env [GONRG-5050]# Merge request template# Merge request templateM13 - Release 0.16Mikhail Piatliou (EPAM)Mikhail Piatliou (EPAM)https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/427Bulk record creation API fix for MSI2023-08-18T22:21:12ZAnkur RawatBulk record creation API fix for MSICurrent Bulk Executor API used Document Client which is creeated with cosmos-primary-key.
To move to MSI, we need a client which can be created with DefaultCreds. Made changes for the same.Current Bulk Executor API used Document Client which is creeated with cosmos-primary-key.
To move to MSI, we need a client which can be created with DefaultCreds. Made changes for the same.M13 - Release 0.16Ankur RawatAnkur Rawathttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/426fix opa endpoint config (GONRG-5080)2022-09-10T09:09:15ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comfix opa endpoint config (GONRG-5080)## Type of change
- [x] Bug Fix
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] GCP
- [ ] IBM
## Does th...## Type of change
- [x] Bug Fix
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a change in the cloud provider implementation, if so which cloud?
- [ ] AWS
- [ ] Azure
- [ ] GCP
- [ ] IBM
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
Property configuration of OPA endpoint combined with OPA service not working as it was planned,
value does not inject to the service, and during runtime, a NullPointer exception will occur when Storage tries to send request OPA endpoint.
And it no follow best practices as it said that configuration should be clean POJO objects.
https://www.baeldung.com/configuration-properties-in-spring-boot#simple-properties
## What is the new/expected behavior?
Property injects as it should be, via property file or via env variable.
## Have you added/updated Unit Tests and Integration Tests?
yes
## Any other useful information
This is a minor fix that will not require any changes in CSP configurations.M13 - Release 0.16Rustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comhttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/425Enabling OPA for AWS and Replacing ConfigProps with Value annotation2023-08-18T22:21:13ZMarc Burnie [AWS]Enabling OPA for AWS and Replacing ConfigProps with Value annotation- Enabling OPA for AWS on Storage
- Replaced @ConfigurationProperties with @Value annotation due to null OPA endpoint variable- Enabling OPA for AWS on Storage
- Replaced @ConfigurationProperties with @Value annotation due to null OPA endpoint variableM13 - Release 0.16Marc Burnie [AWS]Marc Burnie [AWS]https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/423implement int tests for anthos env(GONRG-4979)2023-08-18T22:21:15ZRustam Lotsmanenko (EPAM)rustam_lotsmanenko@epam.comimplement int tests for anthos env(GONRG-4979)# Merge request template# Merge request templateM13 - Release 0.16Riabokon Stanislav(EPAM)[GCP]Riabokon Stanislav(EPAM)[GCP]https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/420Add redis properties2022-08-12T21:21:46ZAlok JoshiAdd redis propertiesCurrent default redis cache configuration (for groups cache for Azure) sets cache expiration time as 1 hour. This is an issue because 1 hour is too long, any recent changes on user's groups will not be picked up by the cache.
Scenario:
...Current default redis cache configuration (for groups cache for Azure) sets cache expiration time as 1 hour. This is an issue because 1 hour is too long, any recent changes on user's groups will not be picked up by the cache.
Scenario:
- User makes a Storage call with token 1
- A new group is created with Entitlements service and user is added to that group
- User makes a Storage call which requires user to be in this new group (which he/she is)
With 1 hour cache expiration, storage will fail to sync cache with this new membership, and return 403 for user. Thus, this expiration should be much lower.M13 - Release 0.16Alok JoshiAlok Joshihttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/418Remove read audit logs2023-08-18T22:21:18ZRostislav Vatolinvatolinrp@gmail.comRemove read audit logs## Type of change
- [YES] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/49
## Does this introduce a change i...## Type of change
- [YES] Feature
**Please provide link to gitlab issue or ADR(Architecture Decision Record)**
https://community.opengroup.org/osdu/platform/system/lib/core/os-core-common/-/issues/49
## Does this introduce a change in the core logic?
- [YES]
## Does this introduce a breaking change?
- [NO]
## What is the current behavior?
all read audit logs are being logged
## What is the new/expected behavior?
read audit logs can be turned off using entry (flag) in PartitionInfo table
## Have you added/updated Unit Tests and Integration Tests?
unit tests updatedM13 - Release 0.16https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/529Cherry-pick 'Merge ibm helm' into release/0.172022-10-10T18:09:39ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Merge ibm helm' into release/0.17**Original MR**: !526
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !526
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/storage/-/pipelines/new?ref=cherry-pick-for-526)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/528Cherry-pick 'Added valid access token for test case inputs' into release/0.172022-10-07T07:51:45ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Added valid access token for test case inputs' into release/0.17**Original MR**: !508
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !508
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/storage/-/pipelines/new?ref=cherry-pick-for-508)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/527Cherry-pick 'Remove SNAPSHOT dependencies' into release/0.172022-10-09T02:14:47ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Remove SNAPSHOT dependencies' into release/0.17**Original MR**: !523
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !523
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/storage/-/pipelines/new?ref=cherry-pick-for-523)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/526Merge ibm helm2022-10-10T06:01:36ZManish SinghMerge ibm helm# Merge request template
Merge ibm helm to master# Merge request template
Merge ibm helm to masterM14 - Release 0.17Shrikant GargShrikant Garghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/525Cherry-pick 'Upgrade Tomcat' into release/0.172022-10-06T16:11:58ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade Tomcat' into release/0.17**Original MR**: !522
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !522
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/storage/-/pipelines/new?ref=cherry-pick-for-522)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/524Cherry-pick 'Upgrade Gson' into release/0.172022-10-06T16:11:53ZDavid Diederichd.diederich@opengroup.orgCherry-pick 'Upgrade Gson' into release/0.17**Original MR**: !517
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporati...**Original MR**: !517
### This MR is a Cherry Pick into a Release Branch.
After the release branch is first created, any subsequent changes use this process to update the release (often resulting in a new patch tag) without incorporating all changes in the default branch.
These MRs must be approved by the PMC before they are merged, since they alter the scope of the release.
To see more details about the change itself, look at the Original MR listed above.
#### Skipped Pipeline
Normally, pipelines are not executed on the cherry pick branch/MR prior to merging.
This optimization is accepted because the code was tested when it merged into the default branch, and will be tested again in the release branch prior to tagging.
However, if anybody feels that the MR requires further scrutiny -- whether because it had conflicts in the cherry-picking, it interfaces with some drastically altered logic between the branches, or any other reason -- we can run the pipeline here prior to merging.
#### If There's Reason to Run a Pipeline
If you want to see a pipeline result before this merges, first add a comment explaining why you'd like to see the pipeline results so the PMC and others know your thinking.
Then, mark the MR as a Draft MR (using the vertical ellipsis above, choose 'Mark as Draft').
This prevents the MR from being approved & merged accidentally by a busy release coordinator who didn't see your comment.
Finally, if you are a maintainer on the project, launch a pipeline on this branch.
Since this branch is a protected branch and the MR has ~no-detached-pipeline set, all integration tests will run and there's no need for any `trusted-*` branches.
[Launch a Pipeline for this Branch](https://community.opengroup.org/osdu/platform/system/storage/-/pipelines/new?ref=cherry-pick-for-517)M14 - Release 0.17David Diederichd.diederich@opengroup.orgDavid Diederichd.diederich@opengroup.orghttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/523Remove SNAPSHOT dependencies2022-10-06T22:06:56ZDavid Diederichd.diederich@opengroup.orgRemove SNAPSHOT dependenciesThis automated MR removes usage of `SNAPSHOT` versions in the first party library dependencies.
Since `SNAPSHOT` dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
### ...This automated MR removes usage of `SNAPSHOT` versions in the first party library dependencies.
Since `SNAPSHOT` dependencies change frequently -- by their nature -- usage of them across projects is dangerous and should be avoided.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 90491c9cf713c9a72937032181e242268de2d1ca
Maven: 0.18.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------- |
| core-lib-azure | 0.17.0-rc14 | |
| core-lib-gcp | 0.16.0-rc1 | |
| os-core-lib-aws | 0.17.0-SNAPSHOT | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.17.0-rc3, 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.1.19.RELEASE | 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.18.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.18.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.18.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.18.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
```
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.18.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: remove-snapshots
SHA: 5b14fb922f3ed1d6a6e90e4fbe2178d6b8aab38c
Maven: 0.18.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------- |
| core-lib-azure | 0.17.0-rc14 | |
| core-lib-gcp | 0.16.0-rc1 | |
| os-core-lib-aws | 0.17.0 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.17.0-rc3, 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.1.19.RELEASE | 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.18.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.18.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.18.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.18.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.18.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.18.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
```
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.18.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/522Upgrade Tomcat2022-10-06T01:31:47ZXiangliang MengUpgrade Tomcat# Merge request template# Merge request templateM14 - Release 0.17Okoun-Ola Fabien HouetoXiangliang MengOkoun-Ola Fabien Houetohttps://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/520Update FOSSA NOTICE2022-10-02T21:36:20ZDavid Diederichd.diederich@opengroup.orgUpdate FOSSA NOTICEThis MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these ...This MR updates the attribution file for the project (also known as the `NOTICE` file).
It is important to keep this up to date to satisfy legal requirements of dependency licenses.
We use FOSSA as the tool to scan for and detect these changes.M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/519Upgrade First Party Library Dependencies for Release 0.172022-10-05T04:19:11ZDavid Diederichd.diederich@opengroup.orgUpgrade First Party Library Dependencies for Release 0.17This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any...This automated MR upgrades the first party libraries (other OSDU libraries) to utilize the latest release.
The intent is to keep the OSDU projects utilizing the latest available code to ensure widespread usage and stability.
However, any library that is older than the previous release will be left as-is, since the upgrade is likely to be more complicated.
Furthermore, the upgrade should only be merged in the CI pipeline reports success.
If this MR has failed, we can spend a little time investigating to see if a trivial upgrade could achieve compatiblity to the new library.
But significant upgrade efforts should not occur on this MR, as part of the release tagging process.
Instead, significant work should be scheduled for a subsequent milestone.
### Dependency Information Before the Upgrade
```
Branch: master
SHA: 6ec9310964002206df5220858db5167665b2f17e
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------- |
| core-lib-azure | 0.17.0-rc14 | |
| core-lib-gcp | 0.16.0-rc1 | |
| os-core-lib-aws | 0.17.0-SNAPSHOT | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.17.0-rc3, 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.12 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.1.19.RELEASE | 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
```
```
Warning: Found Vulnerable Spring WebFlux dependency (<5.2.20 || >=5.3.0 <5.3.18)
└─ _Root_
└─ org.opengroup.osdu.storage-azure == 0.17.0-SNAPSHOT
└─ com.azure.spring.azure-spring-boot-starter-active-directory == 3.4.0
└─ org.springframework.boot.spring-boot-starter-webflux == 2.4.12
└─ org.springframework.spring-webflux == 5.3.12
```
### Dependency Information After the Upgrade
```
Branch: dependency-upgrade
SHA: 3a533470607042065c919eac99b632a30a23a955
Maven: 0.17.0-SNAPSHOT
```
| Maven Dependencies | _Root_ | testing/ |
| ------------------------------------------------------- | ---------------------- | --------------- |
| core-lib-azure | 0.17.0 | |
| core-lib-gcp | 0.16.0-rc1 | |
| os-core-lib-aws | 0.17.0 | 0.14.0-rc2 |
| obm | 0.15.0 | |
| oqm | 0.15.0 | |
| os-core-common | 0.17.0, 0.15.0 | 0.13.0 |
| os-core-lib-ibm | 0.16.0-rc1 | 0.13.0 |
| osm | 0.15.0 | |
| (3rd Party) com.fasterxml.jackson.core.jackson-databind | 2.13.2.2 | 2.8.1, 2.13.2.2 |
| (3rd Party) org.springframework.spring-webflux | 5.3.22 | |
| (3rd Party) org.springframework.spring-webmvc | 5.3.22, 5.1.19.RELEASE | 5.3.12 |
```
Warning: Found Vulnerable Spring MVC dependency (<5.2.20 || >=5.3.0 <5.3.18)
├─ _Root_
│ ├─ org.opengroup.osdu.storage-byoc == 0.17.0-SNAPSHOT
│ │ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ │ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
│ └─ org.opengroup.osdu.storage-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage-core == 0.17.0-SNAPSHOT
│ └─ org.springframework.spring-webmvc == 5.1.19.RELEASE
└─ testing/
├─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-aws == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-azure == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-gcp == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
├─ org.opengroup.osdu.storage.storage-test-ibm == 0.17.0-SNAPSHOT
│ └─ org.opengroup.osdu.os-core-common == 0.13.0
│ └─ org.springframework.boot.spring-boot-starter-web == 2.4.12
│ └─ org.springframework.spring-webmvc == 5.3.12
└─ org.opengroup.osdu.storage.storage-test-anthos == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.storage.storage-test-core == 0.17.0-SNAPSHOT
└─ org.opengroup.osdu.os-core-common == 0.13.0
└─ org.springframework.boot.spring-boot-starter-web == 2.4.12
└─ org.springframework.spring-webmvc == 5.3.12
```M14 - Release 0.17https://community.opengroup.org/osdu/platform/system/storage/-/merge_requests/518AWS Using Helm to Deploy2022-12-13T00:22:43ZMarc Burnie [AWS]AWS Using Helm to DeployM14 - Release 0.17Marc Burnie [AWS]Marc Burnie [AWS]