From 1e9c22ceac515e95fbb99b809e52c1e64f6b6e85 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Tue, 14 Feb 2023 13:28:05 +0530 Subject: [PATCH 01/50] Create Preserve-commits.yml --- .github/workflows/Preserve-commits.yml | 30 ++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 .github/workflows/Preserve-commits.yml diff --git a/.github/workflows/Preserve-commits.yml b/.github/workflows/Preserve-commits.yml new file mode 100644 index 0000000000..c96620c756 --- /dev/null +++ b/.github/workflows/Preserve-commits.yml @@ -0,0 +1,30 @@ +name: GitHub Actions For Commit Preserve +run-name: ${{ github.actor }} is testing out GitHub Actions + +on: + pull_request: + types: + - closed +jobs: + Explore-GitHub-Actions: + if: github.event.pull_request.merged == true + runs-on: ubuntu-latest + steps: + - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." + - run: echo "🐧 This job is now running on a ${{ runner.os }} server hosted by GitHub!" + - run: echo "🔎 The name of your branch is ${{ github.ref }} and your repository is ${{ github.repository }}." + - name: Check out repository code + uses: actions/checkout@v3 + - run: echo "💡 The ${{ github.repository }} repository has been cloned to the runner." + - name: List files in the repository + run: | + # ls ${{ github.workspace }} + git branch + touch Dev_commits + git config --global user.email "yugaa22@gmail.com" + git config --global user.name "yugaa22" + git log -1 | grep commit | awk '{print $2}' >> Dev_commits + git add . + git commit -m "Developper_commits" + git push + - run: echo "🍏 This job's status is ${{ job.status }}." From 748d108f10e59702cd11c4013fe834759f64cb13 Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Wed, 12 Apr 2023 21:26:42 +0530 Subject: [PATCH 02/50] changes for ubi8.7 java17 build from repo : https://github.com/SusmithaGundu/halyard-oes --- build.gradle | 10 +- gradle.properties | 12 +- gradle/wrapper/gradle-wrapper.properties | 2 +- halyard-backup/halyard-backup.gradle | 3 +- halyard-cli/halyard-cli.gradle | 9 +- halyard-config/halyard-config.gradle | 52 ++++-- .../v1/HalconfigDirectoryStructure.java | 7 +- .../error/v1/ConfigNotFoundException.java | 2 +- .../config/model/v1/node/Telemetry.java | 4 +- .../OraclePersistentStore.java | 4 +- .../v1/ArtifactTemplateServiceSpec.groovy | 176 +++++++++--------- .../services/v1/PluginServiceSpec.groovy | 2 +- .../kubernetes/KubernetesAccountTest.java | 13 +- halyard-core/halyard-core.gradle | 22 ++- .../halyard/core/error/v1/HalException.java | 2 +- .../core/registry/v1/VersionsSpec.groovy | 2 +- .../v1/LocalDiskProfileReaderSpec.groovy | 10 +- halyard-deploy/halyard-deploy.gradle | 26 ++- .../DistributedServiceProvider.java | 4 +- .../google/GoogleProviderUtils.java | 14 +- halyard-web/halyard-web.gradle | 5 +- .../halyard/config/v1/SecurityConfig.java | 7 +- .../errors/v1/HalconfigExceptionHandler.java | 2 +- settings.gradle | 11 ++ 24 files changed, 238 insertions(+), 163 deletions(-) diff --git a/build.gradle b/build.gradle index be4aef8139..87e90d85ca 100644 --- a/build.gradle +++ b/build.gradle @@ -13,7 +13,6 @@ * See the License for the specific language governing permissions and * limitations under the License. */ - plugins { id 'io.spinnaker.project' version "$spinnakerGradleVersion" apply false id 'com.google.protobuf' version "0.8.12" apply false @@ -21,6 +20,10 @@ plugins { allprojects { apply plugin: "io.spinnaker.project" + repositories {mavenCentral()} + tasks.withType(Copy).all { + duplicatesStrategy 'exclude' + } } subprojects { @@ -46,13 +49,16 @@ subprojects { } dependencies { - implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion") + implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion"){ + exclude group: 'org.apache.groovy', module: 'groovy' + } annotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion") annotationProcessor "org.projectlombok:lombok" testAnnotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion") testAnnotationProcessor "org.projectlombok:lombok" } + } defaultTasks ':halyard-web:run' diff --git a/gradle.properties b/gradle.properties index 70e8c1d211..4ade2fcd2e 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,10 +1,10 @@ -clouddriverVersion=5.79.0 -fiatVersion=1.36.0 -korkVersion=7.165.0 -front50Version=2.27.0 +clouddriverVersion=1-0-SNAPSHOT +fiatVersion=1-0-SNAPSHOT +korkVersion=1-0-SNAPSHOT +front50Version=1-0-SNAPSHOT org.gradle.parallel=true -spinnakerGradleVersion=8.25.0 -targetJava11=true +spinnakerGradleVersion=1-0-SNAPSHOT +#targetJava11=true # To enable a composite reference to a project, set the # project property `'Composite=true'`. diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index 442d9132ea..ae04661ee7 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-6.8.3-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-7.5.1-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/halyard-backup/halyard-backup.gradle b/halyard-backup/halyard-backup.gradle index 9d849bbe45..e217164e1a 100644 --- a/halyard-backup/halyard-backup.gradle +++ b/halyard-backup/halyard-backup.gradle @@ -6,13 +6,12 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-web' // TODO(lwander) Move to spinnaker-dependencies implementation 'com.google.apis:google-api-services-cloudkms:v1-rev8-1.22.0' - implementation 'com.google.apis:google-api-services-storage' + implementation 'com.google.apis:google-api-services-storage:v1-rev141-1.25.0' implementation 'com.google.auth:google-auth-library-oauth2-http' implementation 'org.apache.commons:commons-lang3' implementation 'commons-io:commons-io' implementation 'org.apache.commons:commons-compress:1.20' implementation 'io.fabric8:kubernetes-client:4.1.1' - implementation 'org.codehaus.groovy:groovy' implementation project(':halyard-config') implementation project(':halyard-core') diff --git a/halyard-cli/halyard-cli.gradle b/halyard-cli/halyard-cli.gradle index 69d7080cf9..9b2280264c 100644 --- a/halyard-cli/halyard-cli.gradle +++ b/halyard-cli/halyard-cli.gradle @@ -1,3 +1,6 @@ +apply plugin: 'java-library' +apply plugin: 'groovy' + dependencies { compileOnly 'org.projectlombok:lombok' annotationProcessor 'org.projectlombok:lombok' @@ -8,14 +11,13 @@ dependencies { implementation 'org.apache.commons:commons-lang3' implementation 'org.apache.commons:commons-text:1.10.0' implementation 'ch.qos.logback:logback-classic' - implementation 'com.squareup.retrofit:retrofit' - implementation 'com.squareup.retrofit:converter-jackson' + implementation 'com.squareup.retrofit:retrofit:1.9.0' + implementation 'com.squareup.retrofit:converter-jackson:1.9.0' implementation 'com.fasterxml.jackson.core:jackson-annotations' implementation 'com.fasterxml.jackson.core:jackson-core' implementation 'com.fasterxml.jackson.core:jackson-databind' implementation 'org.aspectj:aspectjweaver' implementation 'org.yaml:snakeyaml:1.24' - implementation 'org.codehaus.groovy:groovy' implementation 'com.beust:jcommander:1.81' implementation 'org.nibor.autolink:autolink:0.10.0' @@ -31,6 +33,7 @@ dependencies { testImplementation 'org.junit.platform:junit-platform-runner' testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5' testImplementation 'org.springframework:spring-test' + } apply plugin: 'application' diff --git a/halyard-config/halyard-config.gradle b/halyard-config/halyard-config.gradle index 9d437c712a..7d2573c1d6 100644 --- a/halyard-config/halyard-config.gradle +++ b/halyard-config/halyard-config.gradle @@ -4,13 +4,27 @@ dependencies { // TODO(plumpy): remove version once added to kork implementation "com.google.cloud:google-cloud-storage:1.108.0" - implementation "io.spinnaker.clouddriver:clouddriver-api:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-docker:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-google:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-appengine:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-azure:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-cloudfoundry:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-security:$clouddriverVersion" + implementation("io.spinnaker.clouddriver:clouddriver-api:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-docker:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-google:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-appengine:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-azure:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-cloudfoundry:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-security:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } implementation "io.spinnaker.fiat:fiat-core:$fiatVersion" implementation "io.spinnaker.front50:front50-core:$front50Version" implementation "io.spinnaker.front50:front50-gcs:$front50Version" @@ -22,7 +36,7 @@ dependencies { implementation "io.spinnaker.kork:kork-cloud-config-server" implementation 'com.amazonaws:aws-java-sdk-core:1.11.534' implementation 'com.amazonaws:aws-java-sdk-s3:1.11.534' - implementation 'com.google.apis:google-api-services-compute' + implementation 'com.google.apis:google-api-services-compute:alpha-rev20200526-1.30.9' implementation 'com.google.apis:google-api-services-appengine:v1-rev92-1.25.0' implementation "com.azure.resourcemanager:azure-resourcemanager:2.19.0" implementation "com.azure:azure-storage-blob:12.19.1" @@ -32,23 +46,23 @@ dependencies { implementation 'io.fabric8:kubernetes-client' implementation "com.jakewharton.retrofit:retrofit1-okhttp3-client:1.1.0" - implementation 'com.squareup.retrofit:retrofit' - implementation "com.squareup.retrofit:converter-jackson" - implementation "com.squareup.retrofit2:retrofit" - implementation "com.squareup.retrofit2:converter-jackson" + implementation 'com.squareup.retrofit:retrofit:1.9.0' + implementation "com.squareup.retrofit:converter-jackson:1.9.0" + implementation "com.squareup.retrofit2:retrofit:2.8.1" + implementation "com.squareup.retrofit2:converter-jackson:2.8.1" implementation 'com.jcraft:jsch' - implementation 'de.huxhorn.sulky:de.huxhorn.sulky.ulid' - implementation "net.logstash.logback:logstash-logback-encoder" - implementation "javax.validation:validation-api" + implementation 'de.huxhorn.sulky:de.huxhorn.sulky.ulid:8.2.0' + implementation "net.logstash.logback:logstash-logback-encoder:4.11" + implementation "jakarta.validation:jakarta.validation-api:3.0.2" // TODO: add clouddriverDCOS once that's merged implementation project(':halyard-core') - + api("com.google.apis:google-api-services-compute:alpha-rev20200526-1.30.9") testImplementation 'org.assertj:assertj-core' - testImplementation 'org.junit.jupiter:junit-jupiter-api' - testImplementation 'org.junit.platform:junit-platform-runner' + testImplementation 'org.junit.jupiter:junit-jupiter' + testRuntimeOnly 'org.junit.jupiter:junit-jupiter-engine' + testImplementation 'org.junit.jupiter:junit-jupiter-params' testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5' testImplementation 'org.springframework:spring-test' - testImplementation 'org.codehaus.groovy:groovy' testRuntimeOnly 'net.bytebuddy:byte-buddy' } diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/HalconfigDirectoryStructure.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/HalconfigDirectoryStructure.java index cefd04f4dd..f16375b109 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/HalconfigDirectoryStructure.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/HalconfigDirectoryStructure.java @@ -43,7 +43,12 @@ public String getHalconfigDirectory() { } public String getHalconfigPath() { - return normalizePath(Paths.get(getHalconfigDirectory(), "config").toString()); + String dir = getHalconfigDirectory(); + if (dir != null) { + String path = Paths.get(dir, "config").toString(); + return normalizePath(path); + } + return "/config"; } public Path getLogsPath(String deploymentName) { diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/error/v1/ConfigNotFoundException.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/error/v1/ConfigNotFoundException.java index 71e443f91a..9aed2c632e 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/error/v1/ConfigNotFoundException.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/error/v1/ConfigNotFoundException.java @@ -19,7 +19,7 @@ import com.netflix.spinnaker.halyard.core.error.v1.HalException; import com.netflix.spinnaker.halyard.core.problem.v1.Problem; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import lombok.Getter; /** diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/node/Telemetry.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/node/Telemetry.java index 2971668c7e..10c900b694 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/node/Telemetry.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/node/Telemetry.java @@ -19,7 +19,9 @@ import lombok.Data; import lombok.EqualsAndHashCode; -/** @deprecated Use {@link Stats} instead. */ +/** + * @deprecated Use {@link Stats} instead. + */ @Data @EqualsAndHashCode(callSuper = false) @Deprecated diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/persistentStorage/OraclePersistentStore.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/persistentStorage/OraclePersistentStore.java index aa185f7f3b..1c43e7d54a 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/persistentStorage/OraclePersistentStore.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/model/v1/persistentStorage/OraclePersistentStore.java @@ -14,8 +14,8 @@ import com.netflix.spinnaker.halyard.config.model.v1.node.PersistentStore; import com.netflix.spinnaker.halyard.config.model.v1.node.Secret; import com.netflix.spinnaker.halyard.config.model.v1.node.SecretFile; -import javax.validation.constraints.NotNull; -import javax.validation.constraints.Size; +import jakarta.validation.constraints.NotNull; +import jakarta.validation.constraints.Size; import lombok.Data; import lombok.EqualsAndHashCode; diff --git a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/ArtifactTemplateServiceSpec.groovy b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/ArtifactTemplateServiceSpec.groovy index f82220aaf7..fe69b51f3c 100644 --- a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/ArtifactTemplateServiceSpec.groovy +++ b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/ArtifactTemplateServiceSpec.groovy @@ -20,25 +20,25 @@ import com.netflix.spinnaker.halyard.config.error.v1.ConfigNotFoundException import spock.lang.Specification class ArtifactTemplateServiceSpec extends Specification { - String DEPLOYMENT = "default" - HalconfigParserMocker mocker = new HalconfigParserMocker() - - LookupService getMockLookupService(String config) { - def lookupService = new LookupService() - lookupService.parser = mocker.mockHalconfigParser(config) - return lookupService - } - - ArtifactTemplateService makeArtifactTemplateService(String config) { - def lookupService = getMockLookupService(config) - def deploymentService = new DeploymentService() - deploymentService.lookupService = lookupService - new ArtifactTemplateService(lookupService, new ValidateService(), deploymentService) - } - - def "load an existing artifact template node"() { - setup: - String config = """ + String DEPLOYMENT = "default" + HalconfigParserMocker mocker = new HalconfigParserMocker() + + LookupService getMockLookupService(String config) { + def lookupService = new LookupService() + lookupService.parser = mocker.mockHalconfigParser(config) + return lookupService + } + + ArtifactTemplateService makeArtifactTemplateService(String config) { + def lookupService = getMockLookupService(config) + def deploymentService = new DeploymentService() + deploymentService.lookupService = lookupService + new ArtifactTemplateService(lookupService, new ValidateService(), deploymentService) + } + + def "load an existing artifact template node"() { + setup: + String config = """ halyardVersion: 1 currentDeployment: $DEPLOYMENT deploymentConfigurations: @@ -50,35 +50,35 @@ deploymentConfigurations: - name: test-template templatePath: /home/user/test-template.jinja """ - def artifactTemplateService = makeArtifactTemplateService(config) + def artifactTemplateService = makeArtifactTemplateService(config) - when: - def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) + when: + def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) - then: - result != null - result.size() == 1 - result[0].getName() == "test-template" - result[0].getTemplatePath() == "/home/user/test-template.jinja" + then: + result != null + result.size() == 1 + result[0].getName() == "test-template" + result[0].getTemplatePath() == "/home/user/test-template.jinja" - when: - result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") + when: + result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") - then: - result != null - result.getName() == "test-template" - result.getTemplatePath() == "/home/user/test-template.jinja" + then: + result != null + result.getName() == "test-template" + result.getTemplatePath() == "/home/user/test-template.jinja" - when: - artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "non-existent-template") + when: + artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "non-existent-template") - then: - thrown(ConfigNotFoundException) - } + then: + thrown(ConfigNotFoundException) + } - def "no error if templates is empty"() { - setup: - String config = """ + def "no error if templates is empty"() { + setup: + String config = """ halyardVersion: 1 currentDeployment: $DEPLOYMENT deploymentConfigurations: @@ -88,25 +88,25 @@ deploymentConfigurations: artifacts: templates: [] """ - def artifactTemplateService = makeArtifactTemplateService(config) + def artifactTemplateService = makeArtifactTemplateService(config) - when: - def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) + when: + def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) - then: - result != null - result.size() == 0 + then: + result != null + result.size() == 0 - when: - artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") + when: + artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") - then: - thrown(ConfigNotFoundException) - } + then: + thrown(ConfigNotFoundException) + } - def "no error if templates is missing"() { - setup: - String config = """ + def "no error if templates is missing"() { + setup: + String config = """ halyardVersion: 1 currentDeployment: $DEPLOYMENT deploymentConfigurations: @@ -115,25 +115,25 @@ deploymentConfigurations: providers: null artifacts: """ - def artifactTemplateService = makeArtifactTemplateService(config) + def artifactTemplateService = makeArtifactTemplateService(config) - when: - def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) + when: + def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) - then: - result != null - result.size() == 0 + then: + result != null + result.size() == 0 - when: - artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") + when: + artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") - then: - thrown(ConfigNotFoundException) - } + then: + thrown(ConfigNotFoundException) + } - def "multiple templates are correctly parsed"() { - setup: - String config = """ + def "multiple templates are correctly parsed"() { + setup: + String config = """ halyardVersion: 1 currentDeployment: $DEPLOYMENT deploymentConfigurations: @@ -147,29 +147,29 @@ deploymentConfigurations: - name: test-template-2 templatePath: /home/user/test-template-2.jinja """ - def artifactTemplateService = makeArtifactTemplateService(config) + def artifactTemplateService = makeArtifactTemplateService(config) - when: - def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) + when: + def result = artifactTemplateService.getAllArtifactTemplates(DEPLOYMENT) - then: - result != null - result.size() == 2 + then: + result != null + result.size() == 2 - when: - result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") + when: + result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template") - then: - result != null - result.getName() == "test-template" - result.getTemplatePath() == "/home/user/test-template.jinja" + then: + result != null + result.getName() == "test-template" + result.getTemplatePath() == "/home/user/test-template.jinja" - when: - result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template-2") + when: + result = artifactTemplateService.getArtifactTemplate(DEPLOYMENT, "test-template-2") - then: - result != null - result.getName() == "test-template-2" - result.getTemplatePath() == "/home/user/test-template-2.jinja" - } + then: + result != null + result.getName() == "test-template-2" + result.getTemplatePath() == "/home/user/test-template-2.jinja" + } } diff --git a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/PluginServiceSpec.groovy b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/PluginServiceSpec.groovy index de17733638..b135eae285 100644 --- a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/PluginServiceSpec.groovy +++ b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/PluginServiceSpec.groovy @@ -98,7 +98,7 @@ deploymentConfigurations: version: 1 providers: null spinnaker: - extensibility: + extensibility: plugins: {} """ def pluginService = makePluginService(config) diff --git a/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java b/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java index 924d85782b..f6f9adf0d4 100644 --- a/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java +++ b/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java @@ -24,11 +24,18 @@ import java.io.IOException; import java.io.StringWriter; import org.junit.jupiter.api.Test; -import org.junit.platform.runner.JUnitPlatform; -import org.junit.runner.RunWith; +// import org.junit.platform.runner.JUnitPlatform; +// import org.junit.runner.RunWith; import org.yaml.snakeyaml.Yaml; -@RunWith(JUnitPlatform.class) +/* +You don't need it anymore when using junit 5. +In the junit documentation https://junit.org/junit5/docs/5.0.1/api/org/junit/platform/runner/JUnitPlatform.html +it states: +Annotating a class with @RunWith(JUnitPlatform.class) allows it to be run with IDEs and build systems that +support JUnit 4 but do not yet support the JUnit Platform directly. +*/ +// @RunWith(JUnitPlatform.class) final class KubernetesAccountTest { @Test diff --git a/halyard-core/halyard-core.gradle b/halyard-core/halyard-core.gradle index 2602ea0bb0..9b117e41b5 100644 --- a/halyard-core/halyard-core.gradle +++ b/halyard-core/halyard-core.gradle @@ -1,3 +1,6 @@ +apply plugin: 'java-library' +apply plugin: 'groovy' + dependencies { compileOnly 'org.projectlombok:lombok' annotationProcessor 'org.projectlombok:lombok' @@ -5,21 +8,28 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-web' implementation 'org.springframework.boot:spring-boot-gradle-plugin:1.4.7.RELEASE' - implementation "io.spinnaker.clouddriver:clouddriver-aws:$clouddriverVersion" + implementation("io.spinnaker.clouddriver:clouddriver-aws:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } implementation 'io.spinnaker.kork:kork-secrets' implementation 'io.spinnaker.kork:kork-secrets-aws' implementation 'io.spinnaker.kork:kork-secrets-gcp' - implementation 'com.google.apis:google-api-services-storage' + implementation 'com.google.apis:google-api-services-storage:+'//v1-rev141-1.25.0' implementation 'com.google.api.grpc:grpc-google-common-protos:1.0.5' implementation 'com.google.auth:google-auth-library-oauth2-http' - implementation 'org.apache.commons:commons-exec' + implementation 'org.apache.commons:commons-exec:+'//1.3' implementation 'org.apache.commons:commons-compress:1.20' implementation 'commons-io:commons-io' - implementation 'io.reactivex:rxjava' + implementation 'io.reactivex:rxjava:+'//1.3.8' implementation 'com.hubspot.jinjava:jinjava:2.2.3' - implementation 'org.spockframework:spock-spring:1.1-groovy-2.4' + implementation('org.spockframework:spock-spring:1.1-groovy-2.4'){ + exclude group: 'org.apache.groovy', module: 'groovy' + } + implementation 'org.apache.groovy:groovy:4.0.9' implementation 'org.yaml:snakeyaml:1.24' - + implementation 'com.google.http-client:google-http-client-jackson2:+' + implementation 'com.google.apis:google-api-services-compute:+' //alpha-rev20200526-1.30.9") testImplementation 'org.springframework.boot:spring-boot-starter-test' testImplementation 'org.springframework:spring-test' + } diff --git a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/error/v1/HalException.java b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/error/v1/HalException.java index bab1624bcb..e1b6d21b91 100644 --- a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/error/v1/HalException.java +++ b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/error/v1/HalException.java @@ -20,10 +20,10 @@ import com.netflix.spinnaker.halyard.core.problem.v1.Problem; import com.netflix.spinnaker.halyard.core.problem.v1.ProblemBuilder; import com.netflix.spinnaker.halyard.core.problem.v1.ProblemSet; +import jakarta.servlet.http.HttpServletResponse; import java.util.ArrayList; import java.util.Collections; import java.util.List; -import javax.servlet.http.HttpServletResponse; import lombok.Getter; /** This is the exception class that needs to be thrown by all validators. */ diff --git a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/registry/v1/VersionsSpec.groovy b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/registry/v1/VersionsSpec.groovy index 5e63276446..cbd14c0065 100644 --- a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/registry/v1/VersionsSpec.groovy +++ b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/registry/v1/VersionsSpec.groovy @@ -116,7 +116,7 @@ class VersionsSpec extends Specification { def "orderBySemVer throws an exception for invalid versions"() { when: - dev versions = ["1.0.0", badVersion] + def versions = ["1.0.0", badVersion] Collections.sort(versions, Versions.orderBySemVer()) then: diff --git a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy index a48d76a5f7..194e55d462 100644 --- a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy +++ b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy @@ -14,7 +14,7 @@ * limitations under the License. */ -package com.netflix.spinnaker.halyard.config.model.v1 +package com.netflix.spinnaker.halyard.core.resource.v1 import com.netflix.spinnaker.halyard.core.error.v1.HalException import com.netflix.spinnaker.halyard.core.problem.v1.Problem @@ -22,6 +22,9 @@ import org.apache.commons.compress.archivers.ArchiveException import org.apache.commons.compress.archivers.ArchiveStreamFactory import org.apache.commons.compress.archivers.tar.TarArchiveInputStream import org.apache.commons.io.IOUtils +import org.junit.jupiter.api.extension.ExtendWith +import org.springframework.context.annotation.Import +import org.springframework.test.context.ContextConfiguration import spock.lang.Specification import com.netflix.spinnaker.halyard.core.registry.v1.ProfileRegistry @@ -34,10 +37,9 @@ import com.fasterxml.jackson.databind.ObjectMapper import org.springframework.beans.factory.annotation.Autowired import org.springframework.boot.test.context.SpringBootTest -import java.io.File - -@SpringBootTest(classes = [ProfileRegistry.class, GoogleProfileReader.class, GitProfileReader.class, LocalDiskProfileReader.class, Yaml.class, ObjectMapper.class, String.class]) +//@SpringBootTest(classes = [ProfileRegistry.class, GoogleProfileReader.class, GitProfileReader.class, LocalDiskProfileReader.class, Yaml.class, ObjectMapper.class, String.class]) +@ContextConfiguration(classes = [ProfileRegistry.class, GoogleProfileReader.class, GitProfileReader.class, LocalDiskProfileReader.class, Yaml.class, ObjectMapper.class, String.class]) class LocalDiskProfileReaderSpec extends Specification { @Autowired diff --git a/halyard-deploy/halyard-deploy.gradle b/halyard-deploy/halyard-deploy.gradle index 68c02c684c..44d45a784f 100644 --- a/halyard-deploy/halyard-deploy.gradle +++ b/halyard-deploy/halyard-deploy.gradle @@ -5,25 +5,31 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-web' implementation "io.spinnaker.clouddriver:clouddriver-api:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-core:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-google:$clouddriverVersion" - implementation "io.spinnaker.clouddriver:clouddriver-security:$clouddriverVersion" + implementation("io.spinnaker.clouddriver:clouddriver-core:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-google:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } + implementation("io.spinnaker.clouddriver:clouddriver-security:$clouddriverVersion"){ + exclude group: 'org.codehaus.groovy', module: 'groovy' + } implementation "io.spinnaker.kork:kork-secrets" implementation "io.spinnaker.kork:kork-cloud-config-server" - implementation 'com.netflix.frigga:frigga' - implementation 'com.google.apis:google-api-services-storage' - implementation 'com.google.apis:google-api-services-compute' + implementation 'com.netflix.frigga:frigga:0.24.0' + implementation 'com.google.apis:google-api-services-storage:+' // v1-rev141-1.25.0' + implementation 'com.google.apis:google-api-services-compute:+' //alpha-rev20200526-1.30.9' implementation 'com.amazonaws:aws-java-sdk-core:1.11.534' implementation 'org.apache.commons:commons-compress:1.20' implementation 'org.apache.commons:commons-lang3' implementation 'commons-io:commons-io' implementation 'com.squareup.retrofit:retrofit' - implementation 'com.squareup.okhttp:okhttp' - + implementation 'com.squareup.okhttp:okhttp:2.7.5' + implementation 'org.apache.groovy:groovy:4.0.9' implementation "com.jakewharton.retrofit:retrofit1-okhttp3-client:1.1.0" implementation 'io.fabric8:kubernetes-client' implementation 'redis.clients:jedis' - implementation 'org.codehaus.groovy:groovy' + implementation project(':halyard-config') implementation project(':halyard-core') @@ -32,5 +38,5 @@ dependencies { testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5' testImplementation 'org.springframework:spring-test' testRuntimeOnly 'net.bytebuddy:byte-buddy' - testRuntimeOnly 'org.objenesis:objenesis' + testRuntimeOnly 'org.objenesis:objenesis:2.5.1' } diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/DistributedServiceProvider.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/DistributedServiceProvider.java index 17f0f34235..0371b6a29c 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/DistributedServiceProvider.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/DistributedServiceProvider.java @@ -51,7 +51,9 @@ public DistributedService getDeployableService( } } - /** @return the highest priority services first. */ + /** + * @return the highest priority services first. + */ public List getPrioritizedDistributedServices( List serviceTypes) { List result = diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleProviderUtils.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleProviderUtils.java index 1d78ec13b0..4f94e92926 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleProviderUtils.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleProviderUtils.java @@ -40,6 +40,7 @@ import java.io.File; import java.io.FileInputStream; import java.io.IOException; +import java.net.ServerSocket; import java.net.Socket; import java.net.URI; import java.net.URISyntaxException; @@ -58,7 +59,6 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.apache.http.client.utils.URIBuilder; -import org.springframework.util.SocketUtils; @Slf4j class GoogleProviderUtils { @@ -168,6 +168,16 @@ public static String getSshPublicKey() { } } + private static Integer findRandomOpenPortOnAllLocalInterfaces() { + ServerSocket socket; + try { + socket = new ServerSocket(0); + } catch (IOException e) { + throw new HalException(FATAL, "cannot find a random port"); + } + return socket.getLocalPort(); + } + private static Proxy openSshTunnel(String ip, int port, String keyFile) throws InterruptedException { JobExecutor jobExecutor = DaemonTaskHandler.getJobExecutor(); @@ -188,7 +198,7 @@ private static Proxy openSshTunnel(String ip, int port, String keyFile) } } - int localPort = SocketUtils.findAvailableTcpPort(); + int localPort = findRandomOpenPortOnAllLocalInterfaces(); command.clear(); command.add("ssh"); diff --git a/halyard-web/halyard-web.gradle b/halyard-web/halyard-web.gradle index 3fe301fccf..a677975cc0 100644 --- a/halyard-web/halyard-web.gradle +++ b/halyard-web/halyard-web.gradle @@ -1,4 +1,6 @@ apply plugin: 'io.spinnaker.package' +apply plugin: 'java-library' +apply plugin: 'groovy' mainClassName = 'com.netflix.spinnaker.halyard.Main' @@ -24,12 +26,11 @@ dependencies { implementation 'org.apache.commons:commons-lang3' implementation 'com.squareup.retrofit:retrofit' implementation 'io.github.lognet:grpc-spring-boot-starter:2.4.4' - implementation 'org.codehaus.groovy:groovy' implementation "io.spinnaker.kork:kork-web" implementation "io.spinnaker.kork:kork-cloud-config-server" implementation "io.spinnaker.kork:kork-config" runtimeOnly "io.spinnaker.kork:kork-actuator" - + implementation "jakarta.validation:jakarta.validation-api:3.0.2" implementation project(':halyard-backup') // halyard-cli is required as a dependency even though it is not used directly by halyard-web // because the halyard installation only install halyard-web but the CLI expects to find the diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/SecurityConfig.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/SecurityConfig.java index 36bd595a7d..3989b16562 100644 --- a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/SecurityConfig.java +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/SecurityConfig.java @@ -18,13 +18,10 @@ import org.springframework.context.annotation.Configuration; import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; @Configuration -public class SecurityConfig extends WebSecurityConfigurerAdapter { - - @Override +public class SecurityConfig { public void configure(HttpSecurity http) throws Exception { - http.csrf().disable().authorizeRequests().anyRequest().permitAll(); + http.csrf().disable().authorizeHttpRequests().anyRequest().permitAll(); } } diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/errors/v1/HalconfigExceptionHandler.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/errors/v1/HalconfigExceptionHandler.java index 3431e57412..003c93f61d 100644 --- a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/errors/v1/HalconfigExceptionHandler.java +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/errors/v1/HalconfigExceptionHandler.java @@ -18,7 +18,7 @@ import com.netflix.spinnaker.halyard.core.DaemonResponse; import com.netflix.spinnaker.halyard.core.error.v1.HalException; -import javax.servlet.http.HttpServletResponse; +import jakarta.servlet.http.HttpServletResponse; import org.springframework.web.bind.annotation.ControllerAdvice; import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.ResponseBody; diff --git a/settings.gradle b/settings.gradle index 3ad0aabe7c..4afe730b24 100644 --- a/settings.gradle +++ b/settings.gradle @@ -14,6 +14,16 @@ * limitations under the License. */ +if (spinnakerGradleVersion.endsWith('-SNAPSHOT')) { + pluginManagement { + repositories { + mavenLocal() + mavenCentral() + gradlePluginPortal() + } + } +} + ['clouddriver', 'fiat', 'front50', 'kork'].each { prj -> String propName = "${prj}Composite" String projectPath = "../$prj" @@ -22,6 +32,7 @@ } } + enableFeaturePreview("VERSION_ORDERING_V2") rootProject.name="halyard" From 17946ea447ba44c1df33cae770f1a0162f110659 Mon Sep 17 00:00:00 2001 From: SusmithaGundu Date: Thu, 13 Apr 2023 20:44:35 +0530 Subject: [PATCH 03/50] added dockerfile --- docker/ubi8/Dockerfile | 48 ++++++++++++++++++++++++++++ halyard-config/halyard-config.gradle | 2 +- halyard-web/halyard-web.gradle | 8 +++++ 3 files changed, 57 insertions(+), 1 deletion(-) create mode 100644 docker/ubi8/Dockerfile diff --git a/docker/ubi8/Dockerfile b/docker/ubi8/Dockerfile new file mode 100644 index 0000000000..f906063777 --- /dev/null +++ b/docker/ubi8/Dockerfile @@ -0,0 +1,48 @@ +FROM quay.io/opsmxpublic/ubifips:8.7 +MAINTAINER sig-platform@spinnaker.io +LABEL name='halyard' +LABEL maintainer='info@opsmx.io' +LABEL release=1 +LABEL version='1.28.4' +LABEL summary='Red Hat certified Open Enterprise Spinnaker ubi8 container image for clouddriver' +LABEL description='Certified Open Enterprise Spinnaker is an Enterprise grade, Red Hat certified and OpsMx supported release of the popular and critically acclaimed Continuous Delivery platform Spinnaker' +LABEL vendor='OpsMx' +COPY halyard-web/build/install/halyard /opt/halyard + +ENV KUBECTL_VERSION v1.22.0 + + +#ENV KUBECTL_RELEASE=1.15.10 +#ENV AWS_BINARY_RELEASE_DATE=2020-02-22 +#ENV AWS_CLI_VERSION=1.18.18 + +#RUN apk --no-cache add --update \ +# bash \ +# curl \ +# openjdk11-jre \ +# openssl \ +# py-pip \ +# python \ +# && pip install --upgrade awscli==${AWS_CLI_VERSION} \ +# && apk --purge del \ +# py-pip \ +# && rm -rf /var/cache/apk + +RUN yum -y install bash unzip wget unzip procps java-17-openjdk-devel python2 vim net-tools curl git +RUN yum -y update + + + +RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ + echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ + chmod +x /usr/local/bin/hal + + + +#RUN curl -f -LO --retry 3 --retry-delay 3 https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RELEASE}/bin/linux/${TARGETARCH}/kubectl && \ +# chmod +x ./kubectl && \ +# mv ./kubectl /usr/local/bin/kubectl + +RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ + chmod +x kubectl && \ + mv ./kubectl /usr/local/bin/kubectl \ No newline at end of file diff --git a/halyard-config/halyard-config.gradle b/halyard-config/halyard-config.gradle index 7d2573c1d6..d1375dffbb 100644 --- a/halyard-config/halyard-config.gradle +++ b/halyard-config/halyard-config.gradle @@ -50,7 +50,7 @@ dependencies { implementation "com.squareup.retrofit:converter-jackson:1.9.0" implementation "com.squareup.retrofit2:retrofit:2.8.1" implementation "com.squareup.retrofit2:converter-jackson:2.8.1" - implementation 'com.jcraft:jsch' + implementation 'com.jcraft:jsch:0.1.55' implementation 'de.huxhorn.sulky:de.huxhorn.sulky.ulid:8.2.0' implementation "net.logstash.logback:logstash-logback-encoder:4.11" implementation "jakarta.validation:jakarta.validation-api:3.0.2" diff --git a/halyard-web/halyard-web.gradle b/halyard-web/halyard-web.gradle index a677975cc0..40bbc96d3f 100644 --- a/halyard-web/halyard-web.gradle +++ b/halyard-web/halyard-web.gradle @@ -53,3 +53,11 @@ def cliScript = project.tasks.create('createCliStartScripts', CreateStartScripts tasks.installDist.dependsOn(cliScript) tasks.distZip.dependsOn(cliScript) tasks.distTar.dependsOn(cliScript) + +tasks.withType(Tar){ + duplicatesStrategy = DuplicatesStrategy.EXCLUDE +} + +tasks.withType(Zip){ + duplicatesStrategy = DuplicatesStrategy.EXCLUDE +} From 0e8811d6dc6db46c4361dad5c02822053f9b506a Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Mon, 17 Apr 2023 19:47:34 +0530 Subject: [PATCH 04/50] Update build.gradle --- build.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/build.gradle b/build.gradle index 87e90d85ca..5b2dabeff9 100644 --- a/build.gradle +++ b/build.gradle @@ -45,6 +45,9 @@ subprojects { logger.info("Enabling mavenLocal") repositories { mavenLocal() + maven{ + url "https://nexus.opsmx.net/repository/maven-snapshots/" + } } } From 370c1a847c153d376a35dfebd49149e6b14b4112 Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Mon, 17 Apr 2023 19:47:46 +0530 Subject: [PATCH 05/50] Update settings.gradle --- settings.gradle | 3 +++ 1 file changed, 3 insertions(+) diff --git a/settings.gradle b/settings.gradle index 4afe730b24..d4e37e4022 100644 --- a/settings.gradle +++ b/settings.gradle @@ -20,6 +20,9 @@ if (spinnakerGradleVersion.endsWith('-SNAPSHOT')) { mavenLocal() mavenCentral() gradlePluginPortal() + maven{ + url "https://nexus.opsmx.net/repository/maven-snapshots/" + } } } } From 8648002cdc2626e6aaeba451ff473b2911e8d469 Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Mon, 17 Apr 2023 21:16:56 +0530 Subject: [PATCH 06/50] Create halyard-oes.yml --- .github/workflows/halyard-oes.yml | 55 +++++++++++++++++++++++++++++++ 1 file changed, 55 insertions(+) create mode 100644 .github/workflows/halyard-oes.yml diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml new file mode 100644 index 0000000000..aa47172461 --- /dev/null +++ b/.github/workflows/halyard-oes.yml @@ -0,0 +1,55 @@ +name: Branch Build halyard + +on: + workflow_call: + push: + branches: + - OES-1.30.x-master-adhoc + +env: + GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g + CONTAINER_REGISTRY: quay.io/opsmxpublic + +jobs: + branch-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - uses: actions/setup-java@v2 + with: + java-version: 17 + distribution: 'temurin' + cache: 'gradle' + - name: Prepare build variables + id: build_variables + run: | + echo ::set-output name=REPO::ubi8-halyard-cve + echo ::set-output name=VERSION::"$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')" + - name: Login to Quay + uses: docker/login-action@v1 + # use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_KEY }} + - name: Build + env: + ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }} + run: ./gradlew --no-daemon -PenableCrossCompilerPlugin=true halyard-web:installDist -x test + + - name: dockerBuildpush + uses: docker/build-push-action@v2 + with: + context: . + build-args: | + CUSTOMPLUGIN_RELEASEVERSION=v4.0.3.2-rc1 + file: docker/ubi8/Dockerfile + push: true + tags: | + "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}" From 19147d7d5d6c5c52669a17a422247289b8d856b5 Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Wed, 19 Apr 2023 16:58:27 +0530 Subject: [PATCH 07/50] updated versions of some libs to resolve CVEs --- build.gradle | 4 ++++ halyard-cli/halyard-cli.gradle | 2 +- halyard-core/halyard-core.gradle | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/build.gradle b/build.gradle index 5b2dabeff9..c32d3c85b3 100644 --- a/build.gradle +++ b/build.gradle @@ -55,6 +55,10 @@ subprojects { implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion"){ exclude group: 'org.apache.groovy', module: 'groovy' } + implementation ("commons-fileupload:commons-fileupload:1.5") + implementation("io.netty:netty-codec-http:5.0.0.Alpha2") + implementation("org.apache.ivy:ivy:2.5.1") + annotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion") annotationProcessor "org.projectlombok:lombok" diff --git a/halyard-cli/halyard-cli.gradle b/halyard-cli/halyard-cli.gradle index 9b2280264c..b8b66247bb 100644 --- a/halyard-cli/halyard-cli.gradle +++ b/halyard-cli/halyard-cli.gradle @@ -17,7 +17,7 @@ dependencies { implementation 'com.fasterxml.jackson.core:jackson-core' implementation 'com.fasterxml.jackson.core:jackson-databind' implementation 'org.aspectj:aspectjweaver' - implementation 'org.yaml:snakeyaml:1.24' + implementation 'org.yaml:snakeyaml:2.0' implementation 'com.beust:jcommander:1.81' implementation 'org.nibor.autolink:autolink:0.10.0' diff --git a/halyard-core/halyard-core.gradle b/halyard-core/halyard-core.gradle index 9b117e41b5..abcd53f156 100644 --- a/halyard-core/halyard-core.gradle +++ b/halyard-core/halyard-core.gradle @@ -26,7 +26,7 @@ dependencies { exclude group: 'org.apache.groovy', module: 'groovy' } implementation 'org.apache.groovy:groovy:4.0.9' - implementation 'org.yaml:snakeyaml:1.24' + implementation 'org.yaml:snakeyaml:2.0' implementation 'com.google.http-client:google-http-client-jackson2:+' implementation 'com.google.apis:google-api-services-compute:+' //alpha-rev20200526-1.30.9") testImplementation 'org.springframework.boot:spring-boot-starter-test' From 27edd7fc3480d98616e3c096608483135997c77e Mon Sep 17 00:00:00 2001 From: SusmithaGundu Date: Wed, 26 Apr 2023 18:18:27 +0530 Subject: [PATCH 08/50] fix for snakeyaml 2.0 breaking changes --- .../netflix/spinnaker/halyard/cli/ui/v1/AnsiFormatUtils.java | 4 +++- .../spinnaker/halyard/config/config/v1/ResourceConfig.java | 4 +++- .../halyard/config/config/v1/HalconfigParserSpec.groovy | 3 ++- .../halyard/config/services/v1/HalconfigParserMocker.groovy | 3 ++- .../spinnaker/halyard/core/GlobalApplicationOptions.java | 3 ++- .../service/distributed/kubernetes/v2/KubernetesV2Utils.java | 5 +++-- 6 files changed, 15 insertions(+), 7 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/ui/v1/AnsiFormatUtils.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/ui/v1/AnsiFormatUtils.java index beb2d91866..505b59bbad 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/ui/v1/AnsiFormatUtils.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/ui/v1/AnsiFormatUtils.java @@ -23,6 +23,7 @@ import java.util.List; import java.util.Map; import org.yaml.snakeyaml.DumperOptions; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; import org.yaml.snakeyaml.representer.Representer; @@ -55,7 +56,8 @@ private static Yaml getYamlParser() { options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); options.setDefaultScalarStyle(DumperOptions.ScalarStyle.PLAIN); - return new Yaml(new SafeConstructor(), new Representer(), options); + return new Yaml( + new SafeConstructor(new LoaderOptions()), new Representer(new DumperOptions()), options); } private static ObjectMapper getObjectMapper() { diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/ResourceConfig.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/ResourceConfig.java index 2248f43cfb..d45dd13b97 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/ResourceConfig.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/ResourceConfig.java @@ -28,6 +28,7 @@ import org.springframework.scheduling.concurrent.ConcurrentTaskScheduler; import org.springframework.stereotype.Component; import org.yaml.snakeyaml.DumperOptions; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; import org.yaml.snakeyaml.representer.Representer; @@ -102,7 +103,8 @@ Yaml yamlParser() { DumperOptions options = new DumperOptions(); options.setDefaultFlowStyle(DumperOptions.FlowStyle.BLOCK); options.setDefaultScalarStyle(DumperOptions.ScalarStyle.PLAIN); - return new Yaml(new SafeConstructor(), new Representer(), options); + return new Yaml( + new SafeConstructor(new LoaderOptions()), new Representer(new DumperOptions()), options); } private String normalizePath(String path) { diff --git a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/config/v1/HalconfigParserSpec.groovy b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/config/v1/HalconfigParserSpec.groovy index c409b75a73..c84ba64f1e 100644 --- a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/config/v1/HalconfigParserSpec.groovy +++ b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/config/v1/HalconfigParserSpec.groovy @@ -18,6 +18,7 @@ package com.netflix.spinnaker.halyard.config.config.v1 import com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig import org.springframework.context.ApplicationContext +import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor import spock.lang.Specification @@ -33,7 +34,7 @@ class HalconfigParserSpec extends Specification { void setup() { ApplicationContext applicationContext = Stub(ApplicationContext.class) - applicationContext.getBean(Yaml.class) >> new Yaml(new SafeConstructor()) + applicationContext.getBean(Yaml.class) >> new Yaml(new SafeConstructor(new LoaderOptions())) parser = new HalconfigParser() parser.applicationContext = applicationContext parser.objectMapper = new StrictObjectMapper() diff --git a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/HalconfigParserMocker.groovy b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/HalconfigParserMocker.groovy index 486bd874cf..a771124686 100644 --- a/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/HalconfigParserMocker.groovy +++ b/halyard-config/src/test/groovy/com/netflix/spinnaker/halyard/config/services/v1/HalconfigParserMocker.groovy @@ -21,6 +21,7 @@ import com.netflix.spinnaker.halyard.config.config.v1.HalconfigParser import com.netflix.spinnaker.halyard.config.config.v1.StrictObjectMapper import com.netflix.spinnaker.halyard.config.model.v1.node.Halconfig import org.springframework.context.ApplicationContext +import org.yaml.snakeyaml.LoaderOptions import org.yaml.snakeyaml.Yaml import org.yaml.snakeyaml.constructor.SafeConstructor import spock.lang.Specification @@ -31,7 +32,7 @@ class HalconfigParserMocker extends Specification { HalconfigParser mockHalconfigParser(String config) { def parserStub = new HalconfigParser() ApplicationContext applicationContext = Stub(ApplicationContext.class) - applicationContext.getBean(Yaml.class) >> new Yaml(new SafeConstructor()) + applicationContext.getBean(Yaml.class) >> new Yaml(new SafeConstructor(new LoaderOptions())) parserStub.objectMapper = new StrictObjectMapper() parserStub.applicationContext = applicationContext parserStub.halconfigDirectoryStructure = new HalconfigDirectoryStructure(); diff --git a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/GlobalApplicationOptions.java b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/GlobalApplicationOptions.java index 3f8554e034..b555280e3f 100644 --- a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/GlobalApplicationOptions.java +++ b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/GlobalApplicationOptions.java @@ -26,6 +26,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; @@ -52,7 +53,7 @@ public boolean isUseRemoteDaemon() { public static GlobalApplicationOptions getInstance() { if (GlobalApplicationOptions.options == null) { - Yaml yamlParser = new Yaml(new SafeConstructor()); + Yaml yamlParser = new Yaml(new SafeConstructor(new LoaderOptions())); ObjectMapper objectMapper = new ObjectMapper(); objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false); diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2Utils.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2Utils.java index bb4bbd76e4..d2f882e95e 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2Utils.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2Utils.java @@ -42,6 +42,7 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.stereotype.Component; +import org.yaml.snakeyaml.LoaderOptions; import org.yaml.snakeyaml.Yaml; import org.yaml.snakeyaml.constructor.SafeConstructor; @@ -164,12 +165,12 @@ public SecretSpec createSecretSpec( } public String prettify(String input) { - Yaml yaml = new Yaml(new SafeConstructor()); + Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions())); return yaml.dump(yaml.load(input)); } public Map parseManifest(String input) { - Yaml yaml = new Yaml(new SafeConstructor()); + Yaml yaml = new Yaml(new SafeConstructor(new LoaderOptions())); return mapper.convertValue(yaml.load(input), new TypeReference>() {}); } From ed8d2445d396b53b14ac4d5ab70d57e4598ad6c5 Mon Sep 17 00:00:00 2001 From: sanopsmx Date: Tue, 2 May 2023 16:42:45 +0530 Subject: [PATCH 09/50] Committed code for brining the halyard service up. --- .../halyard/config/config/v1/RetrofitConfig.java | 10 ++++++++++ .../config/services/v1/PersistentStorageService.java | 3 ++- .../validate/v1/DeploymentEnvironmentValidator.java | 3 ++- .../validate/v1/persistentStorage/GCSValidator.java | 4 +++- .../validate/v1/providers/aws/AwsAccountValidator.java | 3 ++- .../validate/v1/providers/ecs/EcsAccountValidator.java | 6 ++++-- .../halyard/core/registry/v1/GoogleProfileReader.java | 5 +++-- .../v1/service/SpinnakerMonitoringDaemonService.java | 3 ++- .../distributed/google/GoogleConsulServerService.java | 4 +++- .../distributed/google/GoogleVaultServerService.java | 4 +++- .../v2/KubernetesV2MonitoringDaemonService.java | 3 ++- .../main/java/com/netflix/spinnaker/halyard/Main.java | 2 +- 12 files changed, 37 insertions(+), 13 deletions(-) diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/RetrofitConfig.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/RetrofitConfig.java index f97968e3a3..6347af3689 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/RetrofitConfig.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/config/v1/RetrofitConfig.java @@ -20,8 +20,12 @@ import com.netflix.spinnaker.config.OkHttp3ClientConfiguration; import com.netflix.spinnaker.config.OkHttpClientComponents; import com.netflix.spinnaker.config.okhttp3.OkHttpClientProvider; +import com.netflix.spinnaker.kork.api.exceptions.ExceptionMessage; +import com.netflix.spinnaker.kork.web.exceptions.ExceptionMessageDecorator; +import java.util.List; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.ObjectProvider; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; @@ -46,6 +50,12 @@ class RetrofitConfig { @Autowired RequestInterceptor spinnakerRequestInterceptor; + @Bean + ExceptionMessageDecorator exceptionMessageDecorator( + ObjectProvider> exceptionMessagesProvider) { + return new ExceptionMessageDecorator(exceptionMessagesProvider); + } + @Bean RestAdapter.LogLevel retrofitLogLevel( @Value("${retrofit.log-level:BASIC}") String retrofitLogLevel) { diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/services/v1/PersistentStorageService.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/services/v1/PersistentStorageService.java index d9530dadf8..d58784d5f9 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/services/v1/PersistentStorageService.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/services/v1/PersistentStorageService.java @@ -32,13 +32,14 @@ import com.netflix.spinnaker.halyard.core.problem.v1.ProblemSet; import java.util.List; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class PersistentStorageService { @Autowired private LookupService lookupService; - @Autowired private DeploymentService deploymentService; + @Lazy @Autowired private DeploymentService deploymentService; @Autowired private ValidateService validateService; diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/DeploymentEnvironmentValidator.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/DeploymentEnvironmentValidator.java index 386ba94a72..3d252bdd9b 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/DeploymentEnvironmentValidator.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/DeploymentEnvironmentValidator.java @@ -32,12 +32,13 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component @Slf4j public class DeploymentEnvironmentValidator extends Validator { - @Autowired AccountService accountService; + @Lazy @Autowired AccountService accountService; @Autowired KubernetesAccountValidator kubernetesAccountValidator; diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/persistentStorage/GCSValidator.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/persistentStorage/GCSValidator.java index 8cab2c8f68..5aadb65ffd 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/persistentStorage/GCSValidator.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/persistentStorage/GCSValidator.java @@ -33,12 +33,14 @@ import java.util.concurrent.ExecutorService; import java.util.concurrent.Executors; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.scheduling.TaskScheduler; import org.springframework.stereotype.Component; @Component public class GCSValidator extends Validator { - @Autowired private AccountService accountService; + + @Lazy @Autowired private AccountService accountService; @Autowired private Registry registry; diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/aws/AwsAccountValidator.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/aws/AwsAccountValidator.java index 953d0f17a0..df60dd35bc 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/aws/AwsAccountValidator.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/aws/AwsAccountValidator.java @@ -27,12 +27,13 @@ import com.netflix.spinnaker.halyard.config.services.v1.ProviderService; import com.netflix.spinnaker.halyard.core.problem.v1.Problem.Severity; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class AwsAccountValidator extends Validator { - @Autowired ProviderService providerService; + @Lazy @Autowired ProviderService providerService; @Override public void validate(ConfigProblemSetBuilder p, AwsAccount awsAccount) { diff --git a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/ecs/EcsAccountValidator.java b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/ecs/EcsAccountValidator.java index 661fb12623..7e2783d7cb 100644 --- a/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/ecs/EcsAccountValidator.java +++ b/halyard-config/src/main/java/com/netflix/spinnaker/halyard/config/validate/v1/providers/ecs/EcsAccountValidator.java @@ -11,13 +11,15 @@ import java.util.List; import java.util.Optional; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Component public class EcsAccountValidator extends Validator { - @Autowired ProviderService providerService; - @Autowired AccountService accountService; + @Lazy @Autowired ProviderService providerService; + + @Lazy @Autowired AccountService accountService; @Autowired ConfigService configService; diff --git a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/registry/v1/GoogleProfileReader.java b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/registry/v1/GoogleProfileReader.java index 8ab634737b..8f68b84cf3 100644 --- a/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/registry/v1/GoogleProfileReader.java +++ b/halyard-core/src/main/java/com/netflix/spinnaker/halyard/core/registry/v1/GoogleProfileReader.java @@ -35,6 +35,7 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; import org.springframework.context.ApplicationContext; import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import org.yaml.snakeyaml.Yaml; @@ -44,9 +45,9 @@ public class GoogleProfileReader implements ProfileReader { @Autowired String spinconfigBucket; - @Autowired Storage applicationDefaultGoogleStorage; + @Lazy @Autowired Storage applicationDefaultGoogleStorage; - @Autowired Storage unauthenticatedGoogleStorage; + @Lazy @Autowired Storage unauthenticatedGoogleStorage; @Autowired ObjectMapper relaxedObjectMapper; diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/SpinnakerMonitoringDaemonService.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/SpinnakerMonitoringDaemonService.java index fe86dd5ad5..4b77aa51b8 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/SpinnakerMonitoringDaemonService.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/SpinnakerMonitoringDaemonService.java @@ -31,6 +31,7 @@ import lombok.Data; import lombok.EqualsAndHashCode; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @EqualsAndHashCode(callSuper = true) @@ -47,7 +48,7 @@ public abstract class SpinnakerMonitoringDaemonService @Autowired MetricRegistryProfileFactoryBuilder metricRegistryProfileFactoryBuilder; - @Autowired List services; + @Lazy @Autowired List services; @Override public SpinnakerArtifact getArtifact() { diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleConsulServerService.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleConsulServerService.java index 2f88e1ef43..164ebc4650 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleConsulServerService.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleConsulServerService.java @@ -30,6 +30,7 @@ import lombok.EqualsAndHashCode; import lombok.experimental.Delegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @EqualsAndHashCode(callSuper = true) @@ -37,7 +38,8 @@ @Data public class GoogleConsulServerService extends ConsulServerService implements GoogleDistributedService { - @Delegate @Autowired GoogleDistributedServiceDelegate googleDistributedServiceDelegate; + + @Lazy @Delegate @Autowired GoogleDistributedServiceDelegate googleDistributedServiceDelegate; @Override public String getDefaultInstanceType() { diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleVaultServerService.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleVaultServerService.java index 56108bc1f6..82a3359cae 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleVaultServerService.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/google/GoogleVaultServerService.java @@ -29,6 +29,7 @@ import lombok.EqualsAndHashCode; import lombok.experimental.Delegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @EqualsAndHashCode(callSuper = true) @@ -36,7 +37,8 @@ @Data public class GoogleVaultServerService extends VaultServerService implements GoogleDistributedService { - @Delegate @Autowired GoogleDistributedServiceDelegate googleDistributedServiceDelegate; + + @Lazy @Delegate @Autowired GoogleDistributedServiceDelegate googleDistributedServiceDelegate; @Override public String getDefaultInstanceType() { diff --git a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2MonitoringDaemonService.java b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2MonitoringDaemonService.java index d009d5360d..3660e0b2fa 100644 --- a/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2MonitoringDaemonService.java +++ b/halyard-deploy/src/main/java/com/netflix/spinnaker/halyard/deploy/spinnaker/v1/service/distributed/kubernetes/v2/KubernetesV2MonitoringDaemonService.java @@ -26,6 +26,7 @@ import lombok.EqualsAndHashCode; import lombok.experimental.Delegate; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; @Data @@ -35,7 +36,7 @@ public class KubernetesV2MonitoringDaemonService extends SpinnakerMonitoringDaem implements KubernetesV2Service { final DeployPriority deployPriority = new DeployPriority(0); - @Delegate @Autowired KubernetesV2ServiceDelegate serviceDelegate; + @Lazy @Delegate @Autowired KubernetesV2ServiceDelegate serviceDelegate; @Override public boolean runsOnJvm() { diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/Main.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/Main.java index 32e028e85d..3584c2677d 100644 --- a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/Main.java +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/Main.java @@ -27,7 +27,7 @@ import org.springframework.context.annotation.Configuration; @Configuration -@ComponentScan(value = {"com.netflix.spinnaker.halyard"}) +@ComponentScan(value = {"com.netflix.spinnaker.halyard", "com.netflix.spinnaker.kork"}) @EnableAutoConfiguration @EnableConfigServer public class Main extends SpringBootServletInitializer { From aa7c21bb29f997c4d84b0a8a68a724f3ad11617f Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Tue, 30 May 2023 13:52:11 +0530 Subject: [PATCH 10/50] Update Dockerfile with start point --- docker/ubi8/Dockerfile | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/docker/ubi8/Dockerfile b/docker/ubi8/Dockerfile index f906063777..4c801e226f 100644 --- a/docker/ubi8/Dockerfile +++ b/docker/ubi8/Dockerfile @@ -45,4 +45,12 @@ RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ chmod +x kubectl && \ - mv ./kubectl /usr/local/bin/kubectl \ No newline at end of file + mv ./kubectl /usr/local/bin/kubectl + + +RUN adduser spinnaker +USER spinnaker + +CMD ["/opt/halyard/bin/halyard"] + + From 5b95eedf20c3134939351d0e26af6e7a1dd6bed9 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Tue, 30 May 2023 13:53:15 +0530 Subject: [PATCH 11/50] removed the build args --- .github/workflows/halyard-oes.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index aa47172461..6cba706146 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -47,8 +47,6 @@ jobs: uses: docker/build-push-action@v2 with: context: . - build-args: | - CUSTOMPLUGIN_RELEASEVERSION=v4.0.3.2-rc1 file: docker/ubi8/Dockerfile push: true tags: | From 0e8a6602ae12033e1e3efb56c3bb8cc7d2faa88d Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Thu, 1 Jun 2023 19:09:55 +0530 Subject: [PATCH 12/50] fix for hal deploy apply command --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 4900e6a4b3..aa7a5b4cc2 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -62,7 +62,7 @@ DaemonTask restoreBackup( @GET("/v1/config/") DaemonTask getHalconfig(); - @GET("/v1/config/currentDeployment/") + @GET("/v1/config/currentDeployment") DaemonTask getCurrentDeployment(); @PUT("/v1/config/currentDeployment/") From a255fb32c39e55b56c2552c1ebac4a1413cacf91 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Sun, 4 Jun 2023 22:32:01 +0530 Subject: [PATCH 13/50] hal add ci, jenkins --- .../halyard/cli/services/v1/DaemonService.java | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index aa7a5b4cc2..a1be124214 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -324,7 +324,7 @@ DaemonTask addAccount( @Body Account account); @GET( - "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}/") + "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}") DaemonTask getAccount( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @@ -712,41 +712,41 @@ DaemonTask setNotification( @Query("validate") boolean validate, @Body Notification notification); - @GET("/v1/config/deployments/{deploymentName}/ci/{ciName}/") + @GET("/v1/config/deployments/{deploymentName}/ci/{ciName}") DaemonTask getCi( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}/") + @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}") DaemonTask setCi( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @Query("validate") boolean validate, @Body Ci ci); - @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}/enabled/") + @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}/enabled") DaemonTask setCiEnabled( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @Query("validate") boolean validate, @Body boolean enabled); - @POST("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/") + @POST("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters") DaemonTask addMaster( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @Query("validate") boolean validate, @Body CIAccount account); - @GET("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}/") + @GET("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}") DaemonTask getMaster( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @Path("masterName") String masterName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}/") + @PUT("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}") DaemonTask setMaster( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, @@ -754,7 +754,7 @@ DaemonTask setMaster( @Query("validate") boolean validate, @Body CIAccount account); - @DELETE("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}/") + @DELETE("/v1/config/deployments/{deploymentName}/ci/{ciName}/masters/{masterName}") DaemonTask deleteMaster( @Path("deploymentName") String deploymentName, @Path("ciName") String ciName, From 9304733c2a34e6635672d3e856ef50fdbb45cf1d Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Sun, 4 Jun 2023 22:33:55 +0530 Subject: [PATCH 14/50] hal add ci, jenkins --- .github/workflows/halyard-oes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 6cba706146..52d38b7aa5 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - OES-1.30.x-master-adhoc + - aws-edit env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g From 65f44b90fbd83c41af28a3e887e9d19d2d9440f8 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Sun, 4 Jun 2023 22:52:03 +0530 Subject: [PATCH 15/50] hal edit aws --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index a1be124214..faa3663fcc 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -316,7 +316,7 @@ DaemonTask deleteSubscription( @Path("subscriptionName") String subscriptionName, @Query("validate") boolean validate); - @POST("/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/") + @POST("/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts") DaemonTask addAccount( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @@ -332,7 +332,7 @@ DaemonTask getAccount( @Query("validate") boolean validate); @PUT( - "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}/") + "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}") DaemonTask setAccount( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @@ -341,7 +341,7 @@ DaemonTask setAccount( @Body Account account); @DELETE( - "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}/") + "/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/account/{accountName}") DaemonTask deleteAccount( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, From 5f5ddc65c77206e07d13898f74ae6a0f5185d4e8 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Mon, 5 Jun 2023 11:32:18 +0530 Subject: [PATCH 16/50] kubernetes account fail --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index faa3663fcc..7ebdcce3a3 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -316,7 +316,7 @@ DaemonTask deleteSubscription( @Path("subscriptionName") String subscriptionName, @Query("validate") boolean validate); - @POST("/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts") + @POST("/v1/config/deployments/{deploymentName}/providers/{providerName}/accounts/") DaemonTask addAccount( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, From fd56e1ce72a1bb53944dfc673c63afd2af369f34 Mon Sep 17 00:00:00 2001 From: Luthan95 <66585454+Luthan95@users.noreply.github.com> Date: Mon, 5 Jun 2023 12:39:38 +0530 Subject: [PATCH 17/50] Update halyard-oes.yml replace with default branch --- .github/workflows/halyard-oes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 52d38b7aa5..6cba706146 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - aws-edit + - OES-1.30.x-master-adhoc env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g From 9e531dfcc2d35e13093d93b68254b245e5c398f5 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Tue, 6 Jun 2023 11:07:49 +0530 Subject: [PATCH 18/50] slack fix --- .github/workflows/halyard-oes.yml | 2 +- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 6cba706146..a89154eb6e 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - OES-1.30.x-master-adhoc + - halyardcommand-fix env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 7ebdcce3a3..14f0e80a8b 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -692,7 +692,7 @@ DaemonTask deleteBaseImage( DaemonTask getNotifications( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate); - @GET("/v1/config/deployments/{deploymentName}/notifications/{notificationName}/") + @GET("/v1/config/deployments/{deploymentName}/notifications/{notificationName}") DaemonTask getNotification( @Path("deploymentName") String deploymentName, @Path("notificationName") String notificationName, From b8db406db8ebb8bacc1ef000b2fb68a45d66abf4 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Tue, 6 Jun 2023 11:20:29 +0530 Subject: [PATCH 19/50] slack fix --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 14f0e80a8b..d1fc38d27a 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -688,7 +688,7 @@ DaemonTask deleteBaseImage( @Path("baseImageId") String baseImageId, @Query("validate") boolean validate); - @GET("/v1/config/deployments/{deploymentName}/notifications/") + @GET("/v1/config/deployments/{deploymentName}/notifications") DaemonTask getNotifications( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate); @@ -705,7 +705,7 @@ DaemonTask setNotificationEnabled( @Query("validate") boolean validate, @Body boolean enabled); - @PUT("/v1/config/deployments/{deploymentName}/notifications/{notificationName}/") + @PUT("/v1/config/deployments/{deploymentName}/notifications/{notificationName}") DaemonTask setNotification( @Path("deploymentName") String deploymentName, @Path("notificationName") String notificationName, From 8d96fafa5d35752d1596b784abcbd4c337d647e6 Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Tue, 6 Jun 2023 15:53:56 +0530 Subject: [PATCH 20/50] hal config fail fix --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index d1fc38d27a..4b58283edb 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -68,14 +68,14 @@ DaemonTask restoreBackup( @PUT("/v1/config/currentDeployment/") DaemonTask setCurrentDeployment(@Body StringBodyRequest name); - @GET("/v1/config/deployments/") + @GET("/v1/config/deployments") DaemonTask> getDeployments(); - @GET("/v1/config/deployments/{deploymentName}/") + @GET("/v1/config/deployments/{deploymentName}") DaemonTask getDeployment( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/") + @PUT("/v1/config/deployments/{deploymentName}") DaemonTask setDeployment( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate, From a09a81f25baa88cbccec525395625b7ae567fae9 Mon Sep 17 00:00:00 2001 From: Luthan95 <66585454+Luthan95@users.noreply.github.com> Date: Tue, 6 Jun 2023 16:01:16 +0530 Subject: [PATCH 21/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index a89154eb6e..6cba706146 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - halyardcommand-fix + - OES-1.30.x-master-adhoc env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g From e18f0ae455c70c95707f3c28f39d3f1c96da0f6f Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Tue, 6 Jun 2023 16:20:45 +0530 Subject: [PATCH 22/50] provider enable fix --- .../cli/services/v1/DaemonService.java | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 4b58283edb..8e27fe2673 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -179,53 +179,53 @@ DaemonTask setFeatures( @Query("validate") boolean validate, @Body Features features); - @PUT("/v1/config/deployments/{deploymentName}/persistentStorage/") + @PUT("/v1/config/deployments/{deploymentName}/persistentStorage") DaemonTask setPersistentStorage( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate, @Body PersistentStorage persistentStorage); - @PUT("/v1/config/deployments/{deploymentName}/persistentStorage/{persistentStoreType}/") + @PUT("/v1/config/deployments/{deploymentName}/persistentStorage/{persistentStoreType}") DaemonTask setPersistentStore( @Path("deploymentName") String deploymentName, @Path("persistentStoreType") String persistentStoreType, @Query("validate") boolean validate, @Body PersistentStore persistentStore); - @GET("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}/") + @GET("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}") DaemonTask getPubsub( @Path("deploymentName") String deploymentName, @Path("pubsubName") String pubsubName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}/") + @PUT("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}") DaemonTask setPubsub( @Path("deploymentName") String deploymentName, @Path("pubsubName") String pubsubName, @Query("validate") boolean validate, @Body Pubsub pubsub); - @PUT("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}/enabled/") + @PUT("/v1/config/deployments/{deploymentName}/pubsubs/{pubsubName}/enabled") DaemonTask setPubsubEnabled( @Path("deploymentName") String deploymentName, @Path("pubsubName") String pubsubName, @Query("validate") boolean validate, @Body boolean enabled); - @GET("/v1/config/deployments/{deploymentName}/providers/{providerName}/") + @GET("/v1/config/deployments/{deploymentName}/providers/{providerName}") DaemonTask getProvider( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/providers/{providerName}/") + @PUT("/v1/config/deployments/{deploymentName}/providers/{providerName}") DaemonTask setProvider( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @Query("validate") boolean validate, @Body Provider provider); - @PUT("/v1/config/deployments/{deploymentName}/providers/{providerName}/enabled/") + @PUT("/v1/config/deployments/{deploymentName}/providers/{providerName}/enabled") DaemonTask setProviderEnabled( @Path("deploymentName") String deploymentName, @Path("providerName") String providerName, @@ -583,20 +583,20 @@ DaemonTask setApacheSslEnabled( @Query("validate") boolean validate, @Body boolean enabled); - @GET("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/") + @GET("/v1/config/deployments/{deploymentName}/security/authn/{methodName}") DaemonTask getAuthnMethod( @Path("deploymentName") String deploymentName, @Path("methodName") String methodName, @Query("validate") boolean validate); - @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/") + @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}") DaemonTask setAuthnMethod( @Path("deploymentName") String deploymentName, @Path("methodName") String methodName, @Query("validate") boolean validate, @Body AuthnMethod authnMethod); - @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/enabled/") + @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/enabled") DaemonTask setAuthnMethodEnabled( @Path("deploymentName") String deploymentName, @Path("methodName") String methodName, From e62ca76b12718002a8fdb0ba7ea4bc7dad0e109b Mon Sep 17 00:00:00 2001 From: Luthan95 Date: Fri, 9 Jun 2023 10:53:31 +0530 Subject: [PATCH 23/50] authz enabled --- .github/workflows/halyard-oes.yml | 2 +- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 6cba706146..70e14483ad 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - OES-1.30.x-master-adhoc + - authn-enable env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 8e27fe2673..0f0ce5714a 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -596,7 +596,7 @@ DaemonTask setAuthnMethod( @Query("validate") boolean validate, @Body AuthnMethod authnMethod); - @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/enabled") + @PUT("/v1/config/deployments/{deploymentName}/security/authn/{methodName}/enabled/") DaemonTask setAuthnMethodEnabled( @Path("deploymentName") String deploymentName, @Path("methodName") String methodName, From 56631f2e1f4b004b5c5946ef71ab43fc44f5f571 Mon Sep 17 00:00:00 2001 From: Luthan95 <66585454+Luthan95@users.noreply.github.com> Date: Fri, 9 Jun 2023 11:09:52 +0530 Subject: [PATCH 24/50] Update halyard-oes.yml reverting to default branch --- .github/workflows/halyard-oes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 70e14483ad..6cba706146 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -4,7 +4,7 @@ on: workflow_call: push: branches: - - authn-enable + - OES-1.30.x-master-adhoc env: GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g From a56f452458875d8997b809f7408535e2c3749032 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Fri, 23 Jun 2023 19:17:11 +0530 Subject: [PATCH 25/50] Create Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 docker/ubi8/Dockerfile-fips diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips new file mode 100644 index 0000000000..3198e02e66 --- /dev/null +++ b/docker/ubi8/Dockerfile-fips @@ -0,0 +1,43 @@ +FROM registry.access.redhat.com/ubi8/ubi:8.8 as java-builder +LABEL maintainer="OpsMx" +ARG JAVA_PACKAGE=java-17-openjdk-jmods +RUN yum -y update && yum -y install --nodocs ${JAVA_PACKAGE} + +# Build a custom JRE. +# For now, we will include all modules. We could try to remove the ones +# we don't need to reduce image size and security attack surface. +WORKDIR /jrebuild +RUN java --list-modules | cut -d'@' -f1 > modules +RUN jlink --output runtime --add-modules `paste -sd, - < modules` --compress 2 --vm server + +# Build a minimal base image with our custom Java installed. +FROM registry.access.redhat.com/ubi8/ubi:8.8 AS java-base +LABEL maintainer="OpsMx" +COPY --from=java-builder /jrebuild/runtime /opsmx-java-runtime +ARG OPSMXUSER=1001 +ENV JAVA_HOME=/opsmx-java-runtime \ + PATH=${PATH}:/opsmx-java-runtime/bin \ + WORK_DIR=/opsmx/workdir \ + CONF_DIR=/opsmx/conf + +# Enabling fips mode +RUN fips-mode-setup --enable + +# Setting crypto policies to FIPS +RUN update-crypto-policies --set FIPS + +COPY halyard-web/build/install/halyard /opt/halyard + +ENV KUBECTL_VERSION v1.22.0 +RUN yum -y install git bash +RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ + echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ + chmod +x /usr/local/bin/hal + +RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ + chmod +x kubectl && \ + mv ./kubectl /usr/local/bin/kubectl + +RUN adduser spinnaker +USER spinnaker +CMD ["/opt/halyard/bin/halyard"] From 0ad47b3fe13e4a2a775a6296e0fd289970dda582 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Fri, 23 Jun 2023 19:17:40 +0530 Subject: [PATCH 26/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 6cba706146..cc8e44e199 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -25,7 +25,6 @@ jobs: with: java-version: 17 distribution: 'temurin' - cache: 'gradle' - name: Prepare build variables id: build_variables run: | @@ -47,7 +46,7 @@ jobs: uses: docker/build-push-action@v2 with: context: . - file: docker/ubi8/Dockerfile + file: docker/ubi8/Dockerfile-fips push: true tags: | "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}" From 6b2d211b7ce19178950cdb444345a89f32d1159f Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Fri, 23 Jun 2023 19:25:10 +0530 Subject: [PATCH 27/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index 3198e02e66..ddca513336 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -29,7 +29,7 @@ RUN update-crypto-policies --set FIPS COPY halyard-web/build/install/halyard /opt/halyard ENV KUBECTL_VERSION v1.22.0 -RUN yum -y install git bash +RUN yum -y install git bash wget RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ chmod +x /usr/local/bin/hal @@ -37,6 +37,9 @@ RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ chmod +x kubectl && \ mv ./kubectl /usr/local/bin/kubectl + +RUN yum -y remove wget +RUN yum -y remove clean all && rm -rf /var/cache RUN adduser spinnaker USER spinnaker From f1407081f8eca319eaf3016d0c0d32e7945c237c Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Mon, 26 Jun 2023 17:10:26 +0530 Subject: [PATCH 28/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index ddca513336..48ae613256 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -29,7 +29,7 @@ RUN update-crypto-policies --set FIPS COPY halyard-web/build/install/halyard /opt/halyard ENV KUBECTL_VERSION v1.22.0 -RUN yum -y install git bash wget +RUN yum -y install git bash wget curl RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ chmod +x /usr/local/bin/hal @@ -38,7 +38,11 @@ RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VER chmod +x kubectl && \ mv ./kubectl /usr/local/bin/kubectl -RUN yum -y remove wget + +RUN curl -f -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/${KUBECTL_RELEASE}/${AWS_BINARY_RELEASE_DATE}/bin/linux/amd64/aws-iam-authenticator && \ + chmod +x /usr/local/bin/aws-iam-authenticator + +RUN yum -y remove wget curl RUN yum -y remove clean all && rm -rf /var/cache RUN adduser spinnaker From 8374d9441836cdebd1b2d7c9b3cc213cf1cb5ad5 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Mon, 26 Jun 2023 17:18:29 +0530 Subject: [PATCH 29/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index 48ae613256..97620123a7 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -28,7 +28,9 @@ RUN update-crypto-policies --set FIPS COPY halyard-web/build/install/halyard /opt/halyard -ENV KUBECTL_VERSION v1.22.0 +ENV KUBECTL_VERSION=v1.22.0 +ENV AWS_BINARY_RELEASE_DATE=2020-02-22 + RUN yum -y install git bash wget curl RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ From 51c9c9d27f6d4932f9373fa40115a64532ed1e8d Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Mon, 26 Jun 2023 17:43:00 +0530 Subject: [PATCH 30/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index 97620123a7..5cc4d8da26 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -29,9 +29,12 @@ RUN update-crypto-policies --set FIPS COPY halyard-web/build/install/halyard /opt/halyard ENV KUBECTL_VERSION=v1.22.0 +ENV KUBECTL_RELEASE=1.15.10 ENV AWS_BINARY_RELEASE_DATE=2020-02-22 +ENV AWS_CLI_VERSION=1.18.18 +RUN yum -y install git bash wget curl python3-pip && \ +pip3 install awscli==${AWS_CLI_VERSION} -RUN yum -y install git bash wget curl RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ chmod +x /usr/local/bin/hal @@ -46,7 +49,7 @@ RUN curl -f -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-we RUN yum -y remove wget curl RUN yum -y remove clean all && rm -rf /var/cache - + RUN adduser spinnaker USER spinnaker CMD ["/opt/halyard/bin/halyard"] From a511ced5b8f215dcd1042e7c9e2d12b318eb26c8 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Mon, 26 Jun 2023 17:49:14 +0530 Subject: [PATCH 31/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index 5cc4d8da26..b3d9050b7c 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -47,8 +47,7 @@ RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VER RUN curl -f -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/${KUBECTL_RELEASE}/${AWS_BINARY_RELEASE_DATE}/bin/linux/amd64/aws-iam-authenticator && \ chmod +x /usr/local/bin/aws-iam-authenticator -RUN yum -y remove wget curl -RUN yum -y remove clean all && rm -rf /var/cache + RUN adduser spinnaker USER spinnaker From e2a0b2f664c06ad2ffbb54ab1ebab4ba9186d775 Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Mon, 26 Jun 2023 23:10:50 -0700 Subject: [PATCH 32/50] feature(halyard-config): OP-20625: SpringBoot3 UR-matching changes for trailing slash configuration in halyard (#11) * fix(daemonservice) OP-20625: fix artifactProviders/enabled PUT api throws 405 https://devopsmx.atlassian.net/browse/OP-20625 Remove "/" at end of PUT url. /v1/config/deployments/default/artifactProviders/bitbucket/enabled/ * Update halyard-oes.yml added github action to fix-OP-20625 branch added github action to fix-OP-20625 branch * changes in URL-matching introduced by Spring Boot 3 changes in URL-matching introduced by Spring Boot 3 * Create WebConfiguration.java changes in URL-matching for SpringBoot 3 changes in URL-matching for SpringBoot 3 * Update halyard-oes.yml revert temp change for actions --- .../halyard/config/v1/WebConfiguration.java | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java new file mode 100644 index 0000000000..2611023cf5 --- /dev/null +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java @@ -0,0 +1,14 @@ +package com.netflix.spinnaker.halyard.config.v1; + +import org.springframework.context.annotation.Configuration; +import org.springframework.web.servlet.config.annotation.PathMatchConfigurer; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; + +@Configuration +public class WebConfiguration implements WebMvcConfigurer { + + @Override + public void configurePathMatch(PathMatchConfigurer configurer) { + configurer.setUseTrailingSlashMatch(true); + } +} From 81d6faf460f64e5ec2bd81a252fdd8b6244b0627 Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Tue, 27 Jun 2023 12:28:33 +0530 Subject: [PATCH 33/50] Update Dockerfile-fips fix critical cve pyyaml version 5.3.1 > 5.4 fix critical cve pyyaml version 5.3.1 > 5.4 --- docker/ubi8/Dockerfile-fips | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index b3d9050b7c..e6bdcc6a23 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -33,7 +33,7 @@ ENV KUBECTL_RELEASE=1.15.10 ENV AWS_BINARY_RELEASE_DATE=2020-02-22 ENV AWS_CLI_VERSION=1.18.18 RUN yum -y install git bash wget curl python3-pip && \ -pip3 install awscli==${AWS_CLI_VERSION} +pip3 install --upgrade pyyaml==5.4 awscli==${AWS_CLI_VERSION} RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ From 90269f7aa092d2d5449ec259483e695520c1738e Mon Sep 17 00:00:00 2001 From: Sheetal Atre Date: Fri, 30 Jun 2023 13:46:48 +0530 Subject: [PATCH 34/50] fix(halyard):Update Dockerfile for python-pkg trivy cves fix- replace python-pip3 install with manual install of AWS_CLI (#13) * fix(halyard):Update Dockerfile for python-pkg trivy cves fix- replace python-pip3 install with manual install of AWS_CLI * fix(halyard):Update Dockerfile for python-pkg trivy cves fix- replace python-pip3 install with manual install of AWS_CLI --- docker/ubi8/Dockerfile-fips | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index e6bdcc6a23..a170f843e3 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -26,14 +26,25 @@ RUN fips-mode-setup --enable # Setting crypto policies to FIPS RUN update-crypto-policies --set FIPS +FROM java-builder AS awscli-install +RUN yum install -y unzip +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-`uname -m`.zip -o awscliv2.zip +RUN unzip awscliv2.zip +RUN ./aws/install + +FROM java-builder AS base +COPY --from=awscli-install /usr/local/aws-cli /usr/local/aws-cli/ +RUN ln -sf /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && ln -sf /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer + +ARG TARGETARCH + COPY halyard-web/build/install/halyard /opt/halyard ENV KUBECTL_VERSION=v1.22.0 ENV KUBECTL_RELEASE=1.15.10 ENV AWS_BINARY_RELEASE_DATE=2020-02-22 -ENV AWS_CLI_VERSION=1.18.18 -RUN yum -y install git bash wget curl python3-pip && \ -pip3 install --upgrade pyyaml==5.4 awscli==${AWS_CLI_VERSION} + +RUN yum -y install git bash wget curl RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ @@ -43,12 +54,9 @@ RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VER chmod +x kubectl && \ mv ./kubectl /usr/local/bin/kubectl - RUN curl -f -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/${KUBECTL_RELEASE}/${AWS_BINARY_RELEASE_DATE}/bin/linux/amd64/aws-iam-authenticator && \ chmod +x /usr/local/bin/aws-iam-authenticator - - RUN adduser spinnaker USER spinnaker CMD ["/opt/halyard/bin/halyard"] From 171845fc552d471ace1996ad4f0b8cd87b4f0236 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Wed, 19 Jul 2023 20:38:07 +0530 Subject: [PATCH 35/50] Update settings.gradle --- settings.gradle | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/settings.gradle b/settings.gradle index d4e37e4022..74d0702fb2 100644 --- a/settings.gradle +++ b/settings.gradle @@ -22,6 +22,10 @@ if (spinnakerGradleVersion.endsWith('-SNAPSHOT')) { gradlePluginPortal() maven{ url "https://nexus.opsmx.net/repository/maven-snapshots/" + credentials { + username = "NEXUS_USERNAME" + password = "NEXUS_PASSWORD" + } } } } From 50b374b88e00381c2d96f00c2507bf616a602cfe Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Wed, 19 Jul 2023 20:38:25 +0530 Subject: [PATCH 36/50] Update build.gradle --- build.gradle | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/build.gradle b/build.gradle index c32d3c85b3..a10d888585 100644 --- a/build.gradle +++ b/build.gradle @@ -47,6 +47,10 @@ subprojects { mavenLocal() maven{ url "https://nexus.opsmx.net/repository/maven-snapshots/" + credentials { + username = "NEXUS_USERNAME" + password = "NEXUS_PASSWORD" + } } } } From ef6d004a60ec882e95af94bf1432bd6bc9aefaaf Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Wed, 19 Jul 2023 20:39:42 +0530 Subject: [PATCH 37/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index cc8e44e199..324a9bba64 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -40,7 +40,13 @@ jobs: - name: Build env: ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }} - run: ./gradlew --no-daemon -PenableCrossCompilerPlugin=true halyard-web:installDist -x test + run: | + sed -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i settings.gradle + sed -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i settings.gradle + sed -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i build.gradle + sed -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i build.gradle + + ./gradlew --no-daemon -PenableCrossCompilerPlugin=true halyard-web:installDist -x test - name: dockerBuildpush uses: docker/build-push-action@v2 From 56d8759a3c2f7e84d3c7b8dac39766edb12350ce Mon Sep 17 00:00:00 2001 From: aman-agrawal <9412470@gmail,com> Date: Tue, 25 Jul 2023 12:41:52 +0530 Subject: [PATCH 38/50] Junit4 to Junit5 Migration & Fixed TCs --- build.gradle | 6 ++++++ halyard-cli/halyard-cli.gradle | 1 - .../halyard/cli/command/v1/HalCommandTest.java | 3 --- .../v1/providers/kubernetes/KubernetesAccountTest.java | 10 ---------- .../core/resource/v1/LocalDiskProfileReaderSpec.groovy | 2 -- halyard-web/config/halyard.yml | 4 ++++ .../spinnaker/halyard/config/v1/WebConfiguration.java | 8 ++++---- 7 files changed, 14 insertions(+), 20 deletions(-) diff --git a/build.gradle b/build.gradle index a10d888585..e405902c26 100644 --- a/build.gradle +++ b/build.gradle @@ -36,6 +36,12 @@ subprojects { testLogging { showStandardStreams = false exceptionFormat = 'full' + afterSuite { desc, result -> + if (!desc.parent) { + println "Results: ${result.resultType} (${result.testCount} tests, ${result.successfulTestCount} successes, ${result.failedTestCount} failures, ${result.skippedTestCount} skipped)" + println "Report file: ${reports.html.entryPoint}" + } + } } minHeapSize = "512m" maxHeapSize = "512m" diff --git a/halyard-cli/halyard-cli.gradle b/halyard-cli/halyard-cli.gradle index b8b66247bb..9bf62f6005 100644 --- a/halyard-cli/halyard-cli.gradle +++ b/halyard-cli/halyard-cli.gradle @@ -30,7 +30,6 @@ dependencies { testImplementation 'uk.org.webcompere:system-stubs-jupiter:1.2.0' testImplementation 'org.junit.jupiter:junit-jupiter-api' testImplementation 'org.junit.jupiter:junit-jupiter-params' - testImplementation 'org.junit.platform:junit-platform-runner' testImplementation 'org.spockframework:spock-core:1.3-groovy-2.5' testImplementation 'org.springframework:spring-test' diff --git a/halyard-cli/src/test/java/com/netflix/spinnaker/halyard/cli/command/v1/HalCommandTest.java b/halyard-cli/src/test/java/com/netflix/spinnaker/halyard/cli/command/v1/HalCommandTest.java index 473ebc760a..276274785c 100644 --- a/halyard-cli/src/test/java/com/netflix/spinnaker/halyard/cli/command/v1/HalCommandTest.java +++ b/halyard-cli/src/test/java/com/netflix/spinnaker/halyard/cli/command/v1/HalCommandTest.java @@ -33,10 +33,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; -import org.junit.platform.runner.JUnitPlatform; -import org.junit.runner.RunWith; -@RunWith(JUnitPlatform.class) class HalCommandTest { private HalCommand hal; diff --git a/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java b/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java index f6f9adf0d4..a8e30ed0ef 100644 --- a/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java +++ b/halyard-config/src/test/java/com/netflix/spinnaker/halyard/config/model/v1/providers/kubernetes/KubernetesAccountTest.java @@ -24,18 +24,8 @@ import java.io.IOException; import java.io.StringWriter; import org.junit.jupiter.api.Test; -// import org.junit.platform.runner.JUnitPlatform; -// import org.junit.runner.RunWith; import org.yaml.snakeyaml.Yaml; -/* -You don't need it anymore when using junit 5. -In the junit documentation https://junit.org/junit5/docs/5.0.1/api/org/junit/platform/runner/JUnitPlatform.html -it states: -Annotating a class with @RunWith(JUnitPlatform.class) allows it to be run with IDEs and build systems that -support JUnit 4 but do not yet support the JUnit Platform directly. -*/ -// @RunWith(JUnitPlatform.class) final class KubernetesAccountTest { @Test diff --git a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy index 194e55d462..b54143865e 100644 --- a/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy +++ b/halyard-core/src/test/groovy/com/netflix/spinnaker/halyard/core/resource/v1/LocalDiskProfileReaderSpec.groovy @@ -22,8 +22,6 @@ import org.apache.commons.compress.archivers.ArchiveException import org.apache.commons.compress.archivers.ArchiveStreamFactory import org.apache.commons.compress.archivers.tar.TarArchiveInputStream import org.apache.commons.io.IOUtils -import org.junit.jupiter.api.extension.ExtendWith -import org.springframework.context.annotation.Import import org.springframework.test.context.ContextConfiguration import spock.lang.Specification diff --git a/halyard-web/config/halyard.yml b/halyard-web/config/halyard.yml index 2a3c6b3a04..a47ddbd7b0 100644 --- a/halyard-web/config/halyard.yml +++ b/halyard-web/config/halyard.yml @@ -35,3 +35,7 @@ backup: retrofit: logLevel: BASIC + +logging: + level: + root: DEBUG diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java index 2611023cf5..4051231a89 100644 --- a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/config/v1/WebConfiguration.java @@ -7,8 +7,8 @@ @Configuration public class WebConfiguration implements WebMvcConfigurer { - @Override - public void configurePathMatch(PathMatchConfigurer configurer) { - configurer.setUseTrailingSlashMatch(true); - } + @Override + public void configurePathMatch(PathMatchConfigurer configurer) { + configurer.setUseTrailingSlashMatch(true); + } } From 41dce770be881b80bfcb59a4160c76c8dd7024b7 Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Wed, 2 Aug 2023 19:06:24 +0530 Subject: [PATCH 39/50] fix(all): fix build was failing after adding latest version of com.google.guava:guava:32.1.1-jre for weekly cve report --- halyard-cli/halyard-cli.gradle | 1 + halyard-config/halyard-config.gradle | 2 ++ halyard-core/halyard-core.gradle | 2 ++ halyard-proto/halyard-proto.gradle | 2 +- halyard-web/halyard-web.gradle | 2 ++ 5 files changed, 8 insertions(+), 1 deletion(-) diff --git a/halyard-cli/halyard-cli.gradle b/halyard-cli/halyard-cli.gradle index 9bf62f6005..e924f7129f 100644 --- a/halyard-cli/halyard-cli.gradle +++ b/halyard-cli/halyard-cli.gradle @@ -20,6 +20,7 @@ dependencies { implementation 'org.yaml:snakeyaml:2.0' implementation 'com.beust:jcommander:1.81' implementation 'org.nibor.autolink:autolink:0.10.0' + implementation 'com.google.guava:guava:32.1.1-jre' implementation project(':halyard-config') implementation project(':halyard-core') diff --git a/halyard-config/halyard-config.gradle b/halyard-config/halyard-config.gradle index d1375dffbb..1c76719911 100644 --- a/halyard-config/halyard-config.gradle +++ b/halyard-config/halyard-config.gradle @@ -36,6 +36,8 @@ dependencies { implementation "io.spinnaker.kork:kork-cloud-config-server" implementation 'com.amazonaws:aws-java-sdk-core:1.11.534' implementation 'com.amazonaws:aws-java-sdk-s3:1.11.534' + implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'com.google.apis:google-api-services-compute:alpha-rev20200526-1.30.9' implementation 'com.google.apis:google-api-services-appengine:v1-rev92-1.25.0' implementation "com.azure.resourcemanager:azure-resourcemanager:2.19.0" diff --git a/halyard-core/halyard-core.gradle b/halyard-core/halyard-core.gradle index abcd53f156..8db6344ecf 100644 --- a/halyard-core/halyard-core.gradle +++ b/halyard-core/halyard-core.gradle @@ -26,6 +26,8 @@ dependencies { exclude group: 'org.apache.groovy', module: 'groovy' } implementation 'org.apache.groovy:groovy:4.0.9' + implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'org.yaml:snakeyaml:2.0' implementation 'com.google.http-client:google-http-client-jackson2:+' implementation 'com.google.apis:google-api-services-compute:+' //alpha-rev20200526-1.30.9") diff --git a/halyard-proto/halyard-proto.gradle b/halyard-proto/halyard-proto.gradle index 6b319abc5f..1ace4f92b3 100644 --- a/halyard-proto/halyard-proto.gradle +++ b/halyard-proto/halyard-proto.gradle @@ -2,7 +2,7 @@ apply plugin: 'com.google.protobuf' dependencies { implementation 'com.google.protobuf:protobuf-java' - implementation 'com.google.guava:guava:23.5-jre' + implementation 'com.google.guava:guava:32.1.1-jre' api 'com.google.api.grpc:grpc-google-common-protos:1.0.5' implementation 'io.grpc:grpc-all:1.8.0' diff --git a/halyard-web/halyard-web.gradle b/halyard-web/halyard-web.gradle index 40bbc96d3f..d926939e84 100644 --- a/halyard-web/halyard-web.gradle +++ b/halyard-web/halyard-web.gradle @@ -31,6 +31,8 @@ dependencies { implementation "io.spinnaker.kork:kork-config" runtimeOnly "io.spinnaker.kork:kork-actuator" implementation "jakarta.validation:jakarta.validation-api:3.0.2" + implementation "com.google.guava:guava:32.1.1-jre" + implementation project(':halyard-backup') // halyard-cli is required as a dependency even though it is not used directly by halyard-web // because the halyard installation only install halyard-web but the CLI expects to find the From 988994604723b030472e14a70f1c4e349019a1bf Mon Sep 17 00:00:00 2001 From: SheetalAtre Date: Mon, 14 Aug 2023 15:41:45 +0530 Subject: [PATCH 40/50] fix(halyard) : handle 405 error code for PUT /persistentStorage api for OP-20924 --- .../spinnaker/halyard/cli/services/v1/DaemonService.java | 2 +- .../halyard/controllers/v1/PersistentStorageController.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java index 0f0ce5714a..fd1be90e1c 100644 --- a/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java +++ b/halyard-cli/src/main/java/com/netflix/spinnaker/halyard/cli/services/v1/DaemonService.java @@ -179,7 +179,7 @@ DaemonTask setFeatures( @Query("validate") boolean validate, @Body Features features); - @PUT("/v1/config/deployments/{deploymentName}/persistentStorage") + @PUT("/v1/config/deployments/{deploymentName}/persistentStorage/") DaemonTask setPersistentStorage( @Path("deploymentName") String deploymentName, @Query("validate") boolean validate, diff --git a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/controllers/v1/PersistentStorageController.java b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/controllers/v1/PersistentStorageController.java index 9e48a98492..6f8b0b92f1 100644 --- a/halyard-web/src/main/java/com/netflix/spinnaker/halyard/controllers/v1/PersistentStorageController.java +++ b/halyard-web/src/main/java/com/netflix/spinnaker/halyard/controllers/v1/PersistentStorageController.java @@ -50,7 +50,9 @@ DaemonTask getPersistentStorage( .execute(validationSettings); } - @RequestMapping(value = "/", method = RequestMethod.PUT) + @RequestMapping( + value = {"", "/"}, + method = RequestMethod.PUT) DaemonTask setPersistentStorage( @PathVariable String deploymentName, @ModelAttribute ValidationSettings validationSettings, From 0efcd125b1d65b8334363139611aadde865cb8d8 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Thu, 17 Aug 2023 08:45:53 +0530 Subject: [PATCH 41/50] updating github actions with image format updating github actions with image format --- .github/workflows/halyard-oes.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 324a9bba64..799017d7b6 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -29,7 +29,7 @@ jobs: id: build_variables run: | echo ::set-output name=REPO::ubi8-halyard-cve - echo ::set-output name=VERSION::"$(git rev-parse --short HEAD)-$(date --utc +'%Y%m%d%H%M')" + echo ::set-output name=VERSION::"1.55.1$(date --utc +'%Y%m%d%H%M')" - name: Login to Quay uses: docker/login-action@v1 # use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1 From f9c4b85a1bdc81f64c8efcdfae5c32563ad2f922 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Tue, 19 Sep 2023 15:33:04 +0530 Subject: [PATCH 42/50] Create halyard-oes-branch.yml --- .github/workflows/halyard-oes-branch.yml | 78 ++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 .github/workflows/halyard-oes-branch.yml diff --git a/.github/workflows/halyard-oes-branch.yml b/.github/workflows/halyard-oes-branch.yml new file mode 100644 index 0000000000..5e6ccfc609 --- /dev/null +++ b/.github/workflows/halyard-oes-branch.yml @@ -0,0 +1,78 @@ +name: Branch Build halyard with local branch + +on: + workflow_call: + workflow_dispatch: + # Inputs the workflow accepts. + inputs: + org: + # Friendly description to be shown in the UI instead of 'name' + description: 'Organisation name' + # Default value if no value is explicitly provided + default: 'opsmx' + # Input has to be provided for the workflow to run + required: true + # The data type of the input + type: string + branch: + # Friendly description to be shown in the UI instead of 'name' + description: 'Branch name' + # Default value if no value is explicitly provided + default: 'master' + # Input has to be provided for the workflow to run + required: true + # The data type of the input + type: string + + +env: + GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g + CONTAINER_REGISTRY: quay.io/opsmxpublic + +jobs: + branch-build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + repository: ${{ inputs.org }}/halyard-oes + ref: refs/heads/${{ inputs.branch }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - uses: actions/setup-java@v2 + with: + java-version: 17 + distribution: 'temurin' + - name: Prepare build variables + id: build_variables + run: | + echo ::set-output name=REPO::ubi8-halyard-cve + echo ::set-output name=VERSION::"1.55.1$(date --utc +'%Y%m%d%H%M')" + - name: Login to Quay + uses: docker/login-action@v1 + # use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1 + with: + registry: quay.io + username: ${{ secrets.QUAY_USERNAME }} + password: ${{ secrets.QUAY_KEY }} + - name: Build + env: + ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }} + run: | + sed -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i settings.gradle + sed -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i settings.gradle + sed -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i build.gradle + sed -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i build.gradle + + ./gradlew --no-daemon -PenableCrossCompilerPlugin=true halyard-web:installDist -x test + + - name: dockerBuildpush + uses: docker/build-push-action@v2 + with: + context: . + file: docker/ubi8/Dockerfile-fips + push: true + tags: | + "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}" From dd3d7fe4b8f90fc68cdb9f61397b2751f7764f39 Mon Sep 17 00:00:00 2001 From: SusmithaGundu Date: Tue, 19 Dec 2023 14:27:26 +0530 Subject: [PATCH 43/50] fix for CVE-2022-46751 --- build.gradle | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/build.gradle b/build.gradle index e405902c26..8db5d08436 100644 --- a/build.gradle +++ b/build.gradle @@ -62,6 +62,10 @@ subprojects { } dependencies { + + constraints{ + api 'org.apache.ivy:ivy:2.5.2' + } implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion"){ exclude group: 'org.apache.groovy', module: 'groovy' } @@ -74,6 +78,7 @@ subprojects { annotationProcessor "org.projectlombok:lombok" testAnnotationProcessor platform("io.spinnaker.kork:kork-bom:$korkVersion") testAnnotationProcessor "org.projectlombok:lombok" + } } From 507229c0fb53e42587decbb6d0aa0b380fd65d27 Mon Sep 17 00:00:00 2001 From: SusmithaGundu <93190458+SusmithaGundu@users.noreply.github.com> Date: Tue, 2 Jan 2024 16:43:06 +0530 Subject: [PATCH 44/50] fix for CVE-2023-34054 --- build.gradle | 1 + 1 file changed, 1 insertion(+) diff --git a/build.gradle b/build.gradle index 8db5d08436..e64d8e5a28 100644 --- a/build.gradle +++ b/build.gradle @@ -65,6 +65,7 @@ subprojects { constraints{ api 'org.apache.ivy:ivy:2.5.2' + implementation 'io.projectreactor.netty:reactor-netty-http:1.1.13' } implementation enforcedPlatform("io.spinnaker.kork:kork-bom:$korkVersion"){ exclude group: 'org.apache.groovy', module: 'groovy' From b1310dc53f342ab005e4d2f335f48748e0a9fdf3 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Tue, 20 Feb 2024 13:36:08 +0530 Subject: [PATCH 45/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 799017d7b6..8bcf3e1bf3 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -29,7 +29,12 @@ jobs: id: build_variables run: | echo ::set-output name=REPO::ubi8-halyard-cve - echo ::set-output name=VERSION::"1.55.1$(date --utc +'%Y%m%d%H%M')" + #echo ::set-output name=VERSION::"1.55.1$(date --utc +'%Y%m%d%H%M')" + #echo ::set-output name=VERSION::"1.55.1$(date --utc +'%Y%m%d')" + #echo ::set-output name=VERSION::"1.55.1$(date --utc +'%-m%d')" + echo ::set-output name=VERSION::"1.55.1" + echo "::set-output name=GITHASH::$(git rev-parse --short HEAD)" + echo "::set-output name=BUILDDATE::$(date -u +"%Y%m%d%H%M")" - name: Login to Quay uses: docker/login-action@v1 # use service account flow defined at: https://github.com/docker/login-action#service-account-based-authentication-1 @@ -55,4 +60,5 @@ jobs: file: docker/ubi8/Dockerfile-fips push: true tags: | - "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}" + "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}" + From e74b4e62e7395a6abd2ee5f8a67416824d64e023 Mon Sep 17 00:00:00 2001 From: keerthibingi <86963947+keerthibingi@users.noreply.github.com> Date: Tue, 5 Mar 2024 11:41:19 +0530 Subject: [PATCH 46/50] Update Dockerfile-fips --- docker/ubi8/Dockerfile-fips | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/ubi8/Dockerfile-fips b/docker/ubi8/Dockerfile-fips index a170f843e3..57935156fa 100644 --- a/docker/ubi8/Dockerfile-fips +++ b/docker/ubi8/Dockerfile-fips @@ -45,7 +45,7 @@ ENV KUBECTL_RELEASE=1.15.10 ENV AWS_BINARY_RELEASE_DATE=2020-02-22 RUN yum -y install git bash wget curl - +RUN yum -y remove tar vim vi RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ chmod +x /usr/local/bin/hal From f1911d003bcafba1203f23db15c1a62230f6b065 Mon Sep 17 00:00:00 2001 From: aman-agrawal <9412470@gmail.com> Date: Tue, 12 Mar 2024 10:14:30 +0530 Subject: [PATCH 47/50] OP-21877 Remove explicit google-guava version --- halyard-cli/halyard-cli.gradle | 2 +- halyard-config/halyard-config.gradle | 2 +- halyard-core/halyard-core.gradle | 2 +- halyard-proto/halyard-proto.gradle | 2 +- halyard-web/halyard-web.gradle | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/halyard-cli/halyard-cli.gradle b/halyard-cli/halyard-cli.gradle index e924f7129f..aed2816677 100644 --- a/halyard-cli/halyard-cli.gradle +++ b/halyard-cli/halyard-cli.gradle @@ -20,7 +20,7 @@ dependencies { implementation 'org.yaml:snakeyaml:2.0' implementation 'com.beust:jcommander:1.81' implementation 'org.nibor.autolink:autolink:0.10.0' - implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'com.google.guava:guava' implementation project(':halyard-config') implementation project(':halyard-core') diff --git a/halyard-config/halyard-config.gradle b/halyard-config/halyard-config.gradle index 1c76719911..5668da266d 100644 --- a/halyard-config/halyard-config.gradle +++ b/halyard-config/halyard-config.gradle @@ -36,7 +36,7 @@ dependencies { implementation "io.spinnaker.kork:kork-cloud-config-server" implementation 'com.amazonaws:aws-java-sdk-core:1.11.534' implementation 'com.amazonaws:aws-java-sdk-s3:1.11.534' - implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'com.google.guava:guava' implementation 'com.google.apis:google-api-services-compute:alpha-rev20200526-1.30.9' implementation 'com.google.apis:google-api-services-appengine:v1-rev92-1.25.0' diff --git a/halyard-core/halyard-core.gradle b/halyard-core/halyard-core.gradle index 8db6344ecf..0981bc998f 100644 --- a/halyard-core/halyard-core.gradle +++ b/halyard-core/halyard-core.gradle @@ -26,7 +26,7 @@ dependencies { exclude group: 'org.apache.groovy', module: 'groovy' } implementation 'org.apache.groovy:groovy:4.0.9' - implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'com.google.guava:guava' implementation 'org.yaml:snakeyaml:2.0' implementation 'com.google.http-client:google-http-client-jackson2:+' diff --git a/halyard-proto/halyard-proto.gradle b/halyard-proto/halyard-proto.gradle index 1ace4f92b3..e7e1a1855a 100644 --- a/halyard-proto/halyard-proto.gradle +++ b/halyard-proto/halyard-proto.gradle @@ -2,7 +2,7 @@ apply plugin: 'com.google.protobuf' dependencies { implementation 'com.google.protobuf:protobuf-java' - implementation 'com.google.guava:guava:32.1.1-jre' + implementation 'com.google.guava:guava' api 'com.google.api.grpc:grpc-google-common-protos:1.0.5' implementation 'io.grpc:grpc-all:1.8.0' diff --git a/halyard-web/halyard-web.gradle b/halyard-web/halyard-web.gradle index d926939e84..fef4d2e98e 100644 --- a/halyard-web/halyard-web.gradle +++ b/halyard-web/halyard-web.gradle @@ -31,7 +31,7 @@ dependencies { implementation "io.spinnaker.kork:kork-config" runtimeOnly "io.spinnaker.kork:kork-actuator" implementation "jakarta.validation:jakarta.validation-api:3.0.2" - implementation "com.google.guava:guava:32.1.1-jre" + implementation "com.google.guava:guava" implementation project(':halyard-backup') // halyard-cli is required as a dependency even though it is not used directly by halyard-web From b38e1439fb91642919e47aa484fb63da1c035fb6 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Thu, 21 Mar 2024 18:08:29 +0530 Subject: [PATCH 48/50] Create Dockerfile-dev --- docker/ubi8/Dockerfile-dev | 62 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 62 insertions(+) create mode 100644 docker/ubi8/Dockerfile-dev diff --git a/docker/ubi8/Dockerfile-dev b/docker/ubi8/Dockerfile-dev new file mode 100644 index 0000000000..a170f843e3 --- /dev/null +++ b/docker/ubi8/Dockerfile-dev @@ -0,0 +1,62 @@ +FROM registry.access.redhat.com/ubi8/ubi:8.8 as java-builder +LABEL maintainer="OpsMx" +ARG JAVA_PACKAGE=java-17-openjdk-jmods +RUN yum -y update && yum -y install --nodocs ${JAVA_PACKAGE} + +# Build a custom JRE. +# For now, we will include all modules. We could try to remove the ones +# we don't need to reduce image size and security attack surface. +WORKDIR /jrebuild +RUN java --list-modules | cut -d'@' -f1 > modules +RUN jlink --output runtime --add-modules `paste -sd, - < modules` --compress 2 --vm server + +# Build a minimal base image with our custom Java installed. +FROM registry.access.redhat.com/ubi8/ubi:8.8 AS java-base +LABEL maintainer="OpsMx" +COPY --from=java-builder /jrebuild/runtime /opsmx-java-runtime +ARG OPSMXUSER=1001 +ENV JAVA_HOME=/opsmx-java-runtime \ + PATH=${PATH}:/opsmx-java-runtime/bin \ + WORK_DIR=/opsmx/workdir \ + CONF_DIR=/opsmx/conf + +# Enabling fips mode +RUN fips-mode-setup --enable + +# Setting crypto policies to FIPS +RUN update-crypto-policies --set FIPS + +FROM java-builder AS awscli-install +RUN yum install -y unzip +RUN curl https://awscli.amazonaws.com/awscli-exe-linux-`uname -m`.zip -o awscliv2.zip +RUN unzip awscliv2.zip +RUN ./aws/install + +FROM java-builder AS base +COPY --from=awscli-install /usr/local/aws-cli /usr/local/aws-cli/ +RUN ln -sf /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && ln -sf /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer + +ARG TARGETARCH + +COPY halyard-web/build/install/halyard /opt/halyard + +ENV KUBECTL_VERSION=v1.22.0 +ENV KUBECTL_RELEASE=1.15.10 +ENV AWS_BINARY_RELEASE_DATE=2020-02-22 + +RUN yum -y install git bash wget curl + +RUN echo '#!/usr/bin/env bash' > /usr/local/bin/hal && \ + echo '/opt/halyard/bin/hal "$@"' >> /usr/local/bin/hal && \ + chmod +x /usr/local/bin/hal + +RUN wget https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl && \ + chmod +x kubectl && \ + mv ./kubectl /usr/local/bin/kubectl + +RUN curl -f -o /usr/local/bin/aws-iam-authenticator https://amazon-eks.s3-us-west-2.amazonaws.com/${KUBECTL_RELEASE}/${AWS_BINARY_RELEASE_DATE}/bin/linux/amd64/aws-iam-authenticator && \ + chmod +x /usr/local/bin/aws-iam-authenticator + +RUN adduser spinnaker +USER spinnaker +CMD ["/opt/halyard/bin/halyard"] From acdf0f0d8c6fd71d0af87b24ece6a290167f7ec5 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Thu, 21 Mar 2024 18:08:48 +0530 Subject: [PATCH 49/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 8bcf3e1bf3..1388c8eace 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -61,4 +61,13 @@ jobs: push: true tags: | "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}" + + - name: dockerBuildpush + uses: docker/build-push-action@v2 + with: + context: . + file: docker/ubi8/Dockerfile-dev + push: true + tags: | + "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}-dev" From 894f39d6c93f33c5e962956fa9fdc86cbd178c40 Mon Sep 17 00:00:00 2001 From: Yugandharkumar Date: Thu, 21 Mar 2024 18:31:44 +0530 Subject: [PATCH 50/50] Update halyard-oes.yml --- .github/workflows/halyard-oes.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.github/workflows/halyard-oes.yml b/.github/workflows/halyard-oes.yml index 1388c8eace..03b654fecf 100644 --- a/.github/workflows/halyard-oes.yml +++ b/.github/workflows/halyard-oes.yml @@ -53,7 +53,7 @@ jobs: ./gradlew --no-daemon -PenableCrossCompilerPlugin=true halyard-web:installDist -x test - - name: dockerBuildpush + - name: dockerBuildpushFips uses: docker/build-push-action@v2 with: context: . @@ -62,7 +62,7 @@ jobs: tags: | "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}" - - name: dockerBuildpush + - name: dockerBuildpushDev uses: docker/build-push-action@v2 with: context: . @@ -70,4 +70,10 @@ jobs: push: true tags: | "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}-dev" + - id: get-build-name + run: | + imageName="${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-${{ steps.build_variables.outputs.GITHASH }}-${{ steps.build_variables.outputs.BUILDDATE }}" + echo "clouddriver=$imageName" >> $GITHUB_OUTPUT + echo "clouddriverDev=$imageName"-dev >> $GITHUB_OUTPUT +