Merge branch 'master' into bump-jackson-micro

console/console-init/ui/src/graphql-module/queries/AddressSpace.ts

@@ -40,8 +40,7 @@ const ALL_ADDRESS_SPACES_FILTER = (
   if (
     ((filterNamesLength && filterNamesLength > 0) ||
       (filterNameSpacesLength && filterNameSpacesLength > 0)) &&
-    filterType &&
-    filterType.trim() !== ""
+    (filterType?.trim() || filterStatus?.trim())
   ) {
     filter += " AND ";
   }
@@ -53,6 +52,10 @@ const ALL_ADDRESS_SPACES_FILTER = (
     ]);
   }
 
+  if (filterType?.trim() && filterStatus?.trim()) {
+    filter += " AND ";
+  }
+
   //filter tye
   if (filterStatus) {
     if (filterStatus !== "Pending") {

console/console-init/ui/src/modules/address-space/containers/MessagingToolbarContainer/MessagingToolbarContainer.tsx

@@ -79,16 +79,14 @@ export const MessagingToolbarContainer: React.FunctionComponent<IMessagingToolba
   };
 
   //this function used to clear value of type ahead select input field on filter change
-  const resettInitialState = () => {
+  const resetInitialState = () => {
     setNameInput("");
     setNamespaceInput("");
-    setTypeSelected(null);
-    setStatusSelected(null);
   };
 
   const onFilterSelect = (value: string) => {
     setFilterSelected(value);
-    resettInitialState();
+    resetInitialState();
   };
 
   const onNameSelect = (e: any, selection: SelectOptionObject) => {

documentation/assemblies/assembly-iot-creating-device.adoc

@@ -8,12 +8,13 @@
 
 After installing the IoT services and creating an IoT project, you can create an IoT device for the device you want to monitor.
 
+
 :headers: -H 'Content-Type: application/json' -H "Authorization: Bearer ${TOKEN}"
 ifeval::["{cmdcli}" == "oc"]
 :registry: $(oc -n {ProductNamespace} get routes device-registry --template='{{ .spec.host }}')
 endif::[]
 ifeval::["{cmdcli}" == "kubectl"]
-:registry: $(kubectl -n enmasse-infra get service iot-device-registry-external -o jsonpath={.status.loadBalancer.ingress[0].hostname}):31443
+:registry: $(kubectl -n {ProductNamespace} get service iot-device-registry-external -o jsonpath={.status.loadBalancer.ingress[0].hostname}):31443
 endif::[]
 
 .Prerequisites

documentation/assemblies/assembly-iot-device-manager-guide.adoc

@@ -9,4 +9,6 @@
 
 Device managers are typically responsible for creating and managing device identities and credentials in the system.
 
+include::../modules/proc-iot-management-token.adoc[leveloffset=+1]
+
 include::assembly-iot-creating-device.adoc[leveloffset=+1]

documentation/modules/proc-iot-management-token.adoc

@@ -0,0 +1,116 @@
+// Module included in the following assemblies:
+//
+// assembly-iot-creating-device.adoc
+
+[id='proc-iot-management-token-{context}']
+= Obtaining an authentication token
+
+To access the device management API, you must obtain a token to authenticate yourself
+to the API.
+
+Access to an IoT tenant's devices is mapped by the device registry based on access to
+the `IoTProject` resource. If an account has *read* access to the `IoTProject`, this
+account can also execute *read* operations on the device registry for this IoT tenant.
+
+The token has to be presented to the API as a *bearer token* by adding
+an HTTP header value: `Authorization: Bearer <token>`. For more information,
+see link:https://tools.ietf.org/html/rfc6750[RFC 6750].
+
+In the following configuration examples, replace `${TOKEN}` with the actual token.
+
+== Obtaining an authentication token for a user
+
+If you want to use the token of the current {KubePlatform}, you can extract the
+token.
+
+.Prerequisites
+
+* You must be logged in to your {KubePlatform} instance as a user that supports tokens.
+
+.Procedure
+
+. Extract the token for the current user:
++
+[options="nowrap",subs="+quotes,attributes"]
+----
+ifeval::["{cmdcli}" == "oc"]
+oc whoami -t
+endif::[]
+ifeval::["{cmdcli}" == "kubectl"]
+kubectl config view -o json| jq -r '.users[] as $users | ."current-context" as $ctx | .contexts[] | select (.name==$ctx).context.user as $user | $users | select (.name==$user).user.token'
+endif::[]
+----
+
+NOTE: User tokens have a limited lifetime, so it may be necessary
+to renew the token after it has expired.
+
+== Obtaining an authentication token for a service account
+
+Perform the following steps to create a new service account and extract the token.
+
+.Prerequisites
+
+* You must be logged in to your {KubePlatform} instance with permissions to create new service accounts, roles and role bindings.
+
+.Procedure
+
+. Create a new service account:
++
+[source,yaml,options="nowrap"]
+----
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: my-device-manager-account # <1>
+----
+<1> The name of the service account.
+
+. Create a new role, allowing access to the `IoTProject`:
++
+[source,yaml,options="nowrap"]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: device-manager-role # <1>
+rules: # <2>
+- apiGroups: ["iot.enmasse.io"]
+  resources: ["iotprojects"]
+  verbs: ["create", "update", "get", "list", "delete"]
+----
+<1> The name of the role.
+<2> The access rules, which must grant CRUD access to the `IoTProject`.
++
+This example grants access to all `IoTProjects`s in a namespace.
+To further restrict access, use more specific rules.
+
+. Create a new role binding, assigning the role to the service account:
++
+[source,yaml,options="nowrap"]
+----
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: my-device-manager-account-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: device-manager-role # <1>
+subjects:
+- kind: ServiceAccount
+  name: my-device-manager-account # <2>
+----
+<1> The name of the role.
+<2> The name of the service account.
+
+. Retrieve the token from the service account:
++
+[options="nowrap",subs="+quotes,attributes"]
+----
+ifeval::["{cmdcli}" == "oc"]
+oc serviceaccounts get-token my-device-manager-account
+endif::[]
+ifeval::["{cmdcli}" == "kubectl"]
+kubectl get secret $(kubectl get sa my-device-manager-account -o json  | jq -r '.secrets[] | select(.name | contains("-token-")).name') -o json | jq  -r .data.token
+endif::[]
+----

iot/iot-device-registry-base/pom.xml

@@ -67,6 +67,7 @@
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.vertx</groupId>

iot/iot-device-registry-infinispan/pom.xml

@@ -79,6 +79,7 @@
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.vertx</groupId>

iot/iot-device-registry-jdbc/pom.xml

@@ -84,6 +84,7 @@
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>io.vertx</groupId>

iot/iot-infinispan-base/pom.xml

@@ -77,6 +77,7 @@
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest</artifactId>
+      <scope>test</scope>
     </dependency>
   </dependencies>
 

iot/iot-jdbc-base/pom.xml

@@ -70,6 +70,7 @@
     <dependency>
       <groupId>org.hamcrest</groupId>
       <artifactId>hamcrest</artifactId>
+      <scope>test</scope>
     </dependency>
     <dependency>
       <groupId>ch.qos.logback</groupId>

pkg/controller/address_space_controller/controller.go

@@ -205,6 +205,9 @@ func ApplyDeployment(deployment *appsv1.Deployment) error {
 		applyImageEnv(container, "TOPIC_FORWARDER_IMAGE", "topic-forwarder")
 		applyImageEnv(container, "MQTT_GATEWAY_IMAGE", "mqtt-gateway")
 		applyImageEnv(container, "MQTT_LWT_IMAGE", "mqtt-lwt")
+		if util.IsOpenshift() {
+			install.ApplyEnvSimple(container, util.EnMasseOpenshiftEnvVar, "true")
+		}
 
 		if value, ok := os.LookupEnv("ENABLE_MONITORING_ANNOTATIONS"); ok && value == "true" {
 			deployment.ObjectMeta.Annotations["prometheus.io/scrape"] = "true"

pom.xml

@@ -48,19 +48,19 @@
         <slf4j.version>1.7.21</slf4j.version>
         <logback.version>1.2.3</logback.version>
         <lucene.version>7.7.1</lucene.version>
-        <hibernate.validator.version>6.0.18.Final</hibernate.validator.version>
+        <hibernate.validator.version>6.0.20.Final</hibernate.validator.version>
         <jackson-annotations.version>2.10.0</jackson-annotations.version>
         <jackson-core.version>2.10.4</jackson-core.version>
         <jackson-databind.version>2.10.4</jackson-databind.version>
         <jackson-module-jsonSchema.version>2.10.4</jackson-module-jsonSchema.version>
         <jackson-module-jaxb-annotations.version>2.10.4</jackson-module-jaxb-annotations.version>
+        <jackson-jaxrs-json-provider.version>2.10.4</jackson-jaxrs-json-provider.version>     
         <javax.validation.version>2.0.1.Final</javax.validation.version>
         <jboss.el.api.version>1.0.13.Final</jboss.el.api.version>
         <json-patch.version>1.9</json-patch.version>
         <glassfish.el.version>3.0.1-b08</glassfish.el.version>
         <resteasy.version>3.6.1.SP2</resteasy.version>
         <mockito.version>2.21.0</mockito.version>
-        <commons-collections.version>3.2.2</commons-collections.version>
         <guava.version>25.0-jre</guava.version>
         <hamcrest.version>2.2</hamcrest.version>
         <junit.jupiter.version>5.5.2</junit.jupiter.version>
@@ -81,7 +81,7 @@
         <node.version>v10.15.3</node.version>
         <npm.version>6.9.0</npm.version>
         <yarn.version>v1.21.1</yarn.version>
-        <snakeyaml.version>1.23</snakeyaml.version>
+        <snakeyaml.version>1.26</snakeyaml.version>
         <javax.annotation-api.version>1.3.2</javax.annotation-api.version>
         <jakarta.xml.bind-api.version>2.3.2</jakarta.xml.bind-api.version>
         <jsonschema2pojo.version>1.0.2</jsonschema2pojo.version>
@@ -216,13 +216,6 @@
 
             <!-- Other dependencies -->
 
-            <!-- Overridden to avoid CVE-2017-15708 -->
-            <dependency>
-                <groupId>commons-collections</groupId>
-                <artifactId>commons-collections</artifactId>
-                <version>${commons-collections.version}</version>
-            </dependency>
-
             <dependency>
                 <groupId>org.apache.activemq</groupId>
                 <artifactId>apache-artemis</artifactId>
@@ -513,6 +506,11 @@
                 <artifactId>jackson-module-jaxb-annotations</artifactId>
                 <version>${jackson-module-jaxb-annotations.version}</version>
             </dependency>
+            <dependency>
+                <groupId>com.fasterxml.jackson.jaxrs</groupId>
+                <artifactId>jackson-jaxrs-json-provider</artifactId>
+                <version>${jackson-jaxrs-json-provider.version}</version>
+            </dependency>
 
             <dependency>
                 <groupId>io.netty</groupId>
@@ -683,7 +681,6 @@
                 <version>${gson.version}</version>
             </dependency>
 
-            <!-- Overridden as new version resolves problem with license metadata -->
             <dependency>
                 <groupId>org.yaml</groupId>
                 <artifactId>snakeyaml</artifactId>

systemtests/src/test/java/io/enmasse/systemtest/bases/web/ConsoleTest.java

@@ -722,7 +722,17 @@ protected void doTestFilterAddressSpaceStatus() throws Exception {
 
         consolePage.addFilter(FilterType.STATUS, "Terminating");
         assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(0));
+        consolePage.removeAllFilters();
 
+        consolePage.addFilter(FilterType.NAME, "standard");
+        consolePage.addFilter(FilterType.NAMESPACE, kubernetes.getInfraNamespace());
+        assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(2));
+        consolePage.addFilter(FilterType.STATUS, "Active");
+        assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(2));
+        consolePage.addFilter(FilterType.TYPE, "Standard");
+        assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(1));
+        consolePage.addFilter(FilterType.STATUS, "Pending");
+        assertThat("Console does not show all addressspaces", consolePage.getAddressSpaceItems().size(), is(0));
     }
 
     protected void doTestListEndpoints() throws Exception {

systemtests/src/test/java/io/enmasse/systemtest/isolated/monitoring/MonitoringTest.java

@@ -204,8 +204,6 @@ void testMonitoringCommonQueries() throws Exception {
 
         assertDoesNotThrow(() -> monitoring.validateQueryAndWait(MonitoringQueries.ENMASSE_COMPONENT_HEALTH, "1", Map.ofEntries(Map.entry("endpoint", "cr-metrics"), Map.entry("job", "enmasse-operator-metrics"))));
         assertDoesNotThrow(() -> monitoring.validateQueryAndWait(MonitoringQueries.ENMASSE_COMPONENT_HEALTH, "1", Map.ofEntries(Map.entry("endpoint", "http-metrics"), Map.entry("job", "enmasse-operator-metrics"))));
-
-        assertEquals(environment.enmasseVersion(), monitoring.getQueryResult(MonitoringQueries.ENMASSE_VERSION, Collections.singletonMap("name", "enmasse-operator")).getMetadataValue("version"));
     }
 
     @Test

templates/crds/iotconfigs.crd.yaml

@@ -122,6 +122,18 @@ spec:
                 lorawan:
                   type: object
 
+            services:
+              type: object
+              properties:
+                deviceConnection:
+                  type: object
+                deviceRegistry:
+                  type: object
+                authentication:
+                  type: object
+                tenant:
+                  type: object
+
             tracing:
               type: object