From 1613043605673682d85e3329f209f1b86fcce943 Mon Sep 17 00:00:00 2001 From: Sachin Argade Date: Wed, 16 Aug 2023 14:36:52 +0530 Subject: [PATCH 1/5] security issue fix --- DEPENDENCIES | 2 +- pom.xml | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/DEPENDENCIES b/DEPENDENCIES index 33ba6edc..23f322bd 100644 --- a/DEPENDENCIES +++ b/DEPENDENCIES @@ -121,7 +121,7 @@ maven/mavencentral/org.springframework.data/spring-data-commons/3.1.0, Apache-2. maven/mavencentral/org.springframework.data/spring-data-jpa/3.1.0, Apache-2.0, approved, #9120 maven/mavencentral/org.springframework.retry/spring-retry/2.0.1, Apache-2.0, approved, clearlydefined maven/mavencentral/org.springframework.security/spring-security-config/6.1.2, Apache-2.0, approved, #9736 -maven/mavencentral/org.springframework.security/spring-security-core/6.1.0, Apache-2.0, approved, #9801 +maven/mavencentral/org.springframework.security/spring-security-core/6.0.3, Apache-2.0, approved, #7325 maven/mavencentral/org.springframework.security/spring-security-crypto/6.1.0, Apache-2.0 AND ISC, approved, #9735 maven/mavencentral/org.springframework.security/spring-security-oauth2-client/6.1.0, Apache-2.0, approved, #9740 maven/mavencentral/org.springframework.security/spring-security-oauth2-core/6.1.0, Apache-2.0, approved, #9741 diff --git a/pom.xml b/pom.xml index df15ddfd..30a84c6f 100644 --- a/pom.xml +++ b/pom.xml @@ -198,6 +198,10 @@ spring-security-oauth2-client + + org.springframework.security + spring-security-config + @@ -212,6 +216,10 @@ org.springframework.security spring-security-web + + org.springframework.security + spring-security-config + @@ -222,6 +230,10 @@ org.springframework.security spring-security-web + + org.springframework.security + spring-security-config + @@ -246,18 +258,33 @@ org.springframework.security spring-security-web + + org.springframework.security + spring-security-core + org.springframework.security spring-security-web 6.1.0 + + + org.springframework.security + spring-security-core + + org.springframework.security spring-security-config 6.1.2 + + org.springframework.security + spring-security-core + 6.0.3 + com.h2database h2 From c03c3418f14f02b581929a5398a4e1c06567ab2f Mon Sep 17 00:00:00 2001 From: Sachin Argade Date: Wed, 16 Aug 2023 16:40:59 +0530 Subject: [PATCH 2/5] Hot fix for veracode security and trivy --- docs/autosetup-api.yaml | 584 +++++++++++++++++- .../autosetup/manager/DTRegistryManager.java | 49 +- 2 files changed, 607 insertions(+), 26 deletions(-) diff --git a/docs/autosetup-api.yaml b/docs/autosetup-api.yaml index 42f06534..d08bfba7 100644 --- a/docs/autosetup-api.yaml +++ b/docs/autosetup-api.yaml @@ -15,4 +15,586 @@ # SPDX-License-Identifier: Apache-2.0 #******************************************************************************* -{"openapi":"3.0.1","info":{"title":"Auto setup API information","description":"This Service handles all auto setup related operations","version":"1.0"},"servers":[{"url":"https://orchestrator.int.cx.dih-cloud.com","description":"Generated server url"}],"security":[{"bearerAuth":[]}],"tags":[{"name":"AutoSetup","description":"Auto setup controller to perform all operation"}],"paths":{"/autosetup/{executionId}":{"get":{"tags":["AutoSetup"],"summary":"Check Auto setup execution status","description":"This API will use to check/verify Auto setup process execution status","operationId":"getCheckDetails","parameters":[{"name":"executionId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AutoSetupResponse"}}}}}},"put":{"tags":["AutoSetup"],"summary":"Update existing autosetup packages","description":"This API will use to update the existing packages created by the Auto setup process","operationId":"updatePackage","parameters":[{"name":"executionId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AutoSetupRequest"}}},"required":true},"responses":{"200":{"description":"Updated","content":{"*/*":{"schema":{"type":"string","format":"uuid"}}}}}},"delete":{"tags":["AutoSetup"],"summary":"Delete autosetup packages","description":"This API will use to delete the existing packages created by the Auto setup process","operationId":"deletePackage","parameters":[{"name":"executionId","in":"path","required":true,"schema":{"type":"string","format":"uuid"}}],"responses":{"200":{"description":"Deleted","content":{"*/*":{"schema":{"type":"string","format":"uuid"}}}}}}},"/internal/catalog-service":{"get":{"tags":["app-details-controller"],"summary":"This will get all catalog service in auto setup database for auto setup","description":"This will get all catalog service in auto setup database for auto setup","operationId":"getAllCatalogService","responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AppServiceCatalog"}}}}}}},"post":{"tags":["app-details-controller"],"summary":"This will create catalog service in auto setup database for auto setup","description":"This will create catalog service in auto setup database for auto setup","operationId":"createCatalogService","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppServiceCatalogPojo"}}},"required":true},"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppServiceCatalog"}}}}}}},"/internal/catalog-service-mapping":{"get":{"tags":["app-details-controller"],"summary":"This will get catalog service mapping with customer in auto setup database for auto setup","description":"This will get catalog service mapping with customer in auto setup database for auto setup","operationId":"getAllCatalogServiceMapping","responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AppServiceCatalogAndCustomerMapping"}}}}}}},"post":{"tags":["app-details-controller"],"summary":"This will create catalog service mapping with customer in auto setup database for auto setup","description":"This will create catalog service mapping with customer in auto setup database for auto setup","operationId":"createCatalogServiceMapping","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppServiceCatalogAndCustomerMappingPojo"}}},"required":true},"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppServiceCatalogAndCustomerMapping"}}}}}}},"/internal/app-details":{"get":{"tags":["app-details-controller"],"summary":"This will fetch all app details in kubeapps","description":"This will fetch all app details in kubeapps","operationId":"getAllAppInfo","responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AppDetails"}}}}}}},"post":{"tags":["app-details-controller"],"summary":"This will create/update app in kubeapps","description":"This will create/update app in kubeapps","operationId":"createOrUpdateAppInfo","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AppDetailsRequest"}}},"required":true},"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppDetails"}}}}}}},"/autosetup":{"post":{"tags":["AutoSetup"],"summary":"Start autosetup process","description":"This API will use to start the Auto setup process","operationId":"createPackage","requestBody":{"content":{"application/json":{"schema":{"$ref":"#/components/schemas/AutoSetupRequest"}}},"required":true},"responses":{"200":{"description":"Created","content":{"*/*":{"schema":{"type":"string","format":"uuid"}}}}}}},"/internal":{"get":{"tags":["AutoSetup"],"operationId":"getAllInstallPackages","responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"string"}}}}}}},"/internal/trigger":{"get":{"tags":["trigger-details-controller"],"summary":"Fetch all the orchestrator requests","description":"This will fetch all orchestrator request and their details","operationId":"getAllTriggers","responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"type":"array","items":{"$ref":"#/components/schemas/AutoSetupTriggerResponse"}}}}}}}},"/internal/trigger/{triggerId}":{"get":{"tags":["trigger-details-controller"],"summary":"Fetch specific the orchestrator requests","description":"This will fetch specific orchestrator request and their details using trigger id in parth variable","operationId":"getTriggerDetails","parameters":[{"name":"triggerId","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AutoSetupTriggerResponse"}}}}}}},"/internal/catalog-service/{id}":{"get":{"tags":["app-details-controller"],"summary":"This will get catalog service in auto setup database for auto setup","description":"This will get catalog service in auto setup database for auto setup","operationId":"getCatalogService","parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppServiceCatalog"}}}}}}},"/internal/catalog-service-mapping/{id}":{"get":{"tags":["app-details-controller"],"summary":"This will get catalog service mapping with customer in auto setup database for auto setup","description":"This will get catalog service mapping with customer in auto setup database for auto setup","operationId":"getCatalogServiceMapping","parameters":[{"name":"id","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppServiceCatalogAndCustomerMapping"}}}}}}},"/internal/app-details/{appName}":{"get":{"tags":["app-details-controller"],"summary":"This will fetch specific app details in kubeapps","description":"This will fetch specific app details in kubeapps","operationId":"getAppInfo","parameters":[{"name":"appName","in":"path","required":true,"schema":{"type":"string"}}],"responses":{"200":{"description":"OK","content":{"*/*":{"schema":{"$ref":"#/components/schemas/AppDetails"}}}}}}}},"components":{"schemas":{"AutoSetupRequest":{"type":"object","properties":{"customer":{"$ref":"#/components/schemas/Customer"},"properties":{"$ref":"#/components/schemas/CustomerProperties"}}},"Customer":{"required":["country","email","organizationName"],"type":"object","properties":{"organizationName":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9 !#'$@&%()*+,\\-_./:;=<>?\\[\\]\\\\^]{2,50}+","type":"string"},"organizationUnitName":{"type":"string"},"email":{"type":"string"},"contactNumber":{"type":"string"},"tanNumber":{"type":"string"},"registrationNumber":{"type":"string"},"country":{"type":"string"},"state":{"type":"string"},"city":{"type":"string"}}},"CustomerProperties":{"required":["bpnNumber","serviceId","subscriptionId"],"type":"object","properties":{"bpnNumber":{"pattern":"[a-zA-Z0-9\\_\\-]+","type":"string"},"subscriptionId":{"pattern":"[a-zA-Z0-9\\_\\-]+","type":"string"},"serviceId":{"pattern":"[a-zA-Z0-9\\_\\-]+","type":"string"},"role":{"type":"string"}}},"AppServiceCatalogPojo":{"required":["canonicalServiceId","name","serviceTools","workflow"],"type":"object","properties":{"canonicalServiceId":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"name":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"workflow":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"serviceTools":{"pattern":"[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+","type":"string"}}},"AppServiceCatalog":{"type":"object","properties":{"canonicalServiceId":{"type":"string"},"name":{"type":"string"},"workflow":{"type":"string"},"serviceTools":{"type":"string"}}},"AppServiceCatalogAndCustomerMappingPojo":{"required":["canonicalId","customer","serviceId"],"type":"object","properties":{"customer":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"serviceId":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"serviceCatalog":{"$ref":"#/components/schemas/AppServiceCatalogPojo"},"canonicalId":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"}}},"AppServiceCatalogAndCustomerMapping":{"type":"object","properties":{"customer":{"type":"string"},"serviceId":{"type":"string"},"serviceCatalog":{"$ref":"#/components/schemas/AppServiceCatalog"},"canonicalId":{"type":"string"}}},"AppDetailsRequest":{"required":["appName","contextCluster","contextNamespace","expectedInputData","packageIdentifier","packageVersion","pluginName","pluginVersion","requiredYamlConfiguration","yamlValueFieldType"],"type":"object","properties":{"appName":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"contextCluster":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"contextNamespace":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"packageIdentifier":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+","type":"string"},"pluginName":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+","type":"string"},"pluginVersion":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+","type":"string"},"packageVersion":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_./]+","type":"string"},"expectedInputData":{"pattern":"[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+","type":"string"},"outputData":{"pattern":"[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\\-_]+","type":"string"},"requiredYamlConfiguration":{"pattern":"[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+","type":"string"},"yamlValueFieldType":{"pattern":"[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+","type":"string"}}},"AppDetails":{"type":"object","properties":{"appName":{"type":"string"},"contextCluster":{"type":"string"},"contextNamespace":{"type":"string"},"packageIdentifier":{"type":"string"},"pluginName":{"type":"string"},"pluginVersion":{"type":"string"},"packageVersion":{"type":"string"},"expectedInputData":{"type":"string"},"outputData":{"type":"string"},"requiredYamlConfiguration":{"type":"string"},"yamlValueFieldType":{"type":"string"}}},"AutoSetupTriggerDetails":{"type":"object","properties":{"id":{"type":"string"},"step":{"type":"string"},"status":{"type":"string"},"action":{"type":"string"},"remark":{"type":"string"},"createdDate":{"type":"string","format":"date-time"}}},"AutoSetupTriggerResponse":{"type":"object","properties":{"triggerId":{"type":"string"},"triggerType":{"type":"string"},"organizationName":{"type":"string"},"autosetupTriggerDetails":{"type":"array","items":{"$ref":"#/components/schemas/AutoSetupTriggerDetails"}},"request":{"$ref":"#/components/schemas/AutoSetupRequest"},"processResult":{"type":"array","items":{"type":"object","additionalProperties":{"type":"string"}}},"createdTimestamp":{"type":"string"},"modifiedTimestamp":{"type":"string"},"status":{"type":"string"},"remark":{"type":"string"}}},"AutoSetupResponse":{"type":"object","properties":{"executionId":{"type":"string"},"executionType":{"type":"string"},"request":{"$ref":"#/components/schemas/AutoSetupRequest"},"processResult":{"type":"array","items":{"type":"object","additionalProperties":{"type":"string"}}},"status":{"type":"string","enum":["INPROGRESS","SUCCESS","FAILED","MANUAL_UPDATE_PENDING"]},"createdTimestamp":{"type":"string"},"modifiedTimestamp":{"type":"string"},"remark":{"type":"string"}}}},"securitySchemes":{"bearerAuth":{"type":"http","scheme":"bearer","bearerFormat":"JWT"}}}} +openapi: 3.0.1 +info: + title: Auto setup API information + description: This Service handles all auto setup related operations + version: '1.0' +servers: +- url: https://orchestrator.int.cx.dih-cloud.com + description: Generated server url +security: +- bearerAuth: [] +tags: +- name: AutoSetup + description: Auto setup controller to perform all operation +paths: + /autosetup/{executionId}: + get: + tags: + - AutoSetup + summary: Check Auto setup execution status + description: This API will use to check/verify Auto setup process execution status + operationId: getCheckDetails + parameters: + - name: executionId + in: path + required: true + schema: + type: string + format: uuid + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AutoSetupResponse' + put: + tags: + - AutoSetup + summary: Update existing autosetup packages + description: This API will use to update the existing packages created by the Auto setup process + operationId: updatePackage + parameters: + - name: executionId + in: path + required: true + schema: + type: string + format: uuid + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AutoSetupRequest' + required: true + responses: + '200': + description: Updated + content: + '*/*': + schema: + type: string + format: uuid + delete: + tags: + - AutoSetup + summary: Delete autosetup packages + description: This API will use to delete the existing packages created by the Auto setup process + operationId: deletePackage + parameters: + - name: executionId + in: path + required: true + schema: + type: string + format: uuid + responses: + '200': + description: Deleted + content: + '*/*': + schema: + type: string + format: uuid + /internal/catalog-service: + get: + tags: + - app-details-controller + summary: This will get all catalog service in auto setup database for auto setup + description: This will get all catalog service in auto setup database for auto setup + operationId: getAllCatalogService + responses: + '200': + description: OK + content: + '*/*': + schema: + type: array + maxItems: 3 + items: + $ref: '#/components/schemas/AppServiceCatalog' + post: + tags: + - app-details-controller + summary: This will create catalog service in auto setup database for auto setup + description: This will create catalog service in auto setup database for auto setup + operationId: createCatalogService + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AppServiceCatalogPojo' + required: true + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppServiceCatalog' + /internal/catalog-service-mapping: + get: + tags: + - app-details-controller + summary: This will get catalog service mapping with customer in auto setup database for auto setup + description: This will get catalog service mapping with customer in auto setup database for auto setup + operationId: getAllCatalogServiceMapping + responses: + '200': + description: OK + content: + '*/*': + schema: + type: array + maxItems: 3 + items: + $ref: '#/components/schemas/AppServiceCatalogAndCustomerMapping' + post: + tags: + - app-details-controller + summary: This will create catalog service mapping with customer in auto setup database for auto setup + description: This will create catalog service mapping with customer in auto setup database for auto setup + operationId: createCatalogServiceMapping + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AppServiceCatalogAndCustomerMappingPojo' + required: true + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppServiceCatalogAndCustomerMapping' + /internal/app-details: + get: + tags: + - app-details-controller + summary: This will fetch all app details in kubeapps + description: This will fetch all app details in kubeapps + operationId: getAllAppInfo + responses: + '200': + description: OK + content: + '*/*': + schema: + type: array + maxItems: 3 + items: + $ref: '#/components/schemas/AppDetails' + post: + tags: + - app-details-controller + summary: This will create/update app in kubeapps + description: This will create/update app in kubeapps + operationId: createOrUpdateAppInfo + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AppDetailsRequest' + required: true + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppDetails' + /autosetup: + post: + tags: + - AutoSetup + summary: Start autosetup process + description: This API will use to start the Auto setup process + operationId: createPackage + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/AutoSetupRequest' + required: true + responses: + '200': + description: Created + content: + '*/*': + schema: + type: string + format: uuid + /internal: + get: + tags: + - AutoSetup + operationId: getAllInstallPackages + responses: + '200': + description: OK + content: + '*/*': + schema: + type: string + /internal/trigger: + get: + tags: + - trigger-details-controller + summary: Fetch all the orchestrator requests + description: This will fetch all orchestrator request and their details + operationId: getAllTriggers + responses: + '200': + description: OK + content: + '*/*': + schema: + type: array + maxItems: 3 + items: + $ref: '#/components/schemas/AutoSetupTriggerResponse' + /internal/trigger/{triggerId}: + get: + tags: + - trigger-details-controller + summary: Fetch specific the orchestrator requests + description: This will fetch specific orchestrator request and their details using trigger id in parth variable + operationId: getTriggerDetails + parameters: + - name: triggerId + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AutoSetupTriggerResponse' + /internal/catalog-service/{id}: + get: + tags: + - app-details-controller + summary: This will get catalog service in auto setup database for auto setup + description: This will get catalog service in auto setup database for auto setup + operationId: getCatalogService + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppServiceCatalog' + /internal/catalog-service-mapping/{id}: + get: + tags: + - app-details-controller + summary: This will get catalog service mapping with customer in auto setup database for auto setup + description: This will get catalog service mapping with customer in auto setup database for auto setup + operationId: getCatalogServiceMapping + parameters: + - name: id + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppServiceCatalogAndCustomerMapping' + /internal/app-details/{appName}: + get: + tags: + - app-details-controller + summary: This will fetch specific app details in kubeapps + description: This will fetch specific app details in kubeapps + operationId: getAppInfo + parameters: + - name: appName + in: path + required: true + schema: + type: string + responses: + '200': + description: OK + content: + '*/*': + schema: + $ref: '#/components/schemas/AppDetails' +components: + schemas: + AutoSetupRequest: + type: object + properties: + customer: + $ref: '#/components/schemas/Customer' + properties: + $ref: '#/components/schemas/CustomerProperties' + Customer: + required: + - country + - email + - organizationName + type: object + properties: + organizationName: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9 !#''$@&%()*+,\-_./:;=<>?\[\]\\^]{2,50}+' + type: string + organizationUnitName: + type: string + email: + type: string + contactNumber: + type: string + tanNumber: + type: string + registrationNumber: + type: string + country: + type: string + state: + type: string + city: + type: string + CustomerProperties: + required: + - bpnNumber + - serviceId + - subscriptionId + type: object + properties: + bpnNumber: + pattern: '[a-zA-Z0-9\_\-]+' + type: string + subscriptionId: + pattern: '[a-zA-Z0-9\_\-]+' + type: string + serviceId: + pattern: '[a-zA-Z0-9\_\-]+' + type: string + role: + type: string + AppServiceCatalogPojo: + required: + - canonicalServiceId + - name + - serviceTools + - workflow + type: object + properties: + canonicalServiceId: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + name: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + workflow: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + serviceTools: + pattern: "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+" + type: string + AppServiceCatalog: + type: object + properties: + canonicalServiceId: + type: string + name: + type: string + workflow: + type: string + serviceTools: + type: string + AppServiceCatalogAndCustomerMappingPojo: + required: + - canonicalId + - customer + - serviceId + type: object + properties: + customer: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + serviceId: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + serviceCatalog: + $ref: '#/components/schemas/AppServiceCatalogPojo' + canonicalId: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + AppServiceCatalogAndCustomerMapping: + type: object + properties: + customer: + type: string + serviceId: + type: string + serviceCatalog: + $ref: '#/components/schemas/AppServiceCatalog' + canonicalId: + type: string + AppDetailsRequest: + required: + - appName + - contextCluster + - contextNamespace + - expectedInputData + - packageIdentifier + - packageVersion + - pluginName + - pluginVersion + - requiredYamlConfiguration + - yamlValueFieldType + type: object + properties: + appName: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + contextCluster: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + contextNamespace: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + packageIdentifier: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_./]+' + type: string + pluginName: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_./]+' + type: string + pluginVersion: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_./]+' + type: string + packageVersion: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_./]+' + type: string + expectedInputData: + pattern: "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+" + type: string + outputData: + pattern: '[a-zA-ZÀ-ÿ0-9][a-zA-ZÀ-ÿ0-9\-_]+' + type: string + requiredYamlConfiguration: + pattern: "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+" + type: string + yamlValueFieldType: + pattern: "[a-zA-ZÀ-ÿ0-9 \"$\n\t\\{\\},\\-_./:=\\[\\]]+" + type: string + AppDetails: + type: object + properties: + appName: + type: string + contextCluster: + type: string + contextNamespace: + type: string + packageIdentifier: + type: string + pluginName: + type: string + pluginVersion: + type: string + packageVersion: + type: string + expectedInputData: + type: string + outputData: + type: string + requiredYamlConfiguration: + type: string + yamlValueFieldType: + type: string + AutoSetupTriggerDetails: + type: object + properties: + id: + type: string + step: + type: string + status: + type: string + action: + type: string + remark: + type: string + createdDate: + type: string + format: date-time + AutoSetupTriggerResponse: + type: object + properties: + triggerId: + type: string + triggerType: + type: string + organizationName: + type: string + autosetupTriggerDetails: + type: array + maxItems: 3 + items: + $ref: '#/components/schemas/AutoSetupTriggerDetails' + request: + $ref: '#/components/schemas/AutoSetupRequest' + processResult: + type: array + maxItems: 3 + items: + type: object + createdTimestamp: + type: string + modifiedTimestamp: + type: string + status: + type: string + remark: + type: string + AutoSetupResponse: + type: object + properties: + executionId: + type: string + executionType: + type: string + request: + $ref: '#/components/schemas/AutoSetupRequest' + processResult: + type: array + maxItems: 3 + items: + type: object + status: + type: string + enum: + - INPROGRESS + - SUCCESS + - FAILED + - MANUAL_UPDATE_PENDING + createdTimestamp: + type: string + modifiedTimestamp: + type: string + remark: + type: string + securitySchemes: + bearerAuth: + type: http + scheme: bearer + bearerFormat: JWT \ No newline at end of file diff --git a/src/main/java/org/eclipse/tractusx/autosetup/manager/DTRegistryManager.java b/src/main/java/org/eclipse/tractusx/autosetup/manager/DTRegistryManager.java index 267bee7d..9d7e7361 100644 --- a/src/main/java/org/eclipse/tractusx/autosetup/manager/DTRegistryManager.java +++ b/src/main/java/org/eclipse/tractusx/autosetup/manager/DTRegistryManager.java @@ -1,4 +1,5 @@ /******************************************************************************** + * Copyright (c) 2023 T-Systems International GmbH * Copyright (c) 2023 Contributors to the Eclipse Foundation * @@ -34,6 +35,7 @@ import org.eclipse.tractusx.autosetup.exception.ServiceException; import org.eclipse.tractusx.autosetup.model.Customer; import org.eclipse.tractusx.autosetup.model.SelectedTools; +import org.eclipse.tractusx.autosetup.utility.LogUtil; import org.eclipse.tractusx.autosetup.utility.WaitingTimeUtility; import org.springframework.retry.annotation.Backoff; import org.springframework.retry.annotation.Retryable; @@ -107,10 +109,10 @@ public Map managePackage(Customer customerDetails, AppActions ac ServiceException.class }, maxAttemptsExpression = "${retry.maxAttempts}", backoff = @Backoff(delayExpression = "#{${retry.backOffDelay}}")) public void dtRegistryRegistrationInEDC(Customer customerDetails, SelectedTools tool, Map inputData, AutoSetupTriggerEntry triger) { + String tenantName = LogUtil.encode(customerDetails.getOrganizationName()); try { - - WaitingTimeUtility.waitingTime(customerDetails.getOrganizationName() - + ": Waiting for EDC asset creation after DT setup to get connector pod up"); + WaitingTimeUtility.waitingTime( + tenantName + ": Waiting for EDC asset creation after DT setup to get connector pod up"); String asset = eDCProxyService.getAssets(customerDetails, inputData); @@ -119,7 +121,7 @@ public void dtRegistryRegistrationInEDC(Customer customerDetails, SelectedTools } } catch (Exception e) { - String errorMsg = customerDetails.getOrganizationName() + String errorMsg = tenantName + ":It looks EDC connector is not up for DT asset creation, Oops! We have an exception - " + e.getMessage(); log.error(errorMsg); @@ -144,22 +146,22 @@ private void createEDCAsset(Customer customerDetails, SelectedTools tool, Map Date: Wed, 16 Aug 2023 16:57:16 +0530 Subject: [PATCH 3/5] Output Neutralization for Logs --- .../autosetup/exception/GlobalDefaultExceptionHandler.java | 2 +- .../tractusx/autosetup/exception/ServiceException.java | 4 +++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/main/java/org/eclipse/tractusx/autosetup/exception/GlobalDefaultExceptionHandler.java b/src/main/java/org/eclipse/tractusx/autosetup/exception/GlobalDefaultExceptionHandler.java index ef04d5a1..bb77fe0c 100644 --- a/src/main/java/org/eclipse/tractusx/autosetup/exception/GlobalDefaultExceptionHandler.java +++ b/src/main/java/org/eclipse/tractusx/autosetup/exception/GlobalDefaultExceptionHandler.java @@ -71,7 +71,7 @@ protected ResponseEntity handleMethodArgumentNotValid(MethodArgumentNotV Object inputRequest = ex.getBindingResult().getTarget(); if (inputRequest != null) - log.error(inputRequest.toString()); + log.error(LogUtil.encode(inputRequest.toString())); ex.getBindingResult().getAllErrors().forEach(error -> { String fieldName = ((FieldError) error).getField(); diff --git a/src/main/java/org/eclipse/tractusx/autosetup/exception/ServiceException.java b/src/main/java/org/eclipse/tractusx/autosetup/exception/ServiceException.java index ee50ede9..1cd8af7f 100644 --- a/src/main/java/org/eclipse/tractusx/autosetup/exception/ServiceException.java +++ b/src/main/java/org/eclipse/tractusx/autosetup/exception/ServiceException.java @@ -20,6 +20,8 @@ package org.eclipse.tractusx.autosetup.exception; +import org.eclipse.tractusx.autosetup.utility.LogUtil; + import lombok.extern.slf4j.Slf4j; @Slf4j @@ -32,6 +34,6 @@ public class ServiceException extends RuntimeException { public ServiceException(String exceptionstr) { super(exceptionstr); - log.error(exceptionstr); + log.error(LogUtil.encode(exceptionstr)); } } \ No newline at end of file From 8672246e581b2491f3bd987f71d813c67d5844bb Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Thu, 17 Aug 2023 11:34:16 +0530 Subject: [PATCH 4/5] bump version --- .github/workflows/build.yaml | 32 ++++++++++++++++++++++---------- CHANGELOG.md | 5 +++++ README.md | 4 ++-- charts/orchestrator/Chart.yaml | 4 ++-- charts/orchestrator/README.md | 2 +- pom.xml | 2 +- 6 files changed, 33 insertions(+), 16 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 53ba8e86..1814fc31 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -18,7 +18,6 @@ #* SPDX-License-Identifier: Apache-2.0 #******************************************************************************** - name: build # Controls when the workflow will run @@ -38,10 +37,8 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: env: - REGISTRY: ghcr.io - IMAGE_NAME: catenax-ng/tx-managed-service-orchestrator/autosetup - # Allows you to run this workflow manually from the Actions tab - + IMAGE_NAMESPACE: "tractusx" + IMAGE_NAME: "sdfactory" # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -63,7 +60,9 @@ jobs: uses: docker/metadata-action@v4 with: images: | - ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} + ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} + # Automatically prepare image tags; See action docs for more examples. + # semver patter will generate tags like these for example :1 :1.2 :1.2.3 tags: | type=ref,event=branch type=ref,event=pr @@ -73,18 +72,31 @@ jobs: flavor: | latest=true - - name: Log into registry ${{ env.REGISTRY }} + - name: DockerHub login if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} + # Use existing DockerHub credentials present as secrets + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v3 with: context: . + # Build image for verification purposes on every trigger event. Only push if event is not a PR push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} + + # https://github.com/peter-evans/dockerhub-description + # Important step to push image description to DockerHub + - name: Update Docker Hub description + if: github.event_name != 'pull_request' + uses: peter-evans/dockerhub-description@v3 + with: + # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' + # readme-filepath: path/to/dedicated/notice-for-docker-image.md + username: ${{ secrets.DOCKER_HUB_USER }} + password: ${{ secrets.DOCKER_HUB_TOKEN }} + repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 39b207d6..b81e74b5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] - NA +## [1.4.0] - 2023-08-17 + +### Fixed + - Security issue fixed + ## [1.3.9] - 2023-08-14 ### Added diff --git a/README.md b/README.md index ebf68053..bcc7fcbb 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ This service will help service provider to set up DFT/SDE with EDC and EDC as se ### Software Version ```shell -Application version: 1.3.9 -Helm release version: 1.3.9 +Application version: 1.4.0 +Helm release version: 1.4.0 ``` ### Container images diff --git a/charts/orchestrator/Chart.yaml b/charts/orchestrator/Chart.yaml index 2e9aa839..f0746311 100644 --- a/charts/orchestrator/Chart.yaml +++ b/charts/orchestrator/Chart.yaml @@ -38,13 +38,13 @@ sources: # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.3.9 +version: 1.4.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.3.9" +appVersion: "1.4.0" dependencies: - condition: postgresql.enabled diff --git a/charts/orchestrator/README.md b/charts/orchestrator/README.md index d81d009d..b6874f44 100644 --- a/charts/orchestrator/README.md +++ b/charts/orchestrator/README.md @@ -1,6 +1,6 @@ # autosetup -![Version: 1.3.9](https://img.shields.io/badge/Version-1.3.9-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.9](https://img.shields.io/badge/AppVersion-1.3.9-informational?style=flat-square) +![Version: 1.4.0](https://img.shields.io/badge/Version-1.4.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.4.0](https://img.shields.io/badge/AppVersion-1.4.0-informational?style=flat-square) This service will help service provider to set up DFT/SDE with EDC and EDC as service in service provider environment. diff --git a/pom.xml b/pom.xml index b283a4ed..d87a7978 100644 --- a/pom.xml +++ b/pom.xml @@ -32,7 +32,7 @@ org.eclipse.tractusx auto-setup - 1.3.9 + 1.4.0 auto-setup auto-setup From 671c1c0281629d5871cf4ec72f70deee1d49fe74 Mon Sep 17 00:00:00 2001 From: adkumar1 Date: Thu, 17 Aug 2023 11:35:16 +0530 Subject: [PATCH 5/5] revert --- .github/workflows/build.yaml | 32 ++++++++++---------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index 1814fc31..53ba8e86 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -18,6 +18,7 @@ #* SPDX-License-Identifier: Apache-2.0 #******************************************************************************** + name: build # Controls when the workflow will run @@ -37,8 +38,10 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: env: - IMAGE_NAMESPACE: "tractusx" - IMAGE_NAME: "sdfactory" + REGISTRY: ghcr.io + IMAGE_NAME: catenax-ng/tx-managed-service-orchestrator/autosetup + # Allows you to run this workflow manually from the Actions tab + # A workflow run is made up of one or more jobs that can run sequentially or in parallel jobs: @@ -60,9 +63,7 @@ jobs: uses: docker/metadata-action@v4 with: images: | - ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }} - # Automatically prepare image tags; See action docs for more examples. - # semver patter will generate tags like these for example :1 :1.2 :1.2.3 + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr @@ -72,31 +73,18 @@ jobs: flavor: | latest=true - - name: DockerHub login + - name: Log into registry ${{ env.REGISTRY }} if: github.event_name != 'pull_request' uses: docker/login-action@v2 with: - # Use existing DockerHub credentials present as secrets - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push uses: docker/build-push-action@v3 with: context: . - # Build image for verification purposes on every trigger event. Only push if event is not a PR push: ${{ github.event_name != 'pull_request' }} tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - - # https://github.com/peter-evans/dockerhub-description - # Important step to push image description to DockerHub - - name: Update Docker Hub description - if: github.event_name != 'pull_request' - uses: peter-evans/dockerhub-description@v3 - with: - # readme-filepath defaults to toplevel README.md, Only necessary if you have a dedicated file with your 'Notice for docker images' - # readme-filepath: path/to/dedicated/notice-for-docker-image.md - username: ${{ secrets.DOCKER_HUB_USER }} - password: ${{ secrets.DOCKER_HUB_TOKEN }} - repository: ${{ env.IMAGE_NAMESPACE }}/${{ env.IMAGE_NAME }}