Merge branch 'main' of github.com:galasa-dev/extensions into iss1768

galasa-dev · Jun 12, 2024 · 6c5e50f · 6c5e50f
2 parents 41c033c + 940d2d6
commit 6c5e50f
Show file tree

Hide file tree

Showing 14 changed files with 149 additions and 23 deletions.
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
@@ -0,0 +1,6 @@
+repos:
+  - repo: https://github.com/ibm/detect-secrets
+    rev: 0.13.1+ibm.62.dss
+    hooks:
+      - id: detect-secrets # pragma: whitelist secret
+        args: [--baseline, .secrets.baseline, --use-all-plugins, --fail-on-unaudited]
diff --git a/.secrets.baseline b/.secrets.baseline
@@ -0,0 +1,84 @@
+{
+  "exclude": {
+    "files": "^.secrets.baseline$",
+    "lines": null
+  },
+  "plugins_used": [
+    {
+      "name": "AWSKeyDetector"
+    },
+    {
+      "name": "ArtifactoryDetector"
+    },
+    {
+      "name": "AzureStorageKeyDetector"
+    },
+    {
+      "base64_limit": 4.5,
+      "name": "Base64HighEntropyString"
+    },
+    {
+      "name": "BasicAuthDetector"
+    },
+    {
+      "name": "BoxDetector"
+    },
+    {
+      "name": "CloudantDetector"
+    },
+    {
+      "ghe_instance": "github.ibm.com",
+      "name": "GheDetector"
+    },
+    {
+      "name": "GitHubTokenDetector"
+    },
+    {
+      "hex_limit": 3,
+      "name": "HexHighEntropyString"
+    },
+    {
+      "name": "IbmCloudIamDetector"
+    },
+    {
+      "name": "IbmCosHmacDetector"
+    },
+    {
+      "name": "JwtTokenDetector"
+    },
+    {
+      "keyword_exclude": null,
+      "name": "KeywordDetector"
+    },
+    {
+      "name": "MailchimpDetector"
+    },
+    {
+      "name": "NpmDetector"
+    },
+    {
+      "name": "PrivateKeyDetector"
+    },
+    {
+      "name": "SlackDetector"
+    },
+    {
+      "name": "SoftlayerDetector"
+    },
+    {
+      "name": "SquareOAuthDetector"
+    },
+    {
+      "name": "StripeDetector"
+    },
+    {
+      "name": "TwilioKeyDetector"
+    }
+  ],
+  "results": {},
+  "version": "0.13.1+ibm.62.dss",
+  "word_list": {
+    "file": null,
+    "hash": null
+  }
+}
diff --git a/build-locally.sh b/build-locally.sh
@@ -75,6 +75,16 @@ LOGS_DIR - Optional. Where logs are placed. Defaults to creating a temporary dir
 EOF
 }
 
+function check_exit_code () {
+    # This function takes 3 parameters in the form:
+    # $1 an integer value of the expected exit code
+    # $2 an error message to display if $1 is not equal to 0
+    if [[ "$1" != "0" ]]; then 
+        error "$2" 
+        exit 1  
+    fi
+}
+
 #-----------------------------------------------------------------------------------------                   
 # Process parameters
 #-----------------------------------------------------------------------------------------                   
@@ -181,7 +191,8 @@ function build_with_gradle {
     ${goals}"
     info "Using command: $cmd"
     $cmd 2>&1 > ${log_file}
-    rc=$? ; if [[ "${rc}" != "0" ]]; then cat ${log_file} ; error "Failed to build ${project} with gradle." ; exit 1 ; fi
+    rc=$? 
+    check_exit_code $rc "Failed to build ${project} with gradle."
 }
 
 function displayCouchDbCodeCoverage {
@@ -197,8 +208,33 @@ function displayCouchDbCodeCoverage {
     info "See html report here: file://${BASEDIR}/galasa-extensions-parent/dev.galasa.ras.couchdb/build/jacocoHtml/index.html"
 }
 
+function check_secrets {
+    h2 "updating secrets baseline"
+    cd ${BASEDIR}
+    detect-secrets scan --update .secrets.baseline
+    rc=$? 
+    check_exit_code $rc "Failed to run detect-secrets. Please check it is installed properly" 
+    success "updated secrets file"
+
+    h2 "running audit for secrets"
+    detect-secrets audit .secrets.baseline
+    rc=$? 
+    check_exit_code $rc "Failed to audit detect-secrets."
+
+    #Check all secrets have been audited
+    secrets=$(grep -c hashed_secret .secrets.baseline)
+    audits=$(grep -c is_secret .secrets.baseline)
+    if [[ "$secrets" != "$audits" ]]; then 
+        error "Not all secrets found have been audited"
+        exit 1  
+    fi
+    sed -i '' '/[ ]*"generated_at": ".*",/d' .secrets.baseline
+    success "secrets audit complete"
+}
+
 clean_maven_repo
 build_with_gradle
 displayCouchDbCodeCoverage
+check_secrets
 
 success "Project ${project} built - OK - log is at ${log_file}"
diff --git a/galasa-extensions-parent/buildSrc/src/main/groovy/galasa.extensions.gradle b/galasa-extensions-parent/buildSrc/src/main/groovy/galasa.extensions.gradle
@@ -4,7 +4,7 @@ plugins {
 }
 
 dependencies {
-    implementation 'dev.galasa:dev.galasa.framework:0.34.0'
+    implementation 'dev.galasa:dev.galasa.framework:0.35.0'
     implementation 'dev.galasa:dev.galasa:0.34.0'
 
     implementation 'commons-logging:commons-logging:1.2'

diff --git a/galasa-extensions-parent/dev.galasa.auth.couchdb/build.gradle b/galasa-extensions-parent/dev.galasa.auth.couchdb/build.gradle
@@ -6,7 +6,7 @@ plugins {
 
 description = 'Galasa Authentication - CouchDB'
 
-version = '0.34.0'
+version = '0.35.0'
 
 configurations {
     implementation.transitive = false

diff --git a/....couchdb/src/main/java/dev/galasa/auth/couchdb/internal/CouchdbAuthStoreRegistration.java b/....couchdb/src/main/java/dev/galasa/auth/couchdb/internal/CouchdbAuthStoreRegistration.java
@@ -19,7 +19,7 @@
 import dev.galasa.extensions.common.impl.HttpRequestFactoryImpl;
 import dev.galasa.extensions.common.api.HttpRequestFactory;
 import dev.galasa.extensions.common.impl.LogFactoryImpl;
-import dev.galasa.framework.spi.IFrameworkInitialisation;
+import dev.galasa.framework.spi.IApiServerInitialisation;
 import dev.galasa.framework.spi.SystemEnvironment;
 import dev.galasa.framework.spi.auth.IAuthStoreRegistration;
 import dev.galasa.framework.spi.utils.SystemTimeService;
@@ -53,18 +53,18 @@ public CouchdbAuthStoreRegistration(HttpClientFactory httpClientFactory, HttpReq
      * This method checks that the auth store is a remote URL reference, and if true
      * registers a new couchdb auth store as the only auth store.
      *
-     * @param frameworkInitialisation Parameters this extension can use to to
+     * @param apiServerInitialisation Parameters this extension can use to to
      *                                initialise itself.
      * @throws AuthStoreException if there was a problem accessing the auth store.
      */
     @Override
-    public void initialise(IFrameworkInitialisation frameworkInitialisation) throws AuthStoreException {
+    public void initialise(IApiServerInitialisation apiServerInitialisation) throws AuthStoreException {
 
-        URI authStoreUri = frameworkInitialisation.getAuthStoreUri();
+        URI authStoreUri = apiServerInitialisation.getAuthStoreUri();
 
         if (isUriReferringToThisExtension(authStoreUri)) {
             try {
-                frameworkInitialisation.registerAuthStore(
+                apiServerInitialisation.registerAuthStore(
                     new CouchdbAuthStore(
                         authStoreUri,
                         httpClientFactory,

diff --git a/galasa-extensions-parent/dev.galasa.cps.etcd/bnd.bnd b/galasa-extensions-parent/dev.galasa.cps.etcd/bnd.bnd
@@ -12,7 +12,7 @@ Import-Package: \
     javax.security.cert
 Embed-Transitive: true
 Embed-Dependency: *;scope=compile|runtime
--includeresource: gson-2.9.0.jar; lib:=true,\
+-includeresource: gson-2.10.1.jar; lib:=true,\
     jetcd-core-0.5.9.jar; lib:=true,\
     jetcd-common-0.5.9.jar; lib:=true,\
     grpc-core-1.39.0.jar; lib:=true,\

diff --git a/galasa-extensions-parent/dev.galasa.cps.etcd/build.gradle b/galasa-extensions-parent/dev.galasa.cps.etcd/build.gradle
@@ -5,13 +5,13 @@ plugins {
 
 description = 'Galasa etcd3 for CPS, DSS and Credentials - Provides the CPS, DSS and Credential stores from a etcd3 server'
 
-version = '0.33.0'
+version = '0.35.0'
 
 dependencies {
     implementation ('io.etcd:jetcd-core:0.5.9')
 
     // Not required for compile,  but required to force the download of the jars to embed by bnd
-    implementation ('com.google.code.gson:gson:2.9.0') {
+    implementation ('com.google.code.gson:gson:2.10.1') {
        force = true
     }
     implementation ('org.codehaus.mojo:animal-sniffer-annotations:1.19')

diff --git a/galasa-extensions-parent/dev.galasa.cps.rest/build.gradle b/galasa-extensions-parent/dev.galasa.cps.rest/build.gradle
@@ -5,7 +5,7 @@ plugins {
 
 description = 'Galasa CPS access over http - Provides the CPS stores via the public REST interface over http'
 
-version = '0.34.0'
+version = '0.35.0'
 
 dependencies {
 

diff --git a/galasa-extensions-parent/dev.galasa.extensions.common/build.gradle b/galasa-extensions-parent/dev.galasa.extensions.common/build.gradle
@@ -5,7 +5,7 @@ plugins {
 
 description = 'Galasa CPS access over http - Provides the CPS stores via the public REST interface over http'
 
-version = '0.34.0'
+version = '0.35.0'
 
 dependencies {
     implementation ('org.apache.httpcomponents:httpclient-osgi:4.5.13')

diff --git a/galasa-extensions-parent/dev.galasa.extensions.mocks/build.gradle b/galasa-extensions-parent/dev.galasa.extensions.mocks/build.gradle
@@ -4,7 +4,7 @@ plugins {
 
 description = 'Galasa extensions mocks used for tests'
 
-version = '0.34.0'
+version = '0.35.0'
 
 configurations {
     implementation.transitive = false
@@ -14,7 +14,7 @@ dependencies {
     implementation ('org.apache.httpcomponents:httpclient-osgi:4.5.13')
     implementation ('org.apache.httpcomponents:httpcore-osgi:4.4.14')
     implementation ('com.google.code.gson:gson:2.10.1')
-    implementation ('dev.galasa:dev.galasa.framework: 0.33.0')
+    implementation ('dev.galasa:dev.galasa.framework:0.35.0')
     implementation ('junit:junit:4.13.1')
     implementation ('org.assertj:assertj-core:3.16.1')
     implementation (project(':dev.galasa.extensions.common'))

diff --git a/...tensions.mocks/src/main/java/dev/galasa/extensions/mocks/MockFrameworkInitialisation.java b/...tensions.mocks/src/main/java/dev/galasa/extensions/mocks/MockFrameworkInitialisation.java
@@ -11,13 +11,13 @@
 import dev.galasa.framework.spi.ConfidentialTextException;
 import dev.galasa.framework.spi.DynamicStatusStoreException;
 import dev.galasa.framework.spi.EventsException;
+import dev.galasa.framework.spi.IApiServerInitialisation;
 import dev.galasa.framework.spi.ICertificateStoreService;
 import dev.galasa.framework.spi.IConfidentialTextService;
 import dev.galasa.framework.spi.IConfigurationPropertyStore;
 import dev.galasa.framework.spi.IDynamicStatusStore;
 import dev.galasa.framework.spi.IEventsService;
 import dev.galasa.framework.spi.IFramework;
-import dev.galasa.framework.spi.IFrameworkInitialisation;
 import dev.galasa.framework.spi.IResultArchiveStoreService;
 import dev.galasa.framework.spi.ResultArchiveStoreException;
 import dev.galasa.framework.spi.auth.IAuthStore;
@@ -28,7 +28,7 @@
 import java.net.URI;
 import java.util.*;
 
-public class MockFrameworkInitialisation implements IFrameworkInitialisation {
+public class MockFrameworkInitialisation implements IApiServerInitialisation {
 
     private MockFramework framework;
 

diff --git a/galasa-extensions-parent/dev.galasa.ras.couchdb/build.gradle b/galasa-extensions-parent/dev.galasa.ras.couchdb/build.gradle
@@ -6,7 +6,7 @@ plugins {
 
 description = 'Galasa RAS - CouchDB'
 
-version = '0.34.0'
+version = '0.35.0'
 
 configurations {
     implementation.transitive = false

diff --git a/release.yaml b/release.yaml
@@ -14,31 +14,31 @@ framework:
   bundles:
 
   - artifact: dev.galasa.auth.couchdb
-    version: 0.34.0
+    version: 0.35.0
     obr: true
     isolated: true
     codecoverage: true
 
   - artifact: dev.galasa.ras.couchdb
-    version: 0.34.0
+    version: 0.35.0
     obr: true
     isolated: true
     codecoverage: true
 
   - artifact: dev.galasa.cps.etcd
-    version: 0.33.0
+    version: 0.35.0
     obr: true
     isolated: true
     codecoverage: true
 
   - artifact: dev.galasa.cps.rest
-    version: 0.34.0
+    version: 0.35.0
     obr: true
     isolated: true
     codecoverage: true
 
   - artifact: dev.galasa.extensions.common
-    version: 0.34.0
+    version: 0.35.0
     obr: true
     isolated: true
     codecoverage: true