Skip to content

Commit

Permalink
Merging master and resolving conflicts
Browse files Browse the repository at this point in the history
  • Loading branch information
christosarvanitis committed Nov 26, 2024
2 parents 3850647 + 6262912 commit 66eea3c
Show file tree
Hide file tree
Showing 81 changed files with 3,207 additions and 760 deletions.
28 changes: 1 addition & 27 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,6 @@ jobs:
- uses: actions/setup-java@v4
with:
java-version: |
11
17
distribution: 'zulu'
cache: 'gradle'
Expand All @@ -38,7 +37,7 @@ jobs:
- name: Build
env:
ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
run: ./gradlew -PenableCrossCompilerPlugin=true build --stacktrace ${{ steps.build_variables.outputs.REPO }}-web:installDist
run: ./gradlew build --stacktrace ${{ steps.build_variables.outputs.REPO }}-web:installDist
- name: Build local slim container image for testing
uses: docker/build-push-action@v6
with:
Expand Down Expand Up @@ -87,28 +86,3 @@ jobs:
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu"
- name: Build and publish slim JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.slim
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-java11-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-java11-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-slim"
- name: Build and publish ubuntu JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.ubuntu
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-java11-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-ubuntu"
23 changes: 1 addition & 22 deletions .github/workflows/pr.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@ jobs:
- uses: actions/setup-java@v4
with:
java-version: |
11
17
distribution: 'zulu'
cache: 'gradle'
Expand All @@ -32,7 +31,7 @@ jobs:
- name: Build
env:
ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
run: ./gradlew -PenableCrossCompilerPlugin=true build ${{ steps.build_variables.outputs.REPO }}-web:installDist
run: ./gradlew build ${{ steps.build_variables.outputs.REPO }}-web:installDist
- name: Build slim container image
uses: docker/build-push-action@v6
with:
Expand All @@ -53,26 +52,6 @@ jobs:
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-ubuntu"
- name: Build slim JRE 11 container image
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.slim
platforms: linux/amd64,linux/arm64
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-java11"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-java11-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-slim"
- name: Build ubuntu JRE 11 container image
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.ubuntu
platforms: linux/amd64,linux/arm64
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-java11-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-java11-ubuntu"
- name: Build local slim container image for testing
uses: docker/build-push-action@v6
with:
Expand Down
30 changes: 2 additions & 28 deletions .github/workflows/release.yml
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,6 @@ jobs:
- uses: actions/setup-java@v4
with:
java-version: |
11
17
distribution: 'zulu'
cache: 'gradle'
Expand Down Expand Up @@ -52,14 +51,14 @@ jobs:
ORG_GRADLE_PROJECT_nexusPgpSigningKey: ${{ secrets.NEXUS_PGP_SIGNING_KEY }}
ORG_GRADLE_PROJECT_nexusPgpSigningPassword: ${{ secrets.NEXUS_PGP_SIGNING_PASSWORD }}
run: |
./gradlew -PenableCrossCompilerPlugin=true --info build ${{ steps.build_variables.outputs.REPO }}-web:installDist publishToNexus closeAndReleaseNexusStagingRepository
./gradlew --info build ${{ steps.build_variables.outputs.REPO }}-web:installDist publishToNexus closeAndReleaseNexusStagingRepository
- name: Publish apt packages to Google Artifact Registry
env:
ORG_GRADLE_PROJECT_version: ${{ steps.release_info.outputs.RELEASE_VERSION }}
ORG_GRADLE_PROJECT_artifactRegistryPublishEnabled: true
GAR_JSON_KEY: ${{ secrets.GAR_JSON_KEY }}
run: |
./gradlew -PenableCrossCompilerPlugin=true --info publish
./gradlew --info publish
- name: Login to Google Cloud
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
Expand Down Expand Up @@ -110,31 +109,6 @@ jobs:
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-unvalidated-ubuntu"
- name: Build and publish slim JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.slim
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated-slim"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-slim"
- name: Build and publish ubuntu JRE 11 container image
# Only run this on repositories in the 'spinnaker' org, not on forks.
if: startsWith(github.repository, 'spinnaker/')
uses: docker/build-push-action@v6
with:
context: .
file: Dockerfile.java11.ubuntu
platforms: linux/amd64,linux/arm64
push: true
tags: |
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-java11-unvalidated-ubuntu"
"${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-${{ steps.build_variables.outputs.VERSION }}-java11-unvalidated-ubuntu"
- name: Create release
if: steps.release_info.outputs.SKIP_RELEASE == 'false'
uses: softprops/action-gh-release@v2
Expand Down
6 changes: 3 additions & 3 deletions Dockerfile.compile
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
FROM alpine:3.18
FROM alpine:3.20
RUN apk add --update \
openjdk11 \
openjdk17 \
&& rm -rf /var/cache/apk
LABEL maintainer="sig-platform@spinnaker.io"
ENV GRADLE_USER_HOME /workspace/.gradle
ENV GRADLE_OPTS -Xmx4g
CMD ./gradlew -PenableCrossCompilerPlugin=true --no-daemon gate-web:installDist -x test
CMD ./gradlew --no-daemon gate-web:installDist -x test
10 changes: 0 additions & 10 deletions Dockerfile.java11.slim

This file was deleted.

9 changes: 0 additions & 9 deletions Dockerfile.java11.ubuntu

This file was deleted.

2 changes: 1 addition & 1 deletion Dockerfile.slim
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM alpine:3.18
FROM alpine:3.20
LABEL maintainer="sig-platform@spinnaker.io"
RUN apk --no-cache add --update bash curl openjdk17-jre
RUN addgroup -S -g 10111 spinnaker
Expand Down
3 changes: 2 additions & 1 deletion build.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ allprojects {
annotationProcessor "org.projectlombok:lombok"
testAnnotationProcessor "org.projectlombok:lombok"

implementation "org.codehaus.groovy:groovy"
implementation "org.apache.groovy:groovy"
implementation "net.logstash.logback:logstash-logback-encoder"
implementation "org.jetbrains.kotlin:kotlin-reflect"

Expand Down Expand Up @@ -76,6 +76,7 @@ allprojects {
exceptionFormat = 'full'
}
useJUnitPlatform()
maxHeapSize = "1g"
}
}

Expand Down
1 change: 1 addition & 0 deletions gate-basic/gate-basic.gradle
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
dependencies {
implementation project(":gate-core")
implementation "io.spinnaker.kork:kork-annotations"
implementation "io.spinnaker.kork:kork-security"
implementation "org.springframework.session:spring-session-core"
}
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@

import com.netflix.spinnaker.gate.config.AuthConfig;
import com.netflix.spinnaker.gate.security.SpinnakerAuthConfig;
import com.netflix.spinnaker.kork.annotations.VisibleForTesting;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnExpression;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
Expand All @@ -35,16 +36,20 @@
@EnableWebSecurity
public class BasicAuthConfig extends WebSecurityConfigurerAdapter {

private final AuthConfig authConfig;
@VisibleForTesting protected final AuthConfig authConfig;

private final BasicAuthProvider authProvider;

@Autowired DefaultCookieSerializer defaultCookieSerializer;
@VisibleForTesting protected final DefaultCookieSerializer defaultCookieSerializer;

@Autowired
public BasicAuthConfig(AuthConfig authConfig, SecurityProperties securityProperties) {
public BasicAuthConfig(
AuthConfig authConfig,
SecurityProperties securityProperties,
DefaultCookieSerializer defaultCookieSerializer) {
this.authConfig = authConfig;
this.authProvider = new BasicAuthProvider(securityProperties);
this.defaultCookieSerializer = defaultCookieSerializer;
}

@Override
Expand Down
4 changes: 1 addition & 3 deletions gate-core/gate-core.gradle
Original file line number Diff line number Diff line change
Expand Up @@ -25,14 +25,12 @@ dependencies {
implementation "io.spinnaker.kork:kork-plugins"
implementation "com.jakewharton.retrofit:retrofit1-okhttp3-client:1.1.0"
implementation "com.squareup.retrofit:converter-jackson"
implementation "com.squareup.okhttp:okhttp"
implementation "com.squareup.okhttp:okhttp-urlconnection"
implementation "com.squareup.okhttp:okhttp-apache"

implementation "io.spinnaker.fiat:fiat-api:$fiatVersion"
implementation "io.spinnaker.fiat:fiat-core:$fiatVersion"

implementation "io.spinnaker.kork:kork-core"
implementation "io.spinnaker.kork:kork-retrofit"
implementation "io.spinnaker.kork:kork-web"
implementation "io.spinnaker.kork:kork-security"
implementation "com.netflix.spectator:spectator-api"
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,16 @@ public void configure(HttpSecurity http) throws Exception {
.authorizeRequests(
registry -> {
registry
// https://github.com/spring-projects/spring-security/issues/11055#issuecomment-1098061598 suggests
//
// filterSecurityInterceptorOncePerRequest(false)
//
// until spring boot 3.0. Since
//
// .antMatchers("/error").permitAll()
//
// permits unauthorized access to /error, filterSecurityInterceptorOncePerRequest
// isn't relevant.
.antMatchers("/error")
.permitAll()
.antMatchers("/favicon.ico")
Expand Down
Original file line number Diff line number Diff line change
@@ -1,6 +1,8 @@
package com.netflix.spinnaker.gate.config;

import org.springframework.beans.factory.annotation.Value;
import org.springframework.beans.factory.config.BeanFactoryPostProcessor;
import org.springframework.beans.factory.support.DefaultListableBeanFactory;
import org.springframework.boot.web.context.WebServerApplicationContext;
import org.springframework.boot.web.embedded.tomcat.TomcatWebServer;
import org.springframework.boot.web.server.WebServer;
Expand All @@ -19,6 +21,32 @@ public class MultiAuthSupport {
@Value("${default.legacy-server-port:-1}")
private int legacyServerPort;

/**
* From https://github.com/spring-projects/spring-security/issues/11055#issuecomment-1098061598,
* to fix java.lang.UnsupportedOperationException: public abstract int
* javax.servlet.ServletRequest.getLocalPort() is not supported when processing error responses
* for spring boot >= 2.6.4 and <= 3.0.0.
*
* <p>https://github.com/spring-projects/spring-boot/commit/71acc90da8 removed
* ErrorPageSecurityFilterConfiguration (which registered the errorPageSecurityInterceptor bean of
* type FilterRegistrationBean<ErrorPageSecurityFilter> for 2.7.x), but added
* ErrorPageSecurityFilterConfiguration to SpringBootWebSecurityConfiguration which registered a
* bean named errorPageSecurityFilter of the same type.
*
* <p>https://github.com/spring-projects/spring-boot/commit/4bd3534b7d91f922ad903a75beb19b6bdca39e5c
* reverted those changes for 3.0.0-M4 and 3.0.0-M5.
*
* <p>https://github.com/spring-projects/spring-boot/commit/cedd553b836d97a04d769322771bc1a8499e7282
* removed ErrorPageSecurityFilter and the corresponding filter for good in 3.0.0-RC1.
*
* <p>Deleting a bean by name fails if the bean doesn't exist.
*/
@Bean
public static BeanFactoryPostProcessor removeErrorSecurityFilter() {
return beanFactory ->
((DefaultListableBeanFactory) beanFactory).removeBeanDefinition("errorPageSecurityFilter");
}

@Bean
RequestMatcherProvider multiAuthRequestMatcherProvider(ApplicationContext applicationContext) {
return new RequestMatcherProvider() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,23 +17,23 @@
package com.netflix.spinnaker.gate.retrofit;

import static org.springframework.http.HttpStatus.INTERNAL_SERVER_ERROR;
import static retrofit.RetrofitError.Kind.HTTP;

import com.netflix.spinnaker.kork.exceptions.SpinnakerException;
import java.util.Collection;
import retrofit.RetrofitError;
import com.netflix.spinnaker.kork.retrofit.exceptions.SpinnakerHttpException;
import com.netflix.spinnaker.kork.retrofit.exceptions.SpinnakerServerException;

public class UpstreamBadRequest extends SpinnakerException {

private final int status;
private final String url;
private final Object error;

private UpstreamBadRequest(RetrofitError cause) {
private UpstreamBadRequest(SpinnakerHttpException cause) {
super(cause.getMessage(), cause);
status = cause.getResponse().getStatus();
this.setRetryable(cause.getRetryable());
status = cause.getResponseCode();
url = cause.getUrl();
error = cause.getBody();
error = cause.getResponseBody();
}

public int getStatus() {
Expand All @@ -48,20 +48,10 @@ public Object getError() {
return error;
}

public static RuntimeException classifyError(RetrofitError error) {
if (error.getKind() == HTTP
&& error.getResponse().getStatus() < INTERNAL_SERVER_ERROR.value()) {
return new UpstreamBadRequest(error);
} else {
return error;
}
}

public static RuntimeException classifyError(
RetrofitError error, Collection<Integer> supportedHttpStatuses) {
if (error.getKind() == HTTP
&& supportedHttpStatuses.contains(error.getResponse().getStatus())) {
return new UpstreamBadRequest(error);
public static RuntimeException classifyError(SpinnakerServerException error) {
if (error instanceof SpinnakerHttpException
&& ((SpinnakerHttpException) error).getResponseCode() < INTERNAL_SERVER_ERROR.value()) {
return new UpstreamBadRequest((SpinnakerHttpException) error);
} else {
return error;
}
Expand Down
Loading

0 comments on commit 66eea3c

Please sign in to comment.