Merge branch '1.30.1_v6.58.1-oss' into v4.0.4-1.30.1

# Conflicts: # gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy # gradle.properties
OpsMx · Aug 11, 2023 · a1d7789 · a1d7789
1 parent bc0b15b
commit a1d7789
Show file tree

Hide file tree

Showing 26 changed files with 827 additions and 104 deletions.
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -19,6 +19,10 @@ jobs:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - uses: actions/setup-java@v2
         with:
           java-version: 11
@@ -45,10 +49,11 @@ jobs:
       - name: Build and publish slim container image
         # Only run this on repositories in the 'spinnaker' org, not on forks.
         if: startsWith(github.repository, 'spinnaker/')
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.slim
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated"
@@ -58,10 +63,11 @@ jobs:
       - name: Build and publish ubuntu container image
         # Only run this on repositories in the 'spinnaker' org, not on forks.
         if: startsWith(github.repository, 'spinnaker/')
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.ubuntu
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ github.ref_name }}-latest-unvalidated-ubuntu"

diff --git a/.github/workflows/pr.yml b/.github/workflows/pr.yml
@@ -13,6 +13,10 @@ jobs:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - uses: actions/setup-java@v2
         with:
           java-version: 11
@@ -28,20 +32,22 @@ jobs:
           ORG_GRADLE_PROJECT_version: ${{ steps.build_variables.outputs.VERSION }}
         run: ./gradlew build ${{ steps.build_variables.outputs.REPO }}-web:installDist
       - name: Build slim container image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.slim
+          platforms: linux/amd64,linux/arm64
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest"
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}"
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-slim"
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-slim"
       - name: Build ubuntu container image
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.ubuntu
+          platforms: linux/amd64,linux/arm64
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:latest-ubuntu"
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.build_variables.outputs.VERSION }}-ubuntu"
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -17,6 +17,10 @@ jobs:
       - uses: actions/checkout@v2
         with:
           fetch-depth: 0
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
       - uses: actions/setup-java@v2
         with:
           java-version: 11
@@ -82,10 +86,11 @@ jobs:
       - name: Build and publish slim container image
         # Only run this on repositories in the 'spinnaker' org, not on forks.
         if: startsWith(github.repository, 'spinnaker/')
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.slim
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated"
@@ -94,10 +99,11 @@ jobs:
       - name: Build and publish ubuntu container image
         # Only run this on repositories in the 'spinnaker' org, not on forks.
         if: startsWith(github.repository, 'spinnaker/')
-        uses: docker/build-push-action@v2
+        uses: docker/build-push-action@v3
         with:
           context: .
           file: Dockerfile.ubuntu
+          platforms: linux/amd64,linux/arm64
           push: true
           tags: |
             "${{ env.CONTAINER_REGISTRY }}/${{ steps.build_variables.outputs.REPO }}:${{ steps.release_info.outputs.RELEASE_VERSION }}-unvalidated-ubuntu"

diff --git a/Build-push.sh b/Build-push.sh
@@ -0,0 +1,58 @@
+# To Know Git version
+git --version
+
+# To Know Docker version
+docker --version
+
+# To Run Gradale Build need to have Java Vesion 1.11.+
+export JAVA_HOME=/usr/lib/jvm/java-11-openjdk-amd64
+
+# Setting JAVA_HOME to System PATH
+export PATH=$PATH:$JAVA_HOME
+
+# Get the Shorter format of Git-SHA 
+export GITHASH=`git rev-parse --short HEAD`
+
+# Get the BUILD Date
+export BUILDDATE=`date -u +"%Y%m%d%H%M"`
+
+# For Assiging the Gradle Resources
+export GRADLE_OPTS="-Xmx6g -Xms6g"
+
+# The Current Build ID 
+echo "Build id is --------------------- $BUILD_ID"
+
+# Gradle command  to Produce the Dependant targetfiles for Docker build
+./gradlew gate-web:installDist -x test
+
+cp docker/custom-plugin.json custom-plugin.json
+
+   # Assigning Rhel Image Name according to Quay.io Details
+   IMAGENAME="quay.io/opsmxpublic/ubi8-oes-gate:${GITHASH}-${BUILD_NUMBER}"
+
+   # Assigning Rhel Image Name according to Docker.io Details
+   RELEASE_IMAGENAME="opsmx11/ubi8-oes-gate:${GITHASH}-${BUILD_NUMBER}"  
+
+
+   # To Build Docker image with Given Docker File
+   docker build -t $IMAGENAME .  -f  ${DOCKERFILE_PATH} --no-cache  --build-arg CUSTOMPLUGIN_RELEASEVERSION=${CUSTOMPLUGIN_RELEASEVERSION} 
+
+   # Create new Image Tag for Docker.io with the previous Build
+   docker tag $IMAGENAME $RELEASE_IMAGENAME
+
+   # Quay.io login
+   docker login -u $quay_user -p $quay_pass quay.io
+
+   # To Push the Docker image into Quay.io
+   docker push $IMAGENAME
+
+   # Docker.io login
+   docker login -u $docker_user -p $docker_pass docker.io
+
+   # To Push the Docker image into Quay.io
+   docker push $RELEASE_IMAGENAME
+
+   echo "Gate: ${IMAGENAME}"
+
+# Quay Image Name as Artifact
+echo \"Gate\": \"${IMAGENAME}\" > file.properties;
diff --git a/build.gradle b/build.gradle
@@ -40,7 +40,7 @@ allprojects {
       compile("io.micrometer:micrometer-registry-prometheus")
 
 
-      implementation "org.codehaus.groovy:groovy-all"
+      implementation "org.codehaus.groovy:groovy"
       implementation "net.logstash.logback:logstash-logback-encoder"
       implementation "org.jetbrains.kotlin:kotlin-reflect"
 
@@ -49,6 +49,7 @@ allprojects {
       testImplementation "org.springframework.boot:spring-boot-starter-test"
       testImplementation "org.hamcrest:hamcrest-core"
       testRuntimeOnly "cglib:cglib-nodep"
+      testRuntimeOnly "org.junit.vintage:junit-vintage-engine"
       testRuntimeOnly "org.objenesis:objenesis"
     }
 
@@ -73,6 +74,7 @@ allprojects {
         exceptionFormat = 'full'
       }
     }
+    useJUnitPlatform()
   }
 }
 

diff --git a/docker/ubi8/Dockerfile b/docker/ubi8/Dockerfile
@@ -0,0 +1,29 @@
+FROM registry.access.redhat.com/ubi8/ubi:8.3
+MAINTAINER [email protected]
+COPY ./gate-web/build/install/gate /opt/gate
+RUN yum -y install java-11-openjdk-headless.x86_64 wget vim curl net-tools nettle
+RUN yum -y update
+RUN adduser spinnaker
+RUN mkdir -p /opt/gate/plugins && mkdir -p /opt/spinnaker/plugins 
+####adding customplugin zip 
+ARG CUSTOMPLUGIN_RELEASEVERSION
+ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+COPY custom-plugin.json /opt/spinnaker/plugins/plugins.json
+RUN wget -O VerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/VerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O TestVerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O policyPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/policyPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip
+RUN mv VerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv TestVerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv policyPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ 
+
+RUN sed -i 's/"VERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"TESTVERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"POLICY_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"APPROVAL_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json
+RUN chown -R spinnaker:spinnaker /opt/spinnaker
+RUN chmod -R 777 /opt/gate/plugins/
+RUN chown -R spinnaker:spinnaker /opt/
+USER spinnaker
+CMD ["/opt/gate/bin/gate"]
diff --git a/gate-core/src/main/java/com/netflix/spinnaker/gate/config/TaskServiceProperties.java b/gate-core/src/main/java/com/netflix/spinnaker/gate/config/TaskServiceProperties.java
@@ -24,6 +24,6 @@
 @ConfigurationProperties("task-service")
 @Data
 public class TaskServiceProperties {
-  private int maxNumberOfPolls = 32;
+  private int maxNumberOfPolls = 1200;
   private int defaultIntervalBetweenPolls = 1000;
 }
diff --git a/gate-oauth2/gate-oauth2.gradle b/gate-oauth2/gate-oauth2.gradle
@@ -4,6 +4,7 @@ dependencies {
   implementation "io.spinnaker.fiat:fiat-api:$fiatVersion"
   implementation "io.spinnaker.kork:kork-exceptions"
   implementation "io.spinnaker.kork:kork-security"
+  implementation "org.codehaus.groovy:groovy-json"
   implementation "org.springframework.security.oauth.boot:spring-security-oauth2-autoconfigure"
   implementation "org.springframework.session:spring-session-core"
 }
diff --git a/gate-plugins-test/gate-plugins-test.gradle b/gate-plugins-test/gate-plugins-test.gradle
@@ -13,9 +13,3 @@ dependencies {
   testRuntimeOnly("org.junit.platform:junit-platform-launcher")
   testRuntimeOnly("org.junit.jupiter:junit-jupiter-engine")
 }
-
-test {
-  useJUnitPlatform {
-    includeEngines("junit-jupiter", "junit-vintage")
-  }
-}
diff --git a/gate-plugins/gate-plugins.gradle b/gate-plugins/gate-plugins.gradle
@@ -43,7 +43,3 @@ dependencies {
   implementation "org.springframework:spring-web"
   implementation "org.pf4j:pf4j-update"
 }
-
-test {
-  useJUnitPlatform()
-}
diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
@@ -1,14 +1,5 @@
 apply plugin: 'io.spinnaker.package'
 
-ext {
-  springConfigLocation = System.getProperty('spring.config.additional-location', "${System.getProperty('user.home')}/.spinnaker/".toString())
-  springProfiles = System.getProperty('spring.profiles.active', "test,local")
-}
-
-run {
-  systemProperty('spring.config.additional-location', project.springConfigLocation)
-  systemProperty('spring.profiles.active', project.springProfiles)
-}
 mainClassName = 'com.netflix.spinnaker.gate.Main'
 
 repositories {
@@ -37,14 +28,16 @@ dependencies {
   implementation "io.spinnaker.fiat:fiat-core:$fiatVersion"
   implementation "io.spinnaker.fiat:fiat-api:$fiatVersion"
 
+  implementation "io.spinnaker.kork:kork-config"
   implementation "io.spinnaker.kork:kork-plugins"
   implementation "io.spinnaker.kork:kork-web"
   implementation "com.netflix.frigga:frigga"
   implementation "redis.clients:jedis"
   implementation "com.netflix.hystrix:hystrix-core"
 
-  implementation 'commons-io:commons-io'
-  implementation 'org.springframework.session:spring-session-data-redis'
+  implementation "commons-io:commons-io"
+  implementation "org.codehaus.groovy:groovy-templates"
+  implementation "org.springframework.session:spring-session-data-redis"
   implementation "de.huxhorn.sulky:de.huxhorn.sulky.ulid"
   implementation "org.apache.commons:commons-lang3"
 
@@ -81,11 +74,12 @@ dependencies {
   testImplementation "org.springframework.security:spring-security-oauth2-jose"
   testImplementation "com.unboundid:unboundid-ldapsdk"
   testImplementation "io.spinnaker.kork:kork-jedis-test"
+  testImplementation "io.spinnaker.kork:kork-test"
   testRuntimeOnly "io.spinnaker.kork:kork-retrofit"
 
   // Add each included authz provider as a runtime dependency
   gradle.includedProviderProjects.each {
-    runtime project(it)
+    runtimeOnly project(it)
   }
 }
 
@@ -110,5 +104,4 @@ test {
       }
     }
   }
-  useJUnitPlatform()
 }
diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/Main.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/Main.groovy
@@ -25,6 +25,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.cache.annotation.EnableCaching
 import org.springframework.context.annotation.Import
 import org.springframework.scheduling.annotation.EnableAsync
+import com.netflix.spinnaker.kork.boot.DefaultPropertiesBuilder
 
 @EnableAsync
 @EnableCaching
@@ -40,15 +41,7 @@ import org.springframework.scheduling.annotation.EnableAsync
 )
 class Main {
 
-  static final Map<String, String> DEFAULT_PROPS = [
-    'netflix.environment': 'test',
-    'netflix.account': '${netflix.environment}',
-    'netflix.stack': 'test',
-    'spring.config.additional-location': '${user.home}/.spinnaker/',
-    'spring.application.name': 'gate',
-    'spring.config.name': 'spinnaker,${spring.application.name}',
-    'spring.profiles.active': '${netflix.environment},local'
-  ]
+  static final Map<String, String> DEFAULT_PROPS = new DefaultPropertiesBuilder().property("spring.application.name", "gate").build()
 
   static void main(String... args) {
     new SpringApplicationBuilder().properties(DEFAULT_PROPS).sources(Main).run(args)

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy
@@ -472,7 +472,7 @@ class GateConfig extends RedisHttpSessionConfiguration {
   FilterRegistrationBean authenticatedRequestFilter() {
     // no need to force the `AuthenticatedRequestFilter` to create a request id as that is
     // handled by the `RequestTimingFilter`.
-    def frb = new FilterRegistrationBean(new AuthenticatedRequestFilter(false, true, false, false))
+    def frb = new FilterRegistrationBean(new AuthenticatedRequestFilter(true, true, false, false))
     frb.order = Ordered.LOWEST_PRECEDENCE - 1
     return frb
   }

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateWebConfig.groovy
@@ -19,8 +19,8 @@ package com.netflix.spinnaker.gate.config
 import com.netflix.spectator.api.Registry
 import com.netflix.spinnaker.gate.filters.ContentCachingFilter
 import com.netflix.spinnaker.gate.interceptors.RequestContextInterceptor
-import com.netflix.spinnaker.gate.interceptors.RequestIdInterceptor
-
+import com.netflix.spinnaker.gate.interceptors.ResponseHeaderInterceptor
+import com.netflix.spinnaker.gate.interceptors.ResponseHeaderInterceptorConfigurationProperties
 import com.netflix.spinnaker.gate.retrofit.UpstreamBadRequest
 import com.netflix.spinnaker.kork.dynamicconfig.DynamicConfigService
 import com.netflix.spinnaker.kork.web.interceptors.MetricsInterceptor
@@ -37,6 +37,7 @@ import com.opsmx.spinnaker.gate.interceptors.ServiceIdRbacInterceptor
 import com.opsmx.spinnaker.gate.rbac.ApplicationFeatureRbac
 import org.springframework.beans.factory.annotation.Autowired
 import org.springframework.beans.factory.annotation.Value
+import org.springframework.boot.context.properties.EnableConfigurationProperties
 import org.springframework.context.ApplicationContext
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.ComponentScan
@@ -57,6 +58,7 @@ import javax.servlet.http.HttpServletResponse
 
 @Configuration
 @ComponentScan
+@EnableConfigurationProperties(ResponseHeaderInterceptorConfigurationProperties.class)
 public class GateWebConfig implements WebMvcConfigurer {
   @Autowired
   Registry registry
@@ -70,6 +72,9 @@ public class GateWebConfig implements WebMvcConfigurer {
   @Value('${rate-limit.learning:true}')
   Boolean rateLimitLearningMode
 
+  @Autowired
+  ResponseHeaderInterceptorConfigurationProperties responseHeaderInterceptorConfigurationProperties
+
   @Value('${rbac.feature.application.enabled:true}')
   Boolean isRbacEnabled
 
@@ -109,6 +114,7 @@ public class GateWebConfig implements WebMvcConfigurer {
     )
 
     registry.addInterceptor(new RequestIdInterceptor())
+    registry.addInterceptor(new ResponseHeaderInterceptor(responseHeaderInterceptorConfigurationProperties))
     registry.addInterceptor(new RequestContextInterceptor())
 
     List<String> oesServicePathPatterns = new ArrayList<>()