Update multi-tenancy branch with bug fixes

.github/workflows/build-snapshot.yml

@@ -1,3 +1,20 @@
+# Copyright (c) 2021-2022 Copyright (c) 2021-2022 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
 ---
 name: "Build"
 

.github/workflows/gitleaks.yml

@@ -1,3 +1,20 @@
+# Copyright (c) 2021-2022 Copyright (c) 2021-2022 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
 name: gitleaks
 on: [push, pull_request, workflow_dispatch]
 jobs:

.github/workflows/kics.yml

@@ -0,0 +1,53 @@
+name: "KICS"
+
+on:
+  push:
+    branches: [main, master]
+  # pull_request:
+  # The branches below must be a subset of the branches above
+  # branches: [main, master]
+  # paths-ignore:
+  #   - "**/*.md"
+  #   - "**/*.txt"
+  schedule:
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: KICS scan
+        uses: checkmarx/kics-github-action@master
+        with:
+          # Scanning directory .
+          path: "."
+          # Exclude paths from scan by providing the paths as comma separated list
+          # exclude_paths: "postgres-init.yaml,templates/sharedidp.yaml"
+          # Exclude queries by providing the query / rule ID as comma separated list
+          # exclude_queries: "b9c83569-459b-4110-8f79-6305aa33cb37"
+          # Fail on HIGH severity results
+          fail_on: high
+          # Disable secrets detection - we use GitGuardian
+          disable_secrets: true
+          # When provided with a directory on output_path
+          # it will generate the specified reports file named 'results.{extension}'
+          # in this example it will generate:
+          # - results-dir/results.json and results-dir/results.sarif
+          output_path: kicsResults/
+          output_formats: "json,sarif"
+
+      # Upload findings to GitHub Advanced Security Dashboard
+      - name: Upload SARIF file for GitHub Advanced Security Dashboard
+        if: always()
+        uses: github/codeql-action/upload-sarif@v1
+        with:
+          sarif_file: kicsResults/results.sarif

.github/workflows/release.yml

@@ -1,3 +1,20 @@
+# Copyright (c) 2021-2022 Copyright (c) 2021-2022 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
 ---
 name: "Create new version tag"
 

.github/workflows/trivy-scan.yml

@@ -1,3 +1,20 @@
+# Copyright (c) 2021-2022 Copyright (c) 2021-2022 Robert Bosch Manufacturing Solutions GmbH
+# Copyright (c) 2021-2022 Contributors to the Eclipse Foundation
+
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+
+# This program and the accompanying materials are made available under the
+# terms of the Apache License, Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0.
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+# SPDX-License-Identifier: Apache-2.0
 name: Trivy Scan
 
 on:

backend/deployment/registry/Chart.yaml

@@ -20,11 +20,11 @@
 
 apiVersion: v2
 name: registry
-description: A Helm chart for Kubernetes
+description: Tractus-X Digital Twin Registry Helm Chart
 
 type: application
-version: 0.1.0
-appVersion: 0.1.0-M1-multi-tenancy
+version: 0.2.2
+appVersion: 0.2.0-M2-multi-tenancy
 
 dependencies:
   - repository: https://charts.bitnami.com/bitnami

backend/deployment/registry/templates/registry/registry-secret.yaml

@@ -36,3 +36,4 @@ data:
   SPRING_DATASOURCE_PASSWORD: {{ .Values.registry.dataSource.password | b64enc }}
   {{- end }}
   SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: {{ .Values.registry.idpIssuerUri | b64enc }}
+  REGISTRY_IDM_PUBLIC_CLIENT_ID: {{ .Values.registry.idpClientId | b64enc }}

backend/deployment/registry/values.yaml

@@ -21,7 +21,7 @@
 enablePostgres: true
 
 registry:
-  image: registry:0.1.0-M1-multi-tenancy
+  image: registry:0.2.0-M2-multi-tenancy
   replicaCount: 1
   imagePullPolicy: IfNotPresent
   containerPort: 4242

pom.xml

@@ -71,7 +71,7 @@
 		<swagger-annotations.version>1.5.20</swagger-annotations.version>
 		<swagger-core-version>2.0.0</swagger-core-version>
 		<guava.version>31.0.1-jre</guava.version>
-		<apache-commonse.version>1.6</apache-commonse.version>
+		<apache-commonse.version>1.10.0</apache-commonse.version>
 		<google.findbugs.version>3.0.2</google.findbugs.version>
 		<snakeyaml.version>1.31</snakeyaml.version>
 
@@ -81,6 +81,7 @@
 
 		<!-- json, xml, formats, ... -->
 		<jackson.version>2.13.1</jackson.version>
+		<jackson.databind.version>2.13.4.2</jackson.databind.version>
 
 		<!-- persistence -->
 		<mapstruct.version>1.4.2.Final</mapstruct.version>
@@ -218,7 +219,20 @@
 				<groupId>org.openapitools</groupId>
 				<artifactId>jackson-databind-nullable</artifactId>
 				<version>0.1.0</version>
+				<!-- Exclusion of jackson-databind is required because of CV https://avd.aquasec.com/nvd/2022/cve-2022-42004 and https://avd.aquasec.com/nvd/2022/cve-2022-42003 -->
+				<exclusions>
+					<exclusion>
+						<groupId>com.fasterxml.jackson.core</groupId>
+						<artifactId>jackson-databind</artifactId>
+					</exclusion>
+				</exclusions>
 			</dependency>
+			<dependency>
+				<groupId>com.fasterxml.jackson.core</groupId>
+				<artifactId>jackson-databind</artifactId>
+				<version>${jackson.databind.version}</version>
+			</dependency>
+
 
 			<!-- Persistence Mapping -->
 			<dependency>