Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

apiml/GH2062/add-x509-auth-source #2185

Merged
merged 20 commits into from
Mar 15, 2022

Conversation

yelyzavetachebanova
Copy link
Contributor

Description

Introduce new source of authentication which uses client certificate - X509AuthSource, and services to process it (get from request, validate, parse)

Linked to #2062

Type of change

  • (feat) New feature (non-breaking change which adds functionality)

Checklist:

  • My code follows the style guidelines of this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • My changes generate no new warnings
  • I have added tests that prove my fix is effective or that my feature works
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Introduce the object and basic service for a client certificate as source of authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
…f QueryResponse.Source

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
Signed-off-by: Yelyzaveta Chebanova <[email protected]>
Signed-off-by: Yelyzaveta Chebanova <[email protected]>
…9-origin-of-authSource' into apiml/GH2062/add-x509-auth-source
…ient certificate authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
# Conflicts:
#	gateway-service/src/main/java/org/zowe/apiml/gateway/security/service/schema/source/AuthSource.java
#	gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/ZosmfSchemeTest.java
#	gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/AuthSourceServiceImplTest.java
#	gateway-service/src/test/java/org/zowe/apiml/gateway/security/service/schema/source/AuthSourceTest.java
Signed-off-by: Yelyzaveta Chebanova <[email protected]>
…used for client authentication is used in authentication scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
@yelyzavetachebanova yelyzavetachebanova marked this pull request as draft March 11, 2022 14:22
@zowe-robot zowe-robot added the Sensitive Sensitive change that requires peer review label Mar 11, 2022
@yelyzavetachebanova yelyzavetachebanova marked this pull request as ready for review March 14, 2022 08:52
achmelo added 2 commits March 15, 2022 13:08
Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
…09-auth-source

# Conflicts:
#	.github/workflows/containers.yml
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

91.8% 91.8% Coverage
0.0% 0.0% Duplication

@yelyzavetachebanova yelyzavetachebanova merged commit efd53a8 into master Mar 15, 2022
@delete-merged-branch delete-merged-branch bot deleted the apiml/GH2062/add-x509-auth-source branch March 15, 2022 16:10
achmelo added a commit that referenced this pull request Apr 19, 2022
* feat(authentication): introduce x509 authentication source

Introduce the object and basic service for a client certificate as source of authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: use dedicated origin of the authentication source instead of QueryResponse.Source

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: improve code coverage

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: resolve licence issue

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Add implementation of AuthSourceService interface to process client certificate authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: add JUnits

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: return BAD REQUEST (400) when X509 certificate which cannot be used for client authentication is used in authentication scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: fix error in acceptance test (ZosmfSchemeTest)

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: fix Sonar issues

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: define X509 authentication source service as bean in configuration

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* rerun

Signed-off-by: achmelo <[email protected]>

Co-authored-by: achmelo <[email protected]>

(cherry picked from commit efd53a8)
Signed-off-by: achmelo <[email protected]>
achmelo added a commit that referenced this pull request Apr 28, 2022
* refactor: Refactoring for gateway.filters classes (#2157)

Signed-off-by: Amanda D'Errico <[email protected]>

(cherry picked from commit ab36819)
Signed-off-by: achmelo <[email protected]>

* refactor: introduce dedicated origin of the authentication source  (#2163)

* refactor: use dedicated origin of the authentication source instead of QueryResponse.Source

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: improve code coverage

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: resolve licence issue

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: refactor JUnit test

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit d18f388)
Signed-off-by: achmelo <[email protected]>

* refactor: Refactored PostStoreLoadBalancerCacheFilter and LocationFilter (#2168)

* Refactored PostStoreLoadBalancerCacheFilter

Signed-off-by: Amanda D'Errico <[email protected]>

* Refactored LocationFilter

Signed-off-by: Amanda D'Errico <[email protected]>

* addressed code review

Signed-off-by: Amanda D'Errico <[email protected]>

(cherry picked from commit c6f018b)
Signed-off-by: achmelo <[email protected]>

* chore: publish coverage from internal port tests, provide comment where resu… (#2195)

* publish coverage from internal port tests, provide comment where results are not stored, remove integration test count publish

Signed-off-by: achmelo <[email protected]>

* merge

Signed-off-by: achmelo <[email protected]>

* correct job name

Signed-off-by: achmelo <[email protected]>

(cherry picked from commit d471bed)
Signed-off-by: achmelo <[email protected]>

* apiml/GH2062/add-x509-auth-source (#2185)

* feat(authentication): introduce x509 authentication source

Introduce the object and basic service for a client certificate as source of authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: use dedicated origin of the authentication source instead of QueryResponse.Source

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: improve code coverage

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: resolve licence issue

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Add implementation of AuthSourceService interface to process client certificate authentication

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: add JUnits

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: return BAD REQUEST (400) when X509 certificate which cannot be used for client authentication is used in authentication scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: fix error in acceptance test (ZosmfSchemeTest)

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: fix Sonar issues

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: define X509 authentication source service as bean in configuration

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* rerun

Signed-off-by: achmelo <[email protected]>

Co-authored-by: achmelo <[email protected]>

(cherry picked from commit efd53a8)
Signed-off-by: achmelo <[email protected]>

* resolve additional conflicts

Signed-off-by: achmelo <[email protected]>

* fix: Add BearerContent filter to enable bearer auth (#2197)

* Add BearerContent filter to enable bearer auth

Signed-off-by: at670475 <[email protected]>

* Add BearerContent filter to enable bearer auth

Signed-off-by: at670475 <[email protected]>

* Add functional test to test bearer auth

Signed-off-by: at670475 <[email protected]>

* Convert to given_when_then

Signed-off-by: at670475 <[email protected]>

* Add functional test for gateway

Signed-off-by: at670475 <[email protected]>

* Add functional tests for DS

Signed-off-by: at670475 <[email protected]>

* Fix git diff

Signed-off-by: at670475 <[email protected]>

(cherry picked from commit 1d41704)
Signed-off-by: achmelo <[email protected]>

* refactor: Introduce applid to the SafIdtProvider (#2219)

* Failing acceptance tests

Signed-off-by: Jakub Balhar <[email protected]>

* Fix tests and limit the certificate related ones

Signed-off-by: Jakub Balhar <[email protected]>

Co-authored-by: Jakub Balhar <[email protected]>

(cherry picked from commit 2536f4d)
Signed-off-by: achmelo <[email protected]>

* feat: Enhance zosmf authentication scheme to support client certificates (#2207)

* get JWT from authsource

Signed-off-by: achmelo <[email protected]>

* create JWT auth source if X509 is provided

Signed-off-by: achmelo <[email protected]>

* update original authsource

Signed-off-by: achmelo <[email protected]>

* expect token in header for valid client cert

Signed-off-by: achmelo <[email protected]>

* remove imports

Signed-off-by: achmelo <[email protected]>

* accept client cert auth after loadbalancer

Signed-off-by: achmelo <[email protected]>

* reject request if zosmf scheme is not available

Signed-off-by: achmelo <[email protected]>

* test config refactoring

Signed-off-by: achmelo <[email protected]>

* update and add unit tests

Signed-off-by: achmelo <[email protected]>

* Acceptance tests with check of X509 transformation to JWT.

Signed-off-by: Petr Weinfurt <[email protected]>

* Remove unused imports.

Signed-off-by: Petr Weinfurt <[email protected]>

* access zosmf with client cert

Signed-off-by: achmelo <[email protected]>

* remove unused test

Signed-off-by: achmelo <[email protected]>

* refactor, code smells

Signed-off-by: achmelo <[email protected]>

* code coverage

Signed-off-by: achmelo <[email protected]>

* udpate comment

Signed-off-by: achmelo <[email protected]>

* extract duplication

Signed-off-by: achmelo <[email protected]>

Co-authored-by: achmelo <[email protected]>
Co-authored-by: Petr Weinfurt <[email protected]>
Co-authored-by: achmelo <[email protected]>

(cherry picked from commit 5750072)
Signed-off-by: achmelo <[email protected]>

* chore: improved testing for zaas client compatibility for both v1 and v2 base urls (#2239)

Signed-off-by: Amanda D'Errico <[email protected]>

(cherry picked from commit 046bce0)
Signed-off-by: achmelo <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 1) (#2244)

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

move the logic which gets authentication source from request to scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

add more JUnit tests

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

get authentication source from scheme in ServiceAuthenticationDecorator

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

fix tests for ServiceAuthenticationDecorator

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit 615badf)
Signed-off-by: achmelo <[email protected]>

* chore: rename AbstractAuthenticationScheme interface (#2247)

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit 90fa300)
Signed-off-by: achmelo <[email protected]>

* fixes after merge

Signed-off-by: achmelo <[email protected]>

* feat: zowe jwt from x509 (#2245)

* zowe jwt

Signed-off-by: achmelo <[email protected]>

* translate x509 into zoweJWT

Signed-off-by: achmelo <[email protected]>

* update header after LB

Signed-off-by: achmelo <[email protected]>

* integration tests for zowejwtscheme

Signed-off-by: achmelo <[email protected]>

* fix tests

Signed-off-by: achmelo <[email protected]>

* run when zosmf auth tests

Signed-off-by: achmelo <[email protected]>

* hostname

Signed-off-by: achmelo <[email protected]>

* cleanup

Signed-off-by: achmelo <[email protected]>

* common string

Signed-off-by: achmelo <[email protected]>

* get JWT in create command

Signed-off-by: achmelo <[email protected]>

* send empty header in case of missing auth in request

Signed-off-by: achmelo <[email protected]>

* return empty command

Signed-off-by: achmelo <[email protected]>

* translate all exceptions from createTokenWithoutCreds into custom so it can be propagated with zuul exception

Signed-off-by: achmelo <[email protected]>

* use header to inform about transformation failure

Signed-off-by: achmelo <[email protected]>

* styles

Signed-off-by: achmelo <[email protected]>

* custom exception, code smells

Signed-off-by: achmelo <[email protected]>

* override default method

Signed-off-by: achmelo <[email protected]>

* documentation, mark applyToRequest as deprecated

Signed-off-by: achmelo <[email protected]>

* return failure header to client

Signed-off-by: achmelo <[email protected]>

* inform about invalid token

Signed-off-by: achmelo <[email protected]>

* higher timeout

Signed-off-by: achmelo <[email protected]>

* higher timeout all container tests

Signed-off-by: achmelo <[email protected]>

* remove cookie and add error header if token is expired

Signed-off-by: achmelo <[email protected]>

(cherry picked from commit aedbbda)
Signed-off-by: achmelo <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2) (#2260)

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

move the logic which gets authentication source from request to scheme

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- validate extended key usage for X509 certificate in getAuthSourceFromRequest() method;
- use AuthSourceService in X509Scheme.

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* merge with master branch

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

-remove unnecessary usage of Serializable

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- cleanup

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
(cherry picked from commit d888a11)

* fix: Improve metrics in mocked-backend for metrics service (#2274)

* Emit one metric event at a time

Signed-off-by: Carson Cook <[email protected]>

* Convert metrics to json with values

Signed-off-by: Carson Cook <[email protected]>
(cherry picked from commit f12ebe8)

* feat: Enhance x509 authentication scheme to support client certificates (part 3) (#2285)

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

move the logic which gets authentication source from request to scheme

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- validate extended key usage for X509 certificate in getAuthSourceFromRequest() method;
- use AuthSourceService in X509Scheme.

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* merge with master branch

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

-remove unnecessary usage of Serializable

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- cleanup

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add "X-Zowe-Auth-Failure" headers for X509Scheme error situations

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add IT for X509Scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- store information about X509 validation error in context to set error header later

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- resolve merge conflicts

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- fix IT for X509 scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Resolve PR review suggestions

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
(cherry picked from commit a053b00)

* feat: zowe jwt from x509 (update) (#2292)

* feat: Enhance x509 authentication scheme to support client certificates (part 1)

move the logic which gets authentication source from request to scheme

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- validate extended key usage for X509 certificate in getAuthSourceFromRequest() method;
- use AuthSourceService in X509Scheme.

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* merge with master branch

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

-remove unnecessary usage of Serializable

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 2)

- cleanup

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add "X-Zowe-Auth-Failure" headers for X509Scheme error situations

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- add IT for X509Scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- store information about X509 validation error in context to set error header later

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- resolve merge conflicts

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: Enhance x509 authentication scheme to support client certificates (part 3)

- fix IT for X509 scheme

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Add isExpired() method to ZoweJwtScheme to correctly detect expiration

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Check for validation errors in context to propagate them into "X-Zowe-Auth-Failure" header

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Move default expiration for X509 certificate into AuthConfigurationProperties

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Fix merge issues

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
(cherry picked from commit c602080)

* fix: preserve request cookies (#2293)

* chore: more generic changlog action (#2269)

* checkout specified branch

Signed-off-by: achmelo <[email protected]>

* branch to merge for PR

Signed-off-by: achmelo <[email protected]>

* hardcode value

Signed-off-by: achmelo <[email protected]>

* revert

Signed-off-by: achmelo <[email protected]>

* different format

Signed-off-by: achmelo <[email protected]>

* github ref

Signed-off-by: achmelo <[email protected]>

* tag name

Signed-off-by: achmelo <[email protected]>

* do not clone repository again

Signed-off-by: achmelo <[email protected]>

* get cookies from original request

Signed-off-by: achmelo <[email protected]>

* integration test to verify cookies preservation

Signed-off-by: achmelo <[email protected]>
(cherry picked from commit 71c6649)

* refactor: move ZOSMF transformation logic into createCommand() (#2294)

* Move ZOSMF transformation logic from apply() method to createCommand()

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* refactor: resolve Sonar issue

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit 38601c4)
Signed-off-by: achmelo <[email protected]>

* fix tests

Signed-off-by: achmelo <[email protected]>

* chore: remove unused code

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* feat: use default expiration time in Zosmf scheme for auth. source without expiration (#2298)

Signed-off-by: Yelyzaveta Chebanova <[email protected]>
(cherry picked from commit 122837e)

* feat: functionality for error message in HttpBasicPassTicketScheme (#2301)

* functionality for error message in HttpBasicPassTicketScheme

Signed-off-by: Amanda D'Errico <[email protected]>

* updated HttpBasicPassTicketSchemeTest to reflect new PassTicketCommand containing error messages

Signed-off-by: Amanda D'Errico <[email protected]>

* cleanup with exceptions, error messages

Signed-off-by: Amanda D'Errico <[email protected]>

* revert back to throwing exception when generating pass ticket

Signed-off-by: Amanda D'Errico <[email protected]>

* only x-zowe-auth-failure before creating command

Signed-off-by: Amanda D'Errico <[email protected]>

* updating apply and applyToRequest with authorizationValue=null

Signed-off-by: Amanda D'Errico <[email protected]>

* added back messageService, and message for auth source error

Signed-off-by: Amanda D'Errico <[email protected]>

* add x-zowe-auth header in apply and applyToRequest, error messages in generating passTicket and authSource

Signed-off-by: Amanda D'Errico <[email protected]>

* moved logic - add request header with cookie only if authorizationValue is not null

Signed-off-by: Amanda D'Errico <[email protected]>

* empty commit to trigger job build

Signed-off-by: Amanda D'Errico <[email protected]>

* removed import in HttpBasicPassTicketSchemeTest

Signed-off-by: Amanda D'Errico <[email protected]>

* moved logic for applyToRequest - add request header with cookie only if authorizationValue is not null

Signed-off-by: Amanda D'Errico <[email protected]>

* added error messages when parsed auth source is null and when its userId is null

Signed-off-by: Amanda D'Errico <[email protected]>

* added try catch block for parse

Signed-off-by: Amanda D'Errico <[email protected]>

* removing TokenExpireException from try catch block

Signed-off-by: Amanda D'Errico <[email protected]>

* removing only TokenNotValidException from try catch block

Signed-off-by: Amanda D'Errico <[email protected]>

* added back catch block for exception TokenNotValidException

Signed-off-by: Amanda D'Errico <[email protected]>

* Fix NPE in HttpBasicPassTicketScheme.isExpired() method

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Use dedicated method to remove cookie

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Fix JUnit test

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

Co-authored-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit 9eb006f)
Signed-off-by: achmelo <[email protected]>

* fix: replication of data for infinispan nodes (#2308)

* chore: more generic changlog action (#2269)

* checkout specified branch

Signed-off-by: achmelo <[email protected]>

* branch to merge for PR

Signed-off-by: achmelo <[email protected]>

* hardcode value

Signed-off-by: achmelo <[email protected]>

* revert

Signed-off-by: achmelo <[email protected]>

* different format

Signed-off-by: achmelo <[email protected]>

* github ref

Signed-off-by: achmelo <[email protected]>

* tag name

Signed-off-by: achmelo <[email protected]>

* do not clone repository again

Signed-off-by: achmelo <[email protected]>

* replica mode

Signed-off-by: achmelo <[email protected]>

* run infinispan tests only

Signed-off-by: achmelo <[email protected]>

* Revert "run infinispan tests only"

This reverts commit cb19682.

* different hostname for CS with infinispan

Signed-off-by: achmelo <[email protected]>

* revert hostname

Signed-off-by: achmelo <[email protected]>
(cherry picked from commit 5b5880c)

* feat: Discovery service health check (#2312)

* Discovery service health check

Signed-off-by: Boris Petkov <[email protected]>

* Discovery service health check with Partial status

Signed-off-by: Boris Petkov <[email protected]>
(cherry picked from commit 2f167ff)

* feat: TLSv1.3 configuration (#2314)

* chore: more generic changlog action (#2269)

* checkout specified branch

Signed-off-by: achmelo <[email protected]>

* branch to merge for PR

Signed-off-by: achmelo <[email protected]>

* hardcode value

Signed-off-by: achmelo <[email protected]>

* revert

Signed-off-by: achmelo <[email protected]>

* different format

Signed-off-by: achmelo <[email protected]>

* github ref

Signed-off-by: achmelo <[email protected]>

* tag name

Signed-off-by: achmelo <[email protected]>

* do not clone repository again

Signed-off-by: achmelo <[email protected]>

* enable 1.3, add supported ciphers

Signed-off-by: achmelo <[email protected]>

* Add TLSv1.3 support in onboarding-enabler sample app

Signed-off-by: at670475 <[email protected]>

Co-authored-by: Andrea Tabone <[email protected]>
Co-authored-by: Andrea Tabone <[email protected]>
(cherry picked from commit e96135a)

* Refactor: authentication schemes exception handling (#2317)

* refactor: change exception handling in authentication schemes

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Fix IT

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Fix IT

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Improve test coverage

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

* Rename unit test

Signed-off-by: Yelyzaveta Chebanova <[email protected]>

(cherry picked from commit 5db1b80)
Signed-off-by: achmelo <[email protected]>

* fixes after merge

Signed-off-by: achmelo <[email protected]>

* merge

Signed-off-by: achmelo <[email protected]>

Co-authored-by: Amanda D'Errico <[email protected]>
Co-authored-by: Yelyzaveta Chebanova <[email protected]>
Co-authored-by: Andrea Tabone <[email protected]>
Co-authored-by: Jakub Balhar <[email protected]>
Co-authored-by: Jakub Balhar <[email protected]>
Co-authored-by: Petr Weinfurt <[email protected]>
Co-authored-by: Petr Weinfurt <[email protected]>
Co-authored-by: Carson Cook <[email protected]>
Co-authored-by: Boris Petkov <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Sensitive Sensitive change that requires peer review
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants