chore: merge from master #2313
Merged
chore: merge from master #2313
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Amanda D'Errico <[email protected]> (cherry picked from commit ab36819) Signed-off-by: achmelo <[email protected]>
) * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: refactor JUnit test Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit d18f388) Signed-off-by: achmelo <[email protected]>
…ter (#2168) * Refactored PostStoreLoadBalancerCacheFilter Signed-off-by: Amanda D'Errico <[email protected]> * Refactored LocationFilter Signed-off-by: Amanda D'Errico <[email protected]> * addressed code review Signed-off-by: Amanda D'Errico <[email protected]> (cherry picked from commit c6f018b) Signed-off-by: achmelo <[email protected]>
…re resu… (#2195) * publish coverage from internal port tests, provide comment where results are not stored, remove integration test count publish Signed-off-by: achmelo <[email protected]> * merge Signed-off-by: achmelo <[email protected]> * correct job name Signed-off-by: achmelo <[email protected]> (cherry picked from commit d471bed) Signed-off-by: achmelo <[email protected]>
* feat(authentication): introduce x509 authentication source Introduce the object and basic service for a client certificate as source of authentication Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: use dedicated origin of the authentication source instead of QueryResponse.Source Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: improve code coverage Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: resolve licence issue Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Add implementation of AuthSourceService interface to process client certificate authentication Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: add JUnits Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: return BAD REQUEST (400) when X509 certificate which cannot be used for client authentication is used in authentication scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: fix error in acceptance test (ZosmfSchemeTest) Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: fix Sonar issues Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: define X509 authentication source service as bean in configuration Signed-off-by: Yelyzaveta Chebanova <[email protected]> * rerun Signed-off-by: achmelo <[email protected]> Co-authored-by: achmelo <[email protected]> (cherry picked from commit efd53a8) Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
* Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <[email protected]> * Add BearerContent filter to enable bearer auth Signed-off-by: at670475 <[email protected]> * Add functional test to test bearer auth Signed-off-by: at670475 <[email protected]> * Convert to given_when_then Signed-off-by: at670475 <[email protected]> * Add functional test for gateway Signed-off-by: at670475 <[email protected]> * Add functional tests for DS Signed-off-by: at670475 <[email protected]> * Fix git diff Signed-off-by: at670475 <[email protected]> (cherry picked from commit 1d41704) Signed-off-by: achmelo <[email protected]>
* Failing acceptance tests Signed-off-by: Jakub Balhar <[email protected]> * Fix tests and limit the certificate related ones Signed-off-by: Jakub Balhar <[email protected]> Co-authored-by: Jakub Balhar <[email protected]> (cherry picked from commit 2536f4d) Signed-off-by: achmelo <[email protected]>
…tes (#2207) * get JWT from authsource Signed-off-by: achmelo <[email protected]> * create JWT auth source if X509 is provided Signed-off-by: achmelo <[email protected]> * update original authsource Signed-off-by: achmelo <[email protected]> * expect token in header for valid client cert Signed-off-by: achmelo <[email protected]> * remove imports Signed-off-by: achmelo <[email protected]> * accept client cert auth after loadbalancer Signed-off-by: achmelo <[email protected]> * reject request if zosmf scheme is not available Signed-off-by: achmelo <[email protected]> * test config refactoring Signed-off-by: achmelo <[email protected]> * update and add unit tests Signed-off-by: achmelo <[email protected]> * Acceptance tests with check of X509 transformation to JWT. Signed-off-by: Petr Weinfurt <[email protected]> * Remove unused imports. Signed-off-by: Petr Weinfurt <[email protected]> * access zosmf with client cert Signed-off-by: achmelo <[email protected]> * remove unused test Signed-off-by: achmelo <[email protected]> * refactor, code smells Signed-off-by: achmelo <[email protected]> * code coverage Signed-off-by: achmelo <[email protected]> * udpate comment Signed-off-by: achmelo <[email protected]> * extract duplication Signed-off-by: achmelo <[email protected]> Co-authored-by: achmelo <[email protected]> Co-authored-by: Petr Weinfurt <[email protected]> Co-authored-by: achmelo <[email protected]> (cherry picked from commit 5750072) Signed-off-by: achmelo <[email protected]>
… v2 base urls (#2239) Signed-off-by: Amanda D'Errico <[email protected]> (cherry picked from commit 046bce0) Signed-off-by: achmelo <[email protected]>
…es (part 1) (#2244) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 1) add more JUnit tests Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 1) get authentication source from scheme in ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 1) fix tests for ServiceAuthenticationDecorator Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 615badf) Signed-off-by: achmelo <[email protected]>
Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 90fa300) Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
* zowe jwt Signed-off-by: achmelo <[email protected]> * translate x509 into zoweJWT Signed-off-by: achmelo <[email protected]> * update header after LB Signed-off-by: achmelo <[email protected]> * integration tests for zowejwtscheme Signed-off-by: achmelo <[email protected]> * fix tests Signed-off-by: achmelo <[email protected]> * run when zosmf auth tests Signed-off-by: achmelo <[email protected]> * hostname Signed-off-by: achmelo <[email protected]> * cleanup Signed-off-by: achmelo <[email protected]> * common string Signed-off-by: achmelo <[email protected]> * get JWT in create command Signed-off-by: achmelo <[email protected]> * send empty header in case of missing auth in request Signed-off-by: achmelo <[email protected]> * return empty command Signed-off-by: achmelo <[email protected]> * translate all exceptions from createTokenWithoutCreds into custom so it can be propagated with zuul exception Signed-off-by: achmelo <[email protected]> * use header to inform about transformation failure Signed-off-by: achmelo <[email protected]> * styles Signed-off-by: achmelo <[email protected]> * custom exception, code smells Signed-off-by: achmelo <[email protected]> * override default method Signed-off-by: achmelo <[email protected]> * documentation, mark applyToRequest as deprecated Signed-off-by: achmelo <[email protected]> * return failure header to client Signed-off-by: achmelo <[email protected]> * inform about invalid token Signed-off-by: achmelo <[email protected]> * higher timeout Signed-off-by: achmelo <[email protected]> * higher timeout all container tests Signed-off-by: achmelo <[email protected]> * remove cookie and add error header if token is expired Signed-off-by: achmelo <[email protected]> (cherry picked from commit aedbbda) Signed-off-by: achmelo <[email protected]>
…es (part 2) (#2260) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <[email protected]> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit d888a11)
* Emit one metric event at a time Signed-off-by: Carson Cook <[email protected]> * Convert metrics to json with values Signed-off-by: Carson Cook <[email protected]> (cherry picked from commit f12ebe8)
…es (part 3) (#2285) * feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <[email protected]> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Resolve PR review suggestions Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit a053b00)
* feat: Enhance x509 authentication scheme to support client certificates (part 1) move the logic which gets authentication source from request to scheme * feat: Enhance x509 authentication scheme to support client certificates (part 2) - validate extended key usage for X509 certificate in getAuthSourceFromRequest() method; - use AuthSourceService in X509Scheme. Signed-off-by: Yelyzaveta Chebanova <[email protected]> * merge with master branch Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) -remove unnecessary usage of Serializable Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 2) - cleanup Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" headers for X509Scheme error situations Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add "X-Zowe-Auth-Failure" header when client certificate is missing or invalid Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - add IT for X509Scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - store information about X509 validation error in context to set error header later Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - resolve merge conflicts Signed-off-by: Yelyzaveta Chebanova <[email protected]> * feat: Enhance x509 authentication scheme to support client certificates (part 3) - fix IT for X509 scheme Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Add isExpired() method to ZoweJwtScheme to correctly detect expiration Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Check for validation errors in context to propagate them into "X-Zowe-Auth-Failure" header Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Move default expiration for X509 certificate into AuthConfigurationProperties Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Fix merge issues Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit c602080)
* chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <[email protected]> * branch to merge for PR Signed-off-by: achmelo <[email protected]> * hardcode value Signed-off-by: achmelo <[email protected]> * revert Signed-off-by: achmelo <[email protected]> * different format Signed-off-by: achmelo <[email protected]> * github ref Signed-off-by: achmelo <[email protected]> * tag name Signed-off-by: achmelo <[email protected]> * do not clone repository again Signed-off-by: achmelo <[email protected]> * get cookies from original request Signed-off-by: achmelo <[email protected]> * integration test to verify cookies preservation Signed-off-by: achmelo <[email protected]> (cherry picked from commit 71c6649)
* Move ZOSMF transformation logic from apply() method to createCommand() Signed-off-by: Yelyzaveta Chebanova <[email protected]> * refactor: resolve Sonar issue Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 38601c4) Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
Signed-off-by: Yelyzaveta Chebanova <[email protected]>
…thout expiration (#2298) Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 122837e)
…2301) * functionality for error message in HttpBasicPassTicketScheme Signed-off-by: Amanda D'Errico <[email protected]> * updated HttpBasicPassTicketSchemeTest to reflect new PassTicketCommand containing error messages Signed-off-by: Amanda D'Errico <[email protected]> * cleanup with exceptions, error messages Signed-off-by: Amanda D'Errico <[email protected]> * revert back to throwing exception when generating pass ticket Signed-off-by: Amanda D'Errico <[email protected]> * only x-zowe-auth-failure before creating command Signed-off-by: Amanda D'Errico <[email protected]> * updating apply and applyToRequest with authorizationValue=null Signed-off-by: Amanda D'Errico <[email protected]> * added back messageService, and message for auth source error Signed-off-by: Amanda D'Errico <[email protected]> * add x-zowe-auth header in apply and applyToRequest, error messages in generating passTicket and authSource Signed-off-by: Amanda D'Errico <[email protected]> * moved logic - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <[email protected]> * empty commit to trigger job build Signed-off-by: Amanda D'Errico <[email protected]> * removed import in HttpBasicPassTicketSchemeTest Signed-off-by: Amanda D'Errico <[email protected]> * moved logic for applyToRequest - add request header with cookie only if authorizationValue is not null Signed-off-by: Amanda D'Errico <[email protected]> * added error messages when parsed auth source is null and when its userId is null Signed-off-by: Amanda D'Errico <[email protected]> * added try catch block for parse Signed-off-by: Amanda D'Errico <[email protected]> * removing TokenExpireException from try catch block Signed-off-by: Amanda D'Errico <[email protected]> * removing only TokenNotValidException from try catch block Signed-off-by: Amanda D'Errico <[email protected]> * added back catch block for exception TokenNotValidException Signed-off-by: Amanda D'Errico <[email protected]> * Fix NPE in HttpBasicPassTicketScheme.isExpired() method Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Use dedicated method to remove cookie Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Fix JUnit test Signed-off-by: Yelyzaveta Chebanova <[email protected]> Co-authored-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 9eb006f) Signed-off-by: achmelo <[email protected]>
* chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <[email protected]> * branch to merge for PR Signed-off-by: achmelo <[email protected]> * hardcode value Signed-off-by: achmelo <[email protected]> * revert Signed-off-by: achmelo <[email protected]> * different format Signed-off-by: achmelo <[email protected]> * github ref Signed-off-by: achmelo <[email protected]> * tag name Signed-off-by: achmelo <[email protected]> * do not clone repository again Signed-off-by: achmelo <[email protected]> * replica mode Signed-off-by: achmelo <[email protected]> * run infinispan tests only Signed-off-by: achmelo <[email protected]> * Revert "run infinispan tests only" This reverts commit cb19682. * different hostname for CS with infinispan Signed-off-by: achmelo <[email protected]> * revert hostname Signed-off-by: achmelo <[email protected]> (cherry picked from commit 5b5880c)
* Discovery service health check Signed-off-by: Boris Petkov <[email protected]> * Discovery service health check with Partial status Signed-off-by: Boris Petkov <[email protected]> (cherry picked from commit 2f167ff)
* chore: more generic changlog action (#2269) * checkout specified branch Signed-off-by: achmelo <[email protected]> * branch to merge for PR Signed-off-by: achmelo <[email protected]> * hardcode value Signed-off-by: achmelo <[email protected]> * revert Signed-off-by: achmelo <[email protected]> * different format Signed-off-by: achmelo <[email protected]> * github ref Signed-off-by: achmelo <[email protected]> * tag name Signed-off-by: achmelo <[email protected]> * do not clone repository again Signed-off-by: achmelo <[email protected]> * enable 1.3, add supported ciphers Signed-off-by: achmelo <[email protected]> * Add TLSv1.3 support in onboarding-enabler sample app Signed-off-by: at670475 <[email protected]> Co-authored-by: Andrea Tabone <[email protected]> Co-authored-by: Andrea Tabone <[email protected]> (cherry picked from commit e96135a)
* refactor: change exception handling in authentication schemes Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Fix IT Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Fix IT Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Improve test coverage Signed-off-by: Yelyzaveta Chebanova <[email protected]> * Rename unit test Signed-off-by: Yelyzaveta Chebanova <[email protected]> (cherry picked from commit 5db1b80) Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
Signed-off-by: achmelo <[email protected]>
|
Kudos, SonarCloud Quality Gate passed! |
taban03
approved these changes
Apr 28, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Please include a summary of the change and which issue is fixed. Please also include relevant motivation and context. List any dependencies that are required for this change.
Linked to # (issue)
Type of change
Please delete options that are not relevant.
Checklist:
For more details about how should the code look like read the Contributing guideline