Merge branch 'develop' of github.com:cloudfoundry/uaa into feature/re…

…direct_uri_path_traversal # By Joshua Casey (417) and others # Via GitHub (170) and others * 'develop' of github.com:cloudfoundry/uaa: (1592 commits) Bump passay version 1.6.1 (#1612) Bump Spring Dependencies (#1611) Bump k8s.io/client-go from 0.21.2 to 0.21.3 in /k8s (#1609) Bump k8s.io/apimachinery from 0.21.2 to 0.21.3 in /k8s (#1608) Add workaround for revoke access dialog from issue #1036 (#1254) Bump spring oauth2 version to 2.5.1.RELEASE (#1601) Bump addressable from 2.5.0 to 2.8.0 in /uaa/slate (#1603) Add property option for mail.smtp.ssl.protocols (#1605) Add property option for mail.smtp.ssl.protocols (#1604) Fix CF-UAA version number Bump maven dependencies (#1600) Bump Tomcat dependency Bump github.com/onsi/gomega from 1.13.0 to 1.14.0 in /k8s (#1599) cleanup code from sonar findings and add additional tests cleanup code from sonar findings and add additional tests More test parameters for UaaUrlUtils.findMatchingRedirectUri() tests fix: Open Redirect Security Issue via some UAA endpoints, including logout.do BigInteger encoding fixed (#1579) Set startStopTimeout to be configurable (#1594) switch to StaleUrlCache ... # Conflicts: # dependencies.gradle # model/build.gradle # server/build.gradle # server/src/main/java/org/cloudfoundry/identity/uaa/oauth/beans/LegacyRedirectResolver.java # uaa/build.gradle
cloudfoundry · Jul 25, 2021 · fe5edde · fe5edde
2 parents 0775178 + 89c15d2
commit fe5edde
Show file tree

Hide file tree

Showing 1,035 changed files with 35,927 additions and 22,975 deletions.
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
@@ -0,0 +1,69 @@
+version: 2
+updates:
+- package-ecosystem: npm
+  directory: "/uaa"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gomod
+  directory: "/k8s"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/statsd"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+  ignore:
+  - dependency-name: org.apache.directory.api:api-ldap-model
+    versions:
+    - ">= 2.a"
+    - "< 3"
+  - dependency-name: org.flywaydb:flyway-core
+    versions:
+    - ">= 6.a"
+    - "< 7"
+  - dependency-name: org.passay:passay
+    versions:
+    - "> 1.2.0"
+    - "< 2"
+- package-ecosystem: gradle
+  directory: "/model"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/metrics-data"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/samples/api"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/server"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
+- package-ecosystem: gradle
+  directory: "/samples/app"
+  schedule:
+    interval: daily
+    time: "11:00"
+  open-pull-requests-limit: 10
diff --git a/.gitignore b/.gitignore
@@ -41,3 +41,4 @@ uaa/slate/node_modules/**/*
 uaa/slateCustomizations/source/versionfile
 
 ci/dockerfile/Dockerfile
+logs/**
diff --git a/README.md b/README.md
@@ -72,15 +72,15 @@ Security OAuth that can do the heavy lifting if your client is Java.
 ## Quick Start
 
 Requirements:
-* Java 8
+* Java 11
 
 If this works you are in business:
 
     $ git clone git://github.com/cloudfoundry/uaa.git
     $ cd uaa
     $ ./gradlew run
-    
-    
+
+
 The apps all work together with the apps running on the same port
 (8080) as [`/uaa`](http://localhost:8080/uaa), [`/app`](http://localhost:8080/app) and [`/api`](http://localhost:8080/api).
 
@@ -110,15 +110,15 @@ requesting system information:
       }
     }
 
-For complex requests it is more convenient to interact with UAA using 
+For complex requests it is more convenient to interact with UAA using
 `uaac`, the [UAA Command Line Client](https://github.com/cloudfoundry/cf-uaac).
 
 ## Integration tests
 
 You can run the integration tests with docker
 
     $ run-integration-tests.sh <dbtype>
-  
+
 will create a docker container running uaa + ldap + database whereby integration tests are run against.
 
 ### Using Gradle to test with postgresql or mysql
@@ -129,15 +129,38 @@ To run the unit tests with docker:
 
     $ run-unit-tests.sh <dbtype>
 
+### To run a single test
+
+Start by finding out which gradle project your test belongs to.
+You can find all project by running
+
+    $ ./gradlew projects
+
+Then you can run
+
+    $ ./gradlew :<project name>:test --tests <TestClass>.<MethodName>
+
+or to run all tests in a Class
+
+    $ ./gradlew :<project name>:test --tests <TestClass>
+
+You might want to use the full gradle command found at the bottom of
+the `scripts/unit-tests.sh` script by prepending the project name to
+the `test` command and adding the `--tests` option.
+
+### Building war file
+
+    $ ./gradlew :clean :assemble -Pversion=${UAA_VERSION}
+
 ## Inventory
 
 There are actually several projects here, the main `uaa` server application, a client library and some samples:
 
 1. `uaa` a WAR project for easy deployment
 
-2. `server` a JAR project containing the implementation of UAA's REST API (including [SCIM](http://www.simplecloud.info/)) and UI 
+2. `server` a JAR project containing the implementation of UAA's REST API (including [SCIM](http://www.simplecloud.info/)) and UI
 
-3. `model` a JAR project used by both the client library and server 
+3. `model` a JAR project used by both the client library and server
 
 4. `api` (sample) is an OAuth2 resource service which returns a mock list of deployed apps
 
@@ -154,6 +177,27 @@ In CloudFoundry terms
 * `app` is a webapp that needs single sign on and access to the `api`
   service on behalf of users.
 
+# Running the UAA on Kubernetes
+
+__Prerequisites__
+* [ytt](https://get-ytt.io/), tested with 0.24.0
+* [kubectl](https://kubernetes.io/docs/reference/kubectl/overview/)
+
+The Kubernetes deployment is in active development.  You should expect frequent (and possibly breaking) changes. This section will be updated as progress is made on this feature set. As of now:
+
+The [K8s directory](./k8s) contains `ytt` templates that can be rendered and applied to a K8s cluster.
+
+In development, [this Makefile](./k8s/Makefile) can be used for common rendering and deployment activities.
+
+In production, you'll most likely want to use ytt directly. Something like this should get you going:
+
+`$ ytt -f templates -f values/default-values.yml | kubectl apply -f -`
+
+If you'd like to overide some of those values, you can do so by taking advantage of YTT's [overlay functionality](https://get-ytt.io/#example:example-multiple-data-values).
+
+`$ ytt -f templates -f values/default-values.yml -f your-dir/production-values.yml | kubectl apply -f -`
+
+Of course, you can always abandon the default values altogether and provide your own values file.
 
 # Contributing to the UAA
 
@@ -167,6 +211,6 @@ Here are some ways for you to get involved in the community:
   want to contribute code this way, please reference an existing issue
   if there is one as well covering the specific issue you are
   addressing.  Always submit pull requests to the "develop" branch.
-  We strictly adhere to test driven development. We kindly ask that 
+  We strictly adhere to test driven development. We kindly ask that
   pull requests are accompanied with test cases that would be failing
-  if ran separately from the pull request.
+  if ran separately from the pull request.
Original file line number	Diff line number	Diff line change
Expand Up		@@ -41,3 +41,4 @@ uaa/slate/node_modules/*/
		uaa/slateCustomizations/source/versionfile

		ci/dockerfile/Dockerfile
		logs/**