For general contribution and community guidelines, please see the community repo.
To work in this codebase, you will need the latest version of the Java JDK installed.
This project is container-based and therefore, you will need Docker in order to make and view your changes.
To contribute to testing, you will need both the Conjur Open Source and Enterprise. You shouldn't have a problem pulling down the Open Source image, but to pull the Enterprise image, you must be granted access to the Conjur registry.
You will want to get in contact with the Infrastructure team via the CyberArk Commons to be granted access. If you have been granted access, run: docker login registry.tld.
NOTE: Your password should be the API key given to you by the Infrastructure team.
Before making changes, it is recommended that the test script is run first to ensure that Java and the provided dependencies are not out-of-date.
You can run the test script in your shell like so:
./test.sh
NOTE: The tests (for both Conjur Open Source and Enterprise) are part of the build so if a change is made to the actual API, but the tests fail, the build will also fail.
This section includes helpful troubleshooting hints to help you navigate the codebase and resolve problems that you might be experiencing during development.
- org.apache.cxf.interceptor.Fault: Could not send Message
- sun.security.provider.certpath.SunCertPathBuilderException unable to find valid certification path to requested target
-
Check that the
$JAVA_HOMEpath in the container matches theJAVA_PATHvariable path in the test script. Otherwise, Java will think a new keystore is being created and will not (by default) look for the certificate in the path given. -
Since we are using Java
cacerts(Java-specific certificates), check that the fingerprints of the certificate in the test containers match the fingerprints in the appliance.To do so:
docker execinto the test container and runkeytool -list -keystore $JRE_HOME/lib/security/cacerts -alias <IMPORTED_CERT_ALIAS>. The alias of the certificate can be found in the test script.- If import was successful, the certificate fingerprint (SHA) should be returned.
- Navigate to
https://localhost:<PORT_OF_CONJUR_CONTAINER>in your browser (make sure the Conjur container is still up and running).- You can find the exact ports by taking a look at each container's exposed ports in the
docker-compose.ymlfile. - You can keep containers up by commenting out the
finishfunction in the test script.
- You can find the exact ports by taking a look at each container's exposed ports in the
- For instructions on how to view certificates in browsers, take a look here.
- Check to see if the fingerprints of the host certificate (not the root certificate) match the one that was returned by the keytool.
-
Create a basic HTTPS client in Java to make the connection to the appliance. If you cannot make the connection (not getting data back), then you know there is a problem with the cacaerts collection (either on import or on creation)
- The input device is not a TTY
TTY ("teletype") is a terminal interface (from when terminals were attached to mainframes) that support input/output streams. Since then, pseudo-terminal drivers/emulators were developed to allow terminals to perform actions and send signals without the need to write to terminal directly. When pushing your changes, you may notice that you are receiving the above error because Jenkins doesn't support terminal connection sessions (with stdin and stdout streams) and therefore doesn't execute its jobs in a TTY. To disable this, add -T to your docker command.
NOTE: this can happen with cat as it may sometimes not notice that the input stream has ended.
- Check whether any dependencies have changed since the last release by comparing pom.xml versions to the dependencies and versions in NOTICES.txt. If any dependencies have been added, removed, or updated, update the NOTICES.txt with those corresponding changes.
- Review the CHANGELOG.md against the unreleased commits and make sure all user-relevant changes have been captured.
- Based on the unreleased content, determine the new version number and update the version tag in pom.xml and add the version to the CHANGELOG.md.
- Commit these changes -
Bump version to x.y.zis an acceptable commit message - and open a PR for review. Your PR should include updates topom.xml,CHANGELOG.md, and if there are any dependency updates since the last tag, toNOTICES.txt.
- Once your changes have been reviewed and merged into main, tag the version
using
git tag -s vx.y.z -m vx.y.z. Note: this requires you to be able to sign releases. Consult the github documentation on signing commits on how to set this up. - Push the tag:
git push vx.y.z(orgit push origin vx.y.zif you are working from your local machine).
- From a clean checkout of main build a tarball of the repo by running
./bin/package.sh, which outputsoutput/dist/conjur-api-java.tar.gzandoutput/dist/SHA256SUMS.txt. - Create a GitHub release from the tag, add a description by copying the
CHANGELOG entries from the version, and upload the release artifacts from
output/dist/that you created in the last step. The following artifacts should also be updated to the release:- CHANGELOG.md
- LICENSE
- NOTICES.txt
- Fork or clone repository
- If issue for relevant change has not been created, open one here
- Add the
implementinglabel to the issue once you begin to work on it - Create your feature branch (
git checkout -b my-new-feature) - Run test script (
./test.sh) to ensure tests are not out of date - Once changes are made, run test script again to ensure your changes haven't broken anything
- Commit your changes (
git commit -m 'Add X feature that does Y') - Push to the branch (
git push origin my-new-feature) - Create new Pull Request, linking the issue in the description (e.g.
Connected to #123) and ask another developer to review and merge your code - Replace
implementingwithimplementedlabel in issue