Skip to content

Commit

Permalink
Merge branch 'main' of github.com:opensearch-project/security into ch…
Browse files Browse the repository at this point in the history 
…ange-password-security-message
  • Loading branch information
@derek-ho
derek-ho committed Aug 16, 2023
2 parents 3d7f82b + bd084c8 commit d612464
Show file tree
Hide file tree
Showing 37 changed files with 202 additions and 66 deletions.
1 change: 1 addition & 0 deletions .github/actions/create-bwc-build/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@ runs:
- name: Build
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: assemble
build-root-directory: ${{ inputs.plugin-branch }}

Expand Down
1 change: 1 addition & 0 deletions .github/actions/run-bwc-suite/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ runs:
- name: Run BWC tests
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: |
bwcTestSuite
-Dtests.security.manager=false
Expand Down
6 changes: 6 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,3 +10,9 @@ updates:
# For all packages, ignore all major versions to minimize breaking issues
- dependency-name: "*"
update-types: ["version-update:semver-major"]
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "weekly"
commit-message:
prefix: "dependabot:"
4 changes: 2 additions & 2 deletions .github/workflows/auto-release.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,15 @@ jobs:
steps:
- name: GitHub App token
id: github_app_token
uses: tibdex/github-app-token@v1.5.0
uses: tibdex/github-app-token@v1.8.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
installation_id: 22958780
- name: Get tag
id: tag
uses: dawidd6/action-get-tag@v1
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: ncipollo/release-action@v1
with:
github_token: ${{ steps.github_app_token.outputs.token }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/backport.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ jobs:
steps:
- name: GitHub App token
id: github_app_token
uses: tibdex/github-app-token@v1.5.0
uses: tibdex/github-app-token@v1.8.0
with:
app_id: ${{ secrets.APP_ID }}
private_key: ${{ secrets.APP_PRIVATE_KEY }}
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/bwc-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ jobs:
java-version: 11

- name: Checkout Security Repo
uses: actions/checkout@v2
uses: actions/checkout@v3

- id: build-previous
uses: ./.github/actions/run-bwc-suite
Expand All @@ -32,7 +32,7 @@ jobs:
java-version: 11

- name: Checkout Security Repo
uses: actions/checkout@v2
uses: actions/checkout@v3

- id: build-previous
uses: ./.github/actions/run-bwc-suite
Expand Down
8 changes: 4 additions & 4 deletions .github/workflows/cd.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,10 +20,10 @@ jobs:
java-version: 11

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Cache Gradle packages
uses: actions/cache@v2
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
Expand All @@ -46,7 +46,7 @@ jobs:
- name: Create Github Draft Release
id: create_release
uses: actions/create-release@v1.0.0
uses: actions/create-release@v1.1.4
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand All @@ -57,7 +57,7 @@ jobs:

- name: Upload Release Asset
id: upload-release-asset
uses: actions/[email protected].1
uses: actions/[email protected].2
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
Expand Down
24 changes: 16 additions & 8 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
name: CI

on: [push, pull_request]
on:
push:
branches:
- main
- 1.*
- 2.*
pull_request:

env:
GRADLE_OPTS: -Dhttp.keepAlive=false
Expand All @@ -18,7 +24,7 @@ jobs:
java-version: 17

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Generate list of tasks
id: set-matrix
Expand All @@ -44,17 +50,18 @@ jobs:
java-version: ${{ matrix.jdk }}

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Build and Test
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: |
${{ matrix.gradle_task }} -Dbuild.snapshot=false
-x test
- name: Coverage
uses: codecov/codecov-action@v1
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./build/reports/jacoco/test/jacocoTestReport.xml
Expand Down Expand Up @@ -87,12 +94,13 @@ jobs:
java-version: ${{ matrix.jdk }}

- name: Checkout security
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Build and Test
uses: gradle/gradle-build-action@v2
continue-on-error: true # Until retries are enable do not fail the workflow https://github.com/opensearch-project/security/issues/2184
with:
cache-disabled: true
arguments: |
integrationTest -Dbuild.snapshot=false
Expand All @@ -110,7 +118,7 @@ jobs:
java-version: ${{ matrix.jdk }}

- name: Checkout Security Repo
uses: actions/checkout@v2
uses: actions/checkout@v3

- id: build-previous
uses: ./.github/actions/run-bwc-suite
Expand All @@ -122,7 +130,7 @@ jobs:
code-ql:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- uses: actions/setup-java@v1
with:
java-version: 11
Expand All @@ -135,7 +143,7 @@ jobs:
build-artifact-names:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- uses: actions/setup-java@v1
with:
Expand Down
13 changes: 8 additions & 5 deletions .github/workflows/code-hygiene.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ jobs:
name: Check if all files end in newline
steps:
- name: Checkout
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Linelint
uses: fernandrone/[email protected]
Expand All @@ -17,7 +17,7 @@ jobs:
runs-on: ubuntu-latest
name: Spotless scan
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- uses: actions/setup-java@v2
with:
Expand All @@ -26,13 +26,14 @@ jobs:

- uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: spotlessCheck

checkstyle:
runs-on: ubuntu-latest
name: Checkstyle scan
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- uses: actions/setup-java@v2
with:
Expand All @@ -41,13 +42,14 @@ jobs:

- uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: checkstyleMain checkstyleTest

spotbugs:
runs-on: ubuntu-latest
name: Spotbugs scan
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3

- uses: actions/setup-java@v2
with:
Expand All @@ -56,13 +58,14 @@ jobs:

- uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: spotbugsMain

check-permissions-order:
runs-on: ubuntu-latest
name: Check permissions orders
steps:
- uses: actions/checkout@v2
- uses: actions/checkout@v3
- run: npm install yaml

- name: Check permissions order
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/delete_backport_branch.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,6 @@ jobs:
if: startsWith(github.event.pull_request.head.ref,'backport/')
steps:
- name: Delete merged branch
uses: SvanBoxel/delete-merged-branch@b77e873cee00b09f55cc553bd24aae5f8dfc9157
uses: SvanBoxel/delete-merged-branch@2b5b058e3db41a3328fd9a6a58fd4c2545a14353
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
2 changes: 1 addition & 1 deletion .github/workflows/integration-tests.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ jobs:
distribution: temurin # Temurin is a distribution of adoptium
java-version: ${{ matrix.jdk }}

- uses: actions/checkout@v2
- uses: actions/checkout@v3

- run: OPENDISTRO_SECURITY_TEST_OPENSSL_OPT=true ./gradlew test

Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/maven-publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ jobs:
distribution: temurin # Temurin is a distribution of adoptium
java-version: 11
- uses: actions/checkout@v3
- uses: aws-actions/configure-aws-credentials@v1
- uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: ${{ secrets.PUBLISH_SNAPSHOTS_ROLE }}
aws-region: us-east-1
Expand Down
4 changes: 3 additions & 1 deletion .github/workflows/plugin_install.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,11 +22,12 @@ jobs:
java-version: ${{ matrix.jdk }}

- name: Checkout Branch
uses: actions/checkout@v2
uses: actions/checkout@v3

- name: Assemble target plugin
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: assemble

# Move and rename the plugin for installation
Expand Down Expand Up @@ -59,4 +60,5 @@ jobs:
- name: Run sanity tests
uses: gradle/gradle-build-action@v2
with:
cache-disabled: true
arguments: integTestRemote -Dtests.rest.cluster=localhost:9200 -Dtests.cluster=localhost:9200 -Dtests.clustername="opensearch" -Dhttps=true -Duser=admin -Dpassword=admin
24 changes: 12 additions & 12 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ buildscript {
open_saml_version = '4.3.0'
one_login_java_saml = '2.9.0'
jjwt_version = '0.11.5'
guava_version = '32.1.1-jre'
guava_version = '32.1.2-jre'
jaxb_version = '2.3.8'

if (buildVersionQualifier) {
Expand Down Expand Up @@ -63,7 +63,7 @@ plugins {
id 'maven-publish'
id 'com.diffplug.spotless' version '6.20.0'
id 'checkstyle'
id 'com.netflix.nebula.ospackage' version "11.3.0"
id 'com.netflix.nebula.ospackage' version "11.4.0"
id "org.gradle.test-retry" version "1.5.4"
id 'eclipse'
id "com.github.spotbugs" version "5.0.14"
Expand Down Expand Up @@ -515,7 +515,7 @@ dependencies {

implementation "org.apache.kafka:kafka-clients:${kafka_version}"

runtimeOnly 'net.minidev:accessors-smart:2.4.7'
runtimeOnly 'net.minidev:accessors-smart:2.5.0'

implementation("org.apache.cxf:cxf-rt-rs-security-jose:${apache_cxf_version}") {
exclude(group: 'jakarta.activation', module: 'jakarta.activation-api')
Expand All @@ -531,7 +531,7 @@ dependencies {
runtimeOnly 'com.google.errorprone:error_prone_annotations:2.20.0'
runtimeOnly 'com.sun.istack:istack-commons-runtime:4.2.0'
runtimeOnly 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0'
runtimeOnly 'org.ow2.asm:asm:9.1'
runtimeOnly 'org.ow2.asm:asm:9.5'

testImplementation 'org.apache.camel:camel-xmlsecurity:3.21.0'

Expand Down Expand Up @@ -568,7 +568,7 @@ dependencies {
runtimeOnly 'org.xerial.snappy:snappy-java:1.1.10.3'
runtimeOnly 'org.codehaus.woodstox:stax2-api:4.2.1'
runtimeOnly "org.glassfish.jaxb:txw2:${jaxb_version}"
runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.4.0'
runtimeOnly 'com.fasterxml.woodstox:woodstox-core:6.5.1'
runtimeOnly 'org.apache.ws.xmlschema:xmlschema-core:2.2.5'
runtimeOnly 'org.apache.santuario:xmlsec:2.2.3'
runtimeOnly "com.github.luben:zstd-jni:${versions.zstd}"
Expand All @@ -578,7 +578,7 @@ dependencies {


testImplementation "org.opensaml:opensaml-messaging-impl:${open_saml_version}"
implementation 'org.apache.commons:commons-lang3:3.12.0'
implementation 'org.apache.commons:commons-lang3:3.13.0'
testImplementation "org.opensearch:common-utils:${common_utils_version}"
testImplementation "org.opensearch.plugin:reindex-client:${opensearch_version}"
testImplementation "org.opensearch:opensearch-ssl-config:${opensearch_version}"
Expand All @@ -588,9 +588,9 @@ dependencies {
testImplementation "org.opensearch.plugin:aggs-matrix-stats-client:${opensearch_version}"
testImplementation "org.apache.logging.log4j:log4j-core:${versions.log4j}"
testImplementation 'javax.servlet:servlet-api:2.5'
testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9'
testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14'
testImplementation 'com.github.stephenc.jcip:jcip-annotations:1.0-1'
testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9'
testImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14'
testImplementation 'javax.servlet:servlet-api:2.5'
testImplementation 'org.apache.httpcomponents:fluent-hc:4.5.13'
testImplementation "org.apache.httpcomponents.client5:httpclient5-fluent:${versions.httpclient5}"
Expand All @@ -600,8 +600,8 @@ dependencies {
testImplementation "org.apache.kafka:kafka-clients:${kafka_version}:test"
testImplementation 'org.springframework.kafka:spring-kafka-test:2.9.6'
testImplementation 'org.springframework:spring-beans:5.3.20'
testImplementation 'org.junit.jupiter:junit-jupiter:5.8.2'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.8.2'
testImplementation 'org.junit.jupiter:junit-jupiter:5.10.0'
testImplementation 'org.junit.jupiter:junit-jupiter-api:5.10.0'
// Only osx-x86_64, osx-aarch_64, linux-x86_64, linux-aarch_64, windows-x86_64 are available
if (osdetector.classifier in ["osx-x86_64", "osx-aarch_64", "linux-x86_64", "linux-aarch_64", "windows-x86_64"]) {
testImplementation "io.netty:netty-tcnative-classes:2.0.54.Final"
Expand All @@ -610,7 +610,7 @@ dependencies {
// JUnit build requirement
testCompileOnly 'org.apiguardian:apiguardian-api:1.1.2'
// Kafka test execution
testRuntimeOnly 'org.springframework.retry:spring-retry:1.3.3'
testRuntimeOnly 'org.springframework.retry:spring-retry:1.3.4'
testRuntimeOnly ('org.springframework:spring-core:5.3.27') {
exclude(group:'org.springframework', module: 'spring-jcl' )
}
Expand Down Expand Up @@ -642,7 +642,7 @@ dependencies {
integrationTestImplementation('org.awaitility:awaitility:4.2.0') {
exclude(group: 'org.hamcrest', module: 'hamcrest')
}
integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.9'
integrationTestImplementation 'com.unboundid:unboundid-ldapsdk:4.0.14'

//Checkstyle
checkstyle 'com.puppycrawl.tools:checkstyle:10.12.1'
Expand Down
Loading

0 comments on commit d612464

Please sign in to comment.