Merge branch 'develop' of https://github.com/reportportal/service-aut…

…horization into EPMRPP-90137

.github/workflows/dockerhub-release.yaml

@@ -17,7 +17,7 @@ jobs:
     name: Retag and push image 
     runs-on: ubuntu-latest
     environment: rc
-    if: github.event.pull_request.base.ref == 'master' || github.event.pull_request.base.ref == 'main'
+    if: github.event.review.state == 'approved' && (github.event.pull_request.base.ref == 'master' || github.event.pull_request.base.ref == 'main')
     steps:
       - name: Checkout
         uses: actions/checkout@v3

.github/workflows/release.yml

@@ -11,7 +11,7 @@ on:
 
 env:
   GH_USER_NAME: github.actor
-  RELEASE_VERSION: 5.11.1
+  RELEASE_VERSION: 5.11.3
 
 jobs:
   release:

Dockerfile

@@ -1,4 +1,4 @@
-FROM --platform=$BUILDPLATFORM gradle:8.5.0-jdk21 AS build
+FROM --platform=$BUILDPLATFORM gradle:8.10.0-jdk21-alpine AS build
 ARG RELEASE_MODE
 ARG APP_VERSION
 WORKDIR /usr/app
@@ -10,7 +10,7 @@ RUN if [ "${RELEASE_MODE}" = true ]; then \
     else gradle build --no-build-cache --exclude-task test -Dorg.gradle.project.version=${APP_VERSION}; fi
 
 # For ARM build use flag: `--platform linux/arm64`
-FROM --platform=$BUILDPLATFORM amazoncorretto:21.0.1
+FROM --platform=$BUILDPLATFORM amazoncorretto:21.0.4
 LABEL version=${APP_VERSION} description="EPAM ReportPortal. Auth Service" maintainer="Andrei Varabyeu <[email protected]>, Hleb Kanonik <[email protected]>"
 ARG APP_VERSION=${APP_VERSION}
 ENV APP_DIR=/usr/app
@@ -19,4 +19,4 @@ WORKDIR $APP_DIR
 COPY --from=build $APP_DIR/build/libs/service-authorization-*exec.jar .
 VOLUME ["/tmp"]
 EXPOSE 8080
-ENTRYPOINT exec java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar
+ENTRYPOINT ["sh", "-c", "java ${JAVA_OPTS} -jar ${APP_DIR}/service-authorization-*exec.jar"]

build.gradle

@@ -7,6 +7,7 @@ plugins {
 }
 
 apply from: 'project-properties.gradle'
+//apply from: "$scriptsUrl/build-docker.gradle"
 apply from: "$scriptsUrl/build-info.gradle"
 apply from: "$scriptsUrl/build-commons.gradle"
 //apply from: "$scriptsUrl/build-quality.gradle"
@@ -15,12 +16,12 @@ apply from: "$scriptsUrl/signing.gradle"
 
 repositories {
     mavenCentral { url "https://repo1.maven.org/maven2" }
-
     if (!releaseMode) {
         maven { url 'https://jitpack.io' }
     }
 }
 
+ext['spring-boot.version'] = '2.5.15'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10683 (dom4j 2.1.3 version dependency) AND https://nvd.nist.gov/vuln/detail/CVE-2019-14900
 ext['hibernate.version'] = '5.4.18.Final'
 //https://nvd.nist.gov/vuln/detail/CVE-2020-10693
@@ -50,12 +51,10 @@ dependencies {
     implementation 'org.apache.tomcat.embed:tomcat-embed-core:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-el:9.0.86'
     implementation 'org.apache.tomcat.embed:tomcat-embed-websocket:9.0.86'
-    //Fix CVE-2020-15522
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.69'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
     //Fix CVE-2018-10237
-    implementation 'com.google.guava:guava:31.1-jre'
+    implementation 'com.google.guava:guava:33.3.0-jre'
     //Fix CVE-2020-13956
     api 'org.apache.httpcomponents:httpclient:4.5.14'
     //Fix CVE-2022-40152
@@ -68,14 +67,14 @@ dependencies {
     //Fix CVE-2023-34050
     implementation 'org.springframework.amqp:spring-amqp:2.4.17'
     //Fix CVE-2023-40827, CVE-2023-40828, CVE-2023-40826
-    implementation 'org.springframework:spring-webmvc:5.3.33'
-    implementation 'org.springframework:spring-web:5.3.33'
+    implementation 'org.springframework:spring-webmvc:5.3.39'
+    implementation 'org.springframework:spring-web:5.3.39'
 
     ///// Security
     //https://nvd.nist.gov/vuln/detail/CVE-2020-5407 AND https://nvd.nist.gov/vuln/detail/CVE-2020-5408
-    implementation 'org.springframework.security:spring-security-core:5.8.5'
-    implementation 'org.springframework.security:spring-security-config:5.8.5'
-    implementation 'org.springframework.security:spring-security-web:5.8.5'
+    implementation 'org.springframework.security:spring-security-core:5.8.14'
+    implementation 'org.springframework.security:spring-security-config:5.8.14'
+    implementation 'org.springframework.security:spring-security-web:5.8.14'
     implementation 'org.springframework:spring-jdbc:6.1.5'
     //
 
@@ -84,11 +83,15 @@ dependencies {
     implementation 'net.minidev:json-smart:2.4.10'
     //Fix CVE-2022-22969
     api 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
-    implementation 'org.springframework.security:spring-security-jwt:1.0.11.RELEASE'
+    implementation 'org.springframework.security.oauth:spring-security-oauth2:2.5.2.RELEASE'
+    implementation 'org.springframework.security:spring-security-jwt:1.1.1.RELEASE'
+    //Fix CVE-2020-15522 in org.springframework.security:spring-security-jwt:1.1.1.RELEASE
+    implementation 'org.bouncycastle:bcprov-jdk15on:1.70'
     implementation 'org.springframework.security:spring-security-ldap'
     // TODO: consider migration to spring-security-saml2-service-provider
     implementation 'org.springframework.security.extensions:spring-security-saml2-core:2.0.0.M31'
-//  Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
+    implementation 'commons-collections:commons-collections:3.2.2'
+    //Temporary fix of https://nvd.nist.gov/vuln/detail/CVE-2019-12400
     implementation 'org.apache.santuario:xmlsec:3.0.3'
     //Fix CVE-2015-7501, CVE-2015-4852
     implementation 'org.apache.commons:commons-collections4:4.4'
@@ -102,10 +105,11 @@ dependencies {
     implementation 'org.springdoc:springdoc-openapi-ui:1.7.0'
     api 'org.apache.commons:commons-compress:1.26.0'
     implementation 'org.cryptacular:cryptacular:1.1.4'
-    // TODO: snakeyaml 2.0 supported by Spring Boot 3 only
-    implementation 'org.yaml:snakeyaml:1.33'
+    // TODO: snakeyaml 2.0 supported by Spring Boot 2.7 and 3.X only
+    // We don't user application.yml, so it's safe to use 2.2
+    implementation 'org.yaml:snakeyaml:2.2'
     implementation 'org.hibernate:hibernate-core:5.4.24.Final'
-    implementation 'org.springframework:spring-core:5.3.30'
+    implementation 'org.springframework:spring-core:5.3.39'
     implementation "com.rabbitmq:http-client:5.2.0"
 
     // add lombok support

gradle.properties

@@ -1,4 +1,4 @@
-version=5.11.2
+version=5.11.4
 description=Unified Authorization Trap for all ReportPortal's Services
 dockerPrepareEnvironment=
 dockerJavaOpts=-Xmx512m -XX:+UseG1GC -XX:InitiatingHeapOccupancyPercent=70 -Djava.security.egd=file:/dev/./urandom

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.5-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.10-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -15,6 +15,8 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
+# SPDX-License-Identifier: Apache-2.0
+#
 
 ##############################################################################
 #
@@ -55,7 +57,7 @@
 #       Darwin, MinGW, and NonStop.
 #
 #   (3) This script is generated from the Groovy template
-#       https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
+#       https://github.com/gradle/gradle/blob/HEAD/platforms/jvm/plugins-application/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
 #       within the Gradle project.
 #
 #       You can find Gradle at https://github.com/gradle/gradle/.
@@ -84,7 +86,8 @@ done
 # shellcheck disable=SC2034
 APP_BASE_NAME=${0##*/}
 # Discard cd standard output in case $CDPATH is set (https://github.com/gradle/gradle/issues/25036)
-APP_HOME=$( cd "${APP_HOME:-./}" > /dev/null && pwd -P ) || exit
+APP_HOME=$( cd -P "${APP_HOME:-./}" > /dev/null && printf '%s
+' "$PWD" ) || exit
 
 # Use the maximum available, or set MAX_FD != -1 to use that value.
 MAX_FD=maximum

gradlew.bat

@@ -13,6 +13,8 @@
 @rem See the License for the specific language governing permissions and
 @rem limitations under the License.
 @rem
+@rem SPDX-License-Identifier: Apache-2.0
+@rem
 
 @if "%DEBUG%"=="" @echo off
 @rem ##########################################################################
@@ -43,11 +45,11 @@ set JAVA_EXE=java.exe
 %JAVA_EXE% -version >NUL 2>&1
 if %ERRORLEVEL% equ 0 goto execute
 
-echo.
-echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH. 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 
@@ -57,11 +59,11 @@ set JAVA_EXE=%JAVA_HOME%/bin/java.exe
 
 if exist "%JAVA_EXE%" goto execute
 
-echo.
-echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
-echo.
-echo Please set the JAVA_HOME variable in your environment to match the
-echo location of your Java installation.
+echo. 1>&2
+echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME% 1>&2
+echo. 1>&2
+echo Please set the JAVA_HOME variable in your environment to match the 1>&2
+echo location of your Java installation. 1>&2
 
 goto fail
 

project-properties.gradle

@@ -4,10 +4,10 @@ project.ext {
     publishRepo = "https://maven.pkg.github.com/reportportal/service-authorization"
     dependencyRepos = ["commons-dao", "commons-rules", "commons-model", "commons-bom"]
     releaseMode = project.hasProperty("releaseMode")
-    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.10.0' : 'develop')
+    scriptsUrl = commonScriptsUrl + (releaseMode ? '5.11.0' : 'develop')
     isDebugMode = System.getProperty("DEBUG", "false") == "true"
 }
 
 wrapper {
-    gradleVersion = '8.5'
+    gradleVersion = '8.10'
 }

src/main/resources/application.properties

@@ -10,4 +10,85 @@ datastore.thumbnail.attachment.width=\${rp.binarystore.thumbnail.attachment.widt
 datastore.thumbnail.attachment.height=\${rp.binarystore.thumbnail.attachment.height:60}
 datastore.thumbnail.avatar.width=\${rp.binarystore.thumbnail.avatar.width:40}
 datastore.thumbnail.avatar.height=\${rp.binarystore.thumbnail.avatar.height:60}
-springdoc.default-produces-media-type=application/json
+
+# Application.yaml configuration
+# Server configuration
+server.port=9999
+server.forward-headers-strategy=NATIVE
+server.servlet.context-path=/
+
+# Spring configuration
+spring.application.name=uat
+spring.jackson.default-property-inclusion=non_null
+spring.session.store-type=jdbc
+spring.jpa.properties.hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect
+spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true
+spring.jpa.generate-ddl=false
+spring.jpa.hibernate.ddl-auto=none
+spring.profiles.active=\${rp.profiles:default}
+spring.web.locale=en_US
+spring.web.locale-resolver=fixed
+
+springdoc.default-produces-media-type=application/json
+
+# Logging configuration
+logging.level.org.springframework.security=debug
+logging.level.org.hibernate=info
+logging.level.org.hibernate.stat=info
+logging.level.org.springframework.web.bind=fatal
+
+# OpenAPI documentation configuration
+springfox.documentation.swagger.v2.path=/api-docs
+
+# Custom reportportal configuration
+rp.datasource.type=com.zaxxer.hikari.HikariDataSource
+rp.datasource.driverClassName=org.postgresql.Driver
+rp.datasource.jdbcUrl=\${rp.db.url}
+rp.datasource.username=\${rp.db.user}
+rp.datasource.password=\${rp.db.pass}
+rp.datasource.maximumPoolSize=27
+
+rp.db.url=jdbc:postgresql://\${rp.db.host}:\${rp.db.port}/\${rp.db.name}
+rp.db.name=reportportal
+rp.db.host=postgres
+rp.db.port=5432
+rp.db.user=
+rp.db.pass=
+
+rp.jwt.signing-key=
+rp.jwt.token.validity-period=\${rp.session.live}
+
+rp.session.live=86400
+
+rp.saml.session-live=4320
+
+rp.auth.saml.base-path=
+rp.auth.saml.entity-id=report.portal.sp.id
+rp.auth.saml.key-password=password
+rp.auth.saml.key-alias=report-portal-sp
+rp.auth.saml.session-live=\${rp.saml.session-live}
+rp.auth.saml.key-store=saml/keystore.jks
+rp.auth.saml.key-store-password=password
+rp.auth.saml.network-connection-timeout=5000
+rp.auth.saml.network-read-timeout=10000
+rp.auth.saml.signed-requests=false
+rp.auth.saml.active-key-name=sp-signing-key
+rp.auth.saml.prefix=saml/sp
+
+rp.amqp.addresses=amqp://\${rp.amqp.user}:\${rp.amqp.pass}@\${rp.amqp.host}:\${rp.amqp.port}
+rp.amqp.base-vhost=/
+rp.amqp.host=rabbitmq
+rp.amqp.port=5672
+rp.amqp.user=
+rp.amqp.pass=
+
+# ReportPortal file storage configuration
+datastore.path=/data/storage
+datastore.type:=minio
+datastore.endpoint= http://play.min.io
+datastore.accessKey=
+datastore.secretKey=
+datastore.bucketPrefix= prj-
+datastore.bucketPostfix=
+datastore.defaultBucketName= rp-bucket
+datastore.region=us-west-1

src/main/resources/application.yaml → src/main/resources/application.yaml.bkp

@@ -1,8 +1,8 @@
 server:
   port: 9999
-  use-forward-headers: true
   servlet:
     context-path: /
+  forward-headers-strategy: native
 spring:
   application:
     name: uat