From 433701c4b4ec002ba24b1b00fa61412ee2e32549 Mon Sep 17 00:00:00 2001 From: Aliaksandr Stsiapanay Date: Fri, 20 Oct 2023 19:05:11 +0300 Subject: [PATCH] feat: Add github actions (#2) Co-authored-by: Aliaksandr Stsiapanay --- .github/pr-title-checker-config.json | 14 + .github/workflows/integration_tests.yml | 12 + .github/workflows/pr_check_tests.yml | 16 ++ .github/workflows/release.yml | 13 + .gitlab-ci.yml | 257 ------------------ Dockerfile | 32 ++- README.md | 4 +- build.gradle | 96 ++----- dependency-check-suppression-file.xml | 10 - gradle.properties | 25 -- gradle/wrapper/gradle-wrapper.properties | 2 +- helm/development.yaml | 47 ---- helm/review.yaml | 45 --- ort.yml | 1 + settings.gradle | 2 +- spotbugs-excludes.xml | 50 ---- .../epam/aidial/auth/helper/AuthProxy.java | 12 - .../helper/controllers/UserController.java | 2 +- .../controllers/WellKnownController.java | 2 +- .../helper/utils/LoggingConfigurator.java | 52 ---- .../epam/aidial/auth/helper/utils/Utils.java | 6 - src/main/resources/{config => }/gflog.xml | 4 - 22 files changed, 104 insertions(+), 600 deletions(-) create mode 100644 .github/pr-title-checker-config.json create mode 100644 .github/workflows/integration_tests.yml create mode 100644 .github/workflows/pr_check_tests.yml create mode 100644 .github/workflows/release.yml delete mode 100644 .gitlab-ci.yml delete mode 100644 dependency-check-suppression-file.xml delete mode 100644 gradle.properties delete mode 100644 helm/development.yaml delete mode 100644 helm/review.yaml create mode 100644 ort.yml delete mode 100644 spotbugs-excludes.xml delete mode 100644 src/main/java/com/epam/aidial/auth/helper/utils/LoggingConfigurator.java rename src/main/resources/{config => }/gflog.xml (70%) diff --git a/.github/pr-title-checker-config.json b/.github/pr-title-checker-config.json new file mode 100644 index 0000000..bd52ea3 --- /dev/null +++ b/.github/pr-title-checker-config.json @@ -0,0 +1,14 @@ +{ + "LABEL": { + "name": "", + "color": "EEEEEE" + }, + "CHECKS": { + "prefixes": ["fix: ", "feat: ", "feature: ", "chore: ", "hotfix: "] + }, + "MESSAGES": { + "success": "All OK", + "failure": "Missing prefix", + "notice": "" + } +} diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml new file mode 100644 index 0000000..44ae689 --- /dev/null +++ b/.github/workflows/integration_tests.yml @@ -0,0 +1,12 @@ +name: Integration tests + +on: + pull_request: + branches: [ development, release-* ] + issue_comment: + types: [created] + +jobs: + integration_tests: + uses: epam/ai-dial-ci/.github/workflows/trigger_integration_tests.yml@0.1.0 + secrets: inherit diff --git a/.github/workflows/pr_check_tests.yml b/.github/workflows/pr_check_tests.yml new file mode 100644 index 0000000..0861737 --- /dev/null +++ b/.github/workflows/pr_check_tests.yml @@ -0,0 +1,16 @@ +name: Code checks - tests + +on: + pull_request: + branches: + - development + - release-* + +jobs: + run_tests: + uses: epam/ai-dial-ci/.github/workflows/test_gradle_docker.yml@0.1.0 + secrets: inherit + with: + bypass_checks: false + java_version: 17 + java_distribution: temurin diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..0797a4c --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,13 @@ +name: Release version + +on: + push: + branches: [ development, release-* ] + +env: + IMAGE_NAME: ${{ github.repository }} + +jobs: + release: + uses: epam/ai-dial-ci/.github/workflows/publish_gradle_docker.yml@0.1.0 + secrets: inherit diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml deleted file mode 100644 index 66f7f60..0000000 --- a/.gitlab-ci.yml +++ /dev/null @@ -1,257 +0,0 @@ -include: - - template: Jobs/Container-Scanning.gitlab-ci.yml - - project: Gitlab/ci - ref: 0.2.22 - file: helm/helm-environment.gitlab-ci.yml - -variables: - DOCKER_PATH: "ai/dial/dial-authproxy" - DOCKER_REGISTRY_SERVER: "registry-dev.deltixhub.com" - HELM_REPO: https://nexus.deltixhub.com/repository/epm-rtc-helm - SECRET_NAME: "epm-rtc-registry-dev" - CHART: "dial-application" # Helm chart name, e.g. "gitlab-runner" - VERSION: "0.1.2" # Helm chart version - NAMESPACE: ${CI_PROJECT_NAME} - HELM_EXTRA_ARGS: "-f ${HELM_SECRET_FILE}" - RELEASE: ${CI_PROJECT_NAME} - DOCKERFILE_PATH: "./src/main/docker" - - development_ENV_ID: "staging" - development_HELM_VALUES_FILE: "helm/development.yaml" - development_ENV_URL: "https://dial-authproxy.staging.deltixhub.io" - development_AWS_ACCESS_KEY_ID: ${staging_AWS_ACCESS_KEY_ID} - development_AWS_SECRET_ACCESS_KEY: ${staging_AWS_SECRET_ACCESS_KEY} - - staging_DEPLOY_ENV: "false" - - review_DEPLOY_ENV: "true" - review_ENV_ID: "staging" - review_HELM_VALUES_FILE: "helm/review.yaml" - review_ENV_URL: "https://${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID}.staging.deltixhub.io" - review_HELM_CUSTOM_VALUES: "ingress.hosts[0]=${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID}.staging.deltixhub.io,fullnameOverride=mr-${CI_MERGE_REQUEST_IID},image.tag=mr-${CI_MERGE_REQUEST_IID},env.SERVER_HOSTURL=mr-${CI_MERGE_REQUEST_IID}.${NAMESPACE}" - review_RELEASE: ${CI_PROJECT_NAME}-mr-${CI_MERGE_REQUEST_IID} - review_SECRET_NAME: "epm-rtc-registry-test" - review_DOCKER_REGISTRY_SERVER: "registry-test.deltixhub.com" - - JAVA_IMAGE: registry-dev.deltixhub.com/gitlabci.docker/openjdk11-gradle:7.4.2 - PROJECT_NAME: "dial-auth-proxy" - -stages: - - tag - - build - - publish # publush docker images - - deploy - - promote # copy docker image to public repo - - production # Stage name used in include. Not used. ToDo - delete this - -deploy_development: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == "development" - -destroy_development: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: $CI_COMMIT_BRANCH == "development" - when: manual - allow_failure: true - -deploy_staging: - stage: deploy - -destroy_staging: - stage: deploy - -deploy_review: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && $review_DEPLOY_ENV == "true"' - -destroy_review: - image: "registry.deltixhub.com/deltix.docker/devops/kubernetes-tools:0.17.1" - stage: deploy - rules: - - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development" && $review_DEPLOY_ENV == "true"' - when: manual - allow_failure: true - -"Build Java": - stage: build - image: ${JAVA_IMAGE} - script: - - ./gradlew build --parallel - artifacts: - expire_in: 1 day - paths: - - build/distributions/aidial-auth-helper-*.tar - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - rules: - - if: $CI_COMMIT_TAG - - if: $CI_COMMIT_BRANCH == "development" - - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development"' - tags: - - AWS - - DockerExecutor - -publish: - image: dockerhub.deltixhub.com/docker:23.0.6 - stage: publish - variables: - DOCKER_HOST: tcp://docker:2375 - DOCKER_TLS_CERTDIR: "" - cache: {} - services: - - docker:23.0.6-dind - before_script: - - mkdir -p $HOME/.docker - # Use DOCKER_AUTH_CONFIG for login to deltix repo - - echo $DOCKER_AUTH_CONFIG > $HOME/.docker/config.json - script: - - imageUrl=$REPOSITORY/${DOCKER_PATH} - - docker build -t $imageUrl:${DOCKER_TAG} -t $imageUrl:${DOCKER_ADDITIONAL_TAG} . - - docker push $imageUrl:${DOCKER_TAG} - - docker push $imageUrl:${DOCKER_ADDITIONAL_TAG} - rules: - - if: $CI_COMMIT_TAG - variables: - DOCKER_TAG: ${CI_COMMIT_TAG} - DOCKER_ADDITIONAL_TAG: latest - REPOSITORY: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY} - - if: $CI_COMMIT_BRANCH == "development" - variables: - DOCKER_TAG: ${CI_COMMIT_REF_SLUG} - DOCKER_ADDITIONAL_TAG: alpha - REPOSITORY: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY} - - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "development"' - variables: - DOCKER_TAG: gitlab-mr${CI_MERGE_REQUEST_ID} - DOCKER_ADDITIONAL_TAG: mr-${CI_MERGE_REQUEST_IID} - REPOSITORY: ${ARTIFACTORY_DOCKER_TEST_REPOSITORY} - tags: - - AWS - - DockerExecutor - -"Tag branch": - image: alpine/git:v2.32.0 - stage: tag - script: - - ver=$(echo -n $CI_COMMIT_REF_NAME | cut -f 2 -d '-') || ver=0.0 - - minor_tag=$(git describe --abbrev=0 --tags | cut -f 3 -d '.') || minor_tag=0 - - release_tag=${ver}.$(( minor_tag+1 )) - - git remote set-url origin https://$GITLAB_ROBOT_NAME:$GITLAB_ROBOT_PUSH_TOKEN@$CI_SERVER_HOST/$CI_PROJECT_PATH.git - - git config user.name $GITLAB_ROBOT_NAME - - git config user.email ${GITLAB_ROBOT_EMAIL} - - git diff --quiet && git diff --staged --quiet || git commit -am "RobotBuild ${release_tag}" - - git tag ${release_tag} - - git push origin HEAD:${CI_COMMIT_REF_NAME} --tags - dependencies: [] - rules: - - if: "$CI_COMMIT_REF_SLUG =~ /^release-/ && $CI_COMMIT_MESSAGE !~ /^RobotBuild/" - tags: - - kubernetes - -container_scanning: - stage: promote - variables: - GIT_STRATEGY: none - CS_IMAGE: ${ARTIFACTORY_DOCKER_DEV_REPOSITORY}/${DOCKER_PATH}:$CI_COMMIT_TAG - CS_REGISTRY_USER: ${ARTIFACTORY_USER} - CS_REGISTRY_PASSWORD: ${ARTIFACTORY_PASS} - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -### Copy frontend and backend docker images to public repository. Run on git tag manually -promote: - image: dockerhub.deltixhub.com/curlimages/curl:7.88.1 - stage: promote - variables: - GIT_STRATEGY: none - script: - - 'curl --retry 6 --retry-all-errors --no-progress-meter --fail -X POST "${ARTIFACTORY_URL}/api/docker/epm-rtc-docker/v2/promote" -H "Content-Type: application/json" -u${ARTIFACTORY_USER}:${ARTIFACTORY_PASS} -d ''{ "targetRepo": "epm-rtc-public-docker", "dockerRepository": "''"${DOCKER_PATH}"''", "tag" : "''"$CI_COMMIT_TAG"''", "copy": true }''' - - > - if [ ! -z "$DOCKER_ADDITIONAL_TAG" ]; then - curl --retry 6 --retry-all-errors --no-progress-meter --fail -X POST "${ARTIFACTORY_URL}/api/docker/epm-rtc-docker/v2/promote" -H "Content-Type: application/json" -u${ARTIFACTORY_USER}:${ARTIFACTORY_PASS} -d '{ "targetRepo": "epm-rtc-public-docker", "dockerRepository": '\"${DOCKER_PATH}\"', "tag" : '\"$DOCKER_ADDITIONAL_TAG\"', "copy": true }'; - fi - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - when: manual - variables: - DOCKER_ADDITIONAL_TAG: latest - tags: - - AWS - - DockerExecutor - -"Dependency Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: -# - ./gradlew -PfailOnHighCVSS=true dependencyCheckAggregate - - ./gradlew dependencyCheckAggregate - artifacts: - paths: - - build/reports/dependency-check-report.html - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -"Static Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: -# - ./gradlew -PfailOnSpotBugs check -x test - - ./gradlew check -x test --parallel - - ./gradlew collectSpotbugs - artifacts: - paths: - - build/reports/spotbugs - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor - -"License Check: Java": - stage: promote - image: ${JAVA_IMAGE} - script: - - ./gradlew downloadLicenses - artifacts: - paths: - - build/reports/license/license-dependency.html - cache: - key: ${PROJECT_NAME}"-gradle-java" - paths: - - /root/.gradle/caches - policy: pull-push - dependencies: [] - rules: - - if: $CI_COMMIT_TAG - tags: - - AWS - - DockerExecutor \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index 0ac4c36..faa71d1 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,15 +1,27 @@ -FROM amazoncorretto:11-alpine3.17 +FROM gradle:8.3.0-jdk17-alpine as cache +WORKDIR /home/gradle/src +ENV GRADLE_USER_HOME /cache +COPY build.gradle settings.gradle ./ +RUN gradle --no-daemon build --stacktrace -ADD ./build/distributions/aidial-auth-helper-*.tar /opt/epam/aidial/ -RUN mv /opt/epam/aidial/aidial-auth-helper-*/* /opt/epam/aidial/ -RUN rmdir /opt/epam/aidial/aidial-auth-helper-* +FROM gradle:8.3.0-jdk17-alpine as builder +COPY --from=cache /cache /home/gradle/.gradle +COPY --chown=gradle:gradle . /home/gradle/src +WORKDIR /home/gradle/src +RUN gradle --no-daemon build --stacktrace -PdisableCompression=true +RUN mkdir /build && tar -xf /home/gradle/src/build/distributions/aidial-auth-helper-*.tar --strip-components=1 -C /build -RUN addgroup -S aidial --gid 1801 \ - && adduser -D -H -S aidial -G aidial -u 1801 \ - && chown aidial:aidial -R /opt/epam/aidial +FROM eclipse-temurin:17-jdk-alpine -USER aidial +WORKDIR /app + +RUN addgroup -S aidial --gid 1001 \ + && adduser -D -H -S aidial -G aidial -u 1001 + +COPY --from=builder --chown=aidial:aidial /build/ . -WORKDIR /opt/epam/aidial +RUN chown -R aidial:aidial /app + +USER aidial -ENTRYPOINT ["/opt/epam/aidial/bin/aidial-auth-helper"] \ No newline at end of file +ENTRYPOINT ["/app/bin/aidial-auth-helper"] \ No newline at end of file diff --git a/README.md b/README.md index 9f166a9..2a84f2b 100644 --- a/README.md +++ b/README.md @@ -25,8 +25,8 @@ Currently, AuthProxy provides two public routes: # Developer env -- Open JDK 11+ -- Gradle 7+ +- Open JDK 17+ +- Gradle 8+ # Build diff --git a/build.gradle b/build.gradle index ce1e28f..dc41045 100644 --- a/build.gradle +++ b/build.gradle @@ -1,42 +1,23 @@ plugins { - id "org.owasp.dependencycheck" version "${dependencyCheckVersion}" - id "com.github.hierynomus.license" version "${licensePluginVersion}" - id "com.github.spotbugs" version "${spotbugsVersion}" id "java" id "application" id 'checkstyle' } -sourceCompatibility = 11 -targetCompatibility = 11 +sourceCompatibility = 17 +targetCompatibility = 17 group = 'com.epam.aidial' version = '1.0.0' -configurations { - integrationTestImplementation.extendsFrom(testImplementation) - integrationTestRuntimeOnly.extendsFrom(testRuntimeOnly) - all*.exclude group: "ch.qos.logback" - all*.exclude group: "org.springframework", module: "spring-jcl" - all*.exclude group: "org.springframework.boot", module: "spring-boot-starter-logging" +java { + toolchain { + languageVersion = JavaLanguageVersion.of(17) + } } checkstyle { configDirectory = file("$rootProject.projectDir/checkstyle") - toolVersion '9.3'; // your choice here -} - -license { - exclude "**/*" - skipExistingHeaders true - ignoreFailures true -} - -jar { - manifest { - attributes 'Implementation-Title': "${projectTitle}", - 'Implementation-Version': archiveVersion - } } application { @@ -49,62 +30,25 @@ repositories { dependencies { - compileOnly("com.google.code.findbugs:annotations:${findbugsAnnotationsVersion}") - - // http://find-sec-bugs.github.io - spotbugsPlugins "com.h3xstream.findsecbugs:findsecbugs-plugin:${findSecBugsVersion}" + implementation("com.epam.deltix:gflog-core:3.0.4") + implementation("com.epam.deltix:gflog-jcl:3.0.4") + implementation("com.epam.deltix:gflog-jul:3.0.4") + implementation("com.epam.deltix:gflog-slf4j:3.0.4") - implementation("com.epam.deltix:gflog-core:${gflogVersion}") - implementation("com.epam.deltix:gflog-jcl:${gflogVersion}") - implementation("com.epam.deltix:gflog-jul:${gflogVersion}") - implementation("com.epam.deltix:gflog-slf4j:${gflogVersion}") + implementation("javax.ws.rs:javax.ws.rs-api:2.1.1") + implementation("jakarta.validation:jakarta.validation-api:2.0.2") - implementation("javax.ws.rs:javax.ws.rs-api:${rsVersion}") - implementation("jakarta.validation:jakarta.validation-api:${jakartaValidationVersion}") + constraints { + implementation('org.yaml:snakeyaml:2.2') { + because 'previous version 1.33 has security issue CVE-2022-1471' + } + } - implementation("org.springframework.boot:spring-boot-starter-web:${springBootVersion}") - implementation("org.springframework.security.oauth:spring-security-oauth2:${springSecurityOAuthVersion}") - implementation("org.springframework.security:spring-security-jwt:1.1.0.RELEASE") // override old one from jwk-token-store + implementation("org.springframework.boot:spring-boot-starter-web:3.1.3") implementation("com.auth0:java-jwt:4.4.0") - implementation("com.auth0:jwks-rsa:0.22.0") + implementation("com.auth0:jwks-rsa:0.22.1") - runtimeOnly("org.glassfish.jersey.core:jersey-common:${glassfishVersion}") - - testImplementation("junit:junit:${junitVersion}") - testImplementation("com.tngtech.java:junit-dataprovider:${junitDataproviderVersion}") + testImplementation("junit:junit:4.+") testImplementation("org.mockito:mockito-core:5.5.0") -} - -dependencyCheck { - if (project.hasProperty("failOnHighCVSS") && project.getProperty("failOnHighCVSS") == 'true') { - failBuildOnCVSS = 7 - } - skipProjects = [] - suppressionFile = file("$rootDir/dependency-check-suppression-file.xml") - skipConfigurations = [ "luminary" ] - analyzers { - assemblyEnabled = false - } -} - -spotbugs { - effort = "max" - reportLevel = "medium" - ignoreFailures = project.findProperty('failOnSpotBugs') == null // gradle -PfailOnSpotBugs .. - //sourceSets = sourceSets.main // exclude tests - excludeFilter = file("$rootDir/spotbugs-excludes.xml") -} - -task collectSpotbugs(type: Copy) { - from "$project.buildDir/reports/spotbugs/main.html" - into "$rootProject.buildDir/reports/spotbugs" - rename { String fileName -> "${project.name}.html" } -} - -tasks.withType(com.github.spotbugs.snom.SpotBugsTask) { - reports { - xml.required = false - html.required = true - } } \ No newline at end of file diff --git a/dependency-check-suppression-file.xml b/dependency-check-suppression-file.xml deleted file mode 100644 index a032aef..0000000 --- a/dependency-check-suppression-file.xml +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - 7 - - diff --git a/gradle.properties b/gradle.properties deleted file mode 100644 index a833554..0000000 --- a/gradle.properties +++ /dev/null @@ -1,25 +0,0 @@ -# Project variables -projectName=aidial-auth-helper -projectTitle=AI Dial Auth Helper - -# Dependencies -findbugsAnnotationsVersion=3.0.1 -gflogVersion=3.0.4 -glassfishVersion=2.39.1 -jakartaValidationVersion=2.0.2 -rsVersion=2.1.1 -springBootVersion=2.3.12.RELEASE -springSecurityOAuthVersion=2.3.4.RELEASE -junitVersion=4.+ -junitDataproviderVersion=1.13.1 - -# Plugins -# https://jeremylong.github.io/DependencyCheck/dependency-check-gradle/index.html -dependencyCheckVersion=8.2.1 -dockerApiVersion=3.2.8 -# https://github.com/hierynomus/license-gradle-plugin -licensePluginVersion=0.16.1 -# https://github.com/spotbugs/spotbugs-gradle-plugin -spotbugsVersion=5.0.14 -# http://find-sec-bugs.github.io -findSecBugsVersion=1.12.0 diff --git a/gradle/wrapper/gradle-wrapper.properties b/gradle/wrapper/gradle-wrapper.properties index aa991fc..db9a6b8 100644 --- a/gradle/wrapper/gradle-wrapper.properties +++ b/gradle/wrapper/gradle-wrapper.properties @@ -1,5 +1,5 @@ distributionBase=GRADLE_USER_HOME distributionPath=wrapper/dists -distributionUrl=https\://services.gradle.org/distributions/gradle-7.4.2-bin.zip +distributionUrl=https\://services.gradle.org/distributions/gradle-8.3-bin.zip zipStoreBase=GRADLE_USER_HOME zipStorePath=wrapper/dists diff --git a/helm/development.yaml b/helm/development.yaml deleted file mode 100644 index 9973aa8..0000000 --- a/helm/development.yaml +++ /dev/null @@ -1,47 +0,0 @@ -image: - pullPolicy: Always - registry: registry-dev.deltixhub.com - repository: ai/dial/dial-authproxy - tag: development - pullSecrets: - - epm-rtc-registry-dev - - -fullnameOverride: "dial-authproxy" - -containerPorts: - http: 4088 - -containerSecurityContext: - runAsUser: 1801 - -podSecurityContext: - fsGroup: 1801 - -podAnnotations: - autorestart: '{{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC" }}' - -ingress: - enabled: true - ingressClassName: alb - annotations: - alb.ingress.kubernetes.io/scheme: "internet-facing" - alb.ingress.kubernetes.io/target-type: "ip" - alb.ingress.kubernetes.io/backend-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-path: "/aiproxy/status200" - alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5" - alb.ingress.kubernetes.io/healthy-threshold-count: "2" - alb.ingress.kubernetes.io/target-group-attributes: "stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400" - alb.ingress.kubernetes.io/load-balancer-attributes: "routing.http2.enabled=true" - alb.ingress.kubernetes.io/listen-ports: '[{ "HTTP" : 80, "HTTPS" : 443 }]' - alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" - alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-north-1:725751206603:certificate/373e8fd1-088e-4022-adf1-5f3e7820fb4a" - alb.ingress.kubernetes.io/ssl-redirect: "443" - alb.ingress.kubernetes.io/group.name: "allow-all" - hosts: - - dial-authproxy.staging.deltixhub.io - -env: - SERVER_HOSTURL: "https://dial-authproxy.staging.deltixhub.io" - OAUTH2_PROVIDERURI: "https://kc.staging.deltixhub.io/realms/DIAL" diff --git a/helm/review.yaml b/helm/review.yaml deleted file mode 100644 index 44472e5..0000000 --- a/helm/review.yaml +++ /dev/null @@ -1,45 +0,0 @@ -image: - pullPolicy: Always - registry: registry-test.deltixhub.com - repository: ai/dial/dial-authproxy -# tag: development - pullSecrets: - - epm-rtc-registry-test - - -containerPorts: - http: 4088 - -containerSecurityContext: - runAsUser: 1801 - -podSecurityContext: - fsGroup: 1801 - -podAnnotations: - autorestart: '{{ dateInZone "2006-01-02 15:04:05Z" (now) "UTC" }}' - -ingress: - enabled: true - ingressClassName: alb - annotations: - alb.ingress.kubernetes.io/scheme: "internet-facing" - alb.ingress.kubernetes.io/target-type: "ip" - alb.ingress.kubernetes.io/backend-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-path: "/aiproxy/status200" - alb.ingress.kubernetes.io/healthcheck-protocol: "HTTP" - alb.ingress.kubernetes.io/healthcheck-timeout-seconds: "5" - alb.ingress.kubernetes.io/healthy-threshold-count: "2" - alb.ingress.kubernetes.io/target-group-attributes: "stickiness.enabled=true,stickiness.lb_cookie.duration_seconds=86400" - alb.ingress.kubernetes.io/load-balancer-attributes: "routing.http2.enabled=true" - alb.ingress.kubernetes.io/listen-ports: '[{ "HTTP" : 80, "HTTPS" : 443 }]' - alb.ingress.kubernetes.io/ssl-policy: "ELBSecurityPolicy-TLS-1-2-Ext-2018-06" - alb.ingress.kubernetes.io/certificate-arn: "arn:aws:acm:eu-north-1:725751206603:certificate/373e8fd1-088e-4022-adf1-5f3e7820fb4a" - alb.ingress.kubernetes.io/ssl-redirect: "443" - alb.ingress.kubernetes.io/group.name: "allow-all" - hosts: - - dial-proxy.staging.deltixhub.io - -env: - OAUTH2_PROVIDERURI: "https://kc.staging.deltixhub.io/realms/DIAL" - # SERVER_HOSTURL: "http://dial-authproxy.dial-authproxy" \ No newline at end of file diff --git a/ort.yml b/ort.yml new file mode 100644 index 0000000..8d59faa --- /dev/null +++ b/ort.yml @@ -0,0 +1 @@ +--- {} \ No newline at end of file diff --git a/settings.gradle b/settings.gradle index ae82b0c..5e92654 100644 --- a/settings.gradle +++ b/settings.gradle @@ -1 +1 @@ -rootProject.name = "${projectName}" +rootProject.name = "aidial-auth-helper" diff --git a/spotbugs-excludes.xml b/spotbugs-excludes.xml deleted file mode 100644 index c05a5b2..0000000 --- a/spotbugs-excludes.xml +++ /dev/null @@ -1,50 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - \ No newline at end of file diff --git a/src/main/java/com/epam/aidial/auth/helper/AuthProxy.java b/src/main/java/com/epam/aidial/auth/helper/AuthProxy.java index ff79d39..58159ab 100644 --- a/src/main/java/com/epam/aidial/auth/helper/AuthProxy.java +++ b/src/main/java/com/epam/aidial/auth/helper/AuthProxy.java @@ -1,12 +1,9 @@ package com.epam.aidial.auth.helper; -import com.epam.aidial.auth.helper.utils.LoggingConfigurator; -import com.epam.deltix.gflog.api.LogFactory; import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.security.servlet.SecurityAutoConfiguration; -import org.springframework.boot.logging.LoggingSystem; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.scheduling.TaskScheduler; @@ -19,15 +16,6 @@ @EnableScheduling @ComponentScan({"com.epam.aidial.auth.helper"}) public class AuthProxy { - static { - try { - System.setProperty(LoggingSystem.SYSTEM_PROPERTY, LoggingSystem.NONE); - LoggingConfigurator.configure(AuthProxy.class, "logs/auth-proxy.log"); - LogFactory.getLog(AuthProxy.class).info().append("GFLog initialized").commit(); - } catch (final Exception e) { - throw new IllegalStateException(e); - } - } public static void main(String[] args) { SpringApplication.run(AuthProxy.class, args); diff --git a/src/main/java/com/epam/aidial/auth/helper/controllers/UserController.java b/src/main/java/com/epam/aidial/auth/helper/controllers/UserController.java index dc35cff..2f3ed23 100644 --- a/src/main/java/com/epam/aidial/auth/helper/controllers/UserController.java +++ b/src/main/java/com/epam/aidial/auth/helper/controllers/UserController.java @@ -48,7 +48,7 @@ public ResponseEntity getUserInfo(@RequestHeader("Authorization") String UserInfoDto userInfo = authProvider.getUserInfo(token); return new ResponseEntity<>(userInfo, HttpStatus.OK); } catch (Throwable e) { - LOG.warn().append(e).commit(); + LOG.warn("error occurred at getting user info: %s").with(e); final HttpStatus status = ExceptionToHttpStatusConverter.getStatus(e); final ErrorDto errorDto = ExceptionToErrorDtoConverter.getErrorDto(e); diff --git a/src/main/java/com/epam/aidial/auth/helper/controllers/WellKnownController.java b/src/main/java/com/epam/aidial/auth/helper/controllers/WellKnownController.java index 4009171..4a9cbcb 100644 --- a/src/main/java/com/epam/aidial/auth/helper/controllers/WellKnownController.java +++ b/src/main/java/com/epam/aidial/auth/helper/controllers/WellKnownController.java @@ -61,7 +61,7 @@ public ResponseEntity getOpenIdConfiguration() { } catch (RestClientResponseException e) { return new ResponseEntity<>(e.getResponseBodyAsString(), HttpStatus.valueOf(e.getRawStatusCode())); } catch (Throwable e) { - LOG.warn().append(e).commit(); + LOG.warn("error occured at getting OpenId configuration: %s").with(e); final HttpStatus status = ExceptionToHttpStatusConverter.getStatus(e); final ErrorDto errorDto = ExceptionToErrorDtoConverter.getErrorDto(e); diff --git a/src/main/java/com/epam/aidial/auth/helper/utils/LoggingConfigurator.java b/src/main/java/com/epam/aidial/auth/helper/utils/LoggingConfigurator.java deleted file mode 100644 index 343ebd4..0000000 --- a/src/main/java/com/epam/aidial/auth/helper/utils/LoggingConfigurator.java +++ /dev/null @@ -1,52 +0,0 @@ -package com.epam.aidial.auth.helper.utils; - -import com.epam.deltix.gflog.core.LogConfigurator; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.InputStream; -import java.net.URL; - -public final class LoggingConfigurator { - public static void configure(Class clazz, String defaultPath) throws Exception { - final String configurationFile = System.getProperty("gflog.configuration"); - if (configurationFile != null) { - LogConfigurator.configure(configurationFile); - return; - } - - final String targetPath = System.getProperty("gflog.fileAppender.targetPath"); - if (targetPath == null) { - System.setProperty("gflog.fileAppender.targetPath", defaultPath); - } - - final URL resource = clazz.getClassLoader().getResource("config/gflog.xml"); - if (resource == null) { - System.err.println("Logger configuration is not provided - logging will be disabled."); - return; - } - - if (resource.toString().startsWith("jar:")) { - final File file = File.createTempFile("tempfile", ".tmp"); - try (final InputStream input = resource.openStream(); final FileOutputStream output = new FileOutputStream(file)) { - int read; - byte[] buffer = new byte[0x1000]; - - while ((read = input.read(buffer)) != -1) { - output.write(buffer, 0, read); - } - } - - LogConfigurator.configure(file.toURI().toURL().getFile()); - if (!file.delete()) { - System.err.println("Cannot delete temporary file: " + file.getAbsolutePath()); - } - } else { - LogConfigurator.configure(resource.getFile()); - } - } - - public static void unconfigure() { - LogConfigurator.unconfigure(); - } -} diff --git a/src/main/java/com/epam/aidial/auth/helper/utils/Utils.java b/src/main/java/com/epam/aidial/auth/helper/utils/Utils.java index cdf7733..8fe930b 100644 --- a/src/main/java/com/epam/aidial/auth/helper/utils/Utils.java +++ b/src/main/java/com/epam/aidial/auth/helper/utils/Utils.java @@ -1,8 +1,6 @@ package com.epam.aidial.auth.helper.utils; import com.auth0.jwt.interfaces.Claim; -import org.apache.commons.codec.binary.Base64; -import org.apache.commons.codec.binary.StringUtils; public class Utils { private Utils() { @@ -21,10 +19,6 @@ public static String getTokenFromAuth(String auth) { return null; } - public static String decodeToJson(final String base64) { - return StringUtils.newStringUtf8(Base64.decodeBase64(base64)); - } - public static boolean isNullOrEmpty(String s) { return s == null || s.isEmpty(); } diff --git a/src/main/resources/config/gflog.xml b/src/main/resources/gflog.xml similarity index 70% rename from src/main/resources/config/gflog.xml rename to src/main/resources/gflog.xml index 11abcf1..da0ff40 100644 --- a/src/main/resources/config/gflog.xml +++ b/src/main/resources/gflog.xml @@ -1,15 +1,11 @@ - - - -