From bfd0d923c4d8749fb6f2dbafd974f4370047327e Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Thu, 9 Nov 2023 10:44:33 +0100 Subject: [PATCH 1/5] chore: TRACEFOSS-XXX update SecurityConfig to not use deprecated methods --- .../common/config/SecurityConfig.java | 22 ++++++++++--------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/config/SecurityConfig.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/config/SecurityConfig.java index e8338df155..ca5d36a0d1 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/config/SecurityConfig.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/common/config/SecurityConfig.java @@ -26,8 +26,10 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.Customizer; import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity; import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; import org.springframework.security.web.SecurityFilterChain; import org.springframework.web.cors.CorsConfiguration; import org.springframework.web.cors.CorsConfigurationSource; @@ -67,12 +69,12 @@ public class SecurityConfig { @Bean SecurityFilterChain securityFilterChain(final HttpSecurity httpSecurity) throws Exception { - httpSecurity.httpBasic().disable(); - httpSecurity.formLogin().disable(); - httpSecurity.logout().disable(); - httpSecurity.anonymous().disable(); - httpSecurity.csrf().disable(); - httpSecurity.cors(); + httpSecurity.httpBasic(AbstractHttpConfigurer::disable); + httpSecurity.formLogin(AbstractHttpConfigurer::disable); + httpSecurity.logout(AbstractHttpConfigurer::disable); + httpSecurity.anonymous(AbstractHttpConfigurer::disable); + httpSecurity.csrf(AbstractHttpConfigurer::disable); + httpSecurity.cors(Customizer.withDefaults()); httpSecurity.authorizeHttpRequests(auth -> auth @@ -81,10 +83,10 @@ SecurityFilterChain securityFilterChain(final HttpSecurity httpSecurity) throws .anyRequest() .authenticated()); - httpSecurity.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer.jwt() - .jwtAuthenticationConverter( - new JwtAuthenticationTokenConverter(resourceClient))) - .oauth2Client(); + httpSecurity.oauth2ResourceServer(oauth2ResourceServer -> oauth2ResourceServer.jwt((jwt) -> jwt.jwtAuthenticationConverter( + new JwtAuthenticationTokenConverter(resourceClient))) + ) + .oauth2Client(Customizer.withDefaults()); return httpSecurity.build(); } From 3ea1e486bd678d81b07575649cd45a5974e2c32c Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Thu, 9 Nov 2023 11:01:29 +0100 Subject: [PATCH 2/5] chore: TRACEFOSS-XXX remove unused parameter --- .../traceability/assets/domain/base/AssetRepository.java | 2 +- .../assets/domain/base/service/AbstractAssetBaseService.java | 2 +- .../asbuilt/repository/AssetAsBuiltRepositoryImpl.java | 2 +- .../asplanned/repository/AssetAsPlannedRepositoryImpl.java | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/AssetRepository.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/AssetRepository.java index ff24f19be5..5a1b98f429 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/AssetRepository.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/AssetRepository.java @@ -34,7 +34,7 @@ public interface AssetRepository { List getAssetsById(List assetIds); - AssetBase getAssetByChildId(String assetId, String childId); + AssetBase getAssetByChildId(String childId); PageResult getAssets(Pageable pageable, SearchCriteria searchCriteria); diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/service/AbstractAssetBaseService.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/service/AbstractAssetBaseService.java index 800a9da1d7..77a6cc8664 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/service/AbstractAssetBaseService.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/domain/base/service/AbstractAssetBaseService.java @@ -143,7 +143,7 @@ public List getAssetsById(List assetIds) { @Override public AssetBase getAssetByChildId(String assetId, String childId) { - return getAssetRepository().getAssetByChildId(assetId, childId); + return getAssetRepository().getAssetByChildId(childId); } @Override diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asbuilt/repository/AssetAsBuiltRepositoryImpl.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asbuilt/repository/AssetAsBuiltRepositoryImpl.java index 768e877715..d60024bdc4 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asbuilt/repository/AssetAsBuiltRepositoryImpl.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asbuilt/repository/AssetAsBuiltRepositoryImpl.java @@ -72,7 +72,7 @@ public List getAssetsById(List assetIds) { } @Override - public AssetBase getAssetByChildId(String assetId, String childId) { + public AssetBase getAssetByChildId(String childId) { return jpaAssetAsBuiltRepository.findById(childId) .map(AssetAsBuiltEntity::toDomain) .orElseThrow(() -> new AssetNotFoundException("Child Asset Not Found")); diff --git a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/repository/AssetAsPlannedRepositoryImpl.java b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/repository/AssetAsPlannedRepositoryImpl.java index 49871a42d6..ad92fa0280 100644 --- a/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/repository/AssetAsPlannedRepositoryImpl.java +++ b/tx-backend/src/main/java/org/eclipse/tractusx/traceability/assets/infrastructure/asplanned/repository/AssetAsPlannedRepositoryImpl.java @@ -68,7 +68,7 @@ public List getAssetsById(List assetIds) { } @Override - public AssetBase getAssetByChildId(String assetId, String childId) { + public AssetBase getAssetByChildId(String childId) { return jpaAssetAsPlannedRepository.findById(childId).map(AssetAsPlannedEntity::toDomain) .orElseThrow(() -> new AssetNotFoundException("Child Asset Not Found")); } From 009a8dd3165066ac7e0b2d331a333fadbc43b5c7 Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Thu, 9 Nov 2023 11:13:47 +0100 Subject: [PATCH 3/5] Revert "chore: TRACEFOSS-XXX add correct resource request" This reverts commit 3de4645a2290ed368a97f516c7ce967d63f8670a. --- .../traceability-foss/charts/frontend/values.yaml | 13 +++---------- charts/traceability-foss/values.yaml | 14 ++++---------- 2 files changed, 7 insertions(+), 20 deletions(-) diff --git a/charts/traceability-foss/charts/frontend/values.yaml b/charts/traceability-foss/charts/frontend/values.yaml index 3fbc0acd4f..732329d4a3 100644 --- a/charts/traceability-foss/charts/frontend/values.yaml +++ b/charts/traceability-foss/charts/frontend/values.yaml @@ -60,10 +60,7 @@ serviceAccount: podAnnotations: { } -podSecurityContext: - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault +podSecurityContext: { } # fsGroup: 2000 # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm @@ -71,12 +68,8 @@ podSecurityContext: securityContext: allowPrivilegeEscalation: false runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 3000 - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false + runAsUser: 101 + # runAsGroup: 3000 service: type: ClusterIP diff --git a/charts/traceability-foss/values.yaml b/charts/traceability-foss/values.yaml index 082b1cd331..1746f2aff2 100644 --- a/charts/traceability-foss/values.yaml +++ b/charts/traceability-foss/values.yaml @@ -78,22 +78,16 @@ frontend: podAnnotations: {} - podSecurityContext: - runAsUser: 10001 - seccompProfile: - type: RuntimeDefault + podSecurityContext: {} + # fsGroup: 2000 # Following Catena-X Helm Best Practices @url: https://catenax-ng.github.io/docs/kubernetes-basics/helm # @url: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod securityContext: allowPrivilegeEscalation: false runAsNonRoot: true - runAsUser: 10001 - runAsGroup: 3000 - capabilities: - drop: - - ALL - readOnlyRootFilesystem: false + runAsUser: 101 + # runAsGroup: 3000 service: type: ClusterIP From 76bcb50b1a46920989b711e47b87fd01f862ee8e Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Thu, 9 Nov 2023 12:55:37 +0100 Subject: [PATCH 4/5] chore: TRACEFOSS-XXX remove unused parameter --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index ff2ffde4da..3f43c115ab 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). - Frontend adapt to backend api changes for activeAlerts and activeInvestigations - Reconfigured all docker images user settings - Adapted memory / cpu requests and limits in default values helm file +- Migrate to not deprecated methods in HTTP security ### Removed From 50cf209aebf68037a3d9d5e8fe93a375b55bd482 Mon Sep 17 00:00:00 2001 From: ds-lcapellino Date: Thu, 9 Nov 2023 15:21:12 +0100 Subject: [PATCH 5/5] chore: TRACEFOSS-XXX update chart-testing-action --- .github/workflows/helm-test.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm-test.yaml b/.github/workflows/helm-test.yaml index 950748c519..4dc5255e5c 100644 --- a/.github/workflows/helm-test.yaml +++ b/.github/workflows/helm-test.yaml @@ -71,7 +71,7 @@ jobs: version: v3.9.3 - name: Set up chart-testing - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@v2.6.1 - name: Run chart-testing (list-changed) id: list-changed