Merge pull request #97 from DaspawnW/bump-dependencies

Bump dependencies

.github/workflows/codeql-analysis.yml

@@ -40,31 +40,24 @@ jobs:
     - name: Checkout repository
       uses: actions/checkout@v2
 
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'zulu'
+        java-version: 17
+        cache: 'maven'
+
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
         # If you wish to specify custom queries, you can do so here or in a config file.
         # By default, queries listed here will override any specified in a config file.
         # Prefix the list here with "+" to use these queries and those in the config file.
         # queries: ./path/to/local/query, your-org/your-repo/queries@main
 
-    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v1
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 https://git.io/JvXDl
-
-    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
-    #    and modify them (or add more) to build your code if your project
-    #    uses a compiled language
-
-    #- run: |
-    #   make bootstrap
-    #   make release
+    - run: mvn -B package --file pom.xml -Dspring.profiles.active=test -DskipTests
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/maven.yaml

@@ -17,10 +17,10 @@ jobs:
           - "kindest/node:v1.22.15@sha256:7d9708c4b0873f0fe2e171e2b1b7f45ae89482617778c1c875f1053d4cef2e41"
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
 
       - name: Set up JDK 17
-        uses: actions/setup-java@v2
+        uses: actions/setup-java@v3
         with:
           distribution: 'zulu'
           java-version: 17
@@ -51,7 +51,7 @@ jobs:
     needs: test
 
     steps:
-      - uses: actions/checkout@v1
+      - uses: actions/checkout@v2
 
       - name: Set up Docker Buildx
         uses: docker/setup-buildx-action@v1

pom.xml

@@ -14,7 +14,7 @@
 	<parent>
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
-		<version>2.7.8</version>
+		<version>3.0.2</version>
 		<relativePath/> <!-- lookup parent from repository -->
 	</parent>
 
@@ -42,7 +42,7 @@
 		<dependency>
 			<groupId>org.springframework.vault</groupId>
 			<artifactId>spring-vault-core</artifactId>
-			<version>2.3.2</version>
+			<version>3.0.0</version>
 		</dependency>
 		<dependency>
 			<groupId>org.springframework.boot</groupId>
@@ -75,7 +75,7 @@
 		<dependency>
 			<groupId>com.github.tomakehurst</groupId>
 			<artifactId>wiremock</artifactId>
-			<version>2.27.2</version>
+			<version>3.0.0-beta-2</version>
 			<scope>test</scope>
 		</dependency>
 		<dependency>
@@ -103,7 +103,7 @@
 			<plugin>
 				<groupId>org.apache.maven.plugins</groupId>
 				<artifactId>maven-compiler-plugin</artifactId>
-				<version>3.8.1</version>
+				<version>3.10.1</version>
 				<configuration>
                     <release>17</release>
 					<fork>true</fork>
@@ -113,21 +113,4 @@
 		</plugins>
 	</build>
 
-
-
-	<dependencyManagement>
-		<dependencies>
-			<dependency>
-				<groupId>org.springframework.vault</groupId>
-				<artifactId>spring-vault-dependencies</artifactId>
-				<version>2.3.2</version>
-				<scope>import</scope>
-				<type>pom</type>
-			</dependency>
-		</dependencies>
-	</dependencyManagement>
-
-
-
-
 </project>

src/main/java/de/koudingspawn/vault/Constants.java

@@ -1,7 +1,11 @@
 package de.koudingspawn.vault;
 
 public class Constants {
-    public static String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm'Z'";
-    public static String COMPARE_ANNOTATION = "/compare";
-    public static String LAST_UPDATE_ANNOTATION = "/lastUpdated";
+
+    private Constants() {
+    }
+
+    public static final String DATE_FORMAT = "yyyy-MM-dd'T'HH:mm'Z'";
+    public static final String COMPARE_ANNOTATION = "/compare";
+    public static final String LAST_UPDATE_ANNOTATION = "/lastUpdated";
 }

src/main/java/de/koudingspawn/vault/admissionreview/AdmissionReviewRestService.java

@@ -3,10 +3,6 @@
 import io.fabric8.kubernetes.api.model.admission.v1.AdmissionResponse;
 import io.fabric8.kubernetes.api.model.admission.v1.AdmissionReview;
 import io.fabric8.kubernetes.api.model.admission.v1.AdmissionReviewBuilder;
-import io.fabric8.kubernetes.client.dsl.Resource;
-import io.fabric8.kubernetes.client.utils.ApiVersionUtil;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -16,8 +12,6 @@
 @RequestMapping("/validation/vault-crd")
 public class AdmissionReviewRestService {
 
-    private static final Logger log = LoggerFactory.getLogger(AdmissionReviewRestService.class);
-
     private final AdmissionReviewService admissionReviewService;
 
     public AdmissionReviewRestService(AdmissionReviewService admissionReviewService) {

src/main/java/de/koudingspawn/vault/crd/Vault.java

@@ -55,7 +55,7 @@ public boolean modifyHandlerEquals(Object o) {
 
             HashMap<String, String> annotations = new HashMap<>(getMetadata().getAnnotations());
             annotations.remove("kubectl.kubernetes.io/last-applied-configuration");
-            if (!Objects.equals(vaultAnnotations, annotations)) return false;
+            return Objects.equals(vaultAnnotations, annotations);
         }
 
 

src/main/java/de/koudingspawn/vault/crd/VaultList.java

@@ -1,6 +1,6 @@
 package de.koudingspawn.vault.crd;
 
-import io.fabric8.kubernetes.client.CustomResourceList;
+import io.fabric8.kubernetes.api.model.DefaultKubernetesResourceList;
 
-public class VaultList extends CustomResourceList<Vault> {
+public class VaultList extends DefaultKubernetesResourceList<Vault> {
 }

src/main/java/de/koudingspawn/vault/kubernetes/ChangeAdjustmentService.java

@@ -12,7 +12,7 @@
 @Service
 public class ChangeAdjustmentService {
 
-    private static final Logger log = LoggerFactory.getLogger(KubernetesService.class);
+    private static final Logger log = LoggerFactory.getLogger(ChangeAdjustmentService.class);
 
     private final KubernetesClient client;
 
@@ -24,15 +24,13 @@ public void handle(Vault resource) {
         VaultChangeAdjustmentCallback changeAdjustmentCallback = resource.getSpec().getChangeAdjustmentCallback();
         if (changeAdjustmentCallback != null && changeAdjustmentCallback.getType() != null && changeAdjustmentCallback.getName() != null) {
             switch (changeAdjustmentCallback.getType().toLowerCase()) {
-                case "deployment":
-                    rotateDeployment(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName());
-                    break;
-                case "statefulset":
-                    rotateStatefulSet(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName());
-                    break;
-                default:
-                    log.info("Currently a change adjustment is only supported for type deployment. Resource {} in namespace {} has type {}",
-                            resource.getMetadata().getName(), resource.getMetadata().getNamespace(), changeAdjustmentCallback.getType());
+                case "deployment" ->
+                        rotateDeployment(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName());
+                case "statefulset" ->
+                        rotateStatefulSet(resource.getMetadata().getNamespace(), changeAdjustmentCallback.getName());
+                default ->
+                        log.info("Currently a change adjustment is only supported for type deployment. Resource {} in namespace {} has type {}",
+                                resource.getMetadata().getName(), resource.getMetadata().getNamespace(), changeAdjustmentCallback.getType());
             }
         } else {
             log.warn("Change adjustment callback for resource {} in namespace {} is invalid!", resource.getMetadata().getName(), resource.getMetadata().getNamespace());

src/main/java/de/koudingspawn/vault/kubernetes/KubernetesConnection.java

@@ -3,10 +3,7 @@
 import de.koudingspawn.vault.crd.Vault;
 import de.koudingspawn.vault.crd.VaultList;
 import io.fabric8.kubernetes.api.model.apiextensions.v1.CustomResourceDefinition;
-import io.fabric8.kubernetes.client.Config;
-import io.fabric8.kubernetes.client.ConfigBuilder;
-import io.fabric8.kubernetes.client.DefaultKubernetesClient;
-import io.fabric8.kubernetes.client.KubernetesClient;
+import io.fabric8.kubernetes.client.*;
 import io.fabric8.kubernetes.client.dsl.MixedOperation;
 import io.fabric8.kubernetes.client.dsl.Resource;
 import io.fabric8.kubernetes.internal.KubernetesDeserializer;
@@ -27,13 +24,15 @@ public class KubernetesConnection {
     @Profile("development")
     public KubernetesClient testClient() {
         Config config = new ConfigBuilder().withMasterUrl("http://localhost:8001").withWatchReconnectLimit(5).build();
-        return new DefaultKubernetesClient(config);
+        return new KubernetesClientBuilder()
+                .withConfig(config)
+                .build();
     }
 
     @Bean
     @Profile("!development")
     public KubernetesClient client() {
-        return new DefaultKubernetesClient();
+        return new KubernetesClientBuilder().build();
     }
 
     @Bean

src/main/java/de/koudingspawn/vault/kubernetes/KubernetesService.java

@@ -59,7 +59,7 @@ void createSecret(Vault resource, VaultSecret vaultSecret) {
         Secret secret = newSecretInstance(resource, vaultSecret);
 
         secretCache.invalidate(secret.getMetadata().getNamespace(), secret.getMetadata().getName());
-        client.secrets().inNamespace(resource.getMetadata().getNamespace()).create(secret);
+        client.secrets().inNamespace(resource.getMetadata().getNamespace()).resource(secret).create();
 
         log.info("Created secret for vault resource {} in namespace {}", secret.getMetadata().getName(), secret.getMetadata().getNamespace());
     }
@@ -86,7 +86,7 @@ void modifySecret(Vault resource, VaultSecret vaultSecret) {
         secret.setData(vaultSecret.getData());
 
         secretCache.invalidate(resource.getMetadata().getNamespace(), resource.getMetadata().getName());
-        secretResource.createOrReplace(secret);
+        client.secrets().inNamespace(resource.getMetadata().getNamespace()).resource(secret).createOrReplace();
 
         log.info("Modified secret {} in namespace {}", resource.getMetadata().getName(), resource.getMetadata().getNamespace());
     }
@@ -145,9 +145,7 @@ public boolean hasBrokenOwnerReference(Vault resource) {
 
             if (secret.getMetadata() != null && secret.getMetadata().getOwnerReferences() != null && secret.getMetadata().getOwnerReferences().size() == 1) {
                 OwnerReference ownerReference = secret.getMetadata().getOwnerReferences().get(0);
-                if (ownerReference.getApiVersion().equals(crdName + "/v1")) {
-                    return true;
-                }
+                return ownerReference.getApiVersion().equals(crdName + "/v1");
             }
         }
 

src/main/java/de/koudingspawn/vault/kubernetes/cache/SecretCache.java

@@ -14,7 +14,7 @@ public class SecretCache {
 
     private static final Logger log = LoggerFactory.getLogger(SecretCache.class);
 
-    private Cache<String, Secret> secretResourceCache = Caffeine.newBuilder().build();
+    private final Cache<String, Secret> secretResourceCache = Caffeine.newBuilder().build();
     private final KubernetesClient client;
 
     public SecretCache(KubernetesClient client, boolean watch) {
@@ -28,23 +28,28 @@ public SecretCache(KubernetesClient client, boolean watch) {
     public void watcher() {
         client.secrets().inAnyNamespace().withLabel("vault.koudingspawn.de=vault").inform(
                 new ResourceEventHandler<>() {
+
+                    private String cacheKey(String namespace, String name) {
+                        return "%s/%s".formatted(namespace, name);
+                    }
+
                     @Override
                     public void onAdd(Secret obj) {
-                        String key = String.format("%s/%s", obj.getMetadata().getNamespace(), obj.getMetadata().getName());
+                        String key = cacheKey(obj.getMetadata().getNamespace(), obj.getMetadata().getName());
                         log.debug("Received create secret for {}", key);
                         secretResourceCache.put(key, obj);
                     }
 
                     @Override
                     public void onUpdate(Secret oldObj, Secret newObj) {
-                        String key = String.format("%s/%s", newObj.getMetadata().getNamespace(), newObj.getMetadata().getName());
+                        String key = cacheKey(newObj.getMetadata().getNamespace(), newObj.getMetadata().getName());
                         log.debug("Received update for secret {}", key);
                         secretResourceCache.put(key, newObj);
                     }
 
                     @Override
                     public void onDelete(Secret obj, boolean deletedFinalStateUnknown) {
-                        String key = String.format("%s/%s", obj.getMetadata().getNamespace(), obj.getMetadata().getName());
+                        String key = cacheKey(obj.getMetadata().getNamespace(), obj.getMetadata().getName());
                         log.debug("Invalidate secret cache for {} after delete", key);
                         secretResourceCache.invalidate(key);
                     }

src/main/java/de/koudingspawn/vault/kubernetes/event/EventNotification.java

@@ -59,7 +59,7 @@ public void storeNewEvent(EventType type, String message, Vault resource) {
                 .build();
 
         try {
-            client.v1().events().inNamespace(resource.getMetadata().getNamespace()).create(evt);
+            client.v1().events().inNamespace(resource.getMetadata().getNamespace()).resource(evt).create();
         } catch (Exception ex) {
             log.error("Failed to store event for {} in namespace {} next to resource with error",
                     resource.getMetadata().getName(), resource.getMetadata().getNamespace(), ex);

src/main/java/de/koudingspawn/vault/kubernetes/event/EventType.java

@@ -12,7 +12,7 @@ public enum EventType {
     private final String type;
     private final String reason;
 
-    private EventType(String type, String reason) {
+    EventType(String type, String reason) {
         this.type = type;
         this.reason = reason;
     }

src/main/java/de/koudingspawn/vault/kubernetes/scheduler/ScheduledRefresh.java

@@ -1,12 +1,9 @@
 package de.koudingspawn.vault.kubernetes.scheduler;
 
 import de.koudingspawn.vault.crd.Vault;
-import de.koudingspawn.vault.crd.VaultList;
 import de.koudingspawn.vault.kubernetes.EventHandler;
 import de.koudingspawn.vault.kubernetes.event.EventNotification;
 import de.koudingspawn.vault.vault.communication.SecretNotAccessibleException;
-import io.fabric8.kubernetes.client.dsl.MixedOperation;
-import io.fabric8.kubernetes.client.dsl.Resource;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.stereotype.Component;

src/main/java/de/koudingspawn/vault/vault/impl/EncryptionUtils.java

@@ -74,12 +74,6 @@ private static PrivateKey readPkcs1PrivateKey(byte[] pkcs1Bytes) throws GeneralS
         return readPkcs8PrivateKey(pkcs8bytes);
     }
 
-    public static String sanitizeJson(String json) {
-        return json.replace("\n", "")
-                .replace("\r", "")
-                .replace("\t", "");
-    }
-
     private static byte[] join(byte[] byteArray1, byte[] byteArray2) {
         byte[] bytes = new byte[byteArray1.length + byteArray2.length];
         System.arraycopy(byteArray1, 0, bytes, 0, byteArray1.length);