From 510ff71e2d47a569a81def03f02165a6d5188847 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 20:00:31 +0000 Subject: [PATCH 01/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.276 to 1.44.290. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.276...v1.44.290) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 815a05117..90674c481 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.276 + github.com/aws/aws-sdk-go v1.44.290 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.0 diff --git a/sda-download/go.sum b/sda-download/go.sum index 41b0ac534..ed09954ec 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.276 h1:ywPlx9C5Yc482dUgAZ9bHpQ6onVvJvYE9FJWsNDCEy0= -github.com/aws/aws-sdk-go v1.44.276/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.290 h1:Md4+os9DQtJjow0lWLMzeJljsimD+XS2xwwHDr5Z+Lk= +github.com/aws/aws-sdk-go v1.44.290/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From d0d3360fe3d39604da66d53e3676a7399e7a9adc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 20:01:21 +0000 Subject: [PATCH 02/75] Bump aws-java-sdk-s3 from 1.12.490 to 1.12.495 in /sda-sftp-inbox Bumps [aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.490 to 1.12.495. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.490...1.12.495) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 2ffeb3cb0..cf963a46b 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.490 + 1.12.495 com.google.guava From f0ef7d5fdf1387003ff99aa2cd725e66e7b8d4b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 26 Jun 2023 20:01:33 +0000 Subject: [PATCH 03/75] Bump spring-boot-starter-parent from 3.1.0 to 3.1.1 in /sda-sftp-inbox Bumps [spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.1.0 to 3.1.1. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.0...v3.1.1) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 2ffeb3cb0..37df67cee 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.0 + 3.1.1 From 413624752b81afe6faaa7e0d009a2631a1b8312c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Jun 2023 06:40:08 +0000 Subject: [PATCH 04/75] Bump github.com/aws/aws-sdk-go in /sda-pipeline Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.280 to 1.44.290. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.280...v1.44.290) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index 9d5f170f8..f3388b6db 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.280 + github.com/aws/aws-sdk-go v1.44.290 github.com/gliderlabs/ssh v0.3.5 github.com/google/uuid v1.3.0 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index c1c8ddc14..8272d2a40 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -45,8 +45,8 @@ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.280 h1:UYl/yxhDxP8naok6ftWyQ9/9ZzNwjC9dvEs/j8BkGhw= -github.com/aws/aws-sdk-go v1.44.280/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.290 h1:Md4+os9DQtJjow0lWLMzeJljsimD+XS2xwwHDr5Z+Lk= +github.com/aws/aws-sdk-go v1.44.290/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= From 4f296bf34d8a34510fe7a810c68f1e87b174364f Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Thu, 29 Jun 2023 15:44:31 +0200 Subject: [PATCH 05/75] updates with changes from #228 --- sda-auth/.gitignore | 3 +++ sda-auth/config.go | 13 +++++++++++-- sda-auth/config_test.go | 11 ++++++++++- sda-auth/dev-server/oidc/server.js | 2 +- sda-auth/main.go | 4 ++-- 5 files changed, 27 insertions(+), 6 deletions(-) diff --git a/sda-auth/.gitignore b/sda-auth/.gitignore index 59f9ed956..c17924110 100644 --- a/sda-auth/.gitignore +++ b/sda-auth/.gitignore @@ -11,6 +11,9 @@ *.so *.dylib +# Service binaries +auth + # Test binary, build with `go test -c` *.test diff --git a/sda-auth/config.go b/sda-auth/config.go index c5dba8cf1..9d64c0ddf 100644 --- a/sda-auth/config.go +++ b/sda-auth/config.go @@ -163,14 +163,23 @@ func (c *Config) readConfig() error { log.Printf("Setting log level to '%s'", stringLevel) } - for _, s := range []string{"jwtIssuer", "JwtPrivateKey", "JwtSignatureAlg", "s3Inbox"} { + if viper.GetString("s3Inbox") == "" { + return fmt.Errorf("%s not set", "s3Inbox") + } + + // no need to check the variables for JWT generation if we won't use it + if (cega.ID == "" && cega.Secret == "") && !c.ResignJwt { + return nil + } + + for _, s := range []string{"jwtIssuer", "JwtPrivateKey", "JwtSignatureAlg"} { if viper.GetString(s) == "" { return fmt.Errorf("%s not set", s) } } if _, err := os.Stat(c.JwtPrivateKey); errors.Is(err, os.ErrNotExist) { - return fmt.Errorf("Missing private key file, reason: '%s'", err) + return fmt.Errorf("missing private key file, reason: '%s'", err.Error()) } return nil diff --git a/sda-auth/config_test.go b/sda-auth/config_test.go index 9a2d22bba..7cd0ea8af 100644 --- a/sda-auth/config_test.go +++ b/sda-auth/config_test.go @@ -202,5 +202,14 @@ func (suite *ConfigTests) TestConfig() { // re-read the config _, err = NewConfig() - assert.ErrorContains(suite.T(), err, "Missing private key file") + assert.ErrorContains(suite.T(), err, "missing private key file") + + // Repeat check with CEGA login and JWT resigning disabled + os.Setenv("CEGA_ID", "") + os.Setenv("CEGA_SECRET", "") + os.Setenv("RESIGNJWT", fmt.Sprintf("%t", false)) + + // re-read the config + _, err = NewConfig() + assert.NoError(suite.T(), err) } diff --git a/sda-auth/dev-server/oidc/server.js b/sda-auth/dev-server/oidc/server.js index 3b3e11490..04593b848 100644 --- a/sda-auth/dev-server/oidc/server.js +++ b/sda-auth/dev-server/oidc/server.js @@ -22,7 +22,7 @@ const oidcConfig = { revocation: true, sessionManagement: false }, - format: { + formats: { default: 'jwt', AccessToken: 'jwt', RefreshToken: 'jwt' diff --git a/sda-auth/main.go b/sda-auth/main.go index 6bd384234..97d0c1992 100644 --- a/sda-auth/main.go +++ b/sda-auth/main.go @@ -50,7 +50,7 @@ func (auth AuthHandler) getInboxConfig(ctx iris.Context, authType string) { } s3cfmap := s3conf.(map[string]string) ctx.ResponseWriter().Header().Set("Content-Disposition", "attachment; filename=s3cmd.conf") - var s3c string + var s3c string = "[default]\n" for k, v := range s3cfmap { entry := fmt.Sprintf("%s = %s\n", k, v) @@ -239,7 +239,7 @@ func (auth AuthHandler) elixirLogin(ctx iris.Context) *OIDCData { code := ctx.Request().URL.Query().Get("code") idStruct, err := authenticateWithOidc(auth.OAuth2Config, auth.OIDCProvider, code, auth.Config.Elixir.jwkURL) if err != nil { - log.WithFields(log.Fields{"authType": "elixir"}).Errorf("Auhentication failed: %s", err) + log.WithFields(log.Fields{"authType": "elixir"}).Errorf("Authentication failed: %s", err) _, err := ctx.Writef("Authentication failed. You may need to clear your session cookies and try again.") if err != nil { log.Error("Failed to write response: ", err) From ef8a64eb17f388281348b5cfacaba334303fb803 Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Thu, 29 Jun 2023 15:45:43 +0200 Subject: [PATCH 06/75] updates from bumps --- sda-auth/.github/workflows/functionality.yml | 2 +- sda-auth/.github/workflows/lint.yml | 2 +- sda-auth/.github/workflows/tag_and_build.yaml | 2 +- sda-auth/go.mod | 10 +++++----- sda-auth/go.sum | 20 +++++++++---------- 5 files changed, 18 insertions(+), 18 deletions(-) diff --git a/sda-auth/.github/workflows/functionality.yml b/sda-auth/.github/workflows/functionality.yml index ba76319fd..55cf1c94f 100644 --- a/sda-auth/.github/workflows/functionality.yml +++ b/sda-auth/.github/workflows/functionality.yml @@ -11,7 +11,7 @@ jobs: go-version: [1.19] steps: - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} - uses: actions/checkout@v3 diff --git a/sda-auth/.github/workflows/lint.yml b/sda-auth/.github/workflows/lint.yml index e1d61f595..fcb4d7326 100644 --- a/sda-auth/.github/workflows/lint.yml +++ b/sda-auth/.github/workflows/lint.yml @@ -13,7 +13,7 @@ jobs: go-version: [1.19] steps: - name: Set up Go ${{ matrix.go-version }} - uses: actions/setup-go@v3 + uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} - name: Check out code into the Go module directory diff --git a/sda-auth/.github/workflows/tag_and_build.yaml b/sda-auth/.github/workflows/tag_and_build.yaml index 532b64c68..2dc5767e2 100644 --- a/sda-auth/.github/workflows/tag_and_build.yaml +++ b/sda-auth/.github/workflows/tag_and_build.yaml @@ -23,7 +23,7 @@ jobs: fetch-depth: "1" - name: Bump version and push tag id: bump_tag - uses: anothrNick/github-tag-action@1.61.0 + uses: anothrNick/github-tag-action@1.67.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} WITH_V: true diff --git a/sda-auth/go.mod b/sda-auth/go.mod index a2023fb35..28381e64b 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -13,9 +13,9 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.9.0 - golang.org/x/net v0.10.0 - golang.org/x/oauth2 v0.8.0 + golang.org/x/crypto v0.10.0 + golang.org/x/net v0.11.0 + golang.org/x/oauth2 v0.9.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -68,8 +68,8 @@ require ( github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yosssi/ace v0.0.5 // indirect - golang.org/x/sys v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/sys v0.9.0 // indirect + golang.org/x/text v0.10.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.30.0 // indirect diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 049cea1c3..9d975fe8d 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -302,8 +302,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= +golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -372,8 +372,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= -golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= +golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= +golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -383,8 +383,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= -golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= +golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= +golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -435,8 +435,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= +golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -446,8 +446,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= +golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From bd8b0e1a00f1defd5ba925b21e0544d921b7d4f9 Mon Sep 17 00:00:00 2001 From: Alex Aperis <76202622+aaperis@users.noreply.github.com> Date: Thu, 29 Jun 2023 15:54:34 +0200 Subject: [PATCH 07/75] fix linter --- .github/workflows/code-linter.yaml | 4 ++-- sda-auth/main.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-linter.yaml b/.github/workflows/code-linter.yaml index d4742b92b..2f7e1fa91 100644 --- a/.github/workflows/code-linter.yaml +++ b/.github/workflows/code-linter.yaml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: ['1.20'] + go-version: ['1.19'] steps: - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v4 @@ -51,7 +51,7 @@ jobs: uses: golangci/golangci-lint-action@v3.6.0 with: args: -E bodyclose,gocritic,gofmt,gosec,govet,nestif,nlreturn,revive,rowserrcheck -e G401,G501,G107 --timeout 5m - working-directory: sda-auth + working-directory: sda-download lint_pipeline: name: Lint pipeline code diff --git a/sda-auth/main.go b/sda-auth/main.go index 97d0c1992..1b169d8ae 100644 --- a/sda-auth/main.go +++ b/sda-auth/main.go @@ -50,7 +50,7 @@ func (auth AuthHandler) getInboxConfig(ctx iris.Context, authType string) { } s3cfmap := s3conf.(map[string]string) ctx.ResponseWriter().Header().Set("Content-Disposition", "attachment; filename=s3cmd.conf") - var s3c string = "[default]\n" + s3c := "[default]\n" for k, v := range s3cfmap { entry := fmt.Sprintf("%s = %s\n", k, v) @@ -239,7 +239,7 @@ func (auth AuthHandler) elixirLogin(ctx iris.Context) *OIDCData { code := ctx.Request().URL.Query().Get("code") idStruct, err := authenticateWithOidc(auth.OAuth2Config, auth.OIDCProvider, code, auth.Config.Elixir.jwkURL) if err != nil { - log.WithFields(log.Fields{"authType": "elixir"}).Errorf("Authentication failed: %s", err) + log.WithFields(log.Fields{"authType": "elixir"}).Errorf("authentication failed: %s", err) _, err := ctx.Writef("Authentication failed. You may need to clear your session cookies and try again.") if err != nil { log.Error("Failed to write response: ", err) From 96d68e2c01db187609c0ff668630ff3275e9534e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jul 2023 19:07:51 +0000 Subject: [PATCH 08/75] Bump guava from 32.0.1-jre to 32.1.1-jre in /sda-sftp-inbox Bumps [guava](https://github.com/google/guava) from 32.0.1-jre to 32.1.1-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 79075d883..2556f8469 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -101,7 +101,7 @@ com.google.guava guava - 32.0.1-jre + 32.1.1-jre net.logstash.logback From 810e0ce9eae7f171a9408b42a438c76173e8176f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jul 2023 19:08:00 +0000 Subject: [PATCH 09/75] Bump aws-java-sdk-s3 from 1.12.495 to 1.12.500 in /sda-sftp-inbox Bumps [aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.495 to 1.12.500. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.495...1.12.500) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 79075d883..d0794881d 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.495 + 1.12.500 com.google.guava From 7a263bcc5de19d88542a9c6eb3b397f5cbc593bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 19:27:07 +0000 Subject: [PATCH 10/75] Bump github.com/neicnordic/crypt4gh from 1.7.5 to 1.7.6 in /sda-pipeline Bumps [github.com/neicnordic/crypt4gh](https://github.com/neicnordic/crypt4gh) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/neicnordic/crypt4gh/releases) - [Changelog](https://github.com/neicnordic/crypt4gh/blob/master/.goreleaser.yml) - [Commits](https://github.com/neicnordic/crypt4gh/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/neicnordic/crypt4gh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 8 ++++---- sda-pipeline/go.sum | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index f3388b6db..3a84ab14d 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -10,7 +10,7 @@ require ( github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 github.com/lib/pq v1.10.9 github.com/mocktools/go-smtp-mock v1.10.0 - github.com/neicnordic/crypt4gh v1.7.5 + github.com/neicnordic/crypt4gh v1.7.6 github.com/pkg/errors v0.9.1 github.com/pkg/sftp v1.13.5 github.com/rabbitmq/amqp091-go v1.8.1 @@ -43,9 +43,9 @@ require ( github.com/subosito/gotenv v1.4.2 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - golang.org/x/crypto v0.9.0 - golang.org/x/sys v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/crypto v0.11.0 + golang.org/x/sys v0.10.0 // indirect + golang.org/x/text v0.11.0 // indirect golang.org/x/tools v0.6.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index 8272d2a40..5366b1dad 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -165,8 +165,8 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mocktools/go-smtp-mock v1.10.0 h1:glrRmjNqASyy+jf1IJ2nCWgEbJScD3Amf2IGcXgdEVg= github.com/mocktools/go-smtp-mock v1.10.0/go.mod h1:mmvlBVX6MTOBHtROX+tor9YZF5JENN8d8wrToD1vvg4= -github.com/neicnordic/crypt4gh v1.7.5 h1:cWAGSeQ1WJxMrnHb837UlZBwdAvEpceCPPorloqIv4w= -github.com/neicnordic/crypt4gh v1.7.5/go.mod h1:M0r5/IDDpPZZ3qteae76Dvw0uS11Kw/Rg91dPcV4XPc= +github.com/neicnordic/crypt4gh v1.7.6 h1:Vqcb8Yb950oaBBJFepDK1oLeu9rZzpywYWVHLmO0oI8= +github.com/neicnordic/crypt4gh v1.7.6/go.mod h1:rqmVXsprDFBRRLJkm1cK9kLETBPGEZmft9lHD/V40wk= github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -246,8 +246,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -381,13 +381,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -397,8 +397,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From aceedfb093be6e43ac7c11980979f4d6e0b4040d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jul 2023 19:56:09 +0000 Subject: [PATCH 11/75] Bump golang.org/x/oauth2 from 0.9.0 to 0.10.0 in /sda-auth Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.9.0 to 0.10.0. - [Commits](https://github.com/golang/oauth2/compare/v0.9.0...v0.10.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-auth/go.mod | 12 ++++++------ sda-auth/go.sum | 24 ++++++++++++------------ 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index 28381e64b..6f664cb35 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -13,9 +13,9 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.10.0 - golang.org/x/net v0.11.0 - golang.org/x/oauth2 v0.9.0 + golang.org/x/crypto v0.11.0 + golang.org/x/net v0.12.0 + golang.org/x/oauth2 v0.10.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -68,11 +68,11 @@ require ( github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yosssi/ace v0.0.5 // indirect - golang.org/x/sys v0.9.0 // indirect - golang.org/x/text v0.10.0 // indirect + golang.org/x/sys v0.10.0 // indirect + golang.org/x/text v0.11.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/protobuf v1.30.0 // indirect + google.golang.org/protobuf v1.31.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/square/go-jose.v2 v2.6.0 // indirect ) diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 9d975fe8d..199bfd2ce 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -302,8 +302,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.10.0 h1:LKqV2xt9+kDzSTfOhx4FrkEBcMrAgHSYgzywV9zcGmM= -golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= +golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -372,8 +372,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.11.0 h1:Gi2tvZIJyBtO9SDr1q9h5hEQCp/4L2RQ+ar0qjx2oNU= -golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= +golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= +golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -383,8 +383,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.9.0 h1:BPpt2kU7oMRq3kCHAA1tbSEshXRw1LpG2ztgDwrzuAs= -golang.org/x/oauth2 v0.9.0/go.mod h1:qYgFZaFiu6Wg24azG8bdV52QJXJGbZzIIsRCdVKzbLw= +golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= +golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -435,8 +435,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.9.0 h1:KS/R3tvhPqvJvwcKfnBHJwwthS11LRhmM5D59eEXa0s= -golang.org/x/sys v0.9.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -446,8 +446,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.10.0 h1:UpjohKhiEgNc0CSauXmwYftY1+LlaC75SJwh0SgCX58= -golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -596,8 +596,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b h1:QRR6H1YWRnHb4Y/HeNFCTJLFVxaq6wH4YuVdsUOr75U= From ae30d84405010dead1a4846afe7602a9a13827eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jul 2023 19:41:55 +0000 Subject: [PATCH 12/75] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.1.1 to 3.1.2. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.1...v3.1.2) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index c28d242ac..867ca6f97 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.1 + 3.1.2 From 18bd3141ae9d64bda380fc24b1e92978454fe6d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jul 2023 19:42:01 +0000 Subject: [PATCH 13/75] Bump org.junit.vintage:junit-vintage-engine in /sda-sftp-inbox Bumps [org.junit.vintage:junit-vintage-engine](https://github.com/junit-team/junit5) from 5.9.3 to 5.10.0. - [Release notes](https://github.com/junit-team/junit5/releases) - [Commits](https://github.com/junit-team/junit5/compare/r5.9.3...r5.10.0) --- updated-dependencies: - dependency-name: org.junit.vintage:junit-vintage-engine dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index c28d242ac..fed505627 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -160,7 +160,7 @@ org.junit.vintage junit-vintage-engine - 5.9.3 + 5.10.0 test From 8c8b5df1d0e52604997784d39ec02fba88158601 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:27:36 +0000 Subject: [PATCH 14/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.500 to 1.12.518. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.500...1.12.518) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index c28d242ac..46c5bb557 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.500 + 1.12.518 com.google.guava From 3dfb734eae9f69e020333199fdef2042a6a09023 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 31 Jul 2023 19:56:19 +0000 Subject: [PATCH 15/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.290 to 1.44.313. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.290...v1.44.313) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 90674c481..9415d056a 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.290 + github.com/aws/aws-sdk-go v1.44.313 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.0 diff --git a/sda-download/go.sum b/sda-download/go.sum index ed09954ec..4e83eb4ae 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.290 h1:Md4+os9DQtJjow0lWLMzeJljsimD+XS2xwwHDr5Z+Lk= -github.com/aws/aws-sdk-go v1.44.290/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.313 h1:u6EuNQqgAmi09GEZ5g/XGHLF0XV31WcdU5rnHyIBHBc= +github.com/aws/aws-sdk-go v1.44.313/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From 7ec254ee41dbd57c4dc484aba23da97692769215 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 07:59:59 +0000 Subject: [PATCH 16/75] Bump github.com/aws/aws-sdk-go in /sda-pipeline Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.290 to 1.44.313. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.290...v1.44.313) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index f3388b6db..1430f1d3f 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.290 + github.com/aws/aws-sdk-go v1.44.313 github.com/gliderlabs/ssh v0.3.5 github.com/google/uuid v1.3.0 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index 8272d2a40..f501fa838 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -45,8 +45,8 @@ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.290 h1:Md4+os9DQtJjow0lWLMzeJljsimD+XS2xwwHDr5Z+Lk= -github.com/aws/aws-sdk-go v1.44.290/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.313 h1:u6EuNQqgAmi09GEZ5g/XGHLF0XV31WcdU5rnHyIBHBc= +github.com/aws/aws-sdk-go v1.44.313/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= From f89f8b3f10453d2f8fd2e8d0a3ac5790bd35f310 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Aug 2023 08:22:00 +0000 Subject: [PATCH 17/75] Bump github.com/neicnordic/crypt4gh from 1.7.5 to 1.7.6 in /sda-download Bumps [github.com/neicnordic/crypt4gh](https://github.com/neicnordic/crypt4gh) from 1.7.5 to 1.7.6. - [Release notes](https://github.com/neicnordic/crypt4gh/releases) - [Changelog](https://github.com/neicnordic/crypt4gh/blob/master/.goreleaser.yml) - [Commits](https://github.com/neicnordic/crypt4gh/compare/v1.7.5...v1.7.6) --- updated-dependencies: - dependency-name: github.com/neicnordic/crypt4gh dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 8 ++++---- sda-download/go.sum | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 9415d056a..69b221cac 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -11,7 +11,7 @@ require ( github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 github.com/lestrrat-go/jwx v1.2.25 github.com/lib/pq v1.10.9 - github.com/neicnordic/crypt4gh v1.7.5 + github.com/neicnordic/crypt4gh v1.7.6 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 @@ -62,10 +62,10 @@ require ( github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect golang.org/x/arch v0.3.0 // indirect - golang.org/x/crypto v0.9.0 // indirect + golang.org/x/crypto v0.11.0 // indirect golang.org/x/net v0.10.0 // indirect - golang.org/x/sys v0.8.0 // indirect - golang.org/x/text v0.9.0 // indirect + golang.org/x/sys v0.10.0 // indirect + golang.org/x/text v0.11.0 // indirect golang.org/x/tools v0.6.0 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/sda-download/go.sum b/sda-download/go.sum index 4e83eb4ae..c7450a529 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -220,8 +220,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/neicnordic/crypt4gh v1.7.5 h1:cWAGSeQ1WJxMrnHb837UlZBwdAvEpceCPPorloqIv4w= -github.com/neicnordic/crypt4gh v1.7.5/go.mod h1:M0r5/IDDpPZZ3qteae76Dvw0uS11Kw/Rg91dPcV4XPc= +github.com/neicnordic/crypt4gh v1.7.6 h1:Vqcb8Yb950oaBBJFepDK1oLeu9rZzpywYWVHLmO0oI8= +github.com/neicnordic/crypt4gh v1.7.6/go.mod h1:rqmVXsprDFBRRLJkm1cK9kLETBPGEZmft9lHD/V40wk= github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -295,8 +295,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= -golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= +golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= +golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -430,12 +430,12 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= -golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= +golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -445,8 +445,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.9.0 h1:2sjJmO8cDvYveuX97RDLsxlyUxLl+GHoLxBiRdHllBE= -golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= +golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= +golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 61e6d7cc80c48d115298bea181ce80ce68c6eada Mon Sep 17 00:00:00 2001 From: Pontus Freyhult Date: Mon, 7 Aug 2023 11:08:23 +0200 Subject: [PATCH 18/75] Typo fix --- sda-pipeline/cmd/finalize/finalize.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-pipeline/cmd/finalize/finalize.md b/sda-pipeline/cmd/finalize/finalize.md index e8479667a..d2af7d3a2 100644 --- a/sda-pipeline/cmd/finalize/finalize.md +++ b/sda-pipeline/cmd/finalize/finalize.md @@ -111,4 +111,4 @@ On error the service sleeps for up to 5 minutes to allow for database recovery, - Finalize writes messages to one rabbitmq queue (default `backup`). - - Finalize assigns the accesion ID to a file in the database using the `SetAccessionID` function. + - Finalize assigns the accession ID to a file in the database using the `SetAccessionID` function. From b91ca19047320655f6d3cd58180882037c4222f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:12:42 +0000 Subject: [PATCH 19/75] Bump snok/container-retention-policy from 2.1.1 to 2.1.2 Bumps [snok/container-retention-policy](https://github.com/snok/container-retention-policy) from 2.1.1 to 2.1.2. - [Release notes](https://github.com/snok/container-retention-policy/releases) - [Commits](https://github.com/snok/container-retention-policy/compare/v2.1.1...v2.1.2) --- updated-dependencies: - dependency-name: snok/container-retention-policy dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- .github/workflows/ghcr-actions.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ghcr-actions.yml b/.github/workflows/ghcr-actions.yml index 3115059a0..acc283201 100644 --- a/.github/workflows/ghcr-actions.yml +++ b/.github/workflows/ghcr-actions.yml @@ -17,7 +17,7 @@ jobs: packages: write steps: - name: Delete 'PR' containers older than a week - uses: snok/container-retention-policy@v2.1.1 + uses: snok/container-retention-policy@v2.1.2 with: image-names: sensitive-data-archive filter-tags: PR*,sha-* From 0512911736fea46e61540759ffcb640efe26fd7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:12:51 +0000 Subject: [PATCH 20/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.313 to 1.44.318. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.313...v1.44.318) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 69b221cac..968b49225 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.313 + github.com/aws/aws-sdk-go v1.44.318 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.0 diff --git a/sda-download/go.sum b/sda-download/go.sum index c7450a529..48b795088 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.313 h1:u6EuNQqgAmi09GEZ5g/XGHLF0XV31WcdU5rnHyIBHBc= -github.com/aws/aws-sdk-go v1.44.313/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.318 h1:Yl66rpbQHFUbxe9JBKLcvOvRivhVgP6+zH0b9KzARX8= +github.com/aws/aws-sdk-go v1.44.318/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From 55fa7b8cf174099bb06896ab47ec97676e05e5f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:21:11 +0000 Subject: [PATCH 21/75] Bump github.com/aws/aws-sdk-go in /sda-pipeline Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.313 to 1.44.318. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.313...v1.44.318) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index c7bf92ffc..8116cc644 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.313 + github.com/aws/aws-sdk-go v1.44.318 github.com/gliderlabs/ssh v0.3.5 github.com/google/uuid v1.3.0 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index 5d5e31c03..632ac357d 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -45,8 +45,8 @@ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.313 h1:u6EuNQqgAmi09GEZ5g/XGHLF0XV31WcdU5rnHyIBHBc= -github.com/aws/aws-sdk-go v1.44.313/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.318 h1:Yl66rpbQHFUbxe9JBKLcvOvRivhVgP6+zH0b9KzARX8= +github.com/aws/aws-sdk-go v1.44.318/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= From 456c9d4590a747e1b3f292d4f697e3080e75a763 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:52:41 +0000 Subject: [PATCH 22/75] Bump com.google.guava:guava in /sda-sftp-inbox Bumps [com.google.guava:guava](https://github.com/google/guava) from 32.1.1-jre to 32.1.2-jre. - [Release notes](https://github.com/google/guava/releases) - [Commits](https://github.com/google/guava/commits) --- updated-dependencies: - dependency-name: com.google.guava:guava dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index a0dd9e25f..f92afe199 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -101,7 +101,7 @@ com.google.guava guava - 32.1.1-jre + 32.1.2-jre net.logstash.logback From ed9e362e73ea308766923f11894021700b2fcf04 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:52:49 +0000 Subject: [PATCH 23/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.518 to 1.12.523. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.518...1.12.523) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index a0dd9e25f..bfccd7399 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.518 + 1.12.523 com.google.guava From 62c2038b54ff9f2fdc6c0bab43a28fce21560602 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 19:52:53 +0000 Subject: [PATCH 24/75] Bump org.yaml:snakeyaml from 2.0 to 2.1 in /sda-sftp-inbox Bumps [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 2.0 to 2.1. - [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.1..snakeyaml-2.0) --- updated-dependencies: - dependency-name: org.yaml:snakeyaml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index a0dd9e25f..1e893fc52 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -149,7 +149,7 @@ org.yaml snakeyaml - 2.0 + 2.1 junit From de76fe8990fd65872a82daebf188fdb40fbdcbfc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 7 Aug 2023 20:03:05 +0000 Subject: [PATCH 25/75] Bump golang.org/x/oauth2 from 0.10.0 to 0.11.0 in /sda-auth Bumps [golang.org/x/oauth2](https://github.com/golang/oauth2) from 0.10.0 to 0.11.0. - [Commits](https://github.com/golang/oauth2/compare/v0.10.0...v0.11.0) --- updated-dependencies: - dependency-name: golang.org/x/oauth2 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-auth/go.mod | 10 +++++----- sda-auth/go.sum | 20 ++++++++++---------- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index 6f664cb35..08a461e6b 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -13,9 +13,9 @@ require ( github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 - golang.org/x/crypto v0.11.0 - golang.org/x/net v0.12.0 - golang.org/x/oauth2 v0.10.0 + golang.org/x/crypto v0.12.0 + golang.org/x/net v0.14.0 + golang.org/x/oauth2 v0.11.0 gopkg.in/yaml.v3 v3.0.1 ) @@ -68,8 +68,8 @@ require ( github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect github.com/yosssi/ace v0.0.5 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect golang.org/x/time v0.3.0 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.31.0 // indirect diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 199bfd2ce..19c5db275 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -302,8 +302,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -372,8 +372,8 @@ golang.org/x/net v0.0.0-20201224014010-6772e930b67b/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211015210444-4f30a5c0130f/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.12.0 h1:cfawfvKITfUsFCeJIHJrbSxpeu/E81khclypR0GVT50= -golang.org/x/net v0.12.0/go.mod h1:zEVYFnQC7m/vmpQFELhcD1EWkZlX69l4oqgmer6hfKA= +golang.org/x/net v0.14.0 h1:BONx9s002vGdD9umnlX1Po8vOZmrgH34qlHcD1MfK14= +golang.org/x/net v0.14.0/go.mod h1:PpSgVXXLK0OxS0F31C1/tv6XNguvCrnXIDrFMspZIUI= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -383,8 +383,8 @@ golang.org/x/oauth2 v0.0.0-20200902213428-5d25da1a8d43/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20201109201403-9fd604954f58/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20201208152858-08078c50e5b5/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210218202405-ba52d332ba99/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.10.0 h1:zHCpF2Khkwy4mMB4bv0U37YtJdTGW8jI0glAApi0Kh8= -golang.org/x/oauth2 v0.10.0/go.mod h1:kTpgurOux7LqtuxjuyZa4Gj2gdezIt/jQtGnNFfypQI= +golang.org/x/oauth2 v0.11.0 h1:vPL4xzxBM4niKCW6g9whtaWVXTJf1U5e4aZxxFx/gbU= +golang.org/x/oauth2 v0.11.0/go.mod h1:LdF7O/8bLR/qWK9DrpXmbHLTouvRHK0SgJl0GmDBchk= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -435,8 +435,8 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -446,8 +446,8 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From cc265af82471feb13092332b3279fbbfd4916647 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Aug 2023 06:00:44 +0000 Subject: [PATCH 26/75] Bump golang.org/x/crypto from 0.11.0 to 0.12.0 in /sda-pipeline Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0. - [Commits](https://github.com/golang/crypto/compare/v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 6 +++--- sda-pipeline/go.sum | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index c7bf92ffc..b910a874f 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -43,9 +43,9 @@ require ( github.com/subosito/gotenv v1.4.2 // indirect github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect - golang.org/x/crypto v0.11.0 - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/crypto v0.12.0 + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect golang.org/x/tools v0.6.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index 5d5e31c03..4a139d7af 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -246,8 +246,8 @@ golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5y golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -381,13 +381,13 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220825204002-c680a09ffe64/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220722155259-a9ba230a4035/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -397,8 +397,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 591b72cc3bdeab9b5df8cc428ba5fede5544a21d Mon Sep 17 00:00:00 2001 From: Pontus Freyhult Date: Tue, 8 Aug 2023 08:43:45 +0200 Subject: [PATCH 27/75] Go version should be 1.20 --- sda-auth/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-auth/Dockerfile b/sda-auth/Dockerfile index 16a1717c2..50795127d 100644 --- a/sda-auth/Dockerfile +++ b/sda-auth/Dockerfile @@ -1,4 +1,4 @@ -ARG GOLANG_VERSION=1.17 +ARG GOLANG_VERSION=1.20 FROM "golang:${GOLANG_VERSION}-alpine" RUN apk add --no-cache git COPY . . From c30513919010c8ceb3d595b23ce8d2a08bebecd0 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 20 Jun 2023 14:31:28 +0200 Subject: [PATCH 28/75] Update sda-db Version bumped to 0.6.0 Uses image from this repository --- charts/sda-db/Chart.yaml | 4 +-- charts/sda-db/README.md | 13 +++----- charts/sda-db/templates/_helpers.tpl | 16 +++++----- charts/sda-db/templates/secrets.yaml | 9 +++--- charts/sda-db/templates/statefulset.yaml | 39 ++++++------------------ charts/sda-db/values.yaml | 18 +++-------- 6 files changed, 34 insertions(+), 65 deletions(-) diff --git a/charts/sda-db/Chart.yaml b/charts/sda-db/Chart.yaml index f73dd4842..a751eeb51 100644 --- a/charts/sda-db/Chart.yaml +++ b/charts/sda-db/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: sda-db -version: "0.5.2" +version: "0.6.0" description: Database component for Sensitive Data Archive (SDA) installation home: https://neic-sda.readthedocs.io icon: https://neic.no/assets/images/logo.png sources: -- https://github.com/neicnordic/sda-helm +- https://github.com/neicnordic/sensitive-data-archive diff --git a/charts/sda-db/README.md b/charts/sda-db/README.md index 2024f2a5a..d2856f248 100644 --- a/charts/sda-db/README.md +++ b/charts/sda-db/README.md @@ -1,6 +1,6 @@ # SDA Database -Source repository: [https://github.com/neicnordic/sda-db](https://github.com/neicnordic/sda-db) +Source repository: [https://github.com/neicnordic/sensitive-data-archive](https://github.com/neicnordic/sensitive-data-archive) ## Installing the Chart @@ -8,8 +8,7 @@ Edit the values.yaml file and specify the relevant parts of the `global` section Parameter | Description | Default --------- | ----------- | ------- -`global.pg_in_password` | Password for `lega_in` user, used for `data in` services. |`""` -`global.pg_out_password` | Password for `lega_out` user, used for `data out` services. |`""` +`global.postgresAdminPassword` | PostgreSQL admin password (Random if empty) | `""` `global.tls.enabled` | Enable TLS for all connections. |`true` `global.tls.issuer` | Issuer for TLS certificate creation. |`""` `global.tls.clusterIssuer` | ClusterIssuer for TLS certificate creation. |`""` @@ -19,8 +18,8 @@ Parameter | Description | Default `global.tls.CAFile` | CA root certificate. |`ca.crt` `global.tls.verifyPeer` | Require client certificates. |`verify-ca` `externalPkiService.tlsPath` | If an external PKI service is used, this is the path where the certifiates are placed | `""` -`image.repository` | sda-db container image repository | `ghcr.io/neicnordic/sda-db` -`image.tag` | sda-db container image version | `v1.4.0` +`image.repository` | sda-db container image repository | `ghcr.io/neicnordic/sensitive-data-archive` +`image.tag` | sda-db container image version | `` `image.pullPolicy` | sda-db container image pull policy | `IfNotPresent` `networkPolicy.create` | Use network isolation. | `false` `networkPolicy.matchLabels` | App labels that are allowed to connect to the database. | `app: sda-svc` @@ -31,8 +30,6 @@ Parameter | Description | Default `persistence.existingClaim` | Use existing claim. | `null` `persistence.volumePermissions` | Change the owner of the persist volume mountpoint to `RunAsUser:fsGroup`. | `true` `podAnnotations` | `"key": "value"` list of annotations for the pod (optional) | `{}` -`port` | Port the application will listen to (optional) | `5432` -`postgresAdminPassword` | PostgreSQL admin password (optional) | `""` `rbacEnabled` | Use role based access control. |`true` `resources.requests.memory` | Memory request for container. |`128Mi` `resources.requests.cpu` | CPU request for container. |`100m` @@ -40,7 +37,7 @@ Parameter | Description | Default `resources.limits.cpu` | CPU limit for container. |`200m` `revisionHistory` | Number of revisions to keep for the option to rollback a deployment | `3` `updateStrategyType` | Update strategy type. | `RollingUpdate` -`securityPolicy.create` | Use pod security policy. | `true` +`securityPolicy.create` | Use pod security policy. | `false` `service.type` | Database service type. |`ClusterIP` `service.port` | Database service port. |`5432` diff --git a/charts/sda-db/templates/_helpers.tpl b/charts/sda-db/templates/_helpers.tpl index a17860a6b..ba511299f 100644 --- a/charts/sda-db/templates/_helpers.tpl +++ b/charts/sda-db/templates/_helpers.tpl @@ -30,14 +30,6 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} -{{- define "pgInPassword" -}} - {{- ternary (randAlphaNum 12) .Values.global.pg_in_password (empty .Values.global.pg_in_password) -}} -{{- end -}} - -{{- define "pgOutPassword" -}} - {{- ternary (randAlphaNum 12) .Values.global.pg_out_password (empty .Values.global.pg_out_password) -}} -{{- end -}} - {{- define "pgCert" -}} {{- if .Values.externalPkiService.tlsPath -}} {{- printf "%s" (regexReplaceAll "^/*|/+" (printf "%s/tls.crt" .Values.externalPkiService.tlsPath) "/") -}} @@ -113,3 +105,11 @@ Create chart name and version as used by the chart label. {{- "/var/lib/postgresql/data/pgdata/" }} {{- end -}} {{- end -}} + +{{- define "adminPass" -}} + {{- if .Values.global.postgresAdminPassword }} + {{- printf "%s" (.Values.global.postgresAdminPassword ) | b64enc }} + {{- else }} + {{- randAlphaNum 32 | b64enc }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/sda-db/templates/secrets.yaml b/charts/sda-db/templates/secrets.yaml index 159211c77..8ada8be82 100644 --- a/charts/sda-db/templates/secrets.yaml +++ b/charts/sda-db/templates/secrets.yaml @@ -3,8 +3,7 @@ kind: Secret metadata: name: {{ template "sda.fullname" . }} data: - pgInPasswd: {{ include "pgInPassword" . | b64enc }} - pgOutPasswd: {{ include "pgOutPassword" . | b64enc }} -{{- if .Values.postgresAdminPassword }} - postgresPassword: {{ .Values.postgresAdminPassword | b64enc }} -{{- end }} + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace (include "sda.fullname" .)) | default dict }} + {{- $secretData := (get $secretObj "data") | default dict }} + {{- $postgresPassword := (get $secretData "postgresPassword") | default (include "adminPass" . ) }} + postgresPassword: {{ $postgresPassword | quote }} diff --git a/charts/sda-db/templates/statefulset.yaml b/charts/sda-db/templates/statefulset.yaml index e3ab1bb79..fd6da055a 100644 --- a/charts/sda-db/templates/statefulset.yaml +++ b/charts/sda-db/templates/statefulset.yaml @@ -77,37 +77,22 @@ spec: resources: {{ toYaml .Values.resources | trim | indent 10 }} env: - - name: DB_LEGA_IN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "sda.fullname" . }} - key: pgInPasswd - - name: DB_LEGA_OUT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "sda.fullname" . }} - key: pgOutPasswd - {{- if .Values.postgresAdminPassword }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ template "sda.fullname" . }} key: postgresPassword - {{- end }} {{- if .Values.global.tls.enabled }} - - name: PG_SERVER_CERT + - name: POSTGRES_SERVER_CERT value: {{ template "pgCert" . }} - - name: PG_SERVER_KEY + - name: POSTGRES_SERVER_KEY value: {{ template "pgKey" . }} {{- if ne "verify-none" .Values.global.tls.verifyPeer }} - - name: PG_CA + - name: POSTGRES_SERVER_CACERT value: {{ template "caCert" . }} - - name: PG_VERIFY_PEER + - name: POSTGRES_VERIFY_PEER value: {{ .Values.global.tls.verifyPeer }} {{- end }} - {{- else }} - - name: NOTLS - value: "true" {{- end }} - name: PGDATA value: {{ template "pgData" }} @@ -118,21 +103,17 @@ spec: livenessProbe: exec: command: - - pg_isready - - -h - - localhost - - -U - - lega_out + - sh + - -c + - PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres -h localhost -Atq -c "SELECT version();" initialDelaySeconds: 30 timeoutSeconds: 5 readinessProbe: exec: command: - - pg_isready - - -h - - localhost - - -U - - lega_out + - sh + - -c + - PGPASSWORD=$POSTGRES_PASSWORD psql -U postgres -h localhost -Atq -c "SELECT version();" initialDelaySeconds: 5 timeoutSeconds: 1 volumeMounts: diff --git a/charts/sda-db/values.yaml b/charts/sda-db/values.yaml index 749bb0a17..7cb1e03e9 100644 --- a/charts/sda-db/values.yaml +++ b/charts/sda-db/values.yaml @@ -1,6 +1,5 @@ global: - pg_in_password: "" - pg_out_password: "" + postgresAdminPassword: "" tls: enabled: true issuer: "" @@ -25,8 +24,8 @@ externalPkiService: extraSecurityContext: {} image: - repository: ghcr.io/neicnordic/sda-db - tag: v2.1.10 + repository: ghcr.io/neicnordic/sensitive-data-archive + tag: v0.0.44-postgres pullPolicy: IfNotPresent # utilize network isolation @@ -61,13 +60,6 @@ persistence: # podAnnotations: | # "key": "value" -# if a port other than the default 5432 is used in the pod set the value here. -# port: 5432 - -# if an admin user is to be created during the first setup, set the password below -# This can only be done during the first setup -# postgresAdminPassword: - # RBAC is assumed to be enabled in the cluster rbacEnabled: true @@ -84,8 +76,9 @@ resources: ## RevisionHistoryLimit is number of old ReplicaSets to retain to allow rollback. # revisionHistory: 3 +## This is only available on clusters running k8s < v1.25.0 securityPolicy: - create: true + create: false service: type: ClusterIP @@ -93,7 +86,6 @@ service: updateStrategyType: RollingUpdate - # secret containing the TLS certificates for the release tester # if no certificate issuer is used testimage: From 21639061af963a397c1322b7aa15212faee473a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Aug 2023 07:43:19 +0000 Subject: [PATCH 29/75] Bump github.com/kataras/iris/v12 from 12.2.0 to 12.2.1 in /sda-auth Bumps [github.com/kataras/iris/v12](https://github.com/kataras/iris) from 12.2.0 to 12.2.1. - [Release notes](https://github.com/kataras/iris/releases) - [Changelog](https://github.com/kataras/iris/blob/master/HISTORY.md) - [Commits](https://github.com/kataras/iris/compare/v12.2.0...v12.2.1) --- updated-dependencies: - dependency-name: github.com/kataras/iris/v12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-auth/go.mod | 18 +++++++++--------- sda-auth/go.sum | 40 +++++++++++++++++++++------------------- 2 files changed, 30 insertions(+), 28 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index 08a461e6b..4c2a0966b 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -7,7 +7,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/uuid v1.3.0 github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f - github.com/kataras/iris/v12 v12.2.0 + github.com/kataras/iris/v12 v12.2.1 github.com/lestrrat/go-jwx v0.9.1 github.com/oauth2-proxy/mockoidc v0.0.0-20220308204021-b9169deeb282 github.com/sirupsen/logrus v1.9.3 @@ -20,7 +20,7 @@ require ( ) require ( - github.com/BurntSushi/toml v1.2.1 // indirect + github.com/BurntSushi/toml v1.3.2 // indirect github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 // indirect github.com/CloudyKit/jet/v6 v6.2.0 // indirect github.com/Joker/jade v1.1.3 // indirect @@ -28,28 +28,28 @@ require ( github.com/andybalholm/brotli v1.0.5 // indirect github.com/aymerick/douceur v0.2.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect - github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 // indirect github.com/fatih/structs v1.1.0 // indirect github.com/flosch/pongo2/v4 v4.0.2 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/golang-jwt/jwt v3.2.2+incompatible // indirect github.com/golang/protobuf v1.5.3 // indirect github.com/golang/snappy v0.0.4 // indirect + github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 // indirect github.com/gorilla/css v1.0.0 // indirect github.com/hashicorp/hcl v1.0.0 // indirect github.com/iris-contrib/schema v0.0.6 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/kataras/blocks v0.0.7 // indirect - github.com/kataras/golog v0.1.8 // indirect - github.com/kataras/pio v0.0.11 // indirect + github.com/kataras/golog v0.1.9 // indirect + github.com/kataras/pio v0.0.12 // indirect github.com/kataras/sitemap v0.0.6 // indirect github.com/kataras/tunnel v0.0.4 // indirect - github.com/klauspost/compress v1.16.3 // indirect + github.com/klauspost/compress v1.16.7 // indirect github.com/lestrrat/go-pdebug v0.0.0-20180220043741-569c97477ae8 // indirect github.com/magiconair/properties v1.8.7 // indirect github.com/mailgun/raymond/v2 v2.0.48 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/microcosm-cc/bluemonday v1.0.23 // indirect + github.com/microcosm-cc/bluemonday v1.0.24 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pkg/errors v0.9.1 // indirect @@ -62,8 +62,8 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.4.2 // indirect - github.com/tdewolff/minify/v2 v2.12.5 // indirect - github.com/tdewolff/parse/v2 v2.6.5 // indirect + github.com/tdewolff/minify/v2 v2.12.7 // indirect + github.com/tdewolff/parse/v2 v2.6.6 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 19c5db275..ef76de95a 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -37,8 +37,8 @@ cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9 cloud.google.com/go/storage v1.14.0/go.mod h1:GrKmX003DSIwi9o29oFT7YDnHYwZoctc3fOKtUw0Xmo= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.2.1 h1:9F2/+DoOYIOksmaJFPw1tGFy1eDnIJXg+UHjuD8lTak= -github.com/BurntSushi/toml v1.2.1/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= +github.com/BurntSushi/toml v1.3.2 h1:o7IhLm0Msx3BaB+n3Ag7L8EVlByGnpq14C4YWiu/gL8= +github.com/BurntSushi/toml v1.3.2/go.mod h1:CxXYINrC8qIiEnFrOxCa7Jy5BFHlXnUU2pbicEuybxQ= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53 h1:sR+/8Yb4slttB4vD+b9btVEnWgL3Q00OBTzVT8B9C0c= github.com/CloudyKit/fastprinter v0.0.0-20200109182630-33d98a066a53/go.mod h1:+3IMCy2vIlbG1XG/0ggNQv0SvxCAIpPM5b1nCz56Xno= @@ -71,8 +71,6 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/djherbis/atime v1.1.0/go.mod h1:28OF6Y8s3NQWwacXc5eZTsEsiMzp7LF8MbXE+XJPdBE= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385 h1:clC1lXBpe2kTj2VHdaIu9ajZQe4kcEY9j0NsnDDBZ3o= -github.com/eknkc/amber v0.0.0-20171010120322-cdade1c07385/go.mod h1:0vRUJqYpeSZifjYj7uP3BG/gKcuzL9xWVV/Y+cK33KM= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -123,6 +121,8 @@ github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY= github.com/golang/snappy v0.0.4 h1:yAGX7huGHXlcLOEtBnF4w7FQwA26wojNCwOYAEhLjQM= github.com/golang/snappy v0.0.4/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q= +github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12 h1:uK3X/2mt4tbSGoHvbLBHUny7CKiuwUip3MArtukol4E= +github.com/gomarkdown/markdown v0.0.0-20230716120725-531d2d74bc12/go.mod h1:JDGcbDT52eL4fju3sZ4TeHGsQwhG9nbDV21aMyhwPoA= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= @@ -178,19 +178,19 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kataras/blocks v0.0.7 h1:cF3RDY/vxnSRezc7vLFlQFTYXG/yAr1o7WImJuZbzC4= github.com/kataras/blocks v0.0.7/go.mod h1:UJIU97CluDo0f+zEjbnbkeMRlvYORtmc1304EeyXf4I= -github.com/kataras/golog v0.1.8 h1:isP8th4PJH2SrbkciKnylaND9xoTtfxv++NB+DF0l9g= -github.com/kataras/golog v0.1.8/go.mod h1:rGPAin4hYROfk1qT9wZP6VY2rsb4zzc37QpdPjdkqVw= -github.com/kataras/iris/v12 v12.2.0 h1:WzDY5nGuW/LgVaFS5BtTkW3crdSKJ/FEgWnxPnIVVLI= -github.com/kataras/iris/v12 v12.2.0/go.mod h1:BLzBpEunc41GbE68OUaQlqX4jzi791mx5HU04uPb90Y= -github.com/kataras/pio v0.0.11 h1:kqreJ5KOEXGMwHAWHDwIl+mjfNCPhAwZPa8gK7MKlyw= -github.com/kataras/pio v0.0.11/go.mod h1:38hH6SWH6m4DKSYmRhlrCJ5WItwWgCVrTNU62XZyUvI= +github.com/kataras/golog v0.1.9 h1:vLvSDpP7kihFGKFAvBSofYo7qZNULYSHOH2D7rPTKJk= +github.com/kataras/golog v0.1.9/go.mod h1:jlpk/bOaYCyqDqH18pgDHdaJab72yBE6i0O3s30hpWY= +github.com/kataras/iris/v12 v12.2.1 h1:KV4XwpkfmtFcsWUIqG1h5X4wXjhwvxvr5QCEk14HF20= +github.com/kataras/iris/v12 v12.2.1/go.mod h1:PIK2JnQFbcugm3EGp997vYHD5ZRpjhNouZj6bRxlEpU= +github.com/kataras/pio v0.0.12 h1:o52SfVYauS3J5X08fNjlGS5arXHjW/ItLkyLcKjoH6w= +github.com/kataras/pio v0.0.12/go.mod h1:ODK/8XBhhQ5WqrAhKy+9lTPS7sBf6O3KcLhc9klfRcY= github.com/kataras/sitemap v0.0.6 h1:w71CRMMKYMJh6LR2wTgnk5hSgjVNB9KL60n5e2KHvLY= github.com/kataras/sitemap v0.0.6/go.mod h1:dW4dOCNs896OR1HmG+dMLdT7JjDk7mYBzoIRwuj5jA4= github.com/kataras/tunnel v0.0.4 h1:sCAqWuJV7nPzGrlb0os3j49lk2JhILT0rID38NHNLpA= github.com/kataras/tunnel v0.0.4/go.mod h1:9FkU4LaeifdMWqZu7o20ojmW4B7hdhv2CMLwfnHGpYw= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.16.3 h1:XuJt9zzcnaz6a16/OU53ZjWp/v7/42WcR5t2a0PcNQY= -github.com/klauspost/compress v1.16.3/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= +github.com/klauspost/compress v1.16.7 h1:2mk3MPGNzKyxErAw8YaohYh69+pa4sIQSC0fPGCFR9I= +github.com/klauspost/compress v1.16.7/go.mod h1:ntbaceVETuRiXiv4DpjP66DpAtAGkEQskQzEyD//IeE= github.com/kr/fs v0.1.0/go.mod h1:FFnZGqtBN9Gxj7eW1uZ42v5BccTP0vu6NEaFoC2HwRg= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= @@ -208,8 +208,8 @@ github.com/mailgun/raymond/v2 v2.0.48/go.mod h1:lsgvL50kgt1ylcFJYZiULi5fjPBkkhNf github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/matryer/try v0.0.0-20161228173917-9ac251b645a2/go.mod h1:0KeJpeMD6o+O4hW7qJOT7vyQPKrWmj26uf5wMc/IiIs= -github.com/microcosm-cc/bluemonday v1.0.23 h1:SMZe2IGa0NuHvnVNAZ+6B38gsTbi5e4sViiWJyDDqFY= -github.com/microcosm-cc/bluemonday v1.0.23/go.mod h1:mN70sk7UkkF8TUr2IGBpNN0jAgStuPzlK76QuruE/z4= +github.com/microcosm-cc/bluemonday v1.0.24 h1:NGQoPtwGVcbGkKfvyYk1yRqknzBuoMiUrO6R7uFTPlw= +github.com/microcosm-cc/bluemonday v1.0.24/go.mod h1:ArQySAMps0790cHSkdPEJ7bGkF2VePWH773hsJNSHf8= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -263,12 +263,13 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/tdewolff/minify/v2 v2.12.5 h1:s2KDBt/D/3ayE3gcqQF8VIgTmYgkx+btuLvVAeePzZM= -github.com/tdewolff/minify/v2 v2.12.5/go.mod h1:i8QXtVyL7Ddwc4I5gqzvgBqKlTMgMNTbiXaPO4Iqg+A= -github.com/tdewolff/parse/v2 v2.6.5 h1:lYvWBk55GkqKl0JJenGpmrgu/cPHQQ6/Mm1hBGswoGQ= -github.com/tdewolff/parse/v2 v2.6.5/go.mod h1:woz0cgbLwFdtbjJu8PIKxhW05KplTFQkOdX78o+Jgrs= -github.com/tdewolff/test v1.0.7 h1:8Vs0142DmPFW/bQeHRP3MV19m1gvndjUb1sn8yy74LM= +github.com/tdewolff/minify/v2 v2.12.7 h1:pBzz2tAfz5VghOXiQIsSta6srhmTeinQPjRDHWoumCA= +github.com/tdewolff/minify/v2 v2.12.7/go.mod h1:ZRKTheiOGyLSK8hOZWWv+YoJAECzDivNgAlVYDHp/Ws= +github.com/tdewolff/parse/v2 v2.6.6 h1:Yld+0CrKUJaCV78DL1G2nk3C9lKrxyRTux5aaK/AkDo= +github.com/tdewolff/parse/v2 v2.6.6/go.mod h1:woz0cgbLwFdtbjJu8PIKxhW05KplTFQkOdX78o+Jgrs= github.com/tdewolff/test v1.0.7/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= +github.com/tdewolff/test v1.0.9 h1:SswqJCmeN4B+9gEAi/5uqT0qpi1y2/2O47V/1hhGZT0= +github.com/tdewolff/test v1.0.9/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= github.com/valyala/bytebufferpool v1.0.0/go.mod h1:6bBcMArwyJ5K/AmCkWv1jt77kVWyCJ6HpOuEn7z0Csc= github.com/vmihailenco/msgpack/v5 v5.3.5 h1:5gO0H1iULLWGhs2H5tbAHIZTV8/cYafcFOr9znI5mJU= @@ -435,6 +436,7 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= From 328085ecb371713e835d2f6568be5918f3f08716 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:25:46 +0000 Subject: [PATCH 30/75] Bump github.com/kataras/iris/v12 from 12.2.1 to 12.2.4 in /sda-auth Bumps [github.com/kataras/iris/v12](https://github.com/kataras/iris) from 12.2.1 to 12.2.4. - [Release notes](https://github.com/kataras/iris/releases) - [Changelog](https://github.com/kataras/iris/blob/master/HISTORY.md) - [Commits](https://github.com/kataras/iris/compare/v12.2.1...v12.2.4) --- updated-dependencies: - dependency-name: github.com/kataras/iris/v12 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-auth/go.mod | 8 ++++---- sda-auth/go.sum | 22 ++++++++-------------- 2 files changed, 12 insertions(+), 18 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index 4c2a0966b..bfd73ccb1 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -7,7 +7,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/uuid v1.3.0 github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f - github.com/kataras/iris/v12 v12.2.1 + github.com/kataras/iris/v12 v12.2.4 github.com/lestrrat/go-jwx v0.9.1 github.com/oauth2-proxy/mockoidc v0.0.0-20220308204021-b9169deeb282 github.com/sirupsen/logrus v1.9.3 @@ -49,7 +49,7 @@ require ( github.com/magiconair/properties v1.8.7 // indirect github.com/mailgun/raymond/v2 v2.0.48 // indirect github.com/mailru/easyjson v0.7.7 // indirect - github.com/microcosm-cc/bluemonday v1.0.24 // indirect + github.com/microcosm-cc/bluemonday v1.0.25 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/pelletier/go-toml/v2 v2.0.8 // indirect github.com/pkg/errors v0.9.1 // indirect @@ -62,8 +62,8 @@ require ( github.com/spf13/jwalterweatherman v1.1.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/subosito/gotenv v1.4.2 // indirect - github.com/tdewolff/minify/v2 v2.12.7 // indirect - github.com/tdewolff/parse/v2 v2.6.6 // indirect + github.com/tdewolff/minify/v2 v2.12.8 // indirect + github.com/tdewolff/parse/v2 v2.6.7 // indirect github.com/valyala/bytebufferpool v1.0.0 // indirect github.com/vmihailenco/msgpack/v5 v5.3.5 // indirect github.com/vmihailenco/tagparser/v2 v2.0.0 // indirect diff --git a/sda-auth/go.sum b/sda-auth/go.sum index ef76de95a..651e699b8 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -56,7 +56,6 @@ github.com/andybalholm/brotli v1.0.5/go.mod h1:fO7iG3H7G2nSZ7m0zPUDn85XEX2GTukHG github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuPk= github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cheekybits/is v0.0.0-20150225183255-68e9c0620927/go.mod h1:h/aW8ynjgkuj+NQRlZcDbAbM1ORAbXjXX77sX7T289U= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -69,8 +68,6 @@ github.com/coreos/go-oidc v2.2.1+incompatible/go.mod h1:CgnwVTmzoESiwO9qyAFEMiHo github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/djherbis/atime v1.1.0/go.mod h1:28OF6Y8s3NQWwacXc5eZTsEsiMzp7LF8MbXE+XJPdBE= -github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -180,8 +177,8 @@ github.com/kataras/blocks v0.0.7 h1:cF3RDY/vxnSRezc7vLFlQFTYXG/yAr1o7WImJuZbzC4= github.com/kataras/blocks v0.0.7/go.mod h1:UJIU97CluDo0f+zEjbnbkeMRlvYORtmc1304EeyXf4I= github.com/kataras/golog v0.1.9 h1:vLvSDpP7kihFGKFAvBSofYo7qZNULYSHOH2D7rPTKJk= github.com/kataras/golog v0.1.9/go.mod h1:jlpk/bOaYCyqDqH18pgDHdaJab72yBE6i0O3s30hpWY= -github.com/kataras/iris/v12 v12.2.1 h1:KV4XwpkfmtFcsWUIqG1h5X4wXjhwvxvr5QCEk14HF20= -github.com/kataras/iris/v12 v12.2.1/go.mod h1:PIK2JnQFbcugm3EGp997vYHD5ZRpjhNouZj6bRxlEpU= +github.com/kataras/iris/v12 v12.2.4 h1:fj5y2usjhnzTPrPsL/94wGaCcirvR/EdshgQgx2lBCo= +github.com/kataras/iris/v12 v12.2.4/go.mod h1:4zzcsafozAKy9SUwSZ7Qx1TVY8NZJVZXk5mgDeksXec= github.com/kataras/pio v0.0.12 h1:o52SfVYauS3J5X08fNjlGS5arXHjW/ItLkyLcKjoH6w= github.com/kataras/pio v0.0.12/go.mod h1:ODK/8XBhhQ5WqrAhKy+9lTPS7sBf6O3KcLhc9klfRcY= github.com/kataras/sitemap v0.0.6 h1:w71CRMMKYMJh6LR2wTgnk5hSgjVNB9KL60n5e2KHvLY= @@ -207,9 +204,8 @@ github.com/mailgun/raymond/v2 v2.0.48 h1:5dmlB680ZkFG2RN/0lvTAghrSxIESeu9/2aeDqA github.com/mailgun/raymond/v2 v2.0.48/go.mod h1:lsgvL50kgt1ylcFJYZiULi5fjPBkkhNfj4KA0W54Z18= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/matryer/try v0.0.0-20161228173917-9ac251b645a2/go.mod h1:0KeJpeMD6o+O4hW7qJOT7vyQPKrWmj26uf5wMc/IiIs= -github.com/microcosm-cc/bluemonday v1.0.24 h1:NGQoPtwGVcbGkKfvyYk1yRqknzBuoMiUrO6R7uFTPlw= -github.com/microcosm-cc/bluemonday v1.0.24/go.mod h1:ArQySAMps0790cHSkdPEJ7bGkF2VePWH773hsJNSHf8= +github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg= +github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= @@ -263,11 +259,10 @@ github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcU github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/subosito/gotenv v1.4.2 h1:X1TuBLAMDFbaTAChgCBLu3DU3UPyELpnF2jjJ2cz/S8= github.com/subosito/gotenv v1.4.2/go.mod h1:ayKnFf/c6rvx/2iiLrJUk1e6plDbT3edrFNGqEflhK0= -github.com/tdewolff/minify/v2 v2.12.7 h1:pBzz2tAfz5VghOXiQIsSta6srhmTeinQPjRDHWoumCA= -github.com/tdewolff/minify/v2 v2.12.7/go.mod h1:ZRKTheiOGyLSK8hOZWWv+YoJAECzDivNgAlVYDHp/Ws= -github.com/tdewolff/parse/v2 v2.6.6 h1:Yld+0CrKUJaCV78DL1G2nk3C9lKrxyRTux5aaK/AkDo= -github.com/tdewolff/parse/v2 v2.6.6/go.mod h1:woz0cgbLwFdtbjJu8PIKxhW05KplTFQkOdX78o+Jgrs= -github.com/tdewolff/test v1.0.7/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= +github.com/tdewolff/minify/v2 v2.12.8 h1:Q2BqOTmlMjoutkuD/OPCnJUpIqrzT3nRPkw+q+KpXS0= +github.com/tdewolff/minify/v2 v2.12.8/go.mod h1:YRgk7CC21LZnbuke2fmYnCTq+zhCgpb0yJACOTUNJ1E= +github.com/tdewolff/parse/v2 v2.6.7 h1:WrFllrqmzAcrKHzoYgMupqgUBIfBVOb0yscFzDf8bBg= +github.com/tdewolff/parse/v2 v2.6.7/go.mod h1:XHDhaU6IBgsryfdnpzUXBlT6leW/l25yrFBTEb4eIyM= github.com/tdewolff/test v1.0.9 h1:SswqJCmeN4B+9gEAi/5uqT0qpi1y2/2O47V/1hhGZT0= github.com/tdewolff/test v1.0.9/go.mod h1:6DAvZliBAAnD7rhVgwaM7DE5/d9NMOAJ09SqYqeK4QE= github.com/valyala/bytebufferpool v1.0.0 h1:GqA5TC/0021Y/b9FG4Oi9Mr3q7XYx6KllzawFIhcdPw= @@ -436,7 +431,6 @@ golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20211019181941-9d821ace8654/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= From 7ef8090eab5d598356634a2a9cce33745d64735c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 19:40:39 +0000 Subject: [PATCH 31/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.523 to 1.12.528. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.523...1.12.528) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index a53eedbbf..2d4569d6f 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.523 + 1.12.528 com.google.guava From 9e3d3bf5d78ea97c4c6a07c7f5025cd9a1ddd8e0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 20:01:33 +0000 Subject: [PATCH 32/75] Bump github.com/pkg/sftp from 1.13.5 to 1.13.6 in /sda-pipeline Bumps [github.com/pkg/sftp](https://github.com/pkg/sftp) from 1.13.5 to 1.13.6. - [Release notes](https://github.com/pkg/sftp/releases) - [Commits](https://github.com/pkg/sftp/compare/v1.13.5...v1.13.6) --- updated-dependencies: - dependency-name: github.com/pkg/sftp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index bae7e57d8..cd1995765 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -12,7 +12,7 @@ require ( github.com/mocktools/go-smtp-mock v1.10.0 github.com/neicnordic/crypt4gh v1.7.6 github.com/pkg/errors v0.9.1 - github.com/pkg/sftp v1.13.5 + github.com/pkg/sftp v1.13.6 github.com/rabbitmq/amqp091-go v1.8.1 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index e5a7edea8..ccd617b0d 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -172,8 +172,8 @@ github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNc github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/sftp v1.13.1/go.mod h1:3HaPG6Dq1ILlpPZRO0HVMrsydcdLt6HRDccSgb87qRg= -github.com/pkg/sftp v1.13.5 h1:a3RLUqkyjYRtBTZJZ1VRrKbN3zhuPLlUc3sphVz81go= -github.com/pkg/sftp v1.13.5/go.mod h1:wHDZ0IZX6JcBYRK1TH9bcVq8G7TLpVHYIGJRFnmPfxg= +github.com/pkg/sftp v1.13.6 h1:JFZT4XbOU7l77xGSpOdW+pwIMqP044IyjXX6FGyEKFo= +github.com/pkg/sftp v1.13.6/go.mod h1:tz1ryNURKu77RL+GuCzmoJYxQczL3wLNNpPWagdg4Qk= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -243,9 +243,9 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm1hfPfRQxPLYneinmdGuTeoZ9dtd4= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220826181053-bd7e27e6170d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.1.0/go.mod h1:RecgLatLF4+eUMCP1PoPZQb+cVrJcOPbHkTkbkB9sbw= golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -373,7 +373,6 @@ golang.org/x/sys v0.0.0-20210225134936-a50acf3fe073/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423185535-09eb48e85fd7/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= From 00a32b1d3c179a7adda7efa98f156239158b09bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 20:01:43 +0000 Subject: [PATCH 33/75] Bump github.com/aws/aws-sdk-go in /sda-pipeline Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.318 to 1.44.323. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.318...v1.44.323) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index bae7e57d8..567b2a041 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.318 + github.com/aws/aws-sdk-go v1.44.323 github.com/gliderlabs/ssh v0.3.5 github.com/google/uuid v1.3.0 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index e5a7edea8..2824d8f67 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -45,8 +45,8 @@ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.318 h1:Yl66rpbQHFUbxe9JBKLcvOvRivhVgP6+zH0b9KzARX8= -github.com/aws/aws-sdk-go v1.44.318/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.323 h1:97/dn93DWrN1VfhAWQ2tV+xuE6oO/LO9rSsEsuC4PLU= +github.com/aws/aws-sdk-go v1.44.323/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= From b20f43e5673ebe5383ec7ac5498b11f2a624cb4f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Aug 2023 20:14:30 +0000 Subject: [PATCH 34/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.318 to 1.44.323. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.318...v1.44.323) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 968b49225..5806420ae 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.318 + github.com/aws/aws-sdk-go v1.44.323 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.0 diff --git a/sda-download/go.sum b/sda-download/go.sum index 48b795088..1fb5a16bf 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.318 h1:Yl66rpbQHFUbxe9JBKLcvOvRivhVgP6+zH0b9KzARX8= -github.com/aws/aws-sdk-go v1.44.318/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.323 h1:97/dn93DWrN1VfhAWQ2tV+xuE6oO/LO9rSsEsuC4PLU= +github.com/aws/aws-sdk-go v1.44.323/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From 5d317960cb857b474482bfc46ca88fabeecf698b Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 21 Aug 2023 15:40:47 +0200 Subject: [PATCH 35/75] Add dataset event log Since datasets now can have events similar to the files, registered, released and deprecated. --- .../tests/postgres/60_mapper_queries.sh | 33 ++++++++++++++--- postgresql/initdb.d/01_main.sql | 26 +++++++++++++- postgresql/initdb.d/04_grants.sql | 5 +-- postgresql/migratedb.d/09.sql | 36 +++++++++++++++++++ 4 files changed, 93 insertions(+), 7 deletions(-) create mode 100644 postgresql/migratedb.d/09.sql diff --git a/.github/integration/tests/postgres/60_mapper_queries.sh b/.github/integration/tests/postgres/60_mapper_queries.sh index 68732807b..cb651ac56 100644 --- a/.github/integration/tests/postgres/60_mapper_queries.sh +++ b/.github/integration/tests/postgres/60_mapper_queries.sh @@ -6,14 +6,39 @@ export PGPASSWORD=mapper ## map file to dataset accession="urn:uuid:7964e232-8830-4351-8adb-e4ebb71fafed" dataset="urn:neic:ci-test-dataset" -file_id=$(psql -U mapper -h postgres -d sda -At -c "SELECT file_id from local_ega.archive_files WHERE stable_id = '$accession';") -if [ "$file_id" -ne 1 ]; then + +file_id=$(psql -U mapper -h postgres -d sda -At -c "SELECT id FROM sda.files WHERE stable_id = '$accession';") +if [ -z "$file_id" ]; then echo "get file_id failed" exit 1 fi -resp=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO local_ega_ebi.filedataset (file_id, dataset_stable_id) VALUES ('$file_id', '$dataset') ON CONFLICT DO NOTHING;") +dataset_id=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO sda.datasets (stable_id) VALUES ('$dataset') ON CONFLICT DO NOTHING;") +if [ "$dataset_id" != "INSERT 0 1" ]; then + echo "insert dataset failed" + exit 1 +fi + +resp=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO sda.file_dataset (file_id, dataset_id) SELECT '$file_id', id FROM sda.datasets WHERE stable_id = '$dataset' ON CONFLICT DO NOTHING;") if [ "$resp" != "INSERT 0 1" ]; then - echo "map to dataset failed" + echo "map file to dataset failed" + exit 1 +fi + +register=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('$dataset', 'registered', '{\"type\": \"mapping\"}');") +if [ "$register" != "INSERT 0 1" ]; then + echo "update dataset event failed" + exit 1 +fi + +release=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('$dataset', 'released', '{\"type\": \"release\"}');") +if [ "$release" != "INSERT 0 1" ]; then + echo "update dataset event failed" + exit 1 +fi + +deprecate=$(psql -U mapper -h postgres -d sda -At -c "INSERT INTO sda.dataset_event_log(dataset_id, event, message) VALUES('$dataset', 'deprecated', '{\"type\": \"deprecate\"}');") +if [ "$deprecate" != "INSERT 0 1" ]; then + echo "update dataset event failed" exit 1 fi \ No newline at end of file diff --git a/postgresql/initdb.d/01_main.sql b/postgresql/initdb.d/01_main.sql index c13ddff8f..829724924 100644 --- a/postgresql/initdb.d/01_main.sql +++ b/postgresql/initdb.d/01_main.sql @@ -22,7 +22,8 @@ VALUES (0, now(), 'Created with version'), (5, now(), 'Add field for correlation ids'), (6, now(), 'Add created_at field to datasets'), (7, now(), 'Add permissions to mapper to files'), - (8, now(), 'Add ingestion functions'); + (8, now(), 'Add ingestion functions'), + (9, now(), 'Add dataset event log'); -- Datasets are used to group files, and permissions are set on the dataset -- level @@ -140,3 +141,26 @@ CREATE TABLE file_event_log ( success BOOLEAN, error TEXT ); + +-- This table is used to define events for dataset event logging. +CREATE TABLE dataset_events ( + id SERIAL PRIMARY KEY, + title VARCHAR(64) UNIQUE, -- short name of the action + description TEXT +); + +-- These are the default dataset events to log. +INSERT INTO dataset_events(id,title,description) +VALUES (10, 'registered', 'A dataset has been registered'), + (20, 'released' , 'The dataset is released on this date'), + (30, 'deprecated', 'The dataset is deprecated on this date'); + + +-- Keeps track of all events for the datasets, with timestamps. +CREATE TABLE dataset_event_log ( + id SERIAL PRIMARY KEY, + dataset_id TEXT REFERENCES datasets(stable_id), + event TEXT REFERENCES dataset_events(title), + message JSONB, -- The rabbitMQ message that initiated the dataset event + event_date TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT clock_timestamp() +); diff --git a/postgresql/initdb.d/04_grants.sql b/postgresql/initdb.d/04_grants.sql index 58d3f08e1..4fa3c7f2b 100644 --- a/postgresql/initdb.d/04_grants.sql +++ b/postgresql/initdb.d/04_grants.sql @@ -101,14 +101,15 @@ GRANT USAGE, SELECT ON SEQUENCE sda.datasets_id_seq TO mapper; GRANT SELECT ON sda.files TO mapper; GRANT INSERT ON sda.file_event_log TO mapper; GRANT INSERT ON sda.file_dataset TO mapper; -GRANT SELECT ON local_ega.main_to_files TO mapper; +GRANT INSERT ON sda.dataset_event_log TO mapper; GRANT USAGE, SELECT ON SEQUENCE sda.file_dataset_id_seq TO mapper; GRANT USAGE, SELECT ON SEQUENCE sda.file_event_log_id_seq TO mapper; +GRANT USAGE, SELECT ON SEQUENCE sda.dataset_event_log_id_seq TO mapper; -- legacy schema GRANT USAGE ON SCHEMA local_ega TO mapper; GRANT USAGE ON SCHEMA local_ega_ebi TO mapper; - +GRANT SELECT ON local_ega.main_to_files TO mapper; GRANT SELECT ON local_ega.archive_files TO mapper; GRANT INSERT ON local_ega_ebi.filedataset TO mapper; GRANT UPDATE ON local_ega.files TO mapper; diff --git a/postgresql/migratedb.d/09.sql b/postgresql/migratedb.d/09.sql new file mode 100644 index 000000000..9a91be441 --- /dev/null +++ b/postgresql/migratedb.d/09.sql @@ -0,0 +1,36 @@ +DO +$$ +DECLARE +-- The version we know how to do migration from, at the end of a successful migration +-- we will no longer be at this version. + sourcever INTEGER := 8; + changes VARCHAR := 'Add dataset event log'; +BEGIN + IF (select max(version) from sda.dbschema_version) = sourcever then + RAISE NOTICE 'Doing migration from schema version % to %', sourcever, sourcever+1; + RAISE NOTICE 'Changes: %', changes; + INSERT INTO sda.dbschema_version VALUES(sourcever+1, now(), changes); + + CREATE TABLE dataset_events ( + id SERIAL PRIMARY KEY, + title VARCHAR(64) UNIQUE, -- short name of the action + description TEXT + ); + + INSERT INTO dataset_events(id,title,description) + VALUES (10, 'registered', 'A dataset has been registered'), + (20, 'released' , 'The dataset is released on this date'), + (30, 'deprecated', 'The dataset is deprecated on this date'); + + CREATE TABLE dataset_event_log ( + id SERIAL PRIMARY KEY, + dataset_id TEXT REFERENCES datasets(stable_id), + event TEXT REFERENCES dataset_events(title), + message JSONB, -- The rabbitMQ message that initiated the dataset event + event_date TIMESTAMP WITH TIME ZONE NOT NULL DEFAULT clock_timestamp() + ); + ELSE + RAISE NOTICE 'Schema migration from % to % does not apply now, skipping', sourcever, sourcever+1; + END IF; +END +$$ From d175498c1758271605f67514455f8b7df4499cf7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 19:07:56 +0000 Subject: [PATCH 36/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.323 to 1.44.328. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.323...v1.44.328) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 5806420ae..e1ceaefc2 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.323 + github.com/aws/aws-sdk-go v1.44.328 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.0 diff --git a/sda-download/go.sum b/sda-download/go.sum index 1fb5a16bf..8e8f3b609 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.323 h1:97/dn93DWrN1VfhAWQ2tV+xuE6oO/LO9rSsEsuC4PLU= -github.com/aws/aws-sdk-go v1.44.323/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.328 h1:WBwlf8ym9SDQ/GTIBO9eXyvwappKJyOetWJKl4mT7ZU= +github.com/aws/aws-sdk-go v1.44.328/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From 2a30f6d5b6851d5a8f0e4271c2099c39362cc88f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 19:08:05 +0000 Subject: [PATCH 37/75] Bump github.com/google/uuid from 1.3.0 to 1.3.1 in /sda-download Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 5806420ae..98bce94f7 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -7,7 +7,7 @@ require ( github.com/aws/aws-sdk-go v1.44.323 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 - github.com/google/uuid v1.3.0 + github.com/google/uuid v1.3.1 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 github.com/lestrrat-go/jwx v1.2.25 github.com/lib/pq v1.10.9 diff --git a/sda-download/go.sum b/sda-download/go.sum index 1fb5a16bf..b0ff75679 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -161,8 +161,8 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= From 1c0d7f0bf2b428ff2e21717e404483ea04ed3610 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 19:14:19 +0000 Subject: [PATCH 38/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.528 to 1.12.533. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.528...1.12.533) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 2d4569d6f..df05d899f 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.528 + 1.12.533 com.google.guava From c791a19989b95d29810a4ab01e4c3143935d0ab7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 21 Aug 2023 19:34:02 +0000 Subject: [PATCH 39/75] Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 3.6.0 to 3.7.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/v3.6.0...v3.7.0) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/code-linter.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-linter.yaml b/.github/workflows/code-linter.yaml index 2f7e1fa91..fd2d2e452 100644 --- a/.github/workflows/code-linter.yaml +++ b/.github/workflows/code-linter.yaml @@ -25,7 +25,7 @@ jobs: uses: actions/checkout@v3 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.6.0 + uses: golangci/golangci-lint-action@v3.7.0 with: args: -E bodyclose,gocritic,gofmt,gosec,govet,nestif,nlreturn,revive,rowserrcheck --timeout 5m working-directory: sda-auth @@ -48,7 +48,7 @@ jobs: uses: actions/checkout@v3 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.6.0 + uses: golangci/golangci-lint-action@v3.7.0 with: args: -E bodyclose,gocritic,gofmt,gosec,govet,nestif,nlreturn,revive,rowserrcheck -e G401,G501,G107 --timeout 5m working-directory: sda-download @@ -71,7 +71,7 @@ jobs: uses: actions/checkout@v3 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.6.0 + uses: golangci/golangci-lint-action@v3.7.0 with: args: -E bodyclose,gocritic,gofmt,gosec,govet,nestif,nlreturn,rowserrcheck --timeout 5m working-directory: sda-pipeline @@ -94,7 +94,7 @@ jobs: uses: actions/checkout@v3 - name: Run golangci-lint - uses: golangci/golangci-lint-action@v3.6.0 + uses: golangci/golangci-lint-action@v3.7.0 with: args: -E bodyclose,gocritic,gofmt,gosec,govet,nestif,nlreturn,rowserrcheck --timeout 5m working-directory: sda \ No newline at end of file From cae5169bedd7c67a9f5985143be5a18608b53c3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Aug 2023 05:04:19 +0000 Subject: [PATCH 40/75] Bump github.com/google/uuid from 1.3.0 to 1.3.1 in /sda-pipeline Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.3.0 to 1.3.1. - [Release notes](https://github.com/google/uuid/releases) - [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md) - [Commits](https://github.com/google/uuid/compare/v1.3.0...v1.3.1) --- updated-dependencies: - dependency-name: github.com/google/uuid dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index b607e36e6..47d0a2bd6 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -6,7 +6,7 @@ require ( github.com/DATA-DOG/go-sqlmock v1.5.0 github.com/aws/aws-sdk-go v1.44.323 github.com/gliderlabs/ssh v0.3.5 - github.com/google/uuid v1.3.0 + github.com/google/uuid v1.3.1 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 github.com/lib/pq v1.10.9 github.com/mocktools/go-smtp-mock v1.10.0 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index e52a2a085..2d7f2afef 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -127,8 +127,8 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= From ef9ea050117512aad707f2633cb31d36507b2b6a Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 22 Aug 2023 07:45:49 +0200 Subject: [PATCH 41/75] Reword event comment --- postgresql/initdb.d/01_main.sql | 2 +- postgresql/migratedb.d/09.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/postgresql/initdb.d/01_main.sql b/postgresql/initdb.d/01_main.sql index 829724924..0be9b0eab 100644 --- a/postgresql/initdb.d/01_main.sql +++ b/postgresql/initdb.d/01_main.sql @@ -151,7 +151,7 @@ CREATE TABLE dataset_events ( -- These are the default dataset events to log. INSERT INTO dataset_events(id,title,description) -VALUES (10, 'registered', 'A dataset has been registered'), +VALUES (10, 'registered', 'Register a dataset to recieve file accession IDs mappings.'), (20, 'released' , 'The dataset is released on this date'), (30, 'deprecated', 'The dataset is deprecated on this date'); diff --git a/postgresql/migratedb.d/09.sql b/postgresql/migratedb.d/09.sql index 9a91be441..20e59d5d3 100644 --- a/postgresql/migratedb.d/09.sql +++ b/postgresql/migratedb.d/09.sql @@ -18,7 +18,7 @@ BEGIN ); INSERT INTO dataset_events(id,title,description) - VALUES (10, 'registered', 'A dataset has been registered'), + VALUES (10, 'registered', 'Register a dataset to recieve file accession IDs mappings.'), (20, 'released' , 'The dataset is released on this date'), (30, 'deprecated', 'The dataset is deprecated on this date'); From dd09c2fb6b464e5b884236e2d17ffd33bafe4410 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Aug 2023 05:57:28 +0000 Subject: [PATCH 42/75] Bump github.com/aws/aws-sdk-go in /sda-pipeline Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.323 to 1.44.328. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.323...v1.44.328) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-pipeline/go.mod | 2 +- sda-pipeline/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-pipeline/go.mod b/sda-pipeline/go.mod index 47d0a2bd6..fdfd37078 100644 --- a/sda-pipeline/go.mod +++ b/sda-pipeline/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.323 + github.com/aws/aws-sdk-go v1.44.328 github.com/gliderlabs/ssh v0.3.5 github.com/google/uuid v1.3.1 github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 diff --git a/sda-pipeline/go.sum b/sda-pipeline/go.sum index 2d7f2afef..d5a38c3b6 100644 --- a/sda-pipeline/go.sum +++ b/sda-pipeline/go.sum @@ -45,8 +45,8 @@ github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.323 h1:97/dn93DWrN1VfhAWQ2tV+xuE6oO/LO9rSsEsuC4PLU= -github.com/aws/aws-sdk-go v1.44.323/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.328 h1:WBwlf8ym9SDQ/GTIBO9eXyvwappKJyOetWJKl4mT7ZU= +github.com/aws/aws-sdk-go v1.44.328/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= From dfbc5b8bbb7f9e49e6b6e1b60574631ab0e72133 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 20 Jun 2023 17:31:36 +0200 Subject: [PATCH 43/75] Update sda-mq Version bumped to 0.5.0 Uses image from this repository --- charts/sda-mq/Chart.yaml | 2 +- charts/sda-mq/README.md | 30 +++++++++--------------- charts/sda-mq/templates/_helpers.tpl | 8 +++++++ charts/sda-mq/templates/secrets.yaml | 5 +++- charts/sda-mq/templates/statefulset.yaml | 19 +++++++-------- charts/sda-mq/values.yaml | 18 +++++++------- 6 files changed, 41 insertions(+), 41 deletions(-) diff --git a/charts/sda-mq/Chart.yaml b/charts/sda-mq/Chart.yaml index a1b80b3cf..0031e9cf8 100644 --- a/charts/sda-mq/Chart.yaml +++ b/charts/sda-mq/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: sda-mq -version: "0.4.6" +version: "0.5.0" description: RabbitMQ component for Sensitive Data Archive (SDA) installation home: https://neic-sda.readthedocs.io icon: https://neic.no/assets/images/logo.png diff --git a/charts/sda-mq/README.md b/charts/sda-mq/README.md index f539e9d83..bc6f0dbbc 100644 --- a/charts/sda-mq/README.md +++ b/charts/sda-mq/README.md @@ -1,6 +1,6 @@ # SDA Message broker -Source repository: [https://github.com/neicnordic/sda-mq](https://github.com/neicnordic/sda-mq) +Source repository: [https://github.com/neicnordic/sensitive-data-archive](https://github.com/neicnordic/sensitive-data-archive) ## Installing the Chart @@ -8,11 +8,11 @@ Edit the values.yaml file and specify the relevant parts of the `config` section Parameter | Description | Default --------- | ----------- | ------- -`image.repository` | sda-mq container image repository | `ghcr.io/neicnordic/sda-mq` -`image.tag` | sda-mq container image version | `v1.3.0` +`image.repository` | sda-mq container image repository | `ghcr.io/neicnordic/sensitive-data-archive` +`image.tag` | sda-mq container image version | `` `image.pullPolicy` | sda-mq container image pull policy | `Always` -`global.adminUser` | Username of admin user |`""` -`global.adminPasswordHash` | Passwordhash for admin user. |`""` +`global.adminUser` | Username of admin user |`admin` +`global.adminPassword` | Password for admin user. |`Random if unset` `global.tls.enabled` | Use TLS for all connections. |`true` `global.tls.issuer` | Issuer for TLS certificate creation. |`""` `global.tls.clusterIssuer` | ClusterIssuer for TLS certificate creation. |`""` @@ -21,7 +21,7 @@ Parameter | Description | Default `global.tls.serverCert` | Name of the certificate file. |`""` `global.tls.caCert` | Name of the CA file. |`""` `global.tls.verifyPeer` | Require client certificates. |`true` -`global.vhost` | default vhost is '/' unless specifically named |`""` +`global.vhost` | default vhost is 'sda' unless specifically named |`""` `global.shovel.host` | Hostname of federated server |`""` `global.shovel.pass` | Password to federated server |`""` `global.shovel.port` | Port that federated server listens on |`5671` @@ -33,7 +33,7 @@ Parameter | Description | Default `updateStrategyType` | Update strategy type. | `RollingUpdate` `networkPolicy.create` | Use network isolation. | `false` `networkPolicy.matchLabels` | App labels that are allowed to connect to the Message broker. | `app: sda-svc` -`securityPolicy.create` | Use pod security policy. | `true` +`securityPolicy.create` | Use pod security policy. | `false` `persistence.enabled` | Enable persistence. | `true` `persistence.storageSize` | Volume size. | `8Gi` `persistence.storageClass` | Use specific storage class, by default dynamic provisioning enabled. | `null` @@ -41,10 +41,10 @@ Parameter | Description | Default `persistence.volumePermissions` | Change the owner of the persist volume mountpoint to `RunAsUser:fsGroup`. | `true` `service.type` | Message broker service type. |`ClusterIP` `service.port` | Message broker service port. |`5671` -`resources.requests.memory` | Memory request for container. |`128Mi` -`resources.requests.cpu` | CPU request for container. |`100m` -`resources.limits.memory` | Memory limit for container. |`256Mi` -`resources.limits.cpu` | CPU limit for container. |`200m` +`resources.requests.memory` | Memory request for container. |`1Gi` +`resources.requests.cpu` | CPU request for container. |`1` +`resources.limits.memory` | Memory limit for container. |`2Gi` +`resources.limits.cpu` | CPU limit for container. |`2` `testimage.tls.secretName` | Name of the testers secret that holds the certificates. |`""` `testimage.tls.serverKey` | Name of the testers certificate private key file. |`""` `testimage.tls.serverCert` | Name of testers the certificate file. |`""` @@ -71,11 +71,3 @@ kubectl create secret generic tester-certs \ --from-file=tls.crt\ --from-file=tls.key ``` - -## Password hash - -To create a password hash for the admin user run the followin command: - -```cmd -sh ../dev_tools/scripts/mq-password-generator.sh ADMIN_PASSWORD -``` diff --git a/charts/sda-mq/templates/_helpers.tpl b/charts/sda-mq/templates/_helpers.tpl index dbc94bd05..35b449db1 100644 --- a/charts/sda-mq/templates/_helpers.tpl +++ b/charts/sda-mq/templates/_helpers.tpl @@ -99,3 +99,11 @@ Create chart name and version as used by the chart label. {{- end -}} {{- end -}} {{- end -}} + +{{- define "adminPass" -}} + {{- if .Values.global.adminPassword }} + {{- printf "%s" (.Values.global.adminPassword ) | b64enc }} + {{- else }} + {{- randAlphaNum 32 | b64enc }} + {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/sda-mq/templates/secrets.yaml b/charts/sda-mq/templates/secrets.yaml index a1d8bac23..193d1abab 100644 --- a/charts/sda-mq/templates/secrets.yaml +++ b/charts/sda-mq/templates/secrets.yaml @@ -3,7 +3,10 @@ kind: Secret metadata: name: {{ template "sda.fullname" . }} data: - password_hash: {{ (required "A valid MQ password hash is required" .Values.global.adminPasswordHash) | quote | trimall "\"" | b64enc }} + {{- $secretObj := (lookup "v1" "Secret" .Release.Namespace (include "sda.fullname" .)) | default dict }} + {{- $secretData := (get $secretObj "data") | default dict }} + {{- $adminPassword := (get $secretData "password") | default (include "adminPass" . ) }} + password: {{ $adminPassword | quote }} {{- if and .Values.global.shovel.host (and .Values.global.shovel.user .Values.global.shovel.pass) }} shovel_connection: {{ printf "amqps://%s:%s@%s:%s/%s?server_name_indication=%s" .Values.global.shovel.user .Values.global.shovel.pass (required "A valid MQ shovel host is required" .Values.global.shovel.host) ( .Values.global.shovel.port | quote | trimall "\"" ) .Values.global.shovel.vhost .Values.global.shovel.host | quote | trimall "\"" | b64enc }} {{- end }} diff --git a/charts/sda-mq/templates/statefulset.yaml b/charts/sda-mq/templates/statefulset.yaml index 1a97065f1..b9b1352d5 100644 --- a/charts/sda-mq/templates/statefulset.yaml +++ b/charts/sda-mq/templates/statefulset.yaml @@ -65,13 +65,13 @@ spec: resources: {{ toYaml .Values.resources | trim | indent 10 }} env: - - name: MQ_USER - value: {{ required "The admin username is required" .Values.global.adminUser | quote }} - - name: MQ_PASSWORD_HASH + - name: RABBITMQ_DEFAULT_USER + value: {{ .Values.global.adminUser | default "admin" }} + - name: RABBITMQ_DEFAULT_PASS valueFrom: secretKeyRef: name: {{ template "sda.fullname" . }} - key: password_hash + key: password {{- if and .Values.global.shovel.host (and .Values.global.shovel.user .Values.global.shovel.pass) }} - name: CEGA_CONNECTION valueFrom: @@ -90,16 +90,13 @@ spec: - name: MQ_VERIFY value: {{ template "verifyPeer" . }} {{- end }} - {{- else }} - - name: NOTLS - value: "true" {{- end }} {{- if .Values.global.vhost }} - name: MQ_VHOST value: {{ .Values.global.vhost | quote }} {{- end }} ports: - - containerPort: 15672 + - containerPort: {{ ternary 15671 15672 (.Values.global.tls.enabled )}} name: management protocol: TCP - containerPort: {{ ternary 5671 5672 (.Values.global.tls.enabled )}} @@ -111,8 +108,8 @@ spec: - -ec - rabbitmq-diagnostics -q ping initialDelaySeconds: 20 - periodSeconds: 5 - timeoutSeconds: 5 + periodSeconds: 10 + timeoutSeconds: 3 readinessProbe: exec: command: @@ -121,7 +118,7 @@ spec: - rabbitmq-diagnostics -q check_running && rabbitmq-diagnostics -q check_local_alarms initialDelaySeconds: 30 periodSeconds: 10 - timeoutSeconds: 10 + timeoutSeconds: 3 volumeMounts: - name: data mountPath: "/var/lib/rabbitmq/" diff --git a/charts/sda-mq/values.yaml b/charts/sda-mq/values.yaml index 305aa62c8..a93af6800 100644 --- a/charts/sda-mq/values.yaml +++ b/charts/sda-mq/values.yaml @@ -1,6 +1,6 @@ global: adminUser: - adminPasswordHash: + adminPassword: tls: enabled: true issuer: "" @@ -10,7 +10,6 @@ global: keyName: tls.key caCert: ca.crt verifyPeer: true -# if a different vhost than the default `/` is to be used vhost: "" # Upstream shovel recipient @@ -34,8 +33,8 @@ externalPkiService: extraSecurityContext: {} image: - repository: ghcr.io/neicnordic/sda-mq - tag: v1.4.38 + repository: ghcr.io/neicnordic/sensitive-data-archive + tag: v0.0.44-rabbitmq pullPolicy: Always # utilize network isolation @@ -56,7 +55,7 @@ networkPolicy: ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. persistence: - enabled: false + enabled: true storageSize: 8Gi storageClass: null existingClaim: null @@ -74,19 +73,20 @@ rbacEnabled: true resources: requests: - memory: "128Mi" - cpu: "100m" - limits: memory: "1Gi" cpu: "1" + limits: + memory: "2Gi" + cpu: "2" ## RevisionHistory ## If defined, set the revisionHistoryLimit of the deployment, defaults to 3 ## RevisionHistoryLimit is number of old ReplicaSets to retain to allow rollback. # revisionHistory: 3 +## This is only available on clusters running k8s < v1.25.0 securityPolicy: - create: true + create: false service: type: ClusterIP From b4631c29973b47f337cd57e8a6ddcc099d4d30f5 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Wed, 28 Jun 2023 14:51:24 +0200 Subject: [PATCH 44/75] Update sda-svc --- charts/sda-svc/Chart.yaml | 4 +- charts/sda-svc/README.md | 53 +++++----------- charts/sda-svc/templates/_helpers.yaml | 36 +++++------ .../sda-svc/templates/auth-certificate.yaml | 2 + charts/sda-svc/templates/auth-deploy.yaml | 18 +++--- charts/sda-svc/templates/auth-secrets.yaml | 4 +- .../sda-svc/templates/backup-certificate.yaml | 2 + charts/sda-svc/templates/backup-deploy.yaml | 4 +- charts/sda-svc/templates/doa-deploy.yaml | 14 ++--- .../templates/download-certificate.yaml | 2 + charts/sda-svc/templates/download-deploy.yaml | 16 ++++- .../templates/finalize-certificate.yaml | 2 + charts/sda-svc/templates/finalize-deploy.yaml | 6 +- .../sda-svc/templates/inbox-certificate.yaml | 2 + .../sda-svc/templates/ingest-certificate.yaml | 2 + charts/sda-svc/templates/ingest-deploy.yaml | 4 +- .../templates/intercept-certificate.yaml | 2 + .../sda-svc/templates/intercept-deploy.yaml | 4 +- .../sda-svc/templates/mapper-certificate.yaml | 2 + charts/sda-svc/templates/mapper-deploy.yaml | 38 +++++++++++- charts/sda-svc/templates/s3-inbox-deploy.yaml | 7 ++- charts/sda-svc/templates/serviceaccount.yaml | 1 + .../sda-svc/templates/sftp-inbox-deploy.yaml | 4 +- .../sda-svc/templates/verify-certificate.yaml | 2 + charts/sda-svc/templates/verify-deploy.yaml | 4 +- charts/sda-svc/test/release-test.sh | 8 +-- charts/sda-svc/values.yaml | 61 ++++++------------- 27 files changed, 159 insertions(+), 145 deletions(-) diff --git a/charts/sda-svc/Chart.yaml b/charts/sda-svc/Chart.yaml index ab408cf04..d84ff4220 100644 --- a/charts/sda-svc/Chart.yaml +++ b/charts/sda-svc/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 name: sda-svc -version: "0.18.9" +version: "0.20.0" kubeVersion: ">= 1.19.0-0" description: Components for Sensitive Data Archive (SDA) installation home: https://neic-sda.readthedocs.io icon: https://neic.no/assets/images/logo.png sources: -- https://github.com/neicnordic/sda-helm +- https://github.com/neicnordic/sensitive-data-archive diff --git a/charts/sda-svc/README.md b/charts/sda-svc/README.md index ed10fd400..73866f682 100644 --- a/charts/sda-svc/README.md +++ b/charts/sda-svc/README.md @@ -2,9 +2,8 @@ Source repositories: -- [https://github.com/neicnordic/sda-pipeline](https://github.com/neicnordic/sda-pipeline) +- [https://github.com/neicnordic/sensitive-data-archive](https://github.com/neicnordic/sensitive-data-archive) - [https://github.com/neicnordic/sda-doa](https://github.com/neicnordic/sda-doa) -- [https://github.com/neicnordic/sda-download](https://github.com/neicnordic/sda-download) ## Installing the Chart @@ -17,6 +16,9 @@ The following table lists the configurable parameters of the `sda-svc` chart and Parameter | Description | Default --------- | ----------- | ------- +`global.repository` | Repository URI | `ghcr.io/neicnordic/sensitive-data-archive` +`global.imageTag` | Tag version to deploy | `` +`global.imagePullPolicy` | Image pull policy, `Always` or `IfNotPresent` | `Always` `global.secretsPath` | Path where the sensitive files can be found | `/.secrets` `global.c4ghPath` | This path will be a subpath to the secretsPath | `c4gh` `global.tlsPath` | This path will be a subpath to the secretsPath | `tls` @@ -120,10 +122,12 @@ Parameter | Description | Default `global.download.trusted.configPath` | Path to the ISS config file | `$secrets/iss` `global.download.trusted.configFile` | Name of ISS config file | `iss.json` `global.download.trusted.iss` | Array of trusted OIDC endpoints | `` -`global.download.trusted.iss[iss]` | URI to the OIDC service | `https://login.elixir-czech.org/oidc/` -`global.download.trusted.iss[jku]` | The URI to the OIDCs jwk endpoint | `https://login.elixir-czech.org/oidc/jwk` -`global.elixir.oidcdHost` | URL to the OIDc service. | `"https://login.elixir-czech.org/oidc/"` -`global.elixir.jwkPath` | Public key path on the OIDC host. | `jwk` +`global.download.trusted.iss[iss]` | URI to the OIDC service | `https://proxy.aai.lifescience-ri.eu` +`global.download.trusted.iss[jku]` | The URI to the OIDCs jwk endpoint | `https://proxy.aai.lifescience-ri.eu/OIDC/jwks` +`global.oidc.provider` | URL to the OIDc service. | `"https://proxy.aai.lifescience-ri.eu"` +`global.oidc.jwkPath` | Public key path on the OIDC host. | `/OIDC/jwks` +`global.oidc.id` | User ID to the OIDC host. | `` +`global.oidc.secret` | User credentials to the OIDC host. | `` `global.inbox.servicePort` | The port that the inbox is accessible via. | `2222` `global.inbox.storageType` | Storage type for the inbox, available options are `s3` and `posix`. |`posix` `global.inbox.path` | Path to the mounted `posix` volume. |`/inbox` @@ -182,25 +186,19 @@ Parameter | Description | Default Parameter | Description | Default --------- | ----------- | ------- -`auth.replicaCount` | desired number of replicas | `1` -`auth.repository` | auth container image repository | `neicnordic/sda-auth` -`auth.imageTag` | auth container image version | `"latest"` -`auth.imagePullPolicy` | auth container image pull policy | `Always` +`auth.replicaCount` | desired number of replicas | `2` `auth.annotations` | Specific annotation for the auth pod | `{}` `auth.resources.requests.memory` | Memory request for container. |`128Mi` `auth.resources.requests.cpu` | CPU request for container. |`100m` `auth.resources.limits.memory` | Memory limit for container. |`256Mi` `auth.resources.limits.cpu` | CPU limit for container. |`250m` -`backup.repository` | inbox container image repository | `neicnordic/sda-pipeline` -`backup.imageTag` | inbox container image version | `latest` -`backup.imagePullPolicy` | inbox container image pull policy | `Always` `backup.annotations` | Specific annotation for the backup pod | `{}` `backup.resources.requests.memory` | Memory request for backup container. |`128Mi` `backup.resources.requests.cpu` | CPU request for backup container. |`100m` `backup.resources.limits.memory` | Memory limit for backup container. |`256Mi` `backup.resources.limits.cpu` | CPU limit for backup container. |`250m` `backup.deploy` | Set to true if the backup service should be active | `false` -`doa.replicaCount` | desired number of replicas | `1` +`doa.replicaCount` | desired number of replicas | `2` `doa.repository` | dataedge container image repository | `neicnordic/sda-doa` `doa.imageTag` | dataedge container image version | `"latest"` `doa.imagePullPolicy` | dataedge container image pull policy | `Always` @@ -210,36 +208,24 @@ Parameter | Description | Default `doa.resources.requests.cpu` | CPU request for dataedge container. |`100m` `doa.resources.limits.memory` | Memory limit for dataedge container. |`1024Mi` `doa.resources.limits.cpu` | CPU limit for dataedge container. |`2000m` -`download.replicaCount` | desired number of replicas | `1` -`download.repository` | dataedge container image repository | `neicnordic/sda-doa` -`download.imageTag` | dataedge container image version | `"latest"` -`download.imagePullPolicy` | dataedge container image pull policy | `Always` +`download.replicaCount` | desired number of replicas | `2` `download.keystorePass` | keystore password | `changeit` `download.annotations` | Specific annotation for the dataedge pod | `{}` `download.resources.requests.memory` | Memory request for dataedge container. |`256Mi` `download.resources.requests.cpu` | CPU request for dataedge container. |`100m` `download.resources.limits.memory` | Memory limit for dataedge container. |`512Mi` `download.resources.limits.cpu` | CPU limit for dataedge container. |`1000m` -`finalize.repository` | inbox container image repository | `neicnordic/sda-pipeline` -`finalize.imageTag` | inbox container image version | `latest` -`finalize.imagePullPolicy` | inbox container image pull policy | `Always` `finalize.annotations` | Specific annotation for the finalize pod | `{}` `finalize.resources.requests.memory` | Memory request for finalize container. |`128Mi` `finalize.resources.requests.cpu` | CPU request for finalize container. |`100m` `finalize.resources.limits.memory` | Memory limit for finalize container. |`256Mi` `finalize.resources.limits.cpu` | CPU limit for finalize container. |`250m` -`ingest.repository` | inbox container image repository | `neicnordic/sda-pipeline` -`ingest.imageTag` | inbox container image version | `latest` -`ingest.imagePullPolicy` | inbox container image pull policy | `Always` `ingest.replicaCount` | desired number of ingest workers | `1` `ingest.annotations` | Specific annotation for the ingest pod | `{}` `ingest.resources.requests.memory` | Memory request for ingest container. |`128Mi` `ingest.resources.requests.cpu` | CPU request for ingest container. |`100m` `ingest.resources.limits.memory` | Memory limit for ingest container. |`512Mi` `ingest.resources.limits.cpu` | CPU limit for ingest container. |`2000m` -`intercept.repository` | intercept container image repository | `neicnordic/sda-pipeline` -`intercept.imageTag` | intercept container image version | `latest` -`intercept.imagePullPolicy` | intercept container image pull policy | `Always` `intercept.replicaCount` | desired number of intercept workers | `1` `intercept.annotations` | Specific annotation for the intercept pod | `{}` `intercept.deploy` | Set to false in a non federated deployment | `true` @@ -247,19 +233,13 @@ Parameter | Description | Default `intercept.resources.requests.cpu` | CPU request for intercept container. |`100m` `intercept.resources.limits.memory` | Memory limit for intercept container. |`128Mi` `intercept.resources.limits.cpu` | CPU limit for intercept container. |`2000m` -`s3Inbox.repository` | S3inbox container image repository | `neicnordic/sda-s3proxy` -`s3Inbox.imageTag` | S3inbox container image version | `latest` -`s3Inbox.imagePullPolicy` | S3inbox container image pull policy | `Always` -`s3Inbox.replicaCount`| desired number of S3inbox containers | `1` +`s3Inbox.replicaCount`| desired number of S3inbox containers | `2` `s3Inbox.annotations` | Specific annotation for the S3inbox pod | `{}` `s3Inbox.resources.requests.memory` | Memory request for s3Inbox container. |`128Mi` `s3Inbox.resources.requests.cpu` | CPU request for s3Inbox container. |`100m` `s3Inbox.resources.limits.memory` | Memory limit for s3Inbox container. |`1024Mi` `s3Inbox.resources.limits.cpu` | CPU limit for s3Inbox container. |`1000m` -`sftpInbox.repository` | sftp inbox container image repository | `neicnordic/sda-inbox-sftp` -`sftpInbox.imageTag` | sftp inbox container image version | `latest` -`sftpInbox.imagePullPolicy` | sftp inbox container image pull policy | `Always` -`sftpInbox.replicaCount`| desired number of sftp inbox containers | `1` +`sftpInbox.replicaCount`| desired number of sftp inbox containers | `2` `sftpInbox.keystorePass` | sftp inbox keystore password | `changeit` `sftpInbox.nodeHostname` | Node name if the sftp inbox needs to be deployed on a specific node | `""` `sftpInbox.annotations` | Specific annotation for the sftp inbox pod | `{}` @@ -267,9 +247,6 @@ Parameter | Description | Default `sftpInbox.resources.requests.cpu` | CPU request for sftpInbox container. |`100m` `sftpInbox.resources.limits.memory` | Memory limit for sftpInbox container. |`256Mi` `sftpInbox.resources.limits.cpu` | CPU limit for sftpInbox container. |`250m` -`verify.repository` | inbox container image repository | `neicnordic/sda-pipeline` -`verify.imageTag` | inbox container image version | `latest` -`verify.imagePullPolicy` | inbox container image pull policy | `Always` `verify.replicaCount`| desired number of verify containers | `1` `verify.annotations` | Specific annotation for the verify pod | `{}` `verify.resources.requests.memory` | Memory request for verify container. |`128Mi` diff --git a/charts/sda-svc/templates/_helpers.yaml b/charts/sda-svc/templates/_helpers.yaml index 1a1588e83..4e32654f6 100644 --- a/charts/sda-svc/templates/_helpers.yaml +++ b/charts/sda-svc/templates/_helpers.yaml @@ -135,10 +135,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserBackup" -}} -{{- ternary "lega_in" .Values.credentials.backup.dbUser (empty .Values.credentials.backup.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.backup.dbUser (empty .Values.credentials.backup.dbUser) -}} {{- end -}} {{- define "dbPassBackup" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.backup.dbPassword (empty .Values.credentials.backup.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.backup.dbPassword (empty .Values.credentials.backup.dbPassword) -}} {{- end -}} {{- define "mqUserBackup" -}} {{- ternary .Values.global.broker.username .Values.credentials.backup.mqUser (empty .Values.credentials.backup.mqUser) -}} @@ -149,10 +149,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserDoa" -}} -{{- ternary "lega_out" .Values.credentials.doa.dbUser (empty .Values.credentials.doa.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.doa.dbUser (empty .Values.credentials.doa.dbUser) -}} {{- end -}} {{- define "dbPassDoa" -}} -{{- ternary .Values.global.db.passOutgest .Values.credentials.doa.dbPassword (empty .Values.credentials.doa.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.doa.dbPassword (empty .Values.credentials.doa.dbPassword) -}} {{- end -}} {{- define "mqUserDoa" -}} {{- ternary .Values.global.broker.username .Values.credentials.doa.mqUser (empty .Values.credentials.doa.mqUser) -}} @@ -163,18 +163,18 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserDownload" -}} -{{- ternary "lega_out" .Values.credentials.download.dbUser (empty .Values.credentials.download.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.download.dbUser (empty .Values.credentials.download.dbUser) -}} {{- end -}} {{- define "dbPassDownload" -}} -{{- ternary .Values.global.db.passOutgest .Values.credentials.download.dbPassword (empty .Values.credentials.download.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.download.dbPassword (empty .Values.credentials.download.dbPassword) -}} {{- end -}} {{/**/}} {{- define "dbUserFinalize" -}} -{{- ternary "lega_in" .Values.credentials.finalize.dbUser (empty .Values.credentials.finalize.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.finalize.dbUser (empty .Values.credentials.finalize.dbUser) -}} {{- end -}} {{- define "dbPassFinalize" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.finalize.dbPassword (empty .Values.credentials.finalize.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.finalize.dbPassword (empty .Values.credentials.finalize.dbPassword) -}} {{- end -}} {{- define "mqUserFinalize" -}} {{- ternary .Values.global.broker.username .Values.credentials.finalize.mqUser (empty .Values.credentials.finalize.mqUser) -}} @@ -185,10 +185,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserIngest" -}} -{{- ternary "lega_in" .Values.credentials.ingest.dbUser (empty .Values.credentials.ingest.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.ingest.dbUser (empty .Values.credentials.ingest.dbUser) -}} {{- end -}} {{- define "dbPassIngest" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.ingest.dbPassword (empty .Values.credentials.ingest.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.ingest.dbPassword (empty .Values.credentials.ingest.dbPassword) -}} {{- end -}} {{- define "mqUserIngest" -}} {{- ternary .Values.global.broker.username .Values.credentials.ingest.mqUser (empty .Values.credentials.ingest.mqUser) -}} @@ -199,10 +199,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserInbox" -}} -{{- ternary "lega_in" .Values.credentials.inbox.dbUser (empty .Values.credentials.inbox.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.inbox.dbUser (empty .Values.credentials.inbox.dbUser) -}} {{- end -}} {{- define "dbPassInbox" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.inbox.dbPassword (empty .Values.credentials.inbox.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.inbox.dbPassword (empty .Values.credentials.inbox.dbPassword) -}} {{- end -}} {{- define "mqUserInbox" -}} {{- ternary .Values.global.broker.username .Values.credentials.inbox.mqUser (empty .Values.credentials.inbox.mqUser) -}} @@ -221,10 +221,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserMapper" -}} -{{- ternary "lega_out" .Values.credentials.mapper.dbUser (empty .Values.credentials.mapper.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.mapper.dbUser (empty .Values.credentials.mapper.dbUser) -}} {{- end -}} {{- define "dbPassMapper" -}} -{{- ternary .Values.global.db.passOutgest .Values.credentials.mapper.dbPassword (empty .Values.credentials.mapper.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.mapper.dbPassword (empty .Values.credentials.mapper.dbPassword) -}} {{- end -}} {{- define "mqUserMapper" -}} {{- ternary .Values.global.broker.username .Values.credentials.mapper.mqUser (empty .Values.credentials.mapper.mqUser) -}} @@ -236,10 +236,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserReleaseTest" -}} -{{- ternary "lega_in" .Values.credentials.releasetest.dbUser (empty .Values.credentials.releasetest.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.releasetest.dbUser (empty .Values.credentials.releasetest.dbUser) -}} {{- end -}} {{- define "dbPassReleaseTest" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.releasetest.dbPassword (empty .Values.credentials.releasetest.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.releasetest.dbPassword (empty .Values.credentials.releasetest.dbPassword) -}} {{- end -}} {{- define "mqUserReleaseTest" -}} {{- ternary .Values.global.broker.username .Values.credentials.releasetest.mqUser (empty .Values.credentials.releasetest.mqUser) -}} @@ -252,10 +252,10 @@ Create chart name and version as used by the chart label. {{/**/}} {{- define "dbUserVerify" -}} -{{- ternary "lega_in" .Values.credentials.verify.dbUser (empty .Values.credentials.verify.dbUser) -}} +{{- ternary .Values.global.db.user .Values.credentials.verify.dbUser (empty .Values.credentials.verify.dbUser) -}} {{- end -}} {{- define "dbPassVerify" -}} -{{- ternary .Values.global.db.passIngest .Values.credentials.verify.dbPassword (empty .Values.credentials.verify.dbPassword) -}} +{{- ternary .Values.global.db.password .Values.credentials.verify.dbPassword (empty .Values.credentials.verify.dbPassword) -}} {{- end -}} {{- define "mqUserVerify" -}} {{- ternary .Values.global.broker.username .Values.credentials.verify.mqUser (empty .Values.credentials.verify.mqUser) -}} diff --git a/charts/sda-svc/templates/auth-certificate.yaml b/charts/sda-svc/templates/auth-certificate.yaml index f9693d639..7d7a2b743 100644 --- a/charts/sda-svc/templates/auth-certificate.yaml +++ b/charts/sda-svc/templates/auth-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} {{- if eq "s3" .Values.global.inbox.storageType }} apiVersion: cert-manager.io/v1 @@ -36,3 +37,4 @@ spec: group: cert-manager.io {{- end -}} {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/auth-deploy.yaml b/charts/sda-svc/templates/auth-deploy.yaml index 48030c25f..cef75c1dd 100644 --- a/charts/sda-svc/templates/auth-deploy.yaml +++ b/charts/sda-svc/templates/auth-deploy.yaml @@ -53,13 +53,13 @@ spec: serviceAccountName: {{ .Release.Name }} {{- end }} securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 + runAsUser: 65534 + runAsGroup: 65534 + fsGroup: 65534 containers: - name: auth - image: "{{ .Values.auth.repository }}:{{ .Values.auth.imageTag }}" - imagePullPolicy: {{ .Values.auth.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-auth" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} securityContext: allowPrivilegeEscalation: false {{- if .Values.global.extraSecurityContext }} @@ -79,12 +79,12 @@ spec: valueFrom: secretKeyRef: name: {{ template "sda.fullname" . }}-auth - key: elixirID + key: oidcID - name: ELIXIR_SECRET valueFrom: secretKeyRef: name: {{ template "sda.fullname" . }}-auth - key: elixirSecret + key: oidcSecret {{- if or ( eq "federated" .Values.global.schemaType) ( eq "" .Values.global.schemaType) }} - name: CEGA_ID valueFrom: @@ -104,11 +104,11 @@ spec: - name: ELIXIR_REDIRECTURL value: {{ template "authRedirect" .}} - name: ELIXIR_PROVIDER - value: "{{ .Values.global.elixir.provider }}" + value: "{{ .Values.global.oidc.provider }}" - name: ELIXIR_SCOPE value: "ga4gh_passport_v1" - name: ELIXIR_JWKPATH - value: {{ .Values.global.elixir.jwkPath | quote }} + value: {{ .Values.global.oidc.jwkPath | quote }} {{- if .Values.global.auth.corsOrigins }} - name: CORS_ORIGINS value: {{ .Values.global.auth.corsOrigins | quote }} diff --git a/charts/sda-svc/templates/auth-secrets.yaml b/charts/sda-svc/templates/auth-secrets.yaml index 647f0180f..7127bd259 100644 --- a/charts/sda-svc/templates/auth-secrets.yaml +++ b/charts/sda-svc/templates/auth-secrets.yaml @@ -7,8 +7,8 @@ metadata: name: {{ template "sda.fullname" . }}-auth type: Opaque data: - elixirID: {{ .Values.global.auth.elixirID | quote | trimall "\"" | b64enc }} - elixirSecret: {{ .Values.global.auth.elixirSecret | quote | trimall "\"" | b64enc }} + oidcID: {{ .Values.global.oidc.id | quote | trimall "\"" | b64enc }} + oidcSecret: {{ .Values.global.oidc.secret | quote | trimall "\"" | b64enc }} {{- if or ( eq "federated" .Values.global.schemaType) ( eq "" .Values.global.schemaType) }} cegaID: {{ .Values.global.cega.user | quote | trimall "\"" | b64enc }} cegaSecret: {{ .Values.global.cega.password | quote | trimall "\"" | b64enc }} diff --git a/charts/sda-svc/templates/backup-certificate.yaml b/charts/sda-svc/templates/backup-certificate.yaml index 44753ace8..cbde0c6d2 100644 --- a/charts/sda-svc/templates/backup-certificate.yaml +++ b/charts/sda-svc/templates/backup-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} {{- if .Values.backup.deploy}} apiVersion: cert-manager.io/v1 @@ -36,3 +37,4 @@ spec: group: cert-manager.io {{- end -}} {{- end -}} +{{- end -}} \ No newline at end of file diff --git a/charts/sda-svc/templates/backup-deploy.yaml b/charts/sda-svc/templates/backup-deploy.yaml index e733921a2..3593da14a 100644 --- a/charts/sda-svc/templates/backup-deploy.yaml +++ b/charts/sda-svc/templates/backup-deploy.yaml @@ -61,8 +61,8 @@ spec: {{- end }} containers: - name: backup - image: "{{ .Values.backup.repository }}:{{ .Values.backup.imageTag }}" - imagePullPolicy: {{ .Values.backup.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-backup"] securityContext: allowPrivilegeEscalation: false diff --git a/charts/sda-svc/templates/doa-deploy.yaml b/charts/sda-svc/templates/doa-deploy.yaml index e38804476..31e1d2486 100644 --- a/charts/sda-svc/templates/doa-deploy.yaml +++ b/charts/sda-svc/templates/doa-deploy.yaml @@ -181,9 +181,9 @@ spec: - name: ARCHIVE_PATH value: {{ .Values.global.archive.volumePath | quote }} {{- end }} - {{- if .Values.global.elixir.pubKey }} + {{- if .Values.global.oidc.pubKey }} - name: PASSPORT_PUBLIC_KEY_PATH - value: "{{ include "secretsPath" . }}/{{ .Values.global.elixir.pubKey }}" + value: "{{ include "secretsPath" . }}/{{ .Values.global.oidc.pubKey }}" {{- end }} - name: KEYSTORE_PATH value: {{ ternary (print "/etc/ssl/certs/java/doa.p12") (printf "%s/%s" .Values.global.secretsPath .Values.doa.tls.keyStore) (empty .Values.global.pkiService) }} @@ -200,7 +200,7 @@ spec: - name: CRYPT4GH_PRIVATE_KEY_PASSWORD_PATH value: "{{ template "c4ghPath" . }}/passphrase" - name: OPENID_CONFIGURATION_URL - value: "{{ .Values.global.elixir.oidcdHost }}.well-known/openid-configuration" + value: "{{ .Values.global.oidc.provider }}/.well-known/openid-configuration" - name: OUTBOX_ENABLED value: {{ .Values.global.doa.outbox.enabled | quote }} {{- if .Values.global.doa.outbox.enabled }} @@ -266,7 +266,7 @@ spec: mountPath: "/etc/ssl/certs/java" {{- end }} {{- if not .Values.global.vaultSecrets }} - {{- if .Values.global.elixir.pubKey }} + {{- if .Values.global.oidc.pubKey }} - name: jwt-token mountPath: {{ include "secretsPath" . }} {{- end }} @@ -293,7 +293,7 @@ spec: {{- end }} {{- end }} {{- if not .Values.global.vaultSecrets }} - {{- if .Values.global.elixir.pubKey }} + {{- if .Values.global.oidc.pubKey }} - name: jwt-token projected: defaultMode: 0440 @@ -301,8 +301,8 @@ spec: - secret: name: {{ template "sda.fullname" . }}-doa items: - - key: {{ .Values.global.elixir.pubKey }} - path: {{ .Values.global.elixir.pubKey }} + - key: {{ .Values.global.oidc.pubKey }} + path: {{ .Values.global.oidc.pubKey }} {{- end }} - name: c4gh-key secret: diff --git a/charts/sda-svc/templates/download-certificate.yaml b/charts/sda-svc/templates/download-certificate.yaml index 2455fcc58..8e1b0bfce 100644 --- a/charts/sda-svc/templates/download-certificate.yaml +++ b/charts/sda-svc/templates/download-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if .Values.global.download.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 @@ -37,3 +38,4 @@ spec: group: cert-manager.io {{- end -}} {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/download-deploy.yaml b/charts/sda-svc/templates/download-deploy.yaml index d8f1a28c6..9429b8319 100644 --- a/charts/sda-svc/templates/download-deploy.yaml +++ b/charts/sda-svc/templates/download-deploy.yaml @@ -75,8 +75,8 @@ spec: {{- end }} containers: - name: download - image: "{{ .Values.download.repository }}:{{ .Values.download.imageTag }}" - imagePullPolicy: {{ .Values.download.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-download" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} securityContext: allowPrivilegeEscalation: false command: ["sda-download"] @@ -106,7 +106,7 @@ spec: value: "{{ .Values.global.archive.volumePath }}" {{- end }} - name: OIDC_CONFIGURATION_URL - value: "{{ .Values.global.elixir.oidcConfig }}/.well-known/openid-configuration" + value: "{{ .Values.global.oidc.provider }}/.well-known/openid-configuration" {{- if .Values.global.download.trusted.iss }} - name: OIDC_TRUSTED_ISS value: {{ include "trustedIssPath" . }}/{{ default "iss.json" .Values.global.download.trusted.configFile }} @@ -213,6 +213,16 @@ spec: value: {{ .Values.global.ingress.hostName.download }} initialDelaySeconds: 20 periodSeconds: 10 + startupProbe: + httpGet: + path: /health + port: download + scheme: {{ ternary "HTTPS" "HTTP" ( .Values.global.tls.enabled) }} + httpHeaders: + - name: Host + value: {{ .Values.global.ingress.hostName.download }} + failureThreshold: 30 + periodSeconds: 10 resources: {{ toYaml .Values.download.resources | trim | indent 10 }} volumeMounts: diff --git a/charts/sda-svc/templates/finalize-certificate.yaml b/charts/sda-svc/templates/finalize-certificate.yaml index 2eeaefcbe..93dcbfaef 100644 --- a/charts/sda-svc/templates/finalize-certificate.yaml +++ b/charts/sda-svc/templates/finalize-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -34,3 +35,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/finalize-deploy.yaml b/charts/sda-svc/templates/finalize-deploy.yaml index 227a91665..d85a3ce79 100644 --- a/charts/sda-svc/templates/finalize-deploy.yaml +++ b/charts/sda-svc/templates/finalize-deploy.yaml @@ -60,8 +60,8 @@ spec: {{- end }} containers: - name: finalize - image: "{{ .Values.finalize.repository }}:{{ .Values.finalize.imageTag }}" - imagePullPolicy: {{ .Values.finalize.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-finalize"] securityContext: allowPrivilegeEscalation: false @@ -71,7 +71,7 @@ spec: - name: BROKER_EXCHANGE value: {{ default "sda" .Values.global.broker.exchange }} - name: BROKER_QUEUE - value: "accessionIDs" + value: "accession" - name: BROKER_HOST value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }} - name: BROKER_PORT diff --git a/charts/sda-svc/templates/inbox-certificate.yaml b/charts/sda-svc/templates/inbox-certificate.yaml index 935f3deb4..9692c5519 100644 --- a/charts/sda-svc/templates/inbox-certificate.yaml +++ b/charts/sda-svc/templates/inbox-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -35,3 +36,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/ingest-certificate.yaml b/charts/sda-svc/templates/ingest-certificate.yaml index 2a9561675..1d6ef9ca5 100644 --- a/charts/sda-svc/templates/ingest-certificate.yaml +++ b/charts/sda-svc/templates/ingest-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -34,3 +35,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/ingest-deploy.yaml b/charts/sda-svc/templates/ingest-deploy.yaml index 411f7fe74..0b8533ade 100644 --- a/charts/sda-svc/templates/ingest-deploy.yaml +++ b/charts/sda-svc/templates/ingest-deploy.yaml @@ -61,8 +61,8 @@ spec: {{- end }} containers: - name: ingest - image: "{{ .Values.ingest.repository }}:{{ .Values.ingest.imageTag }}" - imagePullPolicy: {{ .Values.ingest.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-ingest"] securityContext: allowPrivilegeEscalation: false diff --git a/charts/sda-svc/templates/intercept-certificate.yaml b/charts/sda-svc/templates/intercept-certificate.yaml index 364344f38..9f8451d8b 100644 --- a/charts/sda-svc/templates/intercept-certificate.yaml +++ b/charts/sda-svc/templates/intercept-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -34,3 +35,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/intercept-deploy.yaml b/charts/sda-svc/templates/intercept-deploy.yaml index 72eedc09c..66c2e2615 100644 --- a/charts/sda-svc/templates/intercept-deploy.yaml +++ b/charts/sda-svc/templates/intercept-deploy.yaml @@ -44,8 +44,8 @@ spec: fsGroup: 65534 containers: - name: intercept - image: "{{ .Values.intercept.repository }}:{{ .Values.intercept.imageTag }}" - imagePullPolicy: {{ .Values.intercept.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-intercept"] securityContext: allowPrivilegeEscalation: false diff --git a/charts/sda-svc/templates/mapper-certificate.yaml b/charts/sda-svc/templates/mapper-certificate.yaml index e83ac5c55..57f1c32f4 100644 --- a/charts/sda-svc/templates/mapper-certificate.yaml +++ b/charts/sda-svc/templates/mapper-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -34,3 +35,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/mapper-deploy.yaml b/charts/sda-svc/templates/mapper-deploy.yaml index 64bfcefe2..e1528a882 100644 --- a/charts/sda-svc/templates/mapper-deploy.yaml +++ b/charts/sda-svc/templates/mapper-deploy.yaml @@ -60,8 +60,8 @@ spec: {{- end }} containers: - name: mapper - image: "{{ .Values.mapper.repository }}:{{ .Values.mapper.imageTag }}" - imagePullPolicy: {{ .Values.mapper.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-mapper"] securityContext: allowPrivilegeEscalation: false @@ -116,6 +116,28 @@ spec: value: {{ .Values.global.db.port | quote }} - name: DB_SSLMODE value: {{ template "dbSSLmode" . }} + - name: INBOX_TYPE + {{- if eq "s3" .Values.global.inbox.storageType }} + value: "s3" + - name: INBOX_BUCKET + value: {{ required "S3 inbox bucket missing" .Values.global.inbox.s3Bucket }} + {{- if and .Values.global.inbox.s3CaFile .Values.global.tls.enabled }} + - name: INBOX_CACERT + value: {{ template "tlsPath" . }}/ca.crt + {{- end }} + - name: INBOX_REGION + value: {{ default "us-east-1" .Values.global.inbox.s3Region }} + - name: INBOX_URL + value: {{ required "S3 inbox URL missing" .Values.global.inbox.s3Url }} + {{- if .Values.global.inbox.s3Port }} + - name: INBOX_PORT + value: {{ .Values.global.inbox.s3Port | quote }} + {{- end }} + {{- else }} + value: "posix" + - name: INBOX_LOCATION + value: "{{ .Values.global.inbox.path }}/" + {{- end }} {{- if .Values.global.log.format }} - name: LOG_FORMAT value: {{ .Values.global.log.format | quote }} @@ -147,6 +169,18 @@ spec: secretKeyRef: name: {{ template "sda.fullname" . }}-mapper key: dbUser + {{- if eq "s3" .Values.global.inbox.storageType }} + - name: INBOX_ACCESSKEY + valueFrom: + secretKeyRef: + name: {{ template "sda.fullname" . }}-s3inbox-keys + key: s3InboxAccessKey + - name: INBOX_SECRETKEY + valueFrom: + secretKeyRef: + name: {{ template "sda.fullname" . }}-s3inbox-keys + key: s3InboxSecretKey + {{- end }} {{- else }} - name: CONFIGFILE value: {{ include "confFile" . }} diff --git a/charts/sda-svc/templates/s3-inbox-deploy.yaml b/charts/sda-svc/templates/s3-inbox-deploy.yaml index 1b5b96abb..ebd4f4d06 100644 --- a/charts/sda-svc/templates/s3-inbox-deploy.yaml +++ b/charts/sda-svc/templates/s3-inbox-deploy.yaml @@ -76,8 +76,9 @@ spec: {{- end }} containers: - name: s3inbox - image: "{{ .Values.s3Inbox.repository }}:{{ .Values.s3Inbox.imageTag }}" - imagePullPolicy: {{ .Values.s3Inbox.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + command: ["sda-s3inbox"] securityContext: allowPrivilegeEscalation: false {{- if .Values.global.extraSecurityContext }} @@ -139,7 +140,7 @@ spec: - name: BROKER_VHOST value: {{ include "brokerVhost" . | quote }} - name: BROKER_EXCHANGE - value: {{ .Values.global.broker.exchange | quote }} + value: {{ default "sda" .Values.global.broker.exchange }} - name: BROKER_ROUTINGKEY value: "inbox" - name: BROKER_SSL diff --git a/charts/sda-svc/templates/serviceaccount.yaml b/charts/sda-svc/templates/serviceaccount.yaml index 73d5b9612..1cd9efdc7 100644 --- a/charts/sda-svc/templates/serviceaccount.yaml +++ b/charts/sda-svc/templates/serviceaccount.yaml @@ -9,4 +9,5 @@ metadata: release: {{ .Release.Name }} name: {{ .Release.Name }} namespace: {{ .Release.Namespace }} +automountServiceAccountToken: false {{- end }} diff --git a/charts/sda-svc/templates/sftp-inbox-deploy.yaml b/charts/sda-svc/templates/sftp-inbox-deploy.yaml index 0c2116b59..75e42ef45 100644 --- a/charts/sda-svc/templates/sftp-inbox-deploy.yaml +++ b/charts/sda-svc/templates/sftp-inbox-deploy.yaml @@ -94,8 +94,8 @@ spec: {{- end }} containers: - name: inbox - image: "{{ .Values.sftpInbox.repository }}:{{ .Values.sftpInbox.imageTag }}" - imagePullPolicy: {{ .Values.sftpInbox.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-sftp-inbox" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["java", "-jar", "inbox-0.0.3-SNAPSHOT.jar"] securityContext: allowPrivilegeEscalation: false diff --git a/charts/sda-svc/templates/verify-certificate.yaml b/charts/sda-svc/templates/verify-certificate.yaml index d3e5be52e..177f71398 100644 --- a/charts/sda-svc/templates/verify-certificate.yaml +++ b/charts/sda-svc/templates/verify-certificate.yaml @@ -1,3 +1,4 @@ +{{- if .Values.global.tls.enabled }} {{- if or .Values.global.tls.clusterIssuer .Values.global.tls.issuer }} apiVersion: cert-manager.io/v1 kind: Certificate @@ -34,3 +35,4 @@ spec: # if you are using an external issuer, change this to that issuer group. group: cert-manager.io {{- end -}} +{{- end -}} diff --git a/charts/sda-svc/templates/verify-deploy.yaml b/charts/sda-svc/templates/verify-deploy.yaml index b371d166d..54ab72d78 100644 --- a/charts/sda-svc/templates/verify-deploy.yaml +++ b/charts/sda-svc/templates/verify-deploy.yaml @@ -61,8 +61,8 @@ spec: {{- end }} containers: - name: verify - image: "{{ .Values.verify.repository }}:{{ .Values.verify.imageTag }}" - imagePullPolicy: {{ .Values.verify.imagePullPolicy | quote }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}-pipeline" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} command: ["sda-verify"] securityContext: allowPrivilegeEscalation: false diff --git a/charts/sda-svc/test/release-test.sh b/charts/sda-svc/test/release-test.sh index c1f3b2afd..6807930b8 100644 --- a/charts/sda-svc/test/release-test.sh +++ b/charts/sda-svc/test/release-test.sh @@ -5,7 +5,7 @@ if [ "$INBOX_STORAGE_TYPE" == "s3" ]; then cat >> "/tmp/s3cfg" <<-EOF host_base = $INBOX_SERVICE_NAME host_bucket = $INBOX_SERVICE_NAME - access_key = dummy + access_key = test_dummy.org access_token = $INBOX_ACCESS_TOKEN use_https = True ca_certs_file = /tls/ca.crt @@ -14,7 +14,7 @@ if [ "$INBOX_STORAGE_TYPE" == "s3" ]; then cat >> "/tmp/s3cfg" <<-EOF host_base = $INBOX_SERVICE_NAME host_bucket = $INBOX_SERVICE_NAME - access_key = dummy + access_key = test_dummy.org access_token = $INBOX_ACCESS_TOKEN use_https = False EOF @@ -34,7 +34,7 @@ if [ "${DEPLOYMENT_TYPE}" = all ] || [ "${DEPLOYMENT_TYPE}" = external ]; then elif [ "$INBOX_STORAGE_TYPE" == "s3" ]; then if [ "$TLS" == true ]; then echo "Will try connecting to https://$INBOX_SERVICE_NAME/" - if ! s3cmd -c "/tmp/s3cfg" ls s3://dummy ; then + if ! s3cmd -c "/tmp/s3cfg" ls s3://test_dummy.org ; then echo "expected 403 got: $responsecode" echo "Failed inbox verification, bailing out" exit 1 @@ -49,7 +49,7 @@ if [ "${DEPLOYMENT_TYPE}" = all ] || [ "${DEPLOYMENT_TYPE}" = external ]; then fi else echo "Will try connecting to http://$INBOX_SERVICE_NAME/" - if ! s3cmd -c "/tmp/s3cfg" ls s3://dummy ; then + if ! s3cmd -c "/tmp/s3cfg" ls s3://test_dummy.org ; then echo "Failed inbox verification, bailing out" exit 1 fi diff --git a/charts/sda-svc/values.yaml b/charts/sda-svc/values.yaml index 44a1919d5..8cbd726f6 100644 --- a/charts/sda-svc/values.yaml +++ b/charts/sda-svc/values.yaml @@ -1,8 +1,11 @@ # Default values for SDA services. -# This is a YAML-formatted file. # Declare variables to be passed into your templates. -global: +image: + repository: "ghcr.io/neicnordic/sensitive-data-archive" + tag: "v0.0.44" + pullPolicy: "Always" +global: # Path where the sensitive files can be found, default is "/.secrets". # TLS certificates or C4GH key locations can be set using global.tlsPath or global.c4ghPath respectively, # this path will be a subpath to the secretsPath. @@ -85,7 +88,7 @@ global: rbacEnabled: true podSecurityPolicy: - create: true + create: false # Extra security context to apply to all pods # This should be a multi-line string mapping directly to the a map of @@ -137,10 +140,6 @@ global: copyHeader: false auth: - # @param elixirID, client ID to the Elixir OIDC for the service endpoint - elixirID: - # @param elixirSecret, client secret to the Elixir OIDC for the service endpoint - elixirSecret: # @param jwtSecret, name of the secret holding the jwt signing key jwtSecret: # @param jwtAlg, cipher type of the signing key @@ -169,7 +168,7 @@ global: ssl: true username: "" verifyPeer: true - vhost: "/" + vhost: "sda" prefetchCount: 2 cega: @@ -191,9 +190,9 @@ global: db: host: "" - name: "lega" - passIngest: "" - passOutgest: "" + name: "sda" + user: "" + password: "" port: 5432 sslMode: "verify-full" @@ -230,13 +229,14 @@ global: configPath: "iss" configFile: "iss.json" iss: - - iss: " https://profile.aai.lifescience-ri.eu/" - jku: " https://profile.aai.lifescience-ri.eu/jwk" + - iss: "https://proxy.aai.lifescience-ri.eu" + jku: "https://proxy.aai.lifescience-ri.eu/OIDC/jwks" - elixir: - oidcConfig: "https://proxy.aai.lifescience-ri.eu" - provider: "https://profile.aai.lifescience-ri.eu/" - jwkPath: "jwk" + oidc: + provider: "https://proxy.aai.lifescience-ri.eu" + jwkPath: "/OIDC/jwks" + id: "" + secret: "" inbox: servicePort: 2222 @@ -318,9 +318,6 @@ credentials: auth: name: auth replicaCount: 2 - repository: ghcr.io/neicnordic/sda-auth - imageTag: v0.7.6 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -339,9 +336,6 @@ backup: name: backup deploy: false replicaCount: 1 - repository: ghcr.io/neicnordic/sda-pipeline - imageTag: v0.4.27 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -382,9 +376,6 @@ doa: download: name: download replicaCount: 2 - repository: ghcr.io/neicnordic/sda-download - imageTag: v1.9.14 - imagePullPolicy: IfNotPresent resources: requests: memory: "256Mi" @@ -402,9 +393,6 @@ download: finalize: name: finalize replicaCount: 1 - repository: ghcr.io/neicnordic/sda-pipeline - imageTag: v0.4.27 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -422,9 +410,6 @@ finalize: ingest: name: ingest replicaCount: 1 - repository: ghcr.io/neicnordic/sda-pipeline - imageTag: v0.4.27 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -443,9 +428,6 @@ intercept: deploy: true name: ingest replicaCount: 1 - repository: ghcr.io/neicnordic/sda-pipeline - imageTag: v0.4.27 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -462,9 +444,6 @@ intercept: mapper: replicaCount: 1 - repository: ghcr.io/neicnordic/sda-pipeline - imageTag: v0.4.27 - imagePullPolicy: IfNotPresent resources: requests: memory: "128Mi" @@ -481,9 +460,6 @@ mapper: s3Inbox: name: s3Inbox - repository: ghcr.io/neicnordic/sda-s3proxy - imageTag: v0.2.38 - imagePullPolicy: IfNotPresent replicaCount: 2 resources: requests: @@ -502,9 +478,6 @@ s3Inbox: sftpInbox: name: sftpInbox - repository: ghcr.io/neicnordic/sda-inbox-sftp - imageTag: v1.12.16 - imagePullPolicy: IfNotPresent replicaCount: 2 resources: requests: From 61d6e5f1854591724f9279573cedb39b1a38eabc Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 7 Aug 2023 16:25:41 +0200 Subject: [PATCH 45/75] Test deployment --- .../scripts/charts/dependencies.sh | 76 +++++++++++ .../scripts/charts/dependencies.yaml | 118 ++++++++++++++++++ .../scripts/charts/deploy_charts.sh | 35 ++++++ .github/integration/scripts/charts/k3d.sh | 14 +++ .../integration/scripts/charts/values.yaml | 92 ++++++++++++++ .github/workflows/chart_test.yml | 87 +++++++++++++ 6 files changed, 422 insertions(+) create mode 100644 .github/integration/scripts/charts/dependencies.sh create mode 100644 .github/integration/scripts/charts/dependencies.yaml create mode 100644 .github/integration/scripts/charts/deploy_charts.sh create mode 100755 .github/integration/scripts/charts/k3d.sh create mode 100644 .github/integration/scripts/charts/values.yaml create mode 100644 .github/workflows/chart_test.yml diff --git a/.github/integration/scripts/charts/dependencies.sh b/.github/integration/scripts/charts/dependencies.sh new file mode 100644 index 000000000..d734a2813 --- /dev/null +++ b/.github/integration/scripts/charts/dependencies.sh @@ -0,0 +1,76 @@ +#!/bin/bash +set -ex + +YQ_VERSION="v4.20.1" +C4GH_VERSION="1.7.5" + +random-string() { + head -c 32 /dev/urandom | base64 -w0 | tr -d '/+' | fold -w 32 | head -n 1 +} + +sudo curl -sLO "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -O /usr/bin/yq && + sudo chmod +x /usr/bin/yq + +curl -sL https://github.com/neicnordic/crypt4gh/releases/download/v"${C4GH_VERSION}"/crypt4gh_linux_x86_64.tar.gz | sudo tar -xz -C /usr/bin/ && + sudo chmod +x /usr/bin/crypt4gh + +# secret for the crypt4gh keypair +C4GHPASSPHRASE="$(random-string)" +export C4GHPASSPHRASE +crypt4gh generate -n c4gh -p "$C4GHPASSPHRASE" +kubectl create secret generic c4gh --from-file="c4gh.sec.pem" --from-file="c4gh.pub.pem" --from-literal=passphrase="${C4GHPASSPHRASE}" + +# secret for the OIDC keypair +openssl ecparam -name prime256v1 -genkey -noout -out "jwt.key" +openssl ec -in "jwt.key" -pubout -out "jwt.pub" +kubectl create secret generic jwk --from-file="jwt.key" --from-file="jwt.pub" + +## OIDC +SELF=$(dirname "$0") +kubectl create configmap oidc --from-file="$SELF/../../sda/oidc.py" + +helm repo add jetstack https://charts.jetstack.io +helm repo add minio https://charts.min.io/ + +helm repo update + +helm install \ + cert-manager jetstack/cert-manager \ + --namespace cert-manager \ + --create-namespace \ + --set installCRDs=true + +kubectl create namespace minio +kubectl apply -f .github/integration/scripts/charts/dependencies.yaml + +## S3 storage backend +MINIO_ACCESS="$(random-string)" +export MINIO_ACCESS +MINIO_SECRET="$(random-string)" +export MINIO_SECRET +helm install minio minio/minio \ + --namespace minio \ + --set rootUser="$MINIO_ACCESS",rootPassword="$MINIO_SECRET",persistence.enabled=false,mode=standalone,resources.requests.memory=128Mi + +PGPASSWORD="$(random-string)" +export PGPASSWORD + +MQPASSWORD="$(random-string)" +export MQPASSWORD + +TEST_TOKEN="$(bash .github/integration/scripts/sign_jwt.sh ES256 jwt.key)" +export TEST_TOKEN + +## update values file with all credentials +yq -i ' +.global.archive.s3AccessKey = strenv(MINIO_ACCESS) | +.global.archive.s3SecretKey = strenv(MINIO_SECRET) | +.global.backupArchive.s3AccessKey = strenv(MINIO_ACCESS) | +.global.backupArchive.s3SecretKey = strenv(MINIO_SECRET) | +.global.broker.password = strenv(MQPASSWORD) | +.global.c4gh.passphrase = strenv(C4GHPASSPHRASE) | +.global.db.password = strenv(PGPASSWORD) | +.global.inbox.s3AccessKey = strenv(MINIO_ACCESS) | +.global.inbox.s3SecretKey = strenv(MINIO_SECRET) | +.releasetest.secrets.accessToken = strenv(TEST_TOKEN) +' .github/integration/scripts/charts/values.yaml diff --git a/.github/integration/scripts/charts/dependencies.yaml b/.github/integration/scripts/charts/dependencies.yaml new file mode 100644 index 000000000..13d6c2fa5 --- /dev/null +++ b/.github/integration/scripts/charts/dependencies.yaml @@ -0,0 +1,118 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: selfsigned-issuer + namespace: cert-manager +spec: + selfSigned: {} +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: selfsigned-ca + namespace: cert-manager +spec: + isCA: true + commonName: selfsigned-ca + secretName: root-secret + privateKey: + algorithm: ECDSA + size: 256 + issuerRef: + name: selfsigned-issuer + kind: Issuer + group: cert-manager.io +--- +apiVersion: cert-manager.io/v1 +kind: ClusterIssuer +metadata: + name: cert-issuer + namespace: cert-manager +spec: + ca: + secretName: root-secret +--- +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: minio-cert + namespace: minio +spec: + secretName: minio-cert + duration: 24h + commonName: minio + isCA: false + privateKey: + algorithm: ECDSA + size: 256 + usages: + - server auth + dnsNames: + - localhost + - minio + - minio.minio.svc + - minio.minio.svc.cluster.local + ipAddresses: + - 127.0.0.1 + issuerRef: + name: cert-issuer + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: ClusterIssuer +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: oidc-server +spec: + selector: + matchLabels: + app: oidc-server + replicas: 1 + template: + metadata: + labels: + app: oidc-server + spec: + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 1000 + fsGroup: 1000 + containers: + - name: oidc-server + image: neicnordic/mock-oidc:latest + ports: + - containerPort: 8080 + env: + - name: PORT + value: "8080" + - name: HOST + value: oidc-server + - name: CLIENT_ID + value: DfCieZLuBU + - name: CLIENT_SECRET + value: DfCieZLuBU + - name: CLIENT_REDIRECT_URI + value: https://sda-auth/elixir/login + resources: + limits: + cpu: 250m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi +--- +apiVersion: v1 +kind: Service +metadata: + name: oidc-server + labels: + app: oidc-server +spec: + type: ClusterIP + ports: + - port: 8080 + targetPort: 8080 + selector: + app: oidc-server diff --git a/.github/integration/scripts/charts/deploy_charts.sh b/.github/integration/scripts/charts/deploy_charts.sh new file mode 100644 index 000000000..7e999dffc --- /dev/null +++ b/.github/integration/scripts/charts/deploy_charts.sh @@ -0,0 +1,35 @@ +#!/bin/bash +set -ex + +if [ "$1" == "sda-db" ]; then + ROOTPASS=$(yq e '.global.db.password' .github/integration/scripts/charts/values.yaml) + helm install postgres charts/sda-db \ + --set image.tag=test-postgres \ + --set image.pullPolicy=Never \ + --set global.postgresAdminPassword="$ROOTPASS" \ + --set global.tls.enabled=false \ + --set persistence.enabled=false \ + --set resources=null \ + --wait +fi + +if [ "$1" == "sda-mq" ]; then + ADMINPASS=$(yq e '.global.broker.password' .github/integration/scripts/charts/values.yaml) + helm install broker charts/sda-mq \ + --set image.tag=test-rabbitmq \ + --set image.pullPolicy=Never \ + --set global.adminPassword="$ADMINPASS" \ + --set global.adminUser=admin \ + --set global.tls.enabled=false \ + --set persistence.enabled=false \ + --set resources=null \ + --wait +fi + +if [ "$1" == "sda-svc" ]; then + helm install pipeline charts/sda-svc \ + --set image.tag=test \ + --set image.pullPolicy=Never \ + -f .github/integration/scripts/charts/values.yaml \ + --wait +fi diff --git a/.github/integration/scripts/charts/k3d.sh b/.github/integration/scripts/charts/k3d.sh new file mode 100755 index 000000000..a06206435 --- /dev/null +++ b/.github/integration/scripts/charts/k3d.sh @@ -0,0 +1,14 @@ +#!/bin/bash +set -ex + +k8s="$(curl -L -s https://dl.k8s.io/release/stable.txt)" + +curl -s -L https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | sudo bash +curl -sLO https://storage.googleapis.com/kubernetes-release/release/"$k8s"/bin/linux/amd64/kubectl +chmod +x ./kubectl +sudo mv ./kubectl /usr/local/bin/kubectl + +sudo k3d cluster create sda --image=rancher/k3s:"$k8s"-k3s1 --wait --timeout 10m +sudo k3d kubeconfig merge sda --kubeconfig-switch-context +mkdir -p ~/.kube/ && sudo cp /root/.k3d/kubeconfig-sda.yaml ~/.kube/config +sudo chown $UID:$UID ~/.kube/config && chmod 600 ~/.kube/config diff --git a/.github/integration/scripts/charts/values.yaml b/.github/integration/scripts/charts/values.yaml new file mode 100644 index 000000000..a2c5c58a5 --- /dev/null +++ b/.github/integration/scripts/charts/values.yaml @@ -0,0 +1,92 @@ +global: + schemaType: "isolated" + ingress: + deploy: false + hostName: + auth: pipeline-sda-svc-auth + download: pipeline-sda-svc-download + s3Inbox: pipeline-sda-svc-inbox + log: + level: "debug" + tls: + enabled: false + issuer: "cert-issuer" + clusterIssuer: "" + archive: + s3Url: "http://minio.minio" + s3Bucket: "archive" + s3Port: 9000 + backupArchive: + storageType: "s3" + s3Url: "http://minio.minio" + s3Bucket: "backup" + s3Port: 9000 + auth: + jwtSecret: jwk + jwtAlg: ES256 + jwtKey: jwt.key + jwtPub: jwt.pub + resignJwt: true + broker: + durable: true + host: "broker-sda-mq" + port: 5672 + routingError: "error" + backupRoutingKey: "backup" + ssl: false + username: "admin" + c4gh: + secretName: c4gh + keyFile: c4gh.sec.pem + publicFile: c4gh.pub.pem + db: + host: "postgres-sda-db" + user: "postgres" + doa: + enabled: false + download: + enabled: true + trusted: + configPath: "iss" + configFile: "iss.json" + iss: + - iss: "http://oidc-server:8080" + jku: "http://oidc-server:8080/jwks" + oidc: + provider: "http://oidc-server:8080" + jwkPath: "/jwks" + id: DfCieZLuBU + secret: DfCieZLuBU + inbox: + storageType: s3 + s3Url: http://minio.minio + s3Port: 9000 + s3Bucket: "inbox" + s3ReadyPath: "/minio/health/ready" + +auth: + replicaCount: 1 + resources: null +backup: + deploy: true + resources: null +doa: + deploy: false +download: + resources: null + replicaCount: 1 +finalize: + resources: null +ingest: + resources: null +intercept: + deploy: false +mapper: + resources: null +releasetest: + run: false +s3Inbox: + resources: null + replicaCount: 1 +verify: + resources: null \ No newline at end of file diff --git a/.github/workflows/chart_test.yml b/.github/workflows/chart_test.yml new file mode 100644 index 000000000..796baec02 --- /dev/null +++ b/.github/workflows/chart_test.yml @@ -0,0 +1,87 @@ +name: Chart deployment test + +on: + pull_request: + paths: + - "charts/**" + +env: + DOCKER_BUILDKIT: 1 + +jobs: + deploy: + name: deployment test + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Helm + uses: azure/setup-helm@v3.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Initialise k3d + run: bash .github/integration/scripts/charts/k3d.sh + shell: bash + + - name: build postgres + shell: bash + run: | + cd postgresql + docker build -t ghcr.io/${{ github.repository }}:test-postgres . + - name: build rabbitmq + shell: bash + run: | + cd rabbitmq + docker build -t ghcr.io/${{ github.repository }}:test-rabbitmq . + - name: build sda + shell: bash + run: | + cd sda + docker build -t ghcr.io/${{ github.repository }}:test . + - name: build sda-auth + shell: bash + run: | + cd sda-auth + docker build -t ghcr.io/${{ github.repository }}:test-auth . + - name: build sda-download + shell: bash + run: | + cd sda-download + docker build -t ghcr.io/${{ github.repository }}:test-download . + - name: build sda-pipeline + shell: bash + run: | + cd sda-pipeline + docker build -t ghcr.io/${{ github.repository }}:test-pipeline . + - name: Import images to cluster + run: k3d image import ghcr.io/${{ github.repository }}:test-postgres ghcr.io/${{ github.repository }}:test-rabbitmq ghcr.io/${{ github.repository }}:test ghcr.io/${{ github.repository }}:test-auth ghcr.io/${{ github.repository }}:test-download ghcr.io/${{ github.repository }}:test-pipeline -c sda + + - name: Deploy external services + run: bash .github/integration/scripts/charts/dependencies.sh + shell: bash + + - name: Deploy DB + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-db + + - name: Deploy MQ + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-mq + shell: bash + + - name: Deploy pipeline + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-svc + shell: bash + + - name: test + if: always() + run: | + kubectl get secret broker-sda-mq -o json + kubectl get secret pipeline-sda-svc-mapper -o json + kubectl get pods + echo "describe mapper" && kubectl describe pod -l role=mapper + sleep 1 + echo "logs mapper" && kubectl logs -l role=mapper + sleep 1 + echo "describe broker" && kubectl logs -l role=broker + shell: bash \ No newline at end of file From b9887a6b1a8add620b82ef31e8ec76a5031abc04 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 7 Aug 2023 15:32:25 +0200 Subject: [PATCH 46/75] Update RabbitMQ image --- rabbitmq/Dockerfile | 1 + rabbitmq/definitions.json | 85 ++++++++++++++++++++++++++++++----- rabbitmq/docker-entrypoint.sh | 17 +++++-- rabbitmq/federation.json | 4 +- 4 files changed, 89 insertions(+), 18 deletions(-) diff --git a/rabbitmq/Dockerfile b/rabbitmq/Dockerfile index 17ce7d589..958264127 100644 --- a/rabbitmq/Dockerfile +++ b/rabbitmq/Dockerfile @@ -10,6 +10,7 @@ LABEL org.label-schema.vcs-url="https://github.com/neicnordic/sda" LABEL org.label-schema.vcs-ref=$SOURCE_COMMIT ENV RABBITMQ_CONFIG_FILE=/var/lib/rabbitmq/rabbitmq.conf +ENV RABBITMQ_ADVANCED_CONFIG_FILE=/var/lib/rabbitmq/advanced.config COPY *.json /etc/rabbitmq/ diff --git a/rabbitmq/definitions.json b/rabbitmq/definitions.json index 09158f039..9be22ac25 100644 --- a/rabbitmq/definitions.json +++ b/rabbitmq/definitions.json @@ -24,9 +24,51 @@ "read": ".*" } ], - "parameters": [], + "parameters": [ + { + "component": "shovel", + "name": "completed", + "value": { + "ack-mode": "on-confirm", + "dest-queue": "completed", + "dest-protocol": "amqp091", + "dest-uri": "amqp:///sda", + "src-delete-after": "never", + "src-protocol": "amqp091", + "src-queue": "completed_stream", + "src-uri": "amqp:///sda" + }, + "vhost": "sda" + }, + { + "component": "shovel", + "name": "mappings", + "value": { + "ack-mode": "on-confirm", + "dest-queue": "mappings", + "dest-protocol": "amqp091", + "dest-uri": "amqp:///sda", + "src-delete-after": "never", + "src-protocol": "amqp091", + "src-queue": "mapping_stream", + "src-uri": "amqp:///sda" + }, + "vhost": "sda" + } + ], "global_parameters": [], - "policies": [], + "policies": [ + { + "vhost": "sda", + "name": "AE", + "pattern": "^sda$", + "apply-to": "exchanges", + "priority": 0, + "definition": { + "alternate-exchange": "sda.dead" + } + } + ], "queues": [ { "name": "accession", @@ -43,17 +85,24 @@ "arguments": {} }, { - "name": "completed", + "name": "backup", + "vhost": "sda", + "durable": true, + "auto_delete": false, + "arguments": {} + }, + { + "name": "completed_stream", "vhost": "sda", "durable": true, "auto_delete": false, "arguments": { - "x-max-age": "7D", + "x-max-age": "1M", "x-queue-type": "stream" } }, { - "name": "error", + "name": "error_stream", "vhost": "sda", "durable": true, "auto_delete": false, @@ -81,6 +130,13 @@ "vhost": "sda", "durable": true, "auto_delete": false, + "arguments": {} + }, + { + "name": "mapping_stream", + "vhost": "sda", + "durable": true, + "auto_delete": false, "arguments": { "x-max-age": "1M", "x-queue-type": "stream" @@ -108,10 +164,7 @@ "type": "topic", "durable": true, "auto_delete": false, - "internal": false, - "arguments": { - "alternate-exchange": "sda.dead" - } + "internal": false }, { "name": "sda.dead", @@ -145,7 +198,15 @@ "vhost": "sda", "destination_type": "queue", "arguments": {}, - "destination": "completed", + "destination": "backup", + "routing_key": "backup" + }, + { + "source": "sda", + "vhost": "sda", + "destination_type": "queue", + "arguments": {}, + "destination": "completed_stream", "routing_key": "completed" }, { @@ -153,7 +214,7 @@ "vhost": "sda", "destination_type": "queue", "arguments": {}, - "destination": "error", + "destination": "error_stream", "routing_key": "error" }, { @@ -185,7 +246,7 @@ "vhost": "sda", "destination_type": "queue", "arguments": {}, - "destination": "mappings", + "destination": "mapping_stream", "routing_key": "mappings" }, { diff --git a/rabbitmq/docker-entrypoint.sh b/rabbitmq/docker-entrypoint.sh index b39b99ad1..53da5d9ab 100644 --- a/rabbitmq/docker-entrypoint.sh +++ b/rabbitmq/docker-entrypoint.sh @@ -10,10 +10,8 @@ if [[ "$1" == rabbitmq* ]] && [ "$(id -u)" = '0' ]; then exec su-exec rabbitmq "${BASH_SOURCE[0]}" "$@" fi -if [ -z "$RABBITMQ_DEFAULT_USER" ] || [ -z "$RABBITMQ_DEFAULT_PASS" ]; then - RABBITMQ_DEFAULT_USER="guest" - RABBITMQ_DEFAULT_PASS="guest" -fi +RABBITMQ_DEFAULT_USER="${RABBITMQ_DEFAULT_USER:-guest}" +RABBITMQ_DEFAULT_PASS="${RABBITMQ_DEFAULT_PASS:-guest}" sed -e "s/RABBITMQ_DEFAULT_USER/$RABBITMQ_DEFAULT_USER/" -e "s/RABBITMQ_DEFAULT_PASS/$RABBITMQ_DEFAULT_PASS/" \ /etc/rabbitmq/definitions.json >/var/lib/rabbitmq/definitions.json @@ -50,6 +48,17 @@ if [ -n "$CEGA_CONNECTION" ]; then chmod 600 "/var/lib/rabbitmq/federation.json" fi +# This is needed for the streams to work properly +cat >/var/lib/rabbitmq/advanced.config<<-EOF +[ + {rabbit, [ + {default_consumer_prefetch, {false,100}} + ] + } +]. +EOF + +chmod 600 "/var/lib/rabbitmq/advanced.config" chmod 600 "/var/lib/rabbitmq/rabbitmq.conf" chmod 600 "/var/lib/rabbitmq/definitions.json" diff --git a/rabbitmq/federation.json b/rabbitmq/federation.json index d66a78efe..8341a70ba 100644 --- a/rabbitmq/federation.json +++ b/rabbitmq/federation.json @@ -51,7 +51,7 @@ "dest-uri": "amqp:///sda", "src-delete-after": "never", "src-protocol": "amqp091", - "src-queue": "completed", + "src-queue": "completed_stream", "src-uri": "amqp:///sda" }, "vhost": "sda" @@ -67,7 +67,7 @@ "dest-uri": "amqp:///sda", "src-delete-after": "never", "src-protocol": "amqp091", - "src-queue": "error", + "src-queue": "error_stream", "src-uri": "amqp:///sda" }, "vhost": "sda" From 17c154f783ed9e2b3d5c71b22f9e8a074ff3a13f Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Mon, 7 Aug 2023 15:32:58 +0200 Subject: [PATCH 47/75] Update sda Dockerfile --- sda/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda/Dockerfile b/sda/Dockerfile index 3f0854093..ea2edcd89 100644 --- a/sda/Dockerfile +++ b/sda/Dockerfile @@ -8,7 +8,7 @@ COPY . . SHELL ["bash", "-c"] RUN set -ex; for p in cmd/*; do go build -buildvcs=false -o "${p/cmd\//sda-}" "./$p"; done -FROM debian:11-slim AS Debug +FROM debian:bullseye-slim AS Debug ARG SOURCE_COMMIT From fcab16654e84e796b0093cb246bf24518b3ed6e0 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 8 Aug 2023 07:33:06 +0200 Subject: [PATCH 48/75] Publish chart on PR close --- .github/workflows/publish_charts.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/publish_charts.yml b/.github/workflows/publish_charts.yml index c931cb7e3..886953b72 100644 --- a/.github/workflows/publish_charts.yml +++ b/.github/workflows/publish_charts.yml @@ -1,14 +1,16 @@ name: Publish charts on: - push: + pull_request: branches: - main paths: - "charts/**" + types: [ closed ] jobs: - release: + release_chart: + if: github.event.pull_request.merged == true runs-on: ubuntu-latest continue-on-error: true steps: From 8286d6d70d6bda45dc60e90780810dd88e2d6482 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 8 Aug 2023 11:22:34 +0200 Subject: [PATCH 49/75] Programatically get latest github release for crypt4gh --- .github/integration/scripts/charts/dependencies.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/integration/scripts/charts/dependencies.sh b/.github/integration/scripts/charts/dependencies.sh index d734a2813..d0d752e35 100644 --- a/.github/integration/scripts/charts/dependencies.sh +++ b/.github/integration/scripts/charts/dependencies.sh @@ -2,7 +2,7 @@ set -ex YQ_VERSION="v4.20.1" -C4GH_VERSION="1.7.5" +C4GH_VERSION="$(curl -sL https://api.github.com/repos/neicnordic/crypt4gh/releases/latest | jq -r '.name')" random-string() { head -c 32 /dev/urandom | base64 -w0 | tr -d '/+' | fold -w 32 | head -n 1 @@ -11,7 +11,7 @@ random-string() { sudo curl -sLO "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/yq_linux_amd64" -O /usr/bin/yq && sudo chmod +x /usr/bin/yq -curl -sL https://github.com/neicnordic/crypt4gh/releases/download/v"${C4GH_VERSION}"/crypt4gh_linux_x86_64.tar.gz | sudo tar -xz -C /usr/bin/ && +curl -sL https://github.com/neicnordic/crypt4gh/releases/download/"${C4GH_VERSION}"/crypt4gh_linux_x86_64.tar.gz | sudo tar -xz -C /usr/bin/ && sudo chmod +x /usr/bin/crypt4gh # secret for the crypt4gh keypair From e549c0d8257fee88f790958452aabd09d9c0c00d Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 22 Aug 2023 10:52:25 +0200 Subject: [PATCH 50/75] Use matrix to test multiple k8s versions --- .github/integration/scripts/charts/k3d.sh | 14 +++++++++----- .github/workflows/chart_test.yml | 10 +++++++++- 2 files changed, 18 insertions(+), 6 deletions(-) diff --git a/.github/integration/scripts/charts/k3d.sh b/.github/integration/scripts/charts/k3d.sh index a06206435..4afe4425e 100755 --- a/.github/integration/scripts/charts/k3d.sh +++ b/.github/integration/scripts/charts/k3d.sh @@ -4,11 +4,15 @@ set -ex k8s="$(curl -L -s https://dl.k8s.io/release/stable.txt)" curl -s -L https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | sudo bash -curl -sLO https://storage.googleapis.com/kubernetes-release/release/"$k8s"/bin/linux/amd64/kubectl + +if [ -n "$1" ]; then + k8s=$(k3d version list k3s | grep "$1" | head -n 1 | cut -d '-' -f 1) +fi + +curl -sLO https://dl.k8s.io/release/"$k8s"/bin/linux/amd64/kubectl chmod +x ./kubectl sudo mv ./kubectl /usr/local/bin/kubectl -sudo k3d cluster create sda --image=rancher/k3s:"$k8s"-k3s1 --wait --timeout 10m -sudo k3d kubeconfig merge sda --kubeconfig-switch-context -mkdir -p ~/.kube/ && sudo cp /root/.k3d/kubeconfig-sda.yaml ~/.kube/config -sudo chown $UID:$UID ~/.kube/config && chmod 600 ~/.kube/config +k3d cluster create sda --image=rancher/k3s:"$k8s"-k3s1 --wait --timeout 10m +k3d kubeconfig merge sda --kubeconfig-switch-context +mkdir -p ~/.kube/ && cp ~/.config/kubeconfig-sda.yaml ~/.kube/config diff --git a/.github/workflows/chart_test.yml b/.github/workflows/chart_test.yml index 796baec02..241fee3d4 100644 --- a/.github/workflows/chart_test.yml +++ b/.github/workflows/chart_test.yml @@ -12,6 +12,9 @@ jobs: deploy: name: deployment test runs-on: ubuntu-latest + strategy: + matrix: + version: ["1.26", "1.27"] steps: - name: Checkout uses: actions/checkout@v3 @@ -22,7 +25,12 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Initialise k3d - run: bash .github/integration/scripts/charts/k3d.sh + run: bash .github/integration/scripts/charts/k3d.sh ${{matrix.version}} + shell: bash + + - name: debug + if: failure() + run: k3d version list k3s | grep ${{matrix.version}} shell: bash - name: build postgres From 83bcb9a0ca929c6576a7aea4af2066b6a51a674a Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 22 Aug 2023 12:20:48 +0200 Subject: [PATCH 51/75] Move chart tests into `PR container build` actiion --- .../scripts/charts/deploy_charts.sh | 17 ++-- .github/workflows/build_pr_container.yaml | 57 ++++++++++- .github/workflows/chart_test.yml | 95 ------------------- 3 files changed, 67 insertions(+), 102 deletions(-) delete mode 100644 .github/workflows/chart_test.yml diff --git a/.github/integration/scripts/charts/deploy_charts.sh b/.github/integration/scripts/charts/deploy_charts.sh index 7e999dffc..b4b69705a 100644 --- a/.github/integration/scripts/charts/deploy_charts.sh +++ b/.github/integration/scripts/charts/deploy_charts.sh @@ -1,11 +1,16 @@ #!/bin/bash set -ex +if [ -z "$2" ];then + echo "PR number missing" + exit 1 +fi + if [ "$1" == "sda-db" ]; then ROOTPASS=$(yq e '.global.db.password' .github/integration/scripts/charts/values.yaml) helm install postgres charts/sda-db \ - --set image.tag=test-postgres \ - --set image.pullPolicy=Never \ + --set image.tag="PR$2-postgres" \ + --set image.pullPolicy=IfNotPresent \ --set global.postgresAdminPassword="$ROOTPASS" \ --set global.tls.enabled=false \ --set persistence.enabled=false \ @@ -16,8 +21,8 @@ fi if [ "$1" == "sda-mq" ]; then ADMINPASS=$(yq e '.global.broker.password' .github/integration/scripts/charts/values.yaml) helm install broker charts/sda-mq \ - --set image.tag=test-rabbitmq \ - --set image.pullPolicy=Never \ + --set image.tag="PR$2-rabbitmq" \ + --set image.pullPolicy=IfNotPresent \ --set global.adminPassword="$ADMINPASS" \ --set global.adminUser=admin \ --set global.tls.enabled=false \ @@ -28,8 +33,8 @@ fi if [ "$1" == "sda-svc" ]; then helm install pipeline charts/sda-svc \ - --set image.tag=test \ - --set image.pullPolicy=Never \ + --set image.tag="PR$2" \ + --set image.pullPolicy=IfNotPresent \ -f .github/integration/scripts/charts/values.yaml \ --wait fi diff --git a/.github/workflows/build_pr_container.yaml b/.github/workflows/build_pr_container.yaml index 9be96eb9d..f1e565f0f 100644 --- a/.github/workflows/build_pr_container.yaml +++ b/.github/workflows/build_pr_container.yaml @@ -236,4 +236,59 @@ jobs: uses: actions/checkout@v3 - name: Test sensitive-data-archive - run: docker compose -f .github/integration/sda-integration.yml run integration_test \ No newline at end of file + run: docker compose -f .github/integration/sda-integration.yml run integration_test + + chart: + needs: + - build_go_images + - build_server_images + - build_java_images + runs-on: ubuntu-latest + strategy: + matrix: + version: ["1.26", "1.27"] + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Install Helm + uses: azure/setup-helm@v3.5 + with: + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Initialise k3d + run: bash .github/integration/scripts/charts/k3d.sh ${{matrix.version}} + shell: bash + + - name: debug + if: failure() + run: k3d version list k3s | grep ${{matrix.version}} + shell: bash + + - name: Deploy external services + run: bash .github/integration/scripts/charts/dependencies.sh + shell: bash + + - name: Deploy DB + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-db ${{ github.event.number }} + + - name: Deploy MQ + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-mq ${{ github.event.number }} + shell: bash + + - name: Deploy pipeline + run: bash .github/integration/scripts/charts/deploy_charts.sh sda-svc ${{ github.event.number }} + shell: bash + + - name: test + if: always() + run: | + kubectl get secret broker-sda-mq -o json + kubectl get secret pipeline-sda-svc-mapper -o json + kubectl get pods + echo "describe mapper" && kubectl describe pod -l role=mapper + sleep 1 + echo "logs mapper" && kubectl logs -l role=mapper + sleep 1 + echo "describe broker" && kubectl logs -l role=broker + shell: bash \ No newline at end of file diff --git a/.github/workflows/chart_test.yml b/.github/workflows/chart_test.yml deleted file mode 100644 index 241fee3d4..000000000 --- a/.github/workflows/chart_test.yml +++ /dev/null @@ -1,95 +0,0 @@ -name: Chart deployment test - -on: - pull_request: - paths: - - "charts/**" - -env: - DOCKER_BUILDKIT: 1 - -jobs: - deploy: - name: deployment test - runs-on: ubuntu-latest - strategy: - matrix: - version: ["1.26", "1.27"] - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Install Helm - uses: azure/setup-helm@v3.5 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Initialise k3d - run: bash .github/integration/scripts/charts/k3d.sh ${{matrix.version}} - shell: bash - - - name: debug - if: failure() - run: k3d version list k3s | grep ${{matrix.version}} - shell: bash - - - name: build postgres - shell: bash - run: | - cd postgresql - docker build -t ghcr.io/${{ github.repository }}:test-postgres . - - name: build rabbitmq - shell: bash - run: | - cd rabbitmq - docker build -t ghcr.io/${{ github.repository }}:test-rabbitmq . - - name: build sda - shell: bash - run: | - cd sda - docker build -t ghcr.io/${{ github.repository }}:test . - - name: build sda-auth - shell: bash - run: | - cd sda-auth - docker build -t ghcr.io/${{ github.repository }}:test-auth . - - name: build sda-download - shell: bash - run: | - cd sda-download - docker build -t ghcr.io/${{ github.repository }}:test-download . - - name: build sda-pipeline - shell: bash - run: | - cd sda-pipeline - docker build -t ghcr.io/${{ github.repository }}:test-pipeline . - - name: Import images to cluster - run: k3d image import ghcr.io/${{ github.repository }}:test-postgres ghcr.io/${{ github.repository }}:test-rabbitmq ghcr.io/${{ github.repository }}:test ghcr.io/${{ github.repository }}:test-auth ghcr.io/${{ github.repository }}:test-download ghcr.io/${{ github.repository }}:test-pipeline -c sda - - - name: Deploy external services - run: bash .github/integration/scripts/charts/dependencies.sh - shell: bash - - - name: Deploy DB - run: bash .github/integration/scripts/charts/deploy_charts.sh sda-db - - - name: Deploy MQ - run: bash .github/integration/scripts/charts/deploy_charts.sh sda-mq - shell: bash - - - name: Deploy pipeline - run: bash .github/integration/scripts/charts/deploy_charts.sh sda-svc - shell: bash - - - name: test - if: always() - run: | - kubectl get secret broker-sda-mq -o json - kubectl get secret pipeline-sda-svc-mapper -o json - kubectl get pods - echo "describe mapper" && kubectl describe pod -l role=mapper - sleep 1 - echo "logs mapper" && kubectl logs -l role=mapper - sleep 1 - echo "describe broker" && kubectl logs -l role=broker - shell: bash \ No newline at end of file From 4a8984f0366ac10664ea6a4bb3e073896efd1451 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Thu, 24 Aug 2023 12:46:48 +0200 Subject: [PATCH 52/75] [sda-mq] Add management port to service --- charts/sda-mq/templates/service.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/sda-mq/templates/service.yaml b/charts/sda-mq/templates/service.yaml index fcda5f364..b7df680e1 100644 --- a/charts/sda-mq/templates/service.yaml +++ b/charts/sda-mq/templates/service.yaml @@ -14,6 +14,8 @@ spec: port: 4369 - name: rabbitmq-dist port: 25672 + - name: management + port: {{ ternary 15671 15672 (.Values.global.tls.enabled )}} selector: app: {{ template "sda.fullname" . }} From d3c115e43c9ae8d98c1e888fd10ccce9c262a113 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Thu, 24 Aug 2023 13:00:49 +0200 Subject: [PATCH 53/75] Add ingress for management access --- charts/sda-mq/README.md | 6 ++++ charts/sda-mq/templates/ingress.yaml | 45 ++++++++++++++++++++++++++++ charts/sda-mq/values.yaml | 10 +++++++ 3 files changed, 61 insertions(+) create mode 100644 charts/sda-mq/templates/ingress.yaml diff --git a/charts/sda-mq/README.md b/charts/sda-mq/README.md index bc6f0dbbc..c7e591d0e 100644 --- a/charts/sda-mq/README.md +++ b/charts/sda-mq/README.md @@ -13,6 +13,12 @@ Parameter | Description | Default `image.pullPolicy` | sda-mq container image pull policy | `Always` `global.adminUser` | Username of admin user |`admin` `global.adminPassword` | Password for admin user. |`Random if unset` +`global.ingress.annotations` | extra annotations for the ingress objects | `""` +`global.ingress.ingressClassName` | class of the ingress controller | `"nginx"` +`global.ingress.clusterIssuer` | If cert-manager is set up to request certificates to the ingress endpoints, the configured clusterIssuer can be specified to automate certificate configuration for the ingress endpoint. | `""` +`global.ingress.hostName` | hostname for the ingress endpoint | `""` +`global.ingress.issuer` | If cert-manager is set up to request certificates to the ingress endpoints, the configured issuer can be specified to automate certificate configuration for the ingress endpoint. | `""` +`global.ingress.secretName` | The name of a manually created secret holding the certificates for the ingress enpoint. | `""` `global.tls.enabled` | Use TLS for all connections. |`true` `global.tls.issuer` | Issuer for TLS certificate creation. |`""` `global.tls.clusterIssuer` | ClusterIssuer for TLS certificate creation. |`""` diff --git a/charts/sda-mq/templates/ingress.yaml b/charts/sda-mq/templates/ingress.yaml new file mode 100644 index 000000000..fd0f30d58 --- /dev/null +++ b/charts/sda-mq/templates/ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.global.ingress.hostname }} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ template "sda.fullname" . }}-ingress + labels: + app: {{ template "sda.fullname" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- if eq "nginx" .Values.global.ingress.ingressClassName }} + nginx.ingress.kubernetes.io/rewrite-target: "/" + nginx.ingress.kubernetes.io/backend-protocol: "{{ ternary "HTTPS" "HTTP" .Values.global.tls.enabled }}" + {{- end }} + {{- if .Values.global.ingress.clusterIssuer }} + cert-manager.io/cluster-issuer: {{ .Values.global.ingress.clusterIssuer | quote }} + {{- else if .Values.global.ingress.issuer }} + cert-manager.io/issuer: {{ .Values.global.ingress.issuer | quote }} + {{- end }} +{{- if .Values.global.ingress.annotations }} +{{ toYaml .Values.global.ingress.annotations | indent 4 }} +{{- end }} +spec: +{{- if .Values.global.ingress.ingressClassName }} + ingressClassName: {{ .Values.global.ingress.ingressClassName }} +{{- end }} + rules: + - host: {{ required "An ingress hostname is required!" .Values.global.ingress.hostName }} + http: + paths: + - pathType: Prefix + path: "/" + backend: + service: + name: {{ template "sda.fullname" . }} + port: + number: {{ ternary 15671 15672 .Values.global.tls.enabled }} +{{- if .Values.global.tls.enabled }} + tls: + - hosts: + - {{ required "An ingress hostname is required!" .Values.global.ingress.hostName }} + secretName: {{ if .Values.global.ingress.secretName }}{{ .Values.global.ingress.secretName }}{{- else }}"{{ template "sda.fullname" . }}-ingress"{{- end }} +{{- end }} +{{- end }} diff --git a/charts/sda-mq/values.yaml b/charts/sda-mq/values.yaml index a93af6800..085679e0e 100644 --- a/charts/sda-mq/values.yaml +++ b/charts/sda-mq/values.yaml @@ -1,6 +1,16 @@ global: adminUser: adminPassword: + ingress: + # extra annotations for the ingress + annotations: {} + hostname: "" + ingressClassName: "nginx" + issuer: "" + clusterIssuer: "" + # If the certificates is generated by external providers + # the secrets containing them needs to be created manually. + secretName: "" tls: enabled: true issuer: "" From e6380b61a97dce25722789cc4f3b84921dd99c17 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Thu, 24 Aug 2023 15:16:06 +0200 Subject: [PATCH 54/75] Delete `sda-helm` folder --- sda-helm/.github/dependabot.yml | 11 - sda-helm/.github/workflows/lint.yml | 44 -- .../.github/workflows/manual_release.yaml | 27 - .../.github/workflows/sda-pipeline-notls.yml | 39 -- sda-helm/.github/workflows/sda-pipeline.yml | 94 --- sda-helm/.github/workflows/shellcheck.yml | 12 - sda-helm/.gitignore | 10 - sda-helm/LICENSE | 661 ------------------ sda-helm/README.md | 27 - sda-helm/dev_tools/cega/cega-issuer.yaml | 34 - sda-helm/dev_tools/cega/cega.conf | 15 - sda-helm/dev_tools/cega/cega.json | 23 - sda-helm/dev_tools/cega/cega.plugins | 1 - sda-helm/dev_tools/cega/deploy.yaml | 172 ----- sda-helm/dev_tools/cega/users.json | 7 - sda-helm/dev_tools/cega/users.py | 103 --- sda-helm/dev_tools/config/cert-issuer.yaml | 30 - sda-helm/dev_tools/config/minio-issuer.yaml | 33 - sda-helm/dev_tools/config/no-tls.yaml | 72 -- sda-helm/dev_tools/config/oidc.yaml | 56 -- sda-helm/dev_tools/config/orch.yaml | 18 - sda-helm/dev_tools/config/posix-volumes.yaml | 35 - sda-helm/dev_tools/config/posix.yaml | 76 -- sda-helm/dev_tools/config/s3.yaml | 106 --- sda-helm/dev_tools/scripts/cleanup.sh | 16 - .../scripts/create-s3-buckets-no-tls.sh | 27 - .../dev_tools/scripts/create-s3-buckets.sh | 28 - sda-helm/dev_tools/scripts/create-secrets.sh | 37 - sda-helm/dev_tools/scripts/deploy-cega.sh | 19 - .../dev_tools/scripts/deploy-cert-manager.sh | 12 - sda-helm/dev_tools/scripts/deploy-db.sh | 25 - sda-helm/dev_tools/scripts/deploy-minio.sh | 20 - sda-helm/dev_tools/scripts/deploy-mq.sh | 28 - sda-helm/dev_tools/scripts/deploy-oidc.sh | 16 - sda-helm/dev_tools/scripts/init-k3d.sh | 18 - .../dev_tools/scripts/install-kube-deps.sh | 17 - .../dev_tools/scripts/install-sda-deps.sh | 24 - sda-helm/dev_tools/scripts/java-certs.sh | 60 -- sda-helm/dev_tools/scripts/make-certs.sh | 83 --- .../scripts/mq-password-generator.sh | 7 - sda-helm/dev_tools/scripts/run-helm-test.sh | 17 - .../dev_tools/scripts/sda/deploy-no-tls.sh | 96 --- sda-helm/dev_tools/scripts/sda/deploy-orch.sh | 10 - .../dev_tools/scripts/sda/deploy-posix.sh | 23 - sda-helm/dev_tools/scripts/sda/deploy-s3.sh | 27 - sda-helm/dev_tools/scripts/sign_jwt.sh | 68 -- sda-helm/dev_tools/scripts/ssl.cnf | 236 ------- sda-helm/dev_tools/scripts/svc-setup.sh | 21 - sda-helm/dev_tools/scripts/wait-for-pods.sh | 47 -- 49 files changed, 2688 deletions(-) delete mode 100644 sda-helm/.github/dependabot.yml delete mode 100644 sda-helm/.github/workflows/lint.yml delete mode 100644 sda-helm/.github/workflows/manual_release.yaml delete mode 100644 sda-helm/.github/workflows/sda-pipeline-notls.yml delete mode 100644 sda-helm/.github/workflows/sda-pipeline.yml delete mode 100644 sda-helm/.github/workflows/shellcheck.yml delete mode 100644 sda-helm/.gitignore delete mode 100644 sda-helm/LICENSE delete mode 100644 sda-helm/README.md delete mode 100644 sda-helm/dev_tools/cega/cega-issuer.yaml delete mode 100644 sda-helm/dev_tools/cega/cega.conf delete mode 100644 sda-helm/dev_tools/cega/cega.json delete mode 100644 sda-helm/dev_tools/cega/cega.plugins delete mode 100644 sda-helm/dev_tools/cega/deploy.yaml delete mode 100644 sda-helm/dev_tools/cega/users.json delete mode 100644 sda-helm/dev_tools/cega/users.py delete mode 100644 sda-helm/dev_tools/config/cert-issuer.yaml delete mode 100644 sda-helm/dev_tools/config/minio-issuer.yaml delete mode 100644 sda-helm/dev_tools/config/no-tls.yaml delete mode 100644 sda-helm/dev_tools/config/oidc.yaml delete mode 100644 sda-helm/dev_tools/config/orch.yaml delete mode 100644 sda-helm/dev_tools/config/posix-volumes.yaml delete mode 100644 sda-helm/dev_tools/config/posix.yaml delete mode 100644 sda-helm/dev_tools/config/s3.yaml delete mode 100644 sda-helm/dev_tools/scripts/cleanup.sh delete mode 100644 sda-helm/dev_tools/scripts/create-s3-buckets-no-tls.sh delete mode 100755 sda-helm/dev_tools/scripts/create-s3-buckets.sh delete mode 100755 sda-helm/dev_tools/scripts/create-secrets.sh delete mode 100755 sda-helm/dev_tools/scripts/deploy-cega.sh delete mode 100644 sda-helm/dev_tools/scripts/deploy-cert-manager.sh delete mode 100755 sda-helm/dev_tools/scripts/deploy-db.sh delete mode 100755 sda-helm/dev_tools/scripts/deploy-minio.sh delete mode 100755 sda-helm/dev_tools/scripts/deploy-mq.sh delete mode 100755 sda-helm/dev_tools/scripts/deploy-oidc.sh delete mode 100755 sda-helm/dev_tools/scripts/init-k3d.sh delete mode 100755 sda-helm/dev_tools/scripts/install-kube-deps.sh delete mode 100755 sda-helm/dev_tools/scripts/install-sda-deps.sh delete mode 100755 sda-helm/dev_tools/scripts/java-certs.sh delete mode 100755 sda-helm/dev_tools/scripts/make-certs.sh delete mode 100644 sda-helm/dev_tools/scripts/mq-password-generator.sh delete mode 100755 sda-helm/dev_tools/scripts/run-helm-test.sh delete mode 100644 sda-helm/dev_tools/scripts/sda/deploy-no-tls.sh delete mode 100755 sda-helm/dev_tools/scripts/sda/deploy-orch.sh delete mode 100755 sda-helm/dev_tools/scripts/sda/deploy-posix.sh delete mode 100755 sda-helm/dev_tools/scripts/sda/deploy-s3.sh delete mode 100644 sda-helm/dev_tools/scripts/sign_jwt.sh delete mode 100644 sda-helm/dev_tools/scripts/ssl.cnf delete mode 100755 sda-helm/dev_tools/scripts/svc-setup.sh delete mode 100755 sda-helm/dev_tools/scripts/wait-for-pods.sh diff --git a/sda-helm/.github/dependabot.yml b/sda-helm/.github/dependabot.yml deleted file mode 100644 index f21a6b813..000000000 --- a/sda-helm/.github/dependabot.yml +++ /dev/null @@ -1,11 +0,0 @@ -version: 2 -updates: - - package-ecosystem: "github-actions" - directory: "/" - schedule: - interval: "weekly" - open-pull-requests-limit: 10 - reviewers: - - "dbampalikis" - - "jbygdell" - - "blankdots" diff --git a/sda-helm/.github/workflows/lint.yml b/sda-helm/.github/workflows/lint.yml deleted file mode 100644 index 2e9b2a080..000000000 --- a/sda-helm/.github/workflows/lint.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: Helm linter - -on: [push] - -jobs: - lint_sda-db: - name: Lint sda-db - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Install helm3 - run: bash ./dev_tools/scripts/install-kube-deps.sh - - name: Lint sda-db - run: helm lint charts/sda-db - - lint_sda-mq: - name: Lint sda-mq - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Install helm3 - run: bash ./dev_tools/scripts/install-kube-deps.sh - - name: Lint sda-mq - run: helm lint charts/sda-mq - - lint_sda-svc: - name: Lint sda-svc - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Install helm3 - run: bash ./dev_tools/scripts/install-kube-deps.sh - - name: Lint sda-svc - run: helm lint charts/sda-svc - - lint_sda-orch: - name: Lint sda-orch - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Install helm3 - run: bash ./dev_tools/scripts/install-kube-deps.sh - - name: Lint sda-orch - run: helm lint charts/sda-orch diff --git a/sda-helm/.github/workflows/manual_release.yaml b/sda-helm/.github/workflows/manual_release.yaml deleted file mode 100644 index 598433fee..000000000 --- a/sda-helm/.github/workflows/manual_release.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Manually Release Charts - -on: [workflow_dispatch] - -jobs: - release: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3.3.0 - with: - fetch-depth: 0 - - - name: Configure Git - run: | - git config user.name "$GITHUB_ACTOR" - git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - - - name: Install Helm - uses: azure/setup-helm@v3.5 - with: - version: v3.4.0 - - - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.5.0 - env: - CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/sda-helm/.github/workflows/sda-pipeline-notls.yml b/sda-helm/.github/workflows/sda-pipeline-notls.yml deleted file mode 100644 index ce1bf1583..000000000 --- a/sda-helm/.github/workflows/sda-pipeline-notls.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: standalone sda deployment without TLS - -on: [push,pull_request] - -jobs: - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Install kube dependencies - run: bash ./dev_tools/scripts/install-kube-deps.sh - - name: Initialise k3d - run: bash ./dev_tools/scripts/init-k3d.sh - - name: Wait for k3d to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh metrics-server k8s-app kube-system - - name: Install sda dependencies - run: bash ./dev_tools/scripts/install-sda-deps.sh - - name: Create certificates - run: bash ./dev_tools/scripts/make-certs.sh - - name: Create secrets - run: bash ./dev_tools/scripts/create-secrets.sh - - name: Deploy SDA database - run: bash ./dev_tools/scripts/sda/deploy-no-tls.sh database - - name: Deploy SDA message broker - run: bash ./dev_tools/scripts/sda/deploy-no-tls.sh broker - - name: Deploy SDA orchestrator - run: bash ./dev_tools/scripts/sda/deploy-no-tls.sh orchestrate - - name: Deploy mock oidc server - run: bash ./dev_tools/scripts/deploy-oidc.sh - - name: Deploy minio - run: bash ./dev_tools/scripts/sda/deploy-no-tls.sh minio - - name: Create s3 buckets - run: bash ./dev_tools/scripts/create-s3-buckets-no-tls.sh - - name: Deploy the SDA stack - run: bash ./dev_tools/scripts/sda/deploy-no-tls.sh pipeline - - name: Wait for sda to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh standalone_s3_svc_list - - name: Run helm test - run: bash ./dev_tools/scripts/run-helm-test.sh diff --git a/sda-helm/.github/workflows/sda-pipeline.yml b/sda-helm/.github/workflows/sda-pipeline.yml deleted file mode 100644 index 745f8c203..000000000 --- a/sda-helm/.github/workflows/sda-pipeline.yml +++ /dev/null @@ -1,94 +0,0 @@ -name: sda-pipeline deployment - -on: [push, pull_request] - -jobs: - build: - strategy: - fail-fast: false - matrix: - inbox: [posix, s3] - deployment: [federated, standalone] - cert: [issuer, manual] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - - name: Install kube dependencies - run: bash ./dev_tools/scripts/install-kube-deps.sh - - - name: Initialise k3d - run: bash ./dev_tools/scripts/init-k3d.sh - - - name: Wait for k3d to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh metrics-server k8s-app kube-system - - - name: Install sda dependencies - run: bash ./dev_tools/scripts/install-sda-deps.sh - - - name: Create certificates - if: matrix.cert == 'manual' - run: bash ./dev_tools/scripts/make-certs.sh - - - name: Create certificate issuer - if: matrix.cert == 'issuer' - run: bash ./dev_tools/scripts/deploy-cert-manager.sh - - - name: Create secrets - run: bash ./dev_tools/scripts/create-secrets.sh - - - name: Set up services configuration - if: matrix.cert == 'manual' - run: bash ./dev_tools/scripts/svc-setup.sh - - - name: Deploy SDA database - run: bash ./dev_tools/scripts/deploy-db.sh "${{ matrix.cert }}" - - - name: Wait for database to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh database - - - name: Deploy mock oidc server - if: matrix.inbox == 's3' - run: bash ./dev_tools/scripts/deploy-oidc.sh - - - name: Deploy minio - if: matrix.inbox == 's3' - run: bash ./dev_tools/scripts/deploy-minio.sh "${{ matrix.cert }}" - - - name: Wait for minio to become ready - if: matrix.inbox == 's3' - run: bash ./dev_tools/scripts/wait-for-pods.sh minio app - - - name: Create s3 buckets - if: matrix.inbox == 's3' - run: bash ./dev_tools/scripts/create-s3-buckets.sh - - - name: Start CEGA services - if: matrix.deployment == 'federated' - run: bash ./dev_tools/scripts/deploy-cega.sh "${{ matrix.cert }}" - - - name: Wait for CEGA to become ready - if: matrix.deployment == 'federated' - run: bash ./dev_tools/scripts/wait-for-pods.sh cega-mq app - - - name: Deploy SDA message broker - run: bash ./dev_tools/scripts/deploy-mq.sh "${{ matrix.deployment }}" "${{ matrix.cert }}" - - - name: Wait for broker to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh broker - - - name: Deploy the SDA stack for posix - if: matrix.inbox == 'posix' - run: | - kubectl apply -f dev_tools/config/posix-volumes.yaml; - bash ./dev_tools/scripts/sda/deploy-posix.sh "${{ matrix.deployment }}" "${{ matrix.cert }}" - - - name: Deploy the SDA stack for s3 - if: matrix.inbox == 's3' - run: bash ./dev_tools/scripts/sda/deploy-s3.sh "${{ matrix.deployment }}" "${{ matrix.cert }}" - - - name: Wait for sda to become ready - run: bash ./dev_tools/scripts/wait-for-pods.sh "${{ format('{0}_{1}_svc_list', matrix.deployment, matrix.inbox) }}" - - - name: Run helm test - run: bash ./dev_tools/scripts/run-helm-test.sh diff --git a/sda-helm/.github/workflows/shellcheck.yml b/sda-helm/.github/workflows/shellcheck.yml deleted file mode 100644 index 4bd810355..000000000 --- a/sda-helm/.github/workflows/shellcheck.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: Scripts linter - -on: [push] - -jobs: - shellcheck: - name: Shellcheck - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3.3.0 - - name: Run ShellCheck - uses: ludeeus/action-shellcheck@master diff --git a/sda-helm/.gitignore b/sda-helm/.gitignore deleted file mode 100644 index 366f3999f..000000000 --- a/sda-helm/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -*.pem -*.csr -*.crt -*.key -*.p12 -cacerts -*.pub -*.sec -sda-deploy-init/* -LocalEGA-helm/* \ No newline at end of file diff --git a/sda-helm/LICENSE b/sda-helm/LICENSE deleted file mode 100644 index 0ad25db4b..000000000 --- a/sda-helm/LICENSE +++ /dev/null @@ -1,661 +0,0 @@ - GNU AFFERO GENERAL PUBLIC LICENSE - Version 3, 19 November 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU Affero General Public License is a free, copyleft license for -software and other kinds of works, specifically designed to ensure -cooperation with the community in the case of network server software. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -our General Public Licenses are intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - Developers that use our General Public Licenses protect your rights -with two steps: (1) assert copyright on the software, and (2) offer -you this License which gives you legal permission to copy, distribute -and/or modify the software. - - A secondary benefit of defending all users' freedom is that -improvements made in alternate versions of the program, if they -receive widespread use, become available for other developers to -incorporate. Many developers of free software are heartened and -encouraged by the resulting cooperation. However, in the case of -software used on network servers, this result may fail to come about. -The GNU General Public License permits making a modified version and -letting the public access it on a server without ever releasing its -source code to the public. - - The GNU Affero General Public License is designed specifically to -ensure that, in such cases, the modified source code becomes available -to the community. It requires the operator of a network server to -provide the source code of the modified version running there to the -users of that server. Therefore, public use of a modified version, on -a publicly accessible server, gives the public access to the source -code of the modified version. - - An older license, called the Affero General Public License and -published by Affero, was designed to accomplish similar goals. This is -a different license, not a version of the Affero GPL, but Affero has -released a new version of the Affero GPL which permits relicensing under -this license. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU Affero General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Remote Network Interaction; Use with the GNU General Public License. - - Notwithstanding any other provision of this License, if you modify the -Program, your modified version must prominently offer all users -interacting with it remotely through a computer network (if your version -supports such interaction) an opportunity to receive the Corresponding -Source of your version by providing access to the Corresponding Source -from a network server at no charge, through some standard or customary -means of facilitating copying of software. This Corresponding Source -shall include the Corresponding Source for any work covered by version 3 -of the GNU General Public License that is incorporated pursuant to the -following paragraph. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the work with which it is combined will remain governed by version -3 of the GNU General Public License. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU Affero General Public License from time to time. Such new versions -will be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU Affero General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU Affero General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU Affero General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU Affero General Public License as published - by the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU Affero General Public License for more details. - - You should have received a copy of the GNU Affero General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If your software can interact with users remotely through a computer -network, you should also make sure that it provides a way for users to -get its source. For example, if your program is a web application, its -interface could display a "Source" link that leads users to an archive -of the code. There are many ways you could offer source, and different -solutions will be better for different programs; see section 13 for the -specific requirements. - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU AGPL, see -. diff --git a/sda-helm/README.md b/sda-helm/README.md deleted file mode 100644 index 4b5d5ca1c..000000000 --- a/sda-helm/README.md +++ /dev/null @@ -1,27 +0,0 @@ -# SDA-helm - -[![GitHub](https://img.shields.io/github/license/neicnordic/sda-helm?style=plastic)](https://www.gnu.org/licenses/agpl-3.0) -![GitHub Actions linter](https://github.com/neicnordic/sda-helm/workflows/Helm%20linter/badge.svg) -![GitHub tag (latest SemVer)](https://img.shields.io/github/v/tag/neicnordic/sda-helm?sort=semver&style=plastic) - -## Info - -This repositroy contains helmcharts for deploying a Sensitive Data Archive solution that is compatible with the European Genome Archives federated archiving model. - -The charts are compatible with kubernetes versions >= 1.19.0 and are tested against kubernetes version 1.25.6 - -## sda-db - -This chart deploys a pre-configured database instance for Sensitive Data Archive, the schemas match European Genome Archives federated archiving model. - -## sda-mq - -This chart deploys a pre-configured message broker designed to work European Genome Archives federated archive setup. - -## sda-svc - -This chart deploys the service components needed for the Sensitive Data Archive solution. - -## sda-orch - -This chart deploys the orchestrate service needed for the Sensitive Data Archive standalone solution (No European Genome Archive connection). diff --git a/sda-helm/dev_tools/cega/cega-issuer.yaml b/sda-helm/dev_tools/cega/cega-issuer.yaml deleted file mode 100644 index 85d775ae0..000000000 --- a/sda-helm/dev_tools/cega/cega-issuer.yaml +++ /dev/null @@ -1,34 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: cega-certs -spec: - # Secret names are always required. - secretName: cega-certs - - duration: 2160h # 90d - - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - commonName: cega - isCA: false - privateKey: - algorithm: ECDSA - size: 256 - usages: - - server auth - # At least one of a DNS Name, URI, or IP address is required. - dnsNames: - - cega-mq - - cega-users - ipAddresses: - - 127.0.0.1 - # Issuer references are always required. - issuerRef: - name: ca-issuer - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io diff --git a/sda-helm/dev_tools/cega/cega.conf b/sda-helm/dev_tools/cega/cega.conf deleted file mode 100644 index acaeb0eb6..000000000 --- a/sda-helm/dev_tools/cega/cega.conf +++ /dev/null @@ -1,15 +0,0 @@ -listeners.ssl.default = 5671 -ssl_options.cacertfile = /etc/rabbitmq/ssl/ca.crt -ssl_options.certfile = /etc/rabbitmq/ssl/tls.crt -ssl_options.keyfile = /etc/rabbitmq/ssl/tls.key -ssl_options.verify = verify_none -ssl_options.fail_if_no_peer_cert = true -ssl_options.versions.1 = tlsv1.2 -management.load_definitions = /etc/rabbitmq/conf/cega.json -management.listener.port = 15671 -management.listener.ssl = true -management.listener.ssl_opts.cacertfile = /etc/rabbitmq/ssl/ca.crt -management.listener.ssl_opts.certfile = /etc/rabbitmq/ssl/tls.crt -management.listener.ssl_opts.keyfile = /etc/rabbitmq/ssl/tls.key -default_vhost = lega -disk_free_limit.absolute = 1GB diff --git a/sda-helm/dev_tools/cega/cega.json b/sda-helm/dev_tools/cega/cega.json deleted file mode 100644 index 57991b559..000000000 --- a/sda-helm/dev_tools/cega/cega.json +++ /dev/null @@ -1,23 +0,0 @@ -{"rabbit_version":"3.7", - "users":[{"name":"lega", - "password_hash":"tBwQTdorHZnIdJI7AUK71L56JVbYhjfhNoVO2y1nWmt2Cgdm","hashing_algorithm":"rabbit_password_hashing_sha256","tags":"administrator"}], "vhosts":[{"name":"lega"}], - "permissions":[{"user":"lega", "vhost":"lega", "configure":".*", "write":".*", "read":".*"}], - - "parameters":[], "global_parameters":[{"name":"cluster_name", "value":"rabbit@localhost"}], - "policies":[], - "queues":[{"name":"v1.files.inbox", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}, - {"name":"v1.stableIDs", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}, - {"name":"v1.files", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}, - {"name":"v1.files.completed", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}, - {"name":"v1.files.verified", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}, - {"name":"v1.files.error", "vhost":"lega", "durable":true, "auto_delete":false, "arguments":{}}], - "exchanges":[{"name":"localega.v1", "vhost":"lega", "type":"topic", "durable":true, "auto_delete":false, "internal":false, "arguments":{}}], - "bindings":[ - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.stableIDs","routing_key":"stableIDs"}, - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.files","routing_key":"files"}, - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.files.inbox","routing_key":"files.inbox"}, - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.files.error","routing_key":"files.error"}, - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.files.verified","routing_key":"files.verified"}, - {"source":"localega.v1","vhost":"lega","destination_type":"queue","arguments":{},"destination":"v1.files.completed","routing_key":"files.completed"}] - -} diff --git a/sda-helm/dev_tools/cega/cega.plugins b/sda-helm/dev_tools/cega/cega.plugins deleted file mode 100644 index 7e8d295ec..000000000 --- a/sda-helm/dev_tools/cega/cega.plugins +++ /dev/null @@ -1 +0,0 @@ -[rabbitmq_federation,rabbitmq_federation_management,rabbitmq_management,rabbitmq_shovel,rabbitmq_shovel_management]. \ No newline at end of file diff --git a/sda-helm/dev_tools/cega/deploy.yaml b/sda-helm/dev_tools/cega/deploy.yaml deleted file mode 100644 index 524dd23cd..000000000 --- a/sda-helm/dev_tools/cega/deploy.yaml +++ /dev/null @@ -1,172 +0,0 @@ ---- -# Source: cega/templates/cega-deploy.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cega-users - labels: - role: fake-users -spec: - replicas: 1 - selector: - matchLabels: - app: cega-users - template: - metadata: - labels: - app: cega-users - role: fake-users - spec: - serviceAccountName: cega - securityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 1000 - containers: - - name: cega-users - image: "egarchive/lega-base:release.v0.2.0" - imagePullPolicy: "Always" - command: ["python", "/cega/users.py", "0.0.0.0", "8443", "/cega/users.json"] - securityContext: - allowPrivilegeEscalation: false - env: - - name: LEGA_INSTANCES - value: legatest - - name: CEGA_USERS_PASSWORD - value: OfEoDPVadIfd4CZUWkisrrVQbJ2yQPIH - - name: CEGA_USERS_USER - value: legatest - ports: - - name: cega-users - containerPort: 443 - protocol: TCP - volumeMounts: - - name: cega-config - mountPath: /cega - - name: cega-certs - mountPath: /tls/ - volumes: - - name: cega-config - secret: - secretName: cega-users-config - defaultMode: 0440 - - name: cega-certs - secret: - secretName: cega-certs - defaultMode: 0440 ---- -# Source: cega/templates/cegamq-deploy.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: cega-mq - labels: - role: cega-broker - app: cega-mq -spec: - replicas: 1 - selector: - matchLabels: - app: cega-mq - template: - metadata: - labels: - app: cega-mq - spec: - serviceAccountName: cega - securityContext: - runAsUser: 100 - runAsGroup: 101 - fsGroup: 101 - containers: - - name: cega-mq - image: "rabbitmq:3.7.8-management-alpine" - imagePullPolicy: "IfNotPresent" - securityContext: - allowPrivilegeEscalation: false - env: - - name: RABBITMQ_CONFIG_FILE - value: /etc/rabbitmq/conf/cega - - name: RABBITMQ_ENABLED_PLUGINS_FILE - value: /etc/rabbitmq/conf/cega.plugins - ports: - - containerPort: 15671 - protocol: TCP - name: https - - containerPort: 15672 - protocol: TCP - name: http - - containerPort: 5672 - name: amqp - - containerPort: 5671 - name: amqps - volumeMounts: - - name: conf - mountPath: /etc/rabbitmq/conf - - name: rabbitmq - mountPath: /var/lib/rabbitmq - - name: ssl-certs - mountPath: /etc/rabbitmq/ssl - volumes: - - name: ssl-certs - secret: - secretName: cega-certs - defaultMode: 0440 - - name: conf - secret: - secretName: cega-mq-config - defaultMode: 0440 - - name: rabbitmq - emptyDir: {} ---- -# Source: cega/templates/cega-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: cega-users - labels: - app: cega-users -spec: - ports: - - port: 443 - targetPort: 8443 - protocol: TCP - selector: - app: cega-users ---- -# Source: cega/templates/cegamq-svc.yaml -apiVersion: v1 -kind: Service -metadata: - name: cega-mq - labels: - app: cega-mq -spec: - ports: - - port: 5672 - targetPort: 5672 - protocol: TCP - name: amqp - - port: 5671 - targetPort: 5671 - protocol: TCP - name: amqps - - port: 4369 - name: epmd - - port: 25672 - name: rabbitmq-dist - selector: - app: cega-mq ---- -# Source: cega/templates/serviceaccount.yaml -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app: cega-serviceAccount - chart: cega-0.3.3 - heritage: Helm - release: cega - name: cega - namespace: default - diff --git a/sda-helm/dev_tools/cega/users.json b/sda-helm/dev_tools/cega/users.json deleted file mode 100644 index 953704079..000000000 --- a/sda-helm/dev_tools/cega/users.json +++ /dev/null @@ -1,7 +0,0 @@ -[{"username": "dummy", - "uid": 1, - "passwordHash": "wW94fVzPmrB2KiDuhBq2oVx416YMBIC8Q0HGCeTBjPmOo/0R", - "gecos": "dummy user", - "sshPublicKey": ["ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDI7vOtisP6sEfK25RqVJKJ+xuLn42eDUBGYJsKbo638s+Ft3LbriL00CwGAElu8bB2LEIO/lMPphqrci039eysLXeS9y0ZhNMyqBc6Z5FH7Bp6RZquEikXs6ALuLKd30u8CyRZ3JuH/C3W4ptbfaeBAwnhUXCaxttgF5rdWZbkDP/Lyc2n3PdcHvEWNCo2fvs3QgxCgoYMsRhUAOv+n58wrYoY4sMBXmeWauxfOEKhGQqPoz8c+l68oh5oKcXtPW8ETc2id3kiwEfZMkB/p/MqFbFNqcHhGmmZAgzP0YbH2KUGYp8WiIEZpy6dTbv2eQfkoqFcJilm0iOJ40aDiJrv6tFSx/RPc6togj+kxPnXK5daYmhUkzm0AS7qUWL9QSd9S0nViav+NJzhhchpcWjU7fSnck7dRj+pyr/PLNUW6Dc8LETPnWLkLaIR3AgLPp8lq9JPbfHrfSNNleElRTpjweqAY/6ViRo690xjupZIPWiYe56vx3H13FbkngSuS7YEFGJeg3leHFql8BfmW9GMm3b8H56wWsE9ewBSVOGNNeqFR+3TBCL4wk5IMo5nK2yp9eQy6shgN4fbES93KQr7VkIx2rQna8JJJLnhZoU2iHtG57EIAKjtF69us4aPWnY1NCr19xGzTqN8HUpaaGYH4EMLuukRcPm0ebCjeDUyxQ=="], - "enabled": null -}] diff --git a/sda-helm/dev_tools/cega/users.py b/sda-helm/dev_tools/cega/users.py deleted file mode 100644 index 80bdc8421..000000000 --- a/sda-helm/dev_tools/cega/users.py +++ /dev/null @@ -1,103 +0,0 @@ -#!/usr/bin/env python3.6 -# -*- coding: utf-8 -*- - -''' -Test server to act as CentralEGA endpoint for users - -:author: Frédéric Haziza -:copyright: (c) 2018, EGA System Developers. -''' - -import sys -import os -import logging -import asyncio -import json -from base64 import b64decode -import ssl - -from aiohttp import web - -#logging.basicConfig(format='[%(asctime)s][%(levelname)-8s] (L:%(lineno)s) %(message)s', datefmt='%Y-%m-%d %H:%M:%S') -logging.basicConfig(format='[%(levelname)-8s] (L:%(lineno)s) %(message)s') -LOG = logging.getLogger(__name__) -LOG.setLevel(logging.INFO) - -filepath = None -instances = {} -store = None -usernames = {} - -def fetch_user_info(identifier, query): - LOG.info(f'Requesting User {identifier} [type {id_type}]') - try: - pos = usernames.get(identifier, None) - return store[pos] if pos is not None else None - except: - raise web.HTTPBadRequest(text="Missing or wrong idType") - -async def user(request): - # Authenticate - auth_header = request.headers.get('AUTHORIZATION') - if not auth_header: - raise web.HTTPUnauthorized(text=f'Protected access\n') - _, token = auth_header.split(None, 1) # Skipping the Basic keyword - instance, passwd = b64decode(token).decode().split(':', 1) - info = instances.get(instance) - if info is None or info != passwd: - raise web.HTTPUnauthorized(text=f'Protected access\n') - - # Reload users list - load_users() - - # Find user - user_info = fetch_user_info(request.match_info['identifier'], request.rel_url.query) - if user_info is None: - raise web.HTTPBadRequest(text=f'No info for that user\n') - return web.json_response(user_info) - -def main(): - - if len(sys.argv) < 3: - print('Usage: {sys.argv[0] }', file=sys.stderr) - sys.exit(2) - - host = sys.argv[1] - port = sys.argv[2] - - global filepath - filepath = sys.argv[3] - - server = web.Application() - load_users() - - # Registering the routes - server.router.add_get('/username/{identifier}', user, name='user') - - # SSL settings - cacertfile = '/tls/ca.crt' - certfile = '/tls/tls.crt' - keyfile = '/tls/tls.key' - - ssl_ctx = ssl.create_default_context(purpose=ssl.Purpose.SERVER_AUTH, cafile=cacertfile) - ssl_ctx.check_hostname = False - ssl_ctx.verify_mode = ssl.CERT_NONE - - ssl_ctx.load_cert_chain(certfile, keyfile=keyfile) - - # aaaand... cue music - web.run_app(server, host=host, port=port, shutdown_timeout=0, ssl_context=ssl_ctx) - - -def load_users(): - # Initialization - global filepath, instances, store, usernames, uids - instances[os.environ[f'CEGA_USERS_USER']] = os.environ[f'CEGA_USERS_PASSWORD'] #'legatest' # Hard-coding legatest:legatest - with open(filepath, 'rt') as f: - store = json.load(f) - for i, d in enumerate(store): - usernames[d['username']] = i # No KeyError, should be there - - -if __name__ == '__main__': - main() diff --git a/sda-helm/dev_tools/config/cert-issuer.yaml b/sda-helm/dev_tools/config/cert-issuer.yaml deleted file mode 100644 index 1c2440aac..000000000 --- a/sda-helm/dev_tools/config/cert-issuer.yaml +++ /dev/null @@ -1,30 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned-issuer -spec: - selfSigned: {} ---- -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: selfsigned-ca -spec: - isCA: true - commonName: selfsigned-ca - secretName: root-secret - privateKey: - algorithm: ECDSA - size: 256 - issuerRef: - name: selfsigned-issuer - kind: Issuer - group: cert-manager.io ---- -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: ca-issuer -spec: - ca: - secretName: root-secret diff --git a/sda-helm/dev_tools/config/minio-issuer.yaml b/sda-helm/dev_tools/config/minio-issuer.yaml deleted file mode 100644 index e33f40b57..000000000 --- a/sda-helm/dev_tools/config/minio-issuer.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: cert-manager.io/v1 -kind: Certificate -metadata: - name: minio-certs -spec: - # Secret names are always required. - secretName: minio-certs - - duration: 2160h # 90d - - # The use of the common name field has been deprecated since 2000 and is - # discouraged from being used. - commonName: cega - isCA: false - privateKey: - algorithm: ECDSA - size: 256 - usages: - - server auth - # At least one of a DNS Name, URI, or IP address is required. - dnsNames: - - minio - ipAddresses: - - 127.0.0.1 - # Issuer references are always required. - issuerRef: - name: ca-issuer - # We can reference ClusterIssuers by changing the kind here. - # The default value is Issuer (i.e. a locally namespaced Issuer) - kind: Issuer - # This is optional since cert-manager will default to this value however - # if you are using an external issuer, change this to that issuer group. - group: cert-manager.io diff --git a/sda-helm/dev_tools/config/no-tls.yaml b/sda-helm/dev_tools/config/no-tls.yaml deleted file mode 100644 index 1cffc06a0..000000000 --- a/sda-helm/dev_tools/config/no-tls.yaml +++ /dev/null @@ -1,72 +0,0 @@ -global: - c4ghPath: c4gh - jwtPath: jwt - tlsPath: tls - podSecurityPolicy: - create: false - archive: - storageType: s3 - s3Url: "http://minio" - s3Port: 9000 - s3Bucket: "archive" - s3ReadyPath: "/minio/health/ready" - auth: - elixirID: DfCieZLuBU - elixirSecret: DfCieZLuBU - jwtSecret: oidc - jwtAlg: ES256 - jwtKey: jwt.key - jwtPub: jwt.pub - backupArchive: - storageType: s3 - s3Url: "http://minio" - s3Port: 9000 - s3Bucket: "backup" - s3ReadyPath: "/minio/health/ready" - broker: - host: "broker-sda-mq" - exchange: "sda" - port: 5672 - password: "admin" - username: "admin" - backupRoutingKey: "backup" - db: - host: "postgres-sda-db" - c4gh: - secretName: c4gh - keyFile: c4gh.sec.pem - publicFile: c4gh.pub.pem - elixir: - provider: "http://oidc-server:8080" - jwkPath: "" - inbox: - storageType: s3 - # existingClaim: test - s3Url: http://minio - s3Port: 9000 - s3Bucket: "inbox" - s3ReadyPath: "/minio/health/ready" - ingress: - deploy: false - hostName: - auth: sda-sda-svc-auth - download: sda-sda-svc-download - s3Inbox: sda-sda-svc-inbox - logLevel: debug - schemaType: isolated - tls: - enabled: false -auth: - replicaCount: 1 -backup: - deploy: true -doa: - replicaCount: 1 -download: - replicaCount: 1 -intercept: - deploy: false -releasetest: - run: true -s3Inbox: - replicaCount: 1 diff --git a/sda-helm/dev_tools/config/oidc.yaml b/sda-helm/dev_tools/config/oidc.yaml deleted file mode 100644 index d8904049c..000000000 --- a/sda-helm/dev_tools/config/oidc.yaml +++ /dev/null @@ -1,56 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: oidc-server -spec: - selector: - matchLabels: - app: oidc-server - replicas: 1 - template: - metadata: - labels: - app: oidc-server - spec: - securityContext: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 1000 - fsGroup: 1000 - containers: - - name: oidc-server - image: "neicnordic/mock-oidc:latest" - ports: - - containerPort: 8080 - env: - - name: PORT - value: "8080" - - name: HOST - value: oidc-server - - name: CLIENT_ID - value: DfCieZLuBU - - name: CLIENT_SECRET - value: DfCieZLuBU - - name: CLIENT_REDIRECT_URI - value: http://sda-auth/elixir/login - resources: - limits: - cpu: 250m - memory: 256Mi - requests: - cpu: 100m - memory: 128Mi ---- -apiVersion: v1 -kind: Service -metadata: - name: oidc-server - labels: - app: oidc-server -spec: - type: ClusterIP - ports: - - port: 8080 - targetPort: 8080 - selector: - app: oidc-server diff --git a/sda-helm/dev_tools/config/orch.yaml b/sda-helm/dev_tools/config/orch.yaml deleted file mode 100644 index 451f2c153..000000000 --- a/sda-helm/dev_tools/config/orch.yaml +++ /dev/null @@ -1,18 +0,0 @@ -broker: - vhost: "sda" - host: "broker-sda-mq" - exchange: "sda" - password: "admin" - username: "admin" - queue: - inbox: inbox - completed: completed - verify: archived - files: files - stableid: accessionIDs -logLevel: debug -tls: - secretName: orch-certs - cert: orch.crt - key: orch.key - caCert: ca.crt diff --git a/sda-helm/dev_tools/config/posix-volumes.yaml b/sda-helm/dev_tools/config/posix-volumes.yaml deleted file mode 100644 index e16f58a8a..000000000 --- a/sda-helm/dev_tools/config/posix-volumes.yaml +++ /dev/null @@ -1,35 +0,0 @@ -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: inbox-volume -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: local-path ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: archive-volume -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: local-path ---- -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: backup-volume -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: local-path diff --git a/sda-helm/dev_tools/config/posix.yaml b/sda-helm/dev_tools/config/posix.yaml deleted file mode 100644 index b7cd460fe..000000000 --- a/sda-helm/dev_tools/config/posix.yaml +++ /dev/null @@ -1,76 +0,0 @@ -global: - c4ghPath: c4gh - jwtPath: jwt - tlsPath: tls - podSecurityPolicy: - create: false - archive: - storageType: posix - existingClaim: archive-volume - volumePath: "/archive" - backupArchive: - storageType: posix - existingClaim: backup-volume - volumePath: "/backup" - broker: - host: "broker-sda-mq" - exchange: "sda" - port: 5671 - verifyPeer: true - password: "admin" - username: "admin" - backupRoutingKey: "backup" - c4gh: - secretName: c4gh - keyFile: c4gh.sec.pem - publicFile: c4gh.pub.pem - cega: - host: "cega-users" - user: "legatest" - db: - host: "postgres-sda-db" - sslMode: "verify-ca" - inbox: - storageType: posix - path: "/inbox" - user: "lega" - existingClaim: inbox-volume - ingress: - deploy: false - hostName: - download: sda-sda-svc-download - logLevel: debug - tls: - enabled: true -backup: - deploy: true - tls: - secretName: "backup-certs" -doa: - tls: - secretName: "doa-certs" -finalize: - tls: - secretName: "finalize-certs" -ingest: - tls: - secretName: "ingest-certs" -intercept: - tls: - secretName: "intercept-certs" -mapper: - tls: - secretName: "mapper-certs" -sftpInbox: - tls: - secretName: "inbox-certs" -verify: - tls: - secretName: "verify-certs" -download: - tls: - secretName: "download-certs" -releasetest: - run: true - tls: - secretName: "tester-certs" diff --git a/sda-helm/dev_tools/config/s3.yaml b/sda-helm/dev_tools/config/s3.yaml deleted file mode 100644 index ef4088f52..000000000 --- a/sda-helm/dev_tools/config/s3.yaml +++ /dev/null @@ -1,106 +0,0 @@ -global: - c4ghPath: c4gh - jwtPath: jwt - tlsPath: tls - podSecurityPolicy: - create: false - archive: - storageType: s3 - s3Url: "https://minio" - s3Bucket: "archive" - s3CaFile: "ca.crt" - s3AccessKey: idDQBxLpXoM8l88l - s3SecretKey: ABd6XCIvNWj7JULbrqBf8tB7q9BoHJSc - auth: - elixirID: DfCieZLuBU - elixirSecret: DfCieZLuBU - jwtSecret: oidc - jwtAlg: ES256 - jwtKey: jwt.key - jwtPub: jwt.pub - backupArchive: - storageType: s3 - s3Url: "https://minio" - s3Bucket: "backup" - s3CaFile: "ca.crt" - s3AccessKey: idDQBxLpXoM8l88l - s3SecretKey: ABd6XCIvNWj7JULbrqBf8tB7q9BoHJSc - broker: - host: "broker-sda-mq" - exchange: "sda" - port: 5671 - verifyPeer: true - password: "admin" - username: "admin" - backupRoutingKey: "backup" - cega: - host: "cega-users" - user: "legatest" - password: 3iSGc5loLN7hu2EwT2Z2CzCT26iUrk3t - db: - host: "postgres-sda-db" - sslMode: "verify-full" - c4gh: - secretName: c4gh - keyFile: c4gh.sec.pem - publicFile: c4gh.sec.pub - elixir: - provider: "http://oidc-server:8080" - jwkPath: "" - inbox: - storageType: s3 - # existingClaim: test - s3Url: "https://minio" - s3Bucket: "inbox" - s3AccessKey: idDQBxLpXoM8l88l - s3SecretKey: ABd6XCIvNWj7JULbrqBf8tB7q9BoHJSc - s3CaFile: ca.crt - s3ReadyPath: "/minio/health/ready" - ingress: - deploy: false - hostName: - auth: sda-sda-svc-auth - download: sda-sda-svc-download - s3Inbox: sda-sda-svc-inbox - logLevel: debug - tls: - enabled: true -auth: - replicaCount: 1 - tls: - secretName: "auth-certs" -backup: - deploy: true - tls: - secretName: "backup-certs" -doa: - replicaCount: 1 - tls: - secretName: "doa-certs" -finalize: - tls: - secretName: "finalize-certs" -ingest: - tls: - secretName: "ingest-certs" -intercept: - tls: - secretName: "intercept-certs" -mapper: - tls: - secretName: "mapper-certs" -s3Inbox: - replicaCount: 1 - tls: - secretName: "inbox-certs" -verify: - tls: - secretName: "verify-certs" -download: - replicaCount: 1 - tls: - secretName: "download-certs" -releasetest: - run: true - tls: - secretName: "tester-certs" diff --git a/sda-helm/dev_tools/scripts/cleanup.sh b/sda-helm/dev_tools/scripts/cleanup.sh deleted file mode 100644 index 1ead16b46..000000000 --- a/sda-helm/dev_tools/scripts/cleanup.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -if [ "$1" = "db" ] || [ "$1" = "all" ];then - helm uninstall postgres - kubectl delete secret db-certs -fi - -if [ "$1" = "mq" ] || [ "$1" = "all" ];then - helm uninstall broker - kubectl delete secret mq-certs -fi - -if [ "$1" = "sda" ] || [ "$1" = "all" ];then - helm uninstall sda - kubectl delete secret auth-certs backup-certs doa-certs finalize-certs inbox-certs ingest-certs intercept-certs mapper-certs tester-certs verify-certs ca-root download-certs -fi diff --git a/sda-helm/dev_tools/scripts/create-s3-buckets-no-tls.sh b/sda-helm/dev_tools/scripts/create-s3-buckets-no-tls.sh deleted file mode 100644 index 634aec22f..000000000 --- a/sda-helm/dev_tools/scripts/create-s3-buckets-no-tls.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -e - -if [ ! -f s3cmd.conf ]; then - cat >> "s3cmd.conf" <>"s3cmd.conf" < /dev/null -then - wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | TAG=v5.4.6 bash -fi - -k3d cluster list | grep "sda" -cluster_exists=$? - -if [ $cluster_exists -ne 0 ]; then - sudo k3d cluster create sda --image=rancher/k3s:v1.25.6-rc1-k3s1-amd64 - sudo k3d kubeconfig merge sda --kubeconfig-switch-context - sudo mkdir -p ~/.kube/ && sudo cp /root/.k3d/kubeconfig-sda.yaml ~/.kube/config - sudo chmod 666 ~/.kube/config -else - echo "Cluster sda already exists!" -fi diff --git a/sda-helm/dev_tools/scripts/install-kube-deps.sh b/sda-helm/dev_tools/scripts/install-kube-deps.sh deleted file mode 100755 index cbc566fbb..000000000 --- a/sda-helm/dev_tools/scripts/install-kube-deps.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash -set -e - -if [ "$OSTYPE" == "linux-gnu" ]; then - BTYPE="linux" -elif [ "$OSTYPE" == "darwin" ]; then - BTYPE="darwin" -fi - -curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.25.0/bin/"$BTYPE"/amd64/kubectl -chmod +x ./kubectl -sudo mv ./kubectl /usr/local/bin/kubectl - -wget https://get.helm.sh/helm-v3.11.0-"$BTYPE"-amd64.tar.gz -O - | tar -xz -sudo cp "$BTYPE"-amd64/helm /usr/local/bin/helm - -rm -r ./*-amd64/ diff --git a/sda-helm/dev_tools/scripts/install-sda-deps.sh b/sda-helm/dev_tools/scripts/install-sda-deps.sh deleted file mode 100755 index deb869393..000000000 --- a/sda-helm/dev_tools/scripts/install-sda-deps.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash -set -e - -YQ_VERSION=v4.20.1 -YQ_BINARY=yq_linux_amd64 -C4GH_VERSION=1.4.0 -# Workaround for some MacOS installations -#export PATH=$PATH:/home/ubuntu/.local/bin - -if [ ! -d LocalEGA-helm ]; then - git clone https://github.com/nbisweden/LocalEGA-helm -fi - -# install s3cmd -pip install s3cmd - - -# install yq for creating secrets -sudo wget "https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY}" -O /usr/bin/yq &&\ - sudo chmod +x /usr/bin/yq - -# install crypt4gh -curl -L https://github.com/elixir-oslo/crypt4gh/releases/download/v"${C4GH_VERSION}"/crypt4gh_linux_x86_64.tar.gz | sudo tar -xz -C /usr/bin/ &&\ - sudo chmod +x /usr/bin/crypt4gh diff --git a/sda-helm/dev_tools/scripts/java-certs.sh b/sda-helm/dev_tools/scripts/java-certs.sh deleted file mode 100755 index 027f3e2a1..000000000 --- a/sda-helm/dev_tools/scripts/java-certs.sh +++ /dev/null @@ -1,60 +0,0 @@ -#!/usr/bin/env bash - -set -e - -[ "${BASH_VERSINFO[0]}" -lt 4 ] && echo 'Bash 4 (or higher) is required' 1>&2 && exit 1 - -if ! [ -x "$(command -v keytool)" ]; then - echo 'Error: Keytool is not installed.' >&2 - exit 1 -fi - -if ! [ -x "$(command -v openssl)" ]; then - echo 'Error: Openssl is not installed.' >&2 - exit 1 -fi - -CONFPATH="sda-deploy-init/config/certs" -STORETYPE=PKCS12 -STOREPASS=changeit -services_input="doa,inbox" - -IFS=',' read -r -a services <<< "$services_input" - -# remove previous alias if keystore exists -# becomes problemantic if password changed -if [[ -f "${CONFPATH}"/cacerts ]]; then - keytool -delete -alias legaCA \ - -keystore "${CONFPATH}"/cacerts \ - -storepass "${STOREPASS}" -noprompt -fi - -# create java keystore for each service -for service in "${services[@]}"; do - if [[ "${STORETYPE}" == "JKS" ]]; then - keytool -import -alias "${service}" \ - -keystore "${CONFPATH}/${service}.jks" \ - -file "${CONFPATH}/${service}".ca.crt.der \ - -storepass "${STOREPASS}" -noprompt - else - openssl pkcs12 -export -out "${CONFPATH}/${service}".p12 \ - -inkey "${CONFPATH}/${service}".key \ - -in "${CONFPATH}/${service}".crt \ - -passout pass:"${STOREPASS}" - openssl pkcs8 -topk8 \ - -inform pem \ - -outform der \ - -in "${CONFPATH}/${service}".key \ - -out "${CONFPATH}/${service}".key.der \ - -nocrypt - fi -done - -# create java CAroot truststore -keytool -import -trustcacerts -file "${CONFPATH}"/ca.crt \ - -alias legaCA -storetype JKS \ - -keystore "${CONFPATH}"/cacerts \ - -storepass "${STOREPASS}" -noprompt - -# create DER format key - diff --git a/sda-helm/dev_tools/scripts/make-certs.sh b/sda-helm/dev_tools/scripts/make-certs.sh deleted file mode 100755 index 0f4b0c1c9..000000000 --- a/sda-helm/dev_tools/scripts/make-certs.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/sh - -basedir="sda-deploy-init/config/certs" -days=1200 - -mkdir -p "${basedir}" - -# create CA certificate -openssl req -config "$(dirname "$0")"/ssl.cnf -new -sha256 -nodes -extensions v3_ca -out "./${basedir}/ca.csr" -keyout "./${basedir}/ca.key" -openssl req -config "$(dirname "$0")"/ssl.cnf -key "./${basedir}/ca.key" -x509 -new -days 7300 -sha256 -nodes -extensions v3_ca -out "./${basedir}/ca.crt" - -# Create certificate for MQ -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/server.key" -out "./${basedir}/mq.csr" -extensions mq_cert -openssl x509 -req -in "./${basedir}/mq.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/server.crt" -extensions mq_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for DB -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/pg.key" -out "./${basedir}/pg.csr" -extensions db_cert -openssl x509 -req -in "./${basedir}/pg.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/pg.crt" -extensions db_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for minio -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/private.key" -out "./${basedir}/s3.csr" -extensions minio_cert -openssl x509 -req -in "./${basedir}/s3.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/public.crt" -extensions minio_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create client certificate -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/client.key" -out "./${basedir}/client.csr" -extensions client_cert -subj "/CN=lega_in/CN=admin/" -openssl x509 -req -in "./${basedir}/client.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/client.crt" -extensions client_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for inbox -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/inbox.key" -out "./${basedir}/inbox.csr" -extensions inbox_cert -subj "/CN=lega_in/CN=admin/" -openssl x509 -req -in "./${basedir}/inbox.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/inbox.crt" -extensions inbox_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for ingest -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/ingest.key" -out "./${basedir}/ingest.csr" -extensions ingest_cert -subj "/CN=lega_in/CN=admin/" -openssl x509 -req -in "./${basedir}/ingest.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/ingest.crt" -extensions ingest_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for intercept -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/intercept.key" -out "./${basedir}/intercept.csr" -extensions intercept_cert -subj "/CN=admin" -openssl x509 -req -in "./${basedir}/intercept.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/intercept.crt" -extensions intercept_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for finalize -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/finalize.key" -out "./${basedir}/finalize.csr" -extensions finalize_cert -subj "/CN=lega_in/CN=admin" -openssl x509 -req -in "./${basedir}/finalize.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/finalize.crt" -extensions finalize_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for verify -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/verify.key" -out "./${basedir}/verify.csr" -extensions verify_cert -subj "/CN=lega_in/CN=admin/" -openssl x509 -req -in "./${basedir}/verify.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/verify.crt" -extensions verify_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for doa -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/doa.key" -out "./${basedir}/doa.csr" -extensions doa_cert -subj "/CN=lega_out/CN=admin/" -openssl x509 -req -in "./${basedir}/doa.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/doa.crt" -extensions doa_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for download -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/download.key" -out "./${basedir}/download.csr" -extensions download_cert -subj "/CN=lega_out/CN=admin/" -openssl x509 -req -in "./${basedir}/download.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/download.crt" -extensions download_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for orch -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/orch.key" -out "./${basedir}/orch.csr" -extensions orch_cert -subj "/CN=admin" -openssl x509 -req -in "./${basedir}/orch.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/orch.crt" -extensions orch_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for mapper -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/mapper.key" -out "./${basedir}/mapper.csr" -extensions mapper_cert -subj "/CN=lega_out/CN=admin" -openssl x509 -req -in "./${basedir}/mapper.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/mapper.crt" -extensions mapper_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for backup -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/backup.key" -out "./${basedir}/backup.csr" -extensions backup_cert -subj "/CN=admin/CN=lega_in" -openssl x509 -req -in "./${basedir}/backup.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/backup.crt" -extensions backup_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for auth -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/auth.key" -out "./${basedir}/auth.csr" -extensions auth_cert -openssl x509 -req -in "./${basedir}/auth.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/auth.crt" -extensions auth_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for tester -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/tester.key" -out "./${basedir}/tester.csr" -extensions tester_cert -subj "/CN=lega_in/CN=admin/" -openssl x509 -req -in "./${basedir}/tester.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/tester.crt" -extensions tester_cert -extfile "$(dirname "$0")"/ssl.cnf - -# Create certificate for cega -openssl req -config "$(dirname "$0")"/ssl.cnf -new -nodes -newkey rsa:4096 -keyout "./${basedir}/cega.key" -out "./${basedir}/cega.csr" -extensions cega -openssl x509 -req -in "./${basedir}/cega.csr" -days "${days}" -CA "./${basedir}/ca.crt" -CAkey "./${basedir}/ca.key" -set_serial 01 -out "./${basedir}/cega.crt" -extensions cega -extfile "$(dirname "$0")"/ssl.cnf - -# Create token -openssl req -nodes -new -x509 -keyout "./${basedir}/token.key" -out "./${basedir}/token.pub" -config "$(dirname "$0")"/ssl.cnf - -chmod 644 "./${basedir}/"* diff --git a/sda-helm/dev_tools/scripts/mq-password-generator.sh b/sda-helm/dev_tools/scripts/mq-password-generator.sh deleted file mode 100644 index a0325a1c6..000000000 --- a/sda-helm/dev_tools/scripts/mq-password-generator.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash - -SALT=$(od -A n -t x -N 4 /dev/urandom) -PASS=$SALT$(echo -n "$1" | xxd -ps | tr -d '\n' | tr -d ' ') -PASS=$(echo -n "$PASS" | xxd -r -p | sha256sum | head -c 128) -PASS=$(echo -n "$SALT$PASS" | xxd -r -p | base64 -w0) -echo -n "$PASS" diff --git a/sda-helm/dev_tools/scripts/run-helm-test.sh b/sda-helm/dev_tools/scripts/run-helm-test.sh deleted file mode 100755 index 4c2458e6d..000000000 --- a/sda-helm/dev_tools/scripts/run-helm-test.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/bin/bash - -if [ -n "$1" ]; then RELEASE_LIST=$1; else RELEASE_LIST="broker postgres sda"; fi - -for release in $RELEASE_LIST; do - echo "Testing $release" - helm test "$release" - r=$? - - if [ "$r" -ne 0 ]; then - kubectl get pod -o name | while read -r pod; do - echo "All logs for $pod" - kubectl logs --all-containers "$pod" - done - exit "$r" - fi -done diff --git a/sda-helm/dev_tools/scripts/sda/deploy-no-tls.sh b/sda-helm/dev_tools/scripts/sda/deploy-no-tls.sh deleted file mode 100644 index 665f37a44..000000000 --- a/sda-helm/dev_tools/scripts/sda/deploy-no-tls.sh +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/sh -set -e - -if [ "$1" = "database" ]; then - DB_IN_PASS=$(grep pg_in_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - DB_OUT_PASS=$(grep pg_out_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - - helm install postgres charts/sda-db \ - --set global.pg_in_password="$DB_IN_PASS",global.pg_out_password="$DB_OUT_PASS",securityPolicy.create=false,global.tls.enabled=false,persistence.enabled=false - - RETRY_TIMES=0 - until kubectl get pods -l role=database -o jsonpath='{..status.containerStatuses[*].ready}' | grep "true"; do - echo "waiting for database to become ready" - RETRY_TIMES=$((RETRY_TIMES + 1)) - if [ "$RETRY_TIMES" -eq 30 ]; then - kubectl describe pod -l role=datbase - kubectl logs -l role=datbase - exit 1 - fi - sleep 10 - done - exit 0 -fi - -if [ "$1" = "broker" ]; then - HASH="$(/bin/sh dev_tools/scripts/mq-password-generator.sh admin)" - helm install broker charts/sda-mq \ - --set securityPolicy.create=false,global.adminUser=admin,global.adminPasswordHash="$HASH",global.tls.enabled=false,global.vhost=sda,persistence.enabled=false - - RETRY_TIMES=0 - until kubectl get pods -l role=broker -o jsonpath='{..status.containerStatuses[*].ready}' | grep "true"; do - echo "waiting for broker to become ready" - RETRY_TIMES=$((RETRY_TIMES + 1)) - if [ "$RETRY_TIMES" -eq 30 ]; then - kubectl describe pod -l role=broker - kubectl logs -l role=broker - exit 1 - fi - sleep 10 - done - exit 0 -fi - -if [ "$1" = "orchestrate" ]; then - helm install orch charts/sda-orch -f dev_tools/config/orch.yaml \ - --set tls.enabled=false,broker.port=5672,broker.queue.verify=verified,broker.queue.inbox=files - - RETRY_TIMES=0 - until kubectl get pods -l role=orchestrate -o jsonpath='{..status.containerStatuses[*].ready}' | grep "true"; do - echo "waiting for orch to become ready" - RETRY_TIMES=$((RETRY_TIMES + 1)) - if [ "$RETRY_TIMES" -eq 30 ]; then - kubectl describe pod -l role=orchestrate - kubectl logs -l role=orchestrate - exit 1 - fi - sleep 10 - done - exit 0 -fi - -if [ "$1" = "minio" ]; then - helm repo add minio https://helm.min.io/ - helm repo update - - MINIO_ACCESS=$(grep s3_access_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - MINIO_SECRET=$(grep s3_secret_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - - helm install minio minio/minio \ - --set accessKey="$MINIO_ACCESS",secretKey="$MINIO_SECRET",tls.enabled=false,persistence.enabled=false,service.port=9000 \ - --version 8.0.8 - - RETRY_TIMES=0 - until kubectl get pods -l app=minio -o jsonpath='{..status.containerStatuses[*].ready}' | grep "true"; do - echo "waiting for minio to become ready" - RETRY_TIMES=$((RETRY_TIMES + 1)) - if [ "$RETRY_TIMES" -eq 30 ]; then - kubectl describe pod -l app=minio - kubectl logs -l app=minio - exit 1 - fi - sleep 10 - done - exit 0 -fi - -if [ "$1" = "pipeline" ]; then - DB_IN_PASS=$(grep pg_in_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - DB_OUT_PASS=$(grep pg_out_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - S3_ACCESS_KEY=$(grep s3_access_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - S3_SECRET_KEY=$(grep s3_secret_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - C4GH_PASSPHRASE=$(grep c4gh_passphrase sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - token="$(bash dev_tools/scripts/sign_jwt.sh ES256 sda-deploy-init/config/jwt.key)" - helm install sda charts/sda-svc -f dev_tools/config/no-tls.yaml \ - --set global.archive.s3AccessKey="$S3_ACCESS_KEY",global.archive.s3SecretKey="$S3_SECRET_KEY",global.backupArchive.s3AccessKey="$S3_ACCESS_KEY",global.backupArchive.s3SecretKey="$S3_SECRET_KEY",global.broker.vhost=sda,global.c4gh.passphrase="$C4GH_PASSPHRASE",global.db.passIngest="$DB_IN_PASS",global.db.passOutgest="$DB_OUT_PASS",global.inbox.s3AccessKey="$S3_ACCESS_KEY",global.inbox.s3SecretKey="$S3_SECRET_KEY",releasetest.secrets.accessToken="$token" -fi diff --git a/sda-helm/dev_tools/scripts/sda/deploy-orch.sh b/sda-helm/dev_tools/scripts/sda/deploy-orch.sh deleted file mode 100755 index 7f9b5f3fd..000000000 --- a/sda-helm/dev_tools/scripts/sda/deploy-orch.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash -set -e - -## sda-orch certs -kubectl create secret generic orch-certs \ ---from-file=sda-deploy-init/config/certs/ca.crt \ ---from-file=sda-deploy-init/config/certs/orch.crt \ ---from-file=sda-deploy-init/config/certs/orch.key - -helm install orch charts/sda-orch -f dev_tools/config/orch.yaml diff --git a/sda-helm/dev_tools/scripts/sda/deploy-posix.sh b/sda-helm/dev_tools/scripts/sda/deploy-posix.sh deleted file mode 100755 index 891b06cc7..000000000 --- a/sda-helm/dev_tools/scripts/sda/deploy-posix.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -set -e - -if [ "$1" = "standalone" ]; then - INTERCEPT=false - SCHEMA=isolated -else - INTERCEPT=true - CEGA_USERS_PASS=$(grep cega_users_pass dev_tools/config/cega.yaml | awk '{print $2}' | sed -e 's/\"//g') - SCHEMA=federated -fi - -DB_IN_PASS=$(grep pg_in_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -DB_OUT_PASS=$(grep pg_out_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -C4GH_PASSPHRASE=$(grep c4gh_passphrase sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') - -if [ "$2" = "issuer" ]; then - helm install sda charts/sda-svc -f dev_tools/config/posix.yaml \ - --set global.broker.vhost=/sda,global.c4gh.passphrase="$C4GH_PASSPHRASE",global.cega.password="$CEGA_USERS_PASS",global.db.passIngest="$DB_IN_PASS",global.db.passOutgest="$DB_OUT_PASS",global.schemaType="$SCHEMA",intercept.deploy="$INTERCEPT",global.tls.issuer=ca-issuer -else - helm install sda charts/sda-svc -f dev_tools/config/posix.yaml \ - --set global.broker.vhost=/sda,global.c4gh.passphrase="$C4GH_PASSPHRASE",global.cega.password="$CEGA_USERS_PASS",global.db.passIngest="$DB_IN_PASS",global.db.passOutgest="$DB_OUT_PASS",global.schemaType="$SCHEMA",intercept.deploy="$INTERCEPT" -fi diff --git a/sda-helm/dev_tools/scripts/sda/deploy-s3.sh b/sda-helm/dev_tools/scripts/sda/deploy-s3.sh deleted file mode 100755 index e1423a4d1..000000000 --- a/sda-helm/dev_tools/scripts/sda/deploy-s3.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -set -e - -if [ "$1" = "federated" ]; then - INTERCEPT=true - SCHEMA=federated -else - INTERCEPT=false - SCHEMA=isolated -fi -DB_IN_PASS=$(grep pg_in_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -DB_OUT_PASS=$(grep pg_out_password sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -S3_ACCESS_KEY=$(grep s3_access_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -S3_SECRET_KEY=$(grep s3_secret_key sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -C4GH_PASSPHRASE=$(grep c4gh_passphrase sda-deploy-init/config/trace.yml | awk '{print $2}' | sed -e 's/\"//g') -CEGA_USERS_PASS="OfEoDPVadIfd4CZUWkisrrVQbJ2yQPIH" - -token="$(bash dev_tools/scripts/sign_jwt.sh ES256 sda-deploy-init/config/jwt.key)" - -if [ "$2" = "issuer" ]; then - helm install sda charts/sda-svc -f dev_tools/config/s3.yaml \ - --set global.broker.vhost=sda,global.archive.s3AccessKey="$S3_ACCESS_KEY",global.archive.s3SecretKey="$S3_SECRET_KEY",global.backupArchive.s3AccessKey="$S3_ACCESS_KEY",global.backupArchive.s3SecretKey="$S3_SECRET_KEY",global.c4gh.passphrase="$C4GH_PASSPHRASE",global.cega.password="$CEGA_USERS_PASS",global.db.passIngest="$DB_IN_PASS",global.db.passOutgest="$DB_OUT_PASS",global.doa.enabled=true,global.inbox.s3AccessKey="$S3_ACCESS_KEY",global.inbox.s3SecretKey="$S3_SECRET_KEY",global.schemaType="$SCHEMA",intercept.deploy="$INTERCEPT",releasetest.secrets.accessToken="$token",global.tls.issuer=ca-issuer - -else - helm install sda charts/sda-svc -f dev_tools/config/s3.yaml \ - --set global.broker.vhost=sda,global.archive.s3AccessKey="$S3_ACCESS_KEY",global.archive.s3SecretKey="$S3_SECRET_KEY",global.backupArchive.s3AccessKey="$S3_ACCESS_KEY",global.backupArchive.s3SecretKey="$S3_SECRET_KEY",global.c4gh.passphrase="$C4GH_PASSPHRASE",global.cega.password="$CEGA_USERS_PASS",global.db.passIngest="$DB_IN_PASS",global.db.passOutgest="$DB_OUT_PASS",global.doa.enabled=true,global.inbox.s3AccessKey="$S3_ACCESS_KEY",global.inbox.s3SecretKey="$S3_SECRET_KEY",global.schemaType="$SCHEMA",intercept.deploy="$INTERCEPT",releasetest.secrets.accessToken="$token" -fi diff --git a/sda-helm/dev_tools/scripts/sign_jwt.sh b/sda-helm/dev_tools/scripts/sign_jwt.sh deleted file mode 100644 index 90da75478..000000000 --- a/sda-helm/dev_tools/scripts/sign_jwt.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/usr/bin/env bash - -# Inspired by implementation by Will Haley at: -# http://willhaley.com/blog/generate-jwt-with-bash/ - -set -o pipefail - -# Shared content to use as template -header_template='{ - "typ": "JWT", - "kid": "0001" -}' - -build_header() { - jq -c \ - --arg iat_str "$(date +%s)" \ - --arg alg "${1}" \ - ' - ($iat_str | tonumber) as $iat - | .alg = $alg - | .iat = $iat - | .exp = ($iat + 86400) - ' <<<"$header_template" | tr -d '\n' -} - -b64enc() { openssl enc -base64 -A | tr '+/' '-_' | tr -d '='; } -json() { jq -c . | LC_CTYPE=C tr -d '\n'; } -rs_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2"); } -es_sign() { openssl dgst -binary -sha"${1}" -sign <(printf '%s\n' "$2") | openssl asn1parse -inform DER | grep INTEGER | cut -d ':' -f 4 | xxd -p -r ; } - -sign() { - if [ -n "$2" ];then - rsa_secret=$(<"$2") - else - echo "no signing key supplied" - exit 1 - fi - local algo payload header sig secret=$rsa_secret - algo=${1:-RS256}; algo=${algo^^} - header=$(build_header "$algo") || return - payload=${3:-$test_payload} - signed_content="$(json <<<"$header" | b64enc).$(json <<<"$payload" | b64enc)" - case $algo in - RS*) sig=$(printf %s "$signed_content" | rs_sign "${algo#RS}" "$secret" | b64enc) ;; - ES*) sig=$(printf %s "$signed_content" | es_sign "${algo#ES}" "$secret" | b64enc) ;; - *) echo "Unknown algorithm" >&2; return 1 ;; - esac - printf '%s.%s\n' "${signed_content}" "${sig}" -} - -iat=$(date +%s) -exp=$(date --date=tomorrow +%s) - -test_payload='{ - "at_hash": "J_fA458SPsXFV6lJQL1l-w", - "aud": "XC56EL11xx", - "email": "dummy.tester@example.org", - "exp": '"$exp"', - "iat": '"$iat"', - "iss": "http://sda-sda-svc-auth", - "kid": "d87f2d01d1a4abb16e1eb88f6561e5067f3a6430174b8fcd0b6bf61434d6c5c8", - "name": "Dummy Tester", - "sid": "1ad14eb5-9b51-40c0-a52a-154a5a3792d5", - "sub": "dummy" -}' - - -sign "$@" diff --git a/sda-helm/dev_tools/scripts/ssl.cnf b/sda-helm/dev_tools/scripts/ssl.cnf deleted file mode 100644 index d6804a4c2..000000000 --- a/sda-helm/dev_tools/scripts/ssl.cnf +++ /dev/null @@ -1,236 +0,0 @@ -[ ca ] -# `man ca` -default_ca = CA_default - -[ CA_default ] -# Directory and file locations. -dir = ./certs -certs = $dir -crl_dir = $dir -new_certs_dir = $dir -database = $dir/index.txt -serial = $dir/serial -RANDFILE = $dir/rand - -# The root key and root certificate. -private_key = $dir/ca-key.pem -certificate = $dir/ca.pem - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -name_opt = ca_default -cert_opt = ca_default -default_days = 7300 -preserve = no -policy = policy_strict - -[ policy_strict ] -# The root CA should only sign intermediate certificates that match. -# See the POLICY FORMAT section of `man ca`. -countryName = match -stateOrProvinceName = match -organizationName = match -organizationalUnitName = optional -commonName = supplied -emailAddress = optional - -[ req ] -# Options for the `req` tool (`man req`). -default_bits = 4096 -distinguished_name = req_distinguished_name -string_mask = utf8only -prompt = no - -# SHA-1 is deprecated, so use SHA-2 instead. -default_md = sha256 - -# Extension to add when the -x509 option is used. -x509_extensions = v3_ca - -[ req_distinguished_name ] -countryName = SE -stateOrProvinceName = Sweden -localityName = Uppsala -0.organizationName = NBIS -organizationalUnitName = SysDev -commonName = SysDev root CA - -[ v3_ca ] -# Extensions for a typical CA (`man x509v3_config`). -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid:always,issuer -basicConstraints = critical, CA:true -keyUsage = critical, digitalSignature, cRLSign, keyCertSign -#nsCertType = sslCA -nsComment = "NeIC SDA Root CA" - -[ server_client_cert ] -# Extensions for server+client certificates (`man x509v3_config`). -basicConstraints = CA:FALSE -nsCertType = server,client -nsComment = "NeIC SDA Server+Client Certificate" -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = critical, clientAuth, serverAuth - -[ client_cert ] -# Extensions for client certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:localhost,DNS:client,IP:127.0.0.1 - -[ mq_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:broker-sda-mq,DNS:broker-sda-mq.default.svc.cluster.local,DNS:broker-sda-mq.default - -[ db_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:postgres-sda-db,DNS:postgres-sda-db.default.svc.cluster.local,DNS:postgres-sda-db.default - -[ minio_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:minio,DNS:minio.default.svc.cluster.local,DNS:minio.default - - -[ intercept_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:intercept,DNS:intercept.default.svc.cluster.local,DNS:intercept.default - -[ ingest_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:ingest,DNS:ingest.default.svc.cluster.local,DNS:ingest.default - -[ verify_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:verify,DNS:verify.default.svc.cluster.local,DNS:verify.default - -[ finalize_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:finalize,DNS:finalize.default.svc.cluster.local,DNS:finalize.default - -[ mapper_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:mapper,DNS:mapper.default.svc.cluster.local,DNS:mapper.default - -[ backup_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:backup,DNS:backup.default.svc.cluster.local,DNS:backup.default - -[ orch_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:orchestrate,DNS:orchestrate.default.svc.cluster.local,DNS:orchestrate.default - -[ inbox_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:sda-sda-svc-inbox,DNS:inbox.default.svc.cluster.local,DNS:inbox.default,DNS:localhost - -[ doa_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:sda-sda-svc-doa,DNS:doa.default.svc.cluster.local,DNS:doa.default,DNS:localhost - -[ download_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:sda-sda-svc-download,DNS:download.default.svc.cluster.local,DNS:download.default,DNS:localhost - -[ auth_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:sda-sda-svc-auth,DNS:auth.default.svc.cluster.local,DNS:auth.default,DNS:localhost - -[ tester_cert ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:tester,DNS:tester.default.svc.cluster.local,DNS:tester.default - -# CEGA certificates - -[ cega ] -# Extensions for server certificates (`man x509v3_config`). -basicConstraints = critical,CA:FALSE -subjectKeyIdentifier = hash -authorityKeyIdentifier = keyid,issuer:always -keyUsage = critical, digitalSignature, keyEncipherment -extendedKeyUsage = clientAuth, serverAuth -subjectAltName = DNS:cega-mq,DNS:cega-users - -[ crl_ext ] -# Extension for CRLs (`man x509v3_config`). -authorityKeyIdentifier=keyid:always diff --git a/sda-helm/dev_tools/scripts/svc-setup.sh b/sda-helm/dev_tools/scripts/svc-setup.sh deleted file mode 100755 index fce2f7663..000000000 --- a/sda-helm/dev_tools/scripts/svc-setup.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/bash -set -e - -basedir="sda-deploy-init/config" - -## cega config and certs -mkdir -p LocalEGA-helm/ega-charts/cega/config/certs -cp -r dev_tools/cega/* LocalEGA-helm/ega-charts/cega/config/ -cp "${basedir}"/certs/ca.crt LocalEGA-helm/ega-charts/cega/config/certs/ca.crt -cp "${basedir}"/certs/cega.crt LocalEGA-helm/ega-charts/cega/config/certs/tls.crt -cp "${basedir}"/certs/cega.key LocalEGA-helm/ega-charts/cega/config/certs/tls.key - -## sda-svc certs - -for n in backup doa finalize inbox ingest intercept verify mapper auth tester download - do - kubectl create secret generic $n-certs \ - --from-file="${basedir}"/certs/ca.crt \ - --from-file=tls.crt="${basedir}"/certs/$n.crt \ - --from-file=tls.key="${basedir}"/certs/$n.key -done diff --git a/sda-helm/dev_tools/scripts/wait-for-pods.sh b/sda-helm/dev_tools/scripts/wait-for-pods.sh deleted file mode 100755 index cbb89a13b..000000000 --- a/sda-helm/dev_tools/scripts/wait-for-pods.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/bash -set -e - -base_list="backup download finalize inbox ingest mapper verify" - -if [ -n "$1" ]; then - case "$1" in - federated_s3_svc_list) - SVCNAME="$base_list auth intercept" - ;; - - federated_posix_svc_list) - SVCNAME="$base_list intercept" - ;; - - standalone_s3_svc_list) - SVCNAME="$base_list auth" - ;; - - standalone_posix_svc_list) - SVCNAME="$base_list" - ;; - esac -fi - -if [ -n "$2" ]; then - LABEL=$2 -else - LABEL="role" -fi -if [ -n "$3" ]; then - NAMESPACE=${3:-default} -fi - -for p in $SVCNAME; do - RETRY_TIMES=0 - until kubectl get pods -n "$NAMESPACE" -l "$LABEL=$p" -o jsonpath='{..status.containerStatuses[*].ready}' | grep "true"; do - echo "waiting for $p to become ready" - RETRY_TIMES=$((RETRY_TIMES + 1)) - if [ "$RETRY_TIMES" -eq 30 ]; then - kubectl describe pod -n "$NAMESPACE" -l "$LABEL"="$p" - kubectl logs -n "$NAMESPACE" -l "$LABEL=$p" - exit 1 - fi - sleep 10 - done -done From 529ac2baf27f24f2e3ada81178d7fd71a4bf1ceb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 19:30:18 +0000 Subject: [PATCH 55/75] Bump org.yaml:snakeyaml from 2.1 to 2.2 in /sda-sftp-inbox Bumps [org.yaml:snakeyaml](https://bitbucket.org/snakeyaml/snakeyaml) from 2.1 to 2.2. - [Commits](https://bitbucket.org/snakeyaml/snakeyaml/branches/compare/snakeyaml-2.2..snakeyaml-2.1) --- updated-dependencies: - dependency-name: org.yaml:snakeyaml dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index df05d899f..d26958920 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -149,7 +149,7 @@ org.yaml snakeyaml - 2.1 + 2.2 junit From 24cbd0929e86c2945c6aee4bbbc621d3ab941aa8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 19:30:29 +0000 Subject: [PATCH 56/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.533 to 1.12.538. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.533...1.12.538) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index df05d899f..eb54823f4 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.533 + 1.12.538 com.google.guava From 7ccaf512d36c912463843dc498032d35ff773b57 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 19:30:37 +0000 Subject: [PATCH 57/75] Bump org.springframework.boot:spring-boot-starter-parent Bumps [org.springframework.boot:spring-boot-starter-parent](https://github.com/spring-projects/spring-boot) from 3.1.2 to 3.1.3. - [Release notes](https://github.com/spring-projects/spring-boot/releases) - [Commits](https://github.com/spring-projects/spring-boot/compare/v3.1.2...v3.1.3) --- updated-dependencies: - dependency-name: org.springframework.boot:spring-boot-starter-parent dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index df05d899f..2638bd5be 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -14,7 +14,7 @@ org.springframework.boot spring-boot-starter-parent - 3.1.2 + 3.1.3 From d1d276cbc7bfbcaf3b9012637473e53d05d49e40 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 19:33:43 +0000 Subject: [PATCH 58/75] Bump github.com/neicnordic/crypt4gh from 1.7.6 to 1.8.2 in /sda-download Bumps [github.com/neicnordic/crypt4gh](https://github.com/neicnordic/crypt4gh) from 1.7.6 to 1.8.2. - [Release notes](https://github.com/neicnordic/crypt4gh/releases) - [Changelog](https://github.com/neicnordic/crypt4gh/blob/master/.goreleaser.yml) - [Commits](https://github.com/neicnordic/crypt4gh/compare/v1.7.6...v1.8.2) --- updated-dependencies: - dependency-name: github.com/neicnordic/crypt4gh dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 8 ++++---- sda-download/go.sum | 18 +++++++++--------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index d6d50f640..27f0b5021 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -11,7 +11,7 @@ require ( github.com/johannesboyne/gofakes3 v0.0.0-20230129080941-f6a8a9ae6fd3 github.com/lestrrat-go/jwx v1.2.25 github.com/lib/pq v1.10.9 - github.com/neicnordic/crypt4gh v1.7.6 + github.com/neicnordic/crypt4gh v1.8.2 github.com/sirupsen/logrus v1.9.3 github.com/spf13/viper v1.16.0 github.com/stretchr/testify v1.8.4 @@ -62,10 +62,10 @@ require ( github.com/twitchyliquid64/golang-asm v0.15.1 // indirect github.com/ugorji/go/codec v1.2.11 // indirect golang.org/x/arch v0.3.0 // indirect - golang.org/x/crypto v0.11.0 // indirect + golang.org/x/crypto v0.12.0 // indirect golang.org/x/net v0.10.0 // indirect - golang.org/x/sys v0.10.0 // indirect - golang.org/x/text v0.11.0 // indirect + golang.org/x/sys v0.11.0 // indirect + golang.org/x/text v0.12.0 // indirect golang.org/x/tools v0.6.0 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/sda-download/go.sum b/sda-download/go.sum index 8922e0659..f9d20c738 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -220,8 +220,8 @@ github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M= github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= -github.com/neicnordic/crypt4gh v1.7.6 h1:Vqcb8Yb950oaBBJFepDK1oLeu9rZzpywYWVHLmO0oI8= -github.com/neicnordic/crypt4gh v1.7.6/go.mod h1:rqmVXsprDFBRRLJkm1cK9kLETBPGEZmft9lHD/V40wk= +github.com/neicnordic/crypt4gh v1.8.2 h1:KNqYBBDU0qW296I6yLoA7l0GoNA/lfzhpy9RDkzNrRM= +github.com/neicnordic/crypt4gh v1.8.2/go.mod h1:VftsV+iUntv40/EB9TbnBnQ3/IDH40zEAqcMajrFVVg= github.com/pelletier/go-toml/v2 v2.0.8 h1:0ctb6s9mE31h0/lhu+J6OPmVeDxJn+kYnJc2jZR9tGQ= github.com/pelletier/go-toml/v2 v2.0.8/go.mod h1:vuYfssBdrU2XDZ9bYydBu6t+6a6PYNcZljzZR9VXg+4= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= @@ -295,8 +295,8 @@ golang.org/x/crypto v0.0.0-20210421170649-83a5a9bb288b/go.mod h1:T9bdIzuCu7OtxOm golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.11.0 h1:6Ewdq3tDic1mg5xRO4milcWCfMVQhI4NkqWWvqejpuA= -golang.org/x/crypto v0.11.0/go.mod h1:xgJhtzW8F9jGdVFWZESrid1U1bjeNy4zgy5cRr/CIio= +golang.org/x/crypto v0.12.0 h1:tFM/ta59kqch6LlvYnPa0yx5a83cL2nHflFhYKvv9Yk= +golang.org/x/crypto v0.12.0/go.mod h1:NF0Gs7EO5K4qLn+Ylc+fih8BSTeIjAP05siRnAh98yw= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -430,12 +430,12 @@ golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20221010170243-090e33056c14/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.10.0 h1:SqMFp9UcQJZa+pmYuAKjd9xq1f0j5rLcDIk0mj4qAsA= -golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.11.0 h1:eG7RXZHdqOJ1i+0lgLgCpSXAp6M3LYlAo6osgSi0xOM= +golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.10.0 h1:3R7pNqamzBraeqj/Tj8qt1aQ2HpmlC+Cx/qL/7hn4/c= +golang.org/x/term v0.11.0 h1:F9tnn/DA/Im8nCwm+fX+1/eBwi4qFjRT++MhtVC4ZX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -445,8 +445,8 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.11.0 h1:LAntKIrcmeSKERyiOh0XMV39LXS8IE9UL2yP7+f5ij4= -golang.org/x/text v0.11.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.12.0 h1:k+n5B8goJNdU7hSvEtMUz3d1Q6D/XW4COJSJR6fN0mc= +golang.org/x/text v0.12.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= From 4d426a4506227015bc2972ba07cc0b178fcaa85b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 28 Aug 2023 19:34:13 +0000 Subject: [PATCH 59/75] Bump github.com/aws/aws-sdk-go in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.328 to 1.44.333. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.328...v1.44.333) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index d6d50f640..ded160eb1 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.328 + github.com/aws/aws-sdk-go v1.44.333 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.1 diff --git a/sda-download/go.sum b/sda-download/go.sum index 8922e0659..a013d4833 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.328 h1:WBwlf8ym9SDQ/GTIBO9eXyvwappKJyOetWJKl4mT7ZU= -github.com/aws/aws-sdk-go v1.44.328/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.44.333 h1:X0j5TGXtHLZzDB/uRcGKLG77ERFtxYQtXefs+Apf2PU= +github.com/aws/aws-sdk-go v1.44.333/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= From 860f90c6f4b77a8dc1961a4ea6390fb5975824c3 Mon Sep 17 00:00:00 2001 From: Joakim Bygdell Date: Tue, 29 Aug 2023 10:36:12 +0200 Subject: [PATCH 60/75] Bump image versions --- charts/sda-db/values.yaml | 2 +- charts/sda-mq/values.yaml | 2 +- charts/sda-svc/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/sda-db/values.yaml b/charts/sda-db/values.yaml index 7cb1e03e9..eb26e5722 100644 --- a/charts/sda-db/values.yaml +++ b/charts/sda-db/values.yaml @@ -25,7 +25,7 @@ extraSecurityContext: {} image: repository: ghcr.io/neicnordic/sensitive-data-archive - tag: v0.0.44-postgres + tag: v0.0.65-postgres pullPolicy: IfNotPresent # utilize network isolation diff --git a/charts/sda-mq/values.yaml b/charts/sda-mq/values.yaml index 085679e0e..8fab60cbc 100644 --- a/charts/sda-mq/values.yaml +++ b/charts/sda-mq/values.yaml @@ -44,7 +44,7 @@ extraSecurityContext: {} image: repository: ghcr.io/neicnordic/sensitive-data-archive - tag: v0.0.44-rabbitmq + tag: v0.0.65-rabbitmq pullPolicy: Always # utilize network isolation diff --git a/charts/sda-svc/values.yaml b/charts/sda-svc/values.yaml index 8cbd726f6..85993a1fa 100644 --- a/charts/sda-svc/values.yaml +++ b/charts/sda-svc/values.yaml @@ -2,7 +2,7 @@ # Declare variables to be passed into your templates. image: repository: "ghcr.io/neicnordic/sensitive-data-archive" - tag: "v0.0.44" + tag: "v0.0.65" pullPolicy: "Always" global: From 8743f72e62741126ac1283d426039f1bc4c60618 Mon Sep 17 00:00:00 2001 From: Pontus Freyhult Date: Tue, 29 Aug 2023 11:15:20 +0200 Subject: [PATCH 61/75] Typo fix --- .github/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index d7a2199f7..45f6b5f0d 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -52,7 +52,7 @@ updates: reviewers: - "neicnordic/sensitive-data-development-collaboration" - package-ecosystem: docker - directory: "/sda-sftp-iinbox" + directory: "/sda-sftp-inbox" schedule: interval: weekly open-pull-requests-limit: 10 From 6057bd20279d2094cbee029dd0f8695a9a1a3296 Mon Sep 17 00:00:00 2001 From: Pontus Freyhult Date: Tue, 29 Aug 2023 11:17:03 +0200 Subject: [PATCH 62/75] Directory is postgresql, not postgres --- .github/dependabot.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml index 45f6b5f0d..9410a12b5 100644 --- a/.github/dependabot.yaml +++ b/.github/dependabot.yaml @@ -17,7 +17,7 @@ updates: reviewers: - "neicnordic/sensitive-data-development-collaboration" - package-ecosystem: docker - directory: "/postgres" + directory: "/postgresql" schedule: interval: weekly open-pull-requests-limit: 10 From 7efb25c1d322059128884e1b1c05237750617149 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:15:37 +0000 Subject: [PATCH 63/75] Bump postgres from 15.2-alpine3.17 to 15.4-alpine3.17 in /postgresql Bumps postgres from 15.2-alpine3.17 to 15.4-alpine3.17. --- updated-dependencies: - dependency-name: postgres dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- postgresql/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/postgresql/Dockerfile b/postgresql/Dockerfile index ec3623c69..6e5917c89 100644 --- a/postgresql/Dockerfile +++ b/postgresql/Dockerfile @@ -1,4 +1,4 @@ -FROM postgres:15.2-alpine3.17 +FROM postgres:15.4-alpine3.17 ARG BUILD_DATE ARG SOURCE_COMMIT From 1360d4f1dc85caabd365765000a1f0d987e90079 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:15:42 +0000 Subject: [PATCH 64/75] Bump maven in /sda-sftp-inbox Bumps maven from 3.9.0-eclipse-temurin-19-alpine to 3.9.3-eclipse-temurin-20-alpine. --- updated-dependencies: - dependency-name: maven dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/Dockerfile b/sda-sftp-inbox/Dockerfile index cd5f69317..bb1593d8f 100644 --- a/sda-sftp-inbox/Dockerfile +++ b/sda-sftp-inbox/Dockerfile @@ -1,4 +1,4 @@ -FROM maven:3.9.0-eclipse-temurin-19-alpine as builder +FROM maven:3.9.3-eclipse-temurin-20-alpine as builder COPY pom.xml . From 774da16fcf10bf7fc1d88ce0f01ef244fe91ab4b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:15:43 +0000 Subject: [PATCH 65/75] Bump eclipse-temurin from 19-alpine to 20-alpine in /sda-sftp-inbox Bumps eclipse-temurin from 19-alpine to 20-alpine. --- updated-dependencies: - dependency-name: eclipse-temurin dependency-type: direct:production ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/Dockerfile b/sda-sftp-inbox/Dockerfile index cd5f69317..f52eb5b67 100644 --- a/sda-sftp-inbox/Dockerfile +++ b/sda-sftp-inbox/Dockerfile @@ -8,7 +8,7 @@ COPY src/ /src/ RUN mvn clean install -DskipTests --no-transfer-progress -FROM eclipse-temurin:19-alpine +FROM eclipse-temurin:20-alpine RUN apk add --no-cache --upgrade ca-certificates java-cacerts libssl3 libcrypto3 \ && ln -sf /etc/ssl/certs/java/cacerts $JAVA_HOME/lib/security/cacerts From b620a2529b05b5d8b5bad3c8bc882b1e84043c3b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Aug 2023 11:15:52 +0000 Subject: [PATCH 66/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.538 to 1.12.539. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.538...1.12.539) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 83c28ff4e..70ae77e2f 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.538 + 1.12.539 com.google.guava From 8c4f0b6e1c4681bcd7e5b27170865614a29dd60d Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Thu, 31 Aug 2023 07:54:40 +0200 Subject: [PATCH 67/75] add healthcheck to mockoidc --- sda-auth/dev-server/docker-compose.yml | 7 ++++++- sda-auth/dev-server/oidc/Dockerfile | 2 +- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/sda-auth/dev-server/docker-compose.yml b/sda-auth/dev-server/docker-compose.yml index 8d0b1551b..e467e985f 100644 --- a/sda-auth/dev-server/docker-compose.yml +++ b/sda-auth/dev-server/docker-compose.yml @@ -19,6 +19,11 @@ services: - USERINFO_ROUTE=/userinfo ports: - 9090:9090 + healthcheck: + test: ["CMD", "curl", "-f", "http://localhost:9090/.well-known/openid-configuration"] + interval: 5s + timeout: 10s + retries: 4 cega: container_name: cega image: egarchive/lega-base:release.v0.2.0 @@ -47,7 +52,7 @@ services: dockerfile: Dockerfile depends_on: oidc: - condition: service_started + condition: service_healthy cega: condition: service_started environment: diff --git a/sda-auth/dev-server/oidc/Dockerfile b/sda-auth/dev-server/oidc/Dockerfile index 70fc2365b..be231e034 100644 --- a/sda-auth/dev-server/oidc/Dockerfile +++ b/sda-auth/dev-server/oidc/Dockerfile @@ -2,7 +2,7 @@ FROM node:16.2.0-slim WORKDIR /app -RUN apt update && apt upgrade -qy +RUN apt update && apt upgrade -qy && apt install -qy curl COPY package.json ./ From acc32050c8462c4f85d63a83202b24ecc263e4d2 Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Wed, 30 Aug 2023 22:04:54 +0200 Subject: [PATCH 68/75] update sda-auth to go1.20 --- .github/workflows/code-linter.yaml | 2 +- .github/workflows/functionality.yml | 2 +- sda-auth/dev-server/docker-compose.yml | 2 +- sda-auth/go.mod | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/code-linter.yaml b/.github/workflows/code-linter.yaml index 2f7e1fa91..f3af677a4 100644 --- a/.github/workflows/code-linter.yaml +++ b/.github/workflows/code-linter.yaml @@ -13,7 +13,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: ['1.19'] + go-version: ['1.20'] steps: - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v4 diff --git a/.github/workflows/functionality.yml b/.github/workflows/functionality.yml index b5c70f02d..84d2fb76c 100644 --- a/.github/workflows/functionality.yml +++ b/.github/workflows/functionality.yml @@ -12,7 +12,7 @@ jobs: strategy: fail-fast: false matrix: - go-version: [1.19] + go-version: ['1.20'] steps: - name: Set up Go ${{ matrix.go-version }} uses: actions/setup-go@v4 diff --git a/sda-auth/dev-server/docker-compose.yml b/sda-auth/dev-server/docker-compose.yml index e467e985f..e3d8acd9e 100644 --- a/sda-auth/dev-server/docker-compose.yml +++ b/sda-auth/dev-server/docker-compose.yml @@ -48,7 +48,7 @@ services: build: context: ../ args: - GOLANG_VERSION: ${GOLANG_VERSION-1.18} + GOLANG_VERSION: ${GOLANG_VERSION-1.20} dockerfile: Dockerfile depends_on: oidc: diff --git a/sda-auth/go.mod b/sda-auth/go.mod index bfd73ccb1..b39906589 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -1,6 +1,6 @@ module auth -go 1.19 +go 1.20 require ( github.com/coreos/go-oidc v2.2.1+incompatible From 21c4e576b15ce9fb93673a43f7d6c41182edd0f3 Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Thu, 31 Aug 2023 18:09:07 +0200 Subject: [PATCH 69/75] update to github.com/google/uuid v1.3.1 --- sda-auth/go.mod | 2 +- sda-auth/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index b39906589..efc40cc78 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -5,7 +5,7 @@ go 1.20 require ( github.com/coreos/go-oidc v2.2.1+incompatible github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/google/uuid v1.3.0 + github.com/google/uuid v1.3.1 github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f github.com/kataras/iris/v12 v12.2.4 github.com/lestrrat/go-jwx v0.9.1 diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 651e699b8..527fb9a59 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -149,8 +149,8 @@ github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201218002935-b9804c9f04c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= -github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/google-cloud-go-testing v0.0.0-20200911160855-bcd43fbb19e8/go.mod h1:dvDLG8qkwmyD9a/MJJN3XJcT3xFxOKAvTZGvuZmac9g= From 3bd4321155bbe753f791e8c5f7de35b4d334f610 Mon Sep 17 00:00:00 2001 From: Alex Aperis Date: Thu, 31 Aug 2023 18:12:28 +0200 Subject: [PATCH 70/75] update to github.com/kataras/iris/v12 v12.2.5 --- sda-auth/go.mod | 2 +- sda-auth/go.sum | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/sda-auth/go.mod b/sda-auth/go.mod index efc40cc78..32bb27bd9 100644 --- a/sda-auth/go.mod +++ b/sda-auth/go.mod @@ -7,7 +7,7 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/google/uuid v1.3.1 github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f - github.com/kataras/iris/v12 v12.2.4 + github.com/kataras/iris/v12 v12.2.5 github.com/lestrrat/go-jwx v0.9.1 github.com/oauth2-proxy/mockoidc v0.0.0-20220308204021-b9169deeb282 github.com/sirupsen/logrus v1.9.3 diff --git a/sda-auth/go.sum b/sda-auth/go.sum index 527fb9a59..5689a9645 100644 --- a/sda-auth/go.sum +++ b/sda-auth/go.sum @@ -74,6 +74,7 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/fatih/color v1.15.0 h1:kOqh6YHBtK8aywxGerMG2Eq3H6Qgoqeo13Bk2Mv/nBs= github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo= github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M= github.com/flosch/pongo2/v4 v4.0.2 h1:gv+5Pe3vaSVmiJvh/BZa82b7/00YUGm0PIyVVLop0Hw= @@ -84,6 +85,7 @@ github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbS github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= +github.com/gobwas/glob v0.2.3 h1:A4xDbljILXROh+kObIiy5kIaPYD8e96x1tgBhUI5J+Y= github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= @@ -164,7 +166,7 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/imkira/go-interpol v1.1.0 h1:KIiKr0VSG2CUW1hl1jpiyuzuJeKUUpC8iM1AIE7N1Vk= -github.com/iris-contrib/httpexpect/v2 v2.12.1 h1:3cTZSyBBen/kfjCtgNFoUKi1u0FVXNaAjyRJOo6AVS4= +github.com/iris-contrib/httpexpect/v2 v2.15.1 h1:G2/TW0EZ5UhNNdljNDBBQDfdfumLlV6ljRqdTk3cAmc= github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f h1:5rzREq7GRRM+lCgE1cYasex/YEtA0KVS8B6FERNUloI= github.com/iris-contrib/middleware/cors v0.0.0-20230311205048-b568fe9b470f/go.mod h1:7eVziAp1yUwFB/ZMg71n84VWQH+7wukvxcHuF2e7cbg= github.com/iris-contrib/schema v0.0.6 h1:CPSBLyx2e91H2yJzPuhGuifVRnZBBJ3pCOMbOvPZaTw= @@ -177,8 +179,8 @@ github.com/kataras/blocks v0.0.7 h1:cF3RDY/vxnSRezc7vLFlQFTYXG/yAr1o7WImJuZbzC4= github.com/kataras/blocks v0.0.7/go.mod h1:UJIU97CluDo0f+zEjbnbkeMRlvYORtmc1304EeyXf4I= github.com/kataras/golog v0.1.9 h1:vLvSDpP7kihFGKFAvBSofYo7qZNULYSHOH2D7rPTKJk= github.com/kataras/golog v0.1.9/go.mod h1:jlpk/bOaYCyqDqH18pgDHdaJab72yBE6i0O3s30hpWY= -github.com/kataras/iris/v12 v12.2.4 h1:fj5y2usjhnzTPrPsL/94wGaCcirvR/EdshgQgx2lBCo= -github.com/kataras/iris/v12 v12.2.4/go.mod h1:4zzcsafozAKy9SUwSZ7Qx1TVY8NZJVZXk5mgDeksXec= +github.com/kataras/iris/v12 v12.2.5 h1:R5UzUW4MIByBM6tKMG3UqJ7hL1JCEE+dkqQ8L72f6PU= +github.com/kataras/iris/v12 v12.2.5/go.mod h1:bf3oblPF8tQmRgyPCzPZr0mLazvEDFgImdaGZYuN4hw= github.com/kataras/pio v0.0.12 h1:o52SfVYauS3J5X08fNjlGS5arXHjW/ItLkyLcKjoH6w= github.com/kataras/pio v0.0.12/go.mod h1:ODK/8XBhhQ5WqrAhKy+9lTPS7sBf6O3KcLhc9klfRcY= github.com/kataras/sitemap v0.0.6 h1:w71CRMMKYMJh6LR2wTgnk5hSgjVNB9KL60n5e2KHvLY= @@ -204,6 +206,8 @@ github.com/mailgun/raymond/v2 v2.0.48 h1:5dmlB680ZkFG2RN/0lvTAghrSxIESeu9/2aeDqA github.com/mailgun/raymond/v2 v2.0.48/go.mod h1:lsgvL50kgt1ylcFJYZiULi5fjPBkkhNfj4KA0W54Z18= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= github.com/microcosm-cc/bluemonday v1.0.25 h1:4NEwSfiJ+Wva0VxN5B8OwMicaJvD8r9tlJWm9rtloEg= github.com/microcosm-cc/bluemonday v1.0.25/go.mod h1:ZIOjCQp1OrzBBPIJmfX4qDYFuhU02nx4bn030ixfHLE= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= From a3dd97ece6b2d34b5cdb07a92913536a5c12e954 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:04:03 +0000 Subject: [PATCH 71/75] Bump actions/checkout from 3 to 4 Bumps [actions/checkout](https://github.com/actions/checkout) from 3 to 4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build_pr_container.yaml | 14 +++++++------- .github/workflows/code-linter.yaml | 8 ++++---- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/functionality.yml | 8 ++++---- .github/workflows/publish_charts.yml | 2 +- .github/workflows/publish_container.yml | 4 ++-- .github/workflows/shellcheck.yml | 2 +- .github/workflows/test.yml | 8 ++++---- 8 files changed, 24 insertions(+), 24 deletions(-) diff --git a/.github/workflows/build_pr_container.yaml b/.github/workflows/build_pr_container.yaml index f1e565f0f..e610b81e1 100644 --- a/.github/workflows/build_pr_container.yaml +++ b/.github/workflows/build_pr_container.yaml @@ -20,7 +20,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Log in to the Github Container registry uses: docker/login-action@v2 @@ -90,7 +90,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Log in to the Github Container registry uses: docker/login-action@v2 @@ -164,7 +164,7 @@ jobs: security-events: write steps: - name: Checkout code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Log in to the Github Container registry uses: docker/login-action@v2 @@ -209,7 +209,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Test rabbitmq federation run: docker compose -f .github/integration/rabbitmq-federation.yml run federation_test @@ -221,7 +221,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Test postgres run: docker compose -f .github/integration/postgres.yml run tests @@ -233,7 +233,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Test sensitive-data-archive run: docker compose -f .github/integration/sda-integration.yml run integration_test @@ -249,7 +249,7 @@ jobs: version: ["1.26", "1.27"] steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Install Helm uses: azure/setup-helm@v3.5 diff --git a/.github/workflows/code-linter.yaml b/.github/workflows/code-linter.yaml index fd2d2e452..9387de71a 100644 --- a/.github/workflows/code-linter.yaml +++ b/.github/workflows/code-linter.yaml @@ -22,7 +22,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.7.0 @@ -45,7 +45,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.7.0 @@ -68,7 +68,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.7.0 @@ -91,7 +91,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run golangci-lint uses: golangci/golangci-lint-action@v3.7.0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1cfa98341..2c92cacdd 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v3 + uses: actions/checkout@v4 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/functionality.yml b/.github/workflows/functionality.yml index b5c70f02d..ae8d87203 100644 --- a/.github/workflows/functionality.yml +++ b/.github/workflows/functionality.yml @@ -18,7 +18,7 @@ jobs: uses: actions/setup-go@v4 with: go-version: ${{ matrix.go-version }} - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up Python 3.7 uses: actions/setup-python@v4 with: @@ -54,7 +54,7 @@ jobs: python-version: '3.9' - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run setup scripts run: | @@ -89,7 +89,7 @@ jobs: python-version: '3.9' - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Run setup scripts run: | @@ -111,7 +111,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Build image run: | diff --git a/.github/workflows/publish_charts.yml b/.github/workflows/publish_charts.yml index 886953b72..c9593ecf3 100644 --- a/.github/workflows/publish_charts.yml +++ b/.github/workflows/publish_charts.yml @@ -15,7 +15,7 @@ jobs: continue-on-error: true steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: fetch-depth: 0 diff --git a/.github/workflows/publish_container.yml b/.github/workflows/publish_container.yml index 32529f658..3e28e09ad 100644 --- a/.github/workflows/publish_container.yml +++ b/.github/workflows/publish_container.yml @@ -20,7 +20,7 @@ jobs: new_tag: ${{ steps.bump_tag.outputs.new_tag }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: fetch-depth: '0' - name: Bump version and push tag @@ -41,7 +41,7 @@ jobs: packages: write steps: - name: Check out the repo - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Log in to the Github Container registry uses: docker/login-action@v2 diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index eeef6a813..ff8f0e6d2 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Check out code - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: check all scripts uses: ludeeus/action-shellcheck@master diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 67fe22a0e..e4bb85de5 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Set up JDK ${{ matrix.java-version }} uses: actions/setup-java@v3 with: @@ -44,7 +44,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get dependencies run: | @@ -94,7 +94,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get dependencies run: | @@ -132,7 +132,7 @@ jobs: id: go - name: Check out code into the Go module directory - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Get dependencies run: | From 60c53ae9333fc07f7dcab3395143560cb7940e37 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:04:10 +0000 Subject: [PATCH 72/75] Bump aquasecurity/trivy-action from 0.11.2 to 0.12.0 Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.11.2 to 0.12.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/0.11.2...0.12.0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/build_pr_container.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build_pr_container.yaml b/.github/workflows/build_pr_container.yaml index f1e565f0f..ccebd54cc 100644 --- a/.github/workflows/build_pr_container.yaml +++ b/.github/workflows/build_pr_container.yaml @@ -126,7 +126,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: Run Trivy vulnerability scanner on postgres - uses: aquasecurity/trivy-action@0.11.2 + uses: aquasecurity/trivy-action@0.12.0 with: image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-postgres format: "sarif" @@ -141,7 +141,7 @@ jobs: category: postgres - name: Run Trivy vulnerability scanner on rabbitmq - uses: aquasecurity/trivy-action@0.11.2 + uses: aquasecurity/trivy-action@0.12.0 with: image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-rabbitmq format: "sarif" @@ -187,7 +187,7 @@ jobs: org.opencontainers.image.revision=${{ github.sha }} - name: Run Trivy vulnerability scanner on sftp-inbox - uses: aquasecurity/trivy-action@0.11.2 + uses: aquasecurity/trivy-action@0.12.0 with: image-ref: ghcr.io/${{ github.repository }}:sha-${{ github.sha }}-sftp-inbox format: "sarif" From b35d34eac5c9fd1a35a007d52437083d80771961 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:10:54 +0000 Subject: [PATCH 73/75] Bump com.hierynomus:sshj from 0.35.0 to 0.36.0 in /sda-sftp-inbox Bumps [com.hierynomus:sshj](https://github.com/hierynomus/sshj) from 0.35.0 to 0.36.0. - [Commits](https://github.com/hierynomus/sshj/compare/v0.35.0...v0.36.0) --- updated-dependencies: - dependency-name: com.hierynomus:sshj dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 70ae77e2f..8e5a004c1 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -132,7 +132,7 @@ com.hierynomus sshj - 0.35.0 + 0.36.0 test From e6a6b5f3eb675137bbec44893d91d3614e5b09d0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:11:03 +0000 Subject: [PATCH 74/75] Bump com.amazonaws:aws-java-sdk-s3 in /sda-sftp-inbox Bumps [com.amazonaws:aws-java-sdk-s3](https://github.com/aws/aws-sdk-java) from 1.12.539 to 1.12.543. - [Changelog](https://github.com/aws/aws-sdk-java/blob/master/CHANGELOG.md) - [Commits](https://github.com/aws/aws-sdk-java/compare/1.12.539...1.12.543) --- updated-dependencies: - dependency-name: com.amazonaws:aws-java-sdk-s3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- sda-sftp-inbox/pom.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sda-sftp-inbox/pom.xml b/sda-sftp-inbox/pom.xml index 70ae77e2f..b2e56b8ca 100644 --- a/sda-sftp-inbox/pom.xml +++ b/sda-sftp-inbox/pom.xml @@ -96,7 +96,7 @@ com.amazonaws aws-java-sdk-s3 - 1.12.539 + 1.12.543 com.google.guava From b27c95d99fa17721665cfa0abdfafea2a34d5894 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Sep 2023 19:20:20 +0000 Subject: [PATCH 75/75] Bump github.com/aws/aws-sdk-go from 1.44.333 to 1.45.2 in /sda-download Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.333 to 1.45.2. - [Release notes](https://github.com/aws/aws-sdk-go/releases) - [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.333...v1.45.2) --- updated-dependencies: - dependency-name: github.com/aws/aws-sdk-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- sda-download/go.mod | 2 +- sda-download/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sda-download/go.mod b/sda-download/go.mod index 2bbc52c02..307953295 100644 --- a/sda-download/go.mod +++ b/sda-download/go.mod @@ -4,7 +4,7 @@ go 1.20 require ( github.com/DATA-DOG/go-sqlmock v1.5.0 - github.com/aws/aws-sdk-go v1.44.333 + github.com/aws/aws-sdk-go v1.45.2 github.com/dgraph-io/ristretto v0.1.1 github.com/gin-gonic/gin v1.9.1 github.com/google/uuid v1.3.1 diff --git a/sda-download/go.sum b/sda-download/go.sum index 3862f89d6..877214357 100644 --- a/sda-download/go.sum +++ b/sda-download/go.sum @@ -43,8 +43,8 @@ github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym github.com/DATA-DOG/go-sqlmock v1.5.0 h1:Shsta01QNfFxHCfpW6YH2STWB0MudeXXEWMr20OEh60= github.com/DATA-DOG/go-sqlmock v1.5.0/go.mod h1:f/Ixk793poVmq4qj/V1dPUg2JEAKC73Q5eFN3EC/SaM= github.com/aws/aws-sdk-go v1.33.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= -github.com/aws/aws-sdk-go v1.44.333 h1:X0j5TGXtHLZzDB/uRcGKLG77ERFtxYQtXefs+Apf2PU= -github.com/aws/aws-sdk-go v1.44.333/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= +github.com/aws/aws-sdk-go v1.45.2 h1:hTong9YUklQKqzrGk3WnKABReb5R8GjbG4Y6dEQfjnk= +github.com/aws/aws-sdk-go v1.45.2/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI= github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= github.com/bytedance/sonic v1.9.1 h1:6iJ6NqdoxCDr6mbY8h18oSO+cShGSMRGCEo7F2h0x8s= github.com/bytedance/sonic v1.9.1/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U=