Op-21723:CVE-fixes with java-17 and spring-boot upgrade-v4.1 #469

vivek-opsmx · 2024-05-09T05:14:30Z

https://devopsmx.atlassian.net/browse/OP-21936

OP-21881 involves fixing CVE issues by upgrading to Java 17 and Spring Boot v4.1 .

Since the Fiat service is not utilized in ISD-Argo, I removed the Fiat code from the ISD-Argo Gate Service. However, during this removal process, the /auth/user API stopped returning user details, causing the UI to refresh repeatedly. We resolved this issue by adding "return user" to the code, ensuring that the API now returns the necessary user information without triggering excessive UI refreshing and incorporating a few configurations in the secret settings.

…alse

and made disabled authConfig to false

gate-basic/src/main/java/com/netflix/spinnaker/gate/security/basic/BasicAuthProvider.java

gate-saml/src/main/groovy/com/opsmx/spinnaker/gate/security/saml/SamlSsoConfig.groovy

gate-saml/src/main/java/com/opsmx/spinnaker/gate/security/saml/Saml2UserDetails.java

gate-saml/src/main/java/com/opsmx/spinnaker/gate/security/saml/SamlSecurityConfiguration.java

gate-web/src/main/groovy/com/netflix/spinnaker/gate/controllers/OpsmxAuthController.groovy

rahul-chekuri

please address the highlighted issue.

vivek-opsmx added 30 commits April 17, 2024 11:17

OP-21723 : CVE fix for Gate service

18bef6d

OP-21723 : Added .Spinnaker/ Url

7e8f0cf

OP-21723 : Removing .Spinnaker/ Url

2621e66

OP-21723 : Adding Logs

d251b7e

OP-21723 : Added few more Logs

d3f2ae2

OP-21723 : changed forceEnable to false

6d6f7aa

OP-21723 : Added @configuration annotation

123b3fd

OP-21723 : Reverted the changes

d9c68a2

OP-21723 : made ExtendedFiatService to false

5aea635

OP-21723 : Added ConditionalOnExpression

bf26233

OP-21723 : Added ConditionalOnExpression given false

4cf197e

OP-21723 : Removed ConditionalOnExpression given false

4279ec3

OP-21723 :Added Autowired to fiat service

f015b63

OP-21723 :Removed Autowired to fiat service

125950a

OP-21723 :Removed @bean

68be879

OP-21723 : reverted @bean and made fiatLoginService forceEnabled to f…

eec6ea3

…alse

OP-21723 : commented MethodSecurityExpressionHandler

0b526a6

OP-21723 : commented MethodSecurityExpressionHandler

f1bfe3d

and made disabled authConfig to false

OP-21723 : uncommented MethodSecurityExpressionHandler

3b004b7

OP-21723 : enabled to true

a13c2e5

OP-21723 : reverted gradle properties

77ee51e

OP-21723 : reverted fiat version to 1.36.0

869f221

OP-21723 : reverted fiat version to 1-0-SNAPSHOT

d1074c2

OP-21723 : made fiat version to 1.36.0

2204d9d

OP-21723 : comminted fait code for teting

1bd770b

OP-21723 : reverted all changes

1287c1e

OP-21723 : comminted expressionHandler

bffbeb0

OP-21723 : uncommented expressionHandler code

b1dc389

OP-21723 : commented fiat code

f328134

OP-21723 : added Base URL in feingClient class

fe1216a

vivek-opsmx and others added 20 commits May 10, 2024 10:32

OP-21723 : Addressed PR review comments

7365cf7

OP-21723 : resolved compile time error and addressed pr review comments

3ca6e13

OP-21723 : removed fiat enable - true

7b1dbf3

OP-21723 : removed repositories mavenLocal() mavenCentral()

108961c

OP-21723 : reverted repositories mavenLocal() mavenCentral()

f708943

OP-21723 : Made Change in SamlSecurityConfiguration

d983f81

OP-21723 : commented loginWithRoles

ca67635

OP-21723 : commented ss0Config class

f91c187

OP-21723 : Reverting ssoConfig class changes

2cf0495

OP-21723 : Reverting gate config

009ec53

OP-21723 : Reverting all PR review comments

56abcf4

OP-21723 : Reverting all PR review comments 2

1d60cd1

OP-21936: downported changes fron v4.0

7581eb7

OP-21936: downported changes fron v4.0

48c3a15

OP-21936: changed bean name to avoid picking up the wrong beans.

963b929

OP-21936: Annotated with qualifiers to pick beans by names.

cfae94d

OP-21936: setting samlAuthenticationManager.

0075703

OP-21723 : Addressed all PR review comments

d70bbdb

OP-21936: cleaned up permission service of fait and put oes one.

4f2eb9d

OP-21936: compilation fix.

4be6c3c