diff --git a/build.gradle b/build.gradle index 5ac9c6045c..f4b573b9a4 100644 --- a/build.gradle +++ b/build.gradle @@ -17,7 +17,7 @@ allprojects { apply plugin: 'groovy' spinnaker { - dependenciesVersion = "0.23.0" + dependenciesVersion = "0.34.0" } configurations.all { @@ -26,6 +26,11 @@ allprojects { resolutionStrategy { force 'org.codehaus.groovy:groovy-all:2.4.5' force 'org.spockframework:spock-core:1.0-groovy-2.4' + eachDependency { + if (it.requested.group == 'org.springframework') { + it.useVersion spinnaker.version('spring') + } + } } } diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle index f23672720d..c7bdfc493a 100644 --- a/gate-web/gate-web.gradle +++ b/gate-web/gate-web.gradle @@ -21,7 +21,7 @@ dependencies { compile spinnaker.dependency("korkWeb") compile spinnaker.dependency("frigga") compile spinnaker.dependency('cglib') - compile('org.springframework.session:spring-session-data-redis:1.0.1.RELEASE') + compile('org.springframework.session:spring-session-data-redis:1.1.1.RELEASE') compile('org.opensaml:opensaml:2.6.4') testCompile "com.squareup.okhttp:mockwebserver:${spinnaker.version('okHttp')}" diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy index a1ee7713a6..ab39adc8d7 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy @@ -16,6 +16,9 @@ package com.netflix.spinnaker.gate.config +import org.springframework.session.data.redis.config.ConfigureRedisAction +import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession + import java.util.concurrent.ExecutorService import java.util.concurrent.Executors import javax.servlet.* @@ -38,11 +41,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty import org.springframework.boot.context.embedded.FilterRegistrationBean import org.springframework.context.annotation.Bean import org.springframework.context.annotation.Configuration -import org.springframework.context.annotation.Import import org.springframework.core.Ordered import org.springframework.core.annotation.Order import org.springframework.data.redis.connection.jedis.JedisConnectionFactory -import org.springframework.session.data.redis.config.annotation.web.http.GateRedisHttpSessionConfiguration import org.springframework.stereotype.Component import org.springframework.web.client.RestTemplate import retrofit.Endpoint @@ -54,7 +55,7 @@ import static retrofit.Endpoints.newFixedEndpoint @CompileStatic @Configuration @Slf4j -@Import(GateRedisHttpSessionConfiguration) +@EnableRedisHttpSession class GateConfig { @Value('${retrofit.logLevel:BASIC}') String retrofitLogLevel @@ -82,6 +83,12 @@ class GateConfig { new RestTemplate() } + @Bean + @ConditionalOnProperty("redis.configuration.secure") + ConfigureRedisAction configureRedisAction() { + return ConfigureRedisAction.NO_OP + } + @Bean ExecutorService executorService() { Executors.newCachedThreadPool() diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy index 9d6013f02f..296cfbfacf 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy @@ -47,7 +47,7 @@ class AnonymousSecurityConfig implements WebSecurityAugmentor { AuthenticationManager authenticationManager) { def filter = new AnonymousAuthenticationFilter( // it seems like a smell that this is statically initialized with the allowedAccounts - key, new User(defaultEmail, null, null, ["anonymous"], anonymousAccountsService.getAllowedAccounts()), [new SimpleGrantedAuthority("anonymous")] + key, new User(email: defaultEmail, roles: ["anonymous"], allowedAccounts: anonymousAccountsService.getAllowedAccounts(), username: defaultEmail), [new SimpleGrantedAuthority("anonymous")] ) http.addFilter(filter) http.csrf().disable() diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy index 193c84d973..e0bc77e284 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy @@ -113,7 +113,7 @@ class OAuth2SecurityConfig implements WebSecurityAugmentor { @Override Authentication extractAuthentication(Map map) { def allowedAccounts = (map.scope ?: []).collect { String scope -> scope.replace("spinnaker_", "")} - def user = new User(map.client_id as String, null, null, [], allowedAccounts) + def user = new User(email: map.client_id as String, roles: [], allowedAccounts: allowedAccounts, username: map.client_id) return new UsernamePasswordAuthenticationToken(user, "N/A", []) } } diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy index e7ea8a5e06..0ca0c76165 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy @@ -172,11 +172,12 @@ class SAMLSecurityController { } def user = new User( - assertion.getSubject().nameID.value, - attributes[userAttributeMapping.firstName]?.get(0), - attributes[userAttributeMapping.lastName]?.get(0), - roles, - allowedAccounts + email: assertion.getSubject().nameID.value, + firstName: attributes[userAttributeMapping.firstName]?.get(0), + lastName: attributes[userAttributeMapping.lastName]?.get(0), + roles: roles, + allowedAccounts: allowedAccounts, + username: assertion.getSubject().nameID.value ) return user diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy index 1d28ef9353..2efeb796cd 100644 --- a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy +++ b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy @@ -57,7 +57,7 @@ class X509AuthenticationProvider implements AuthenticationProvider { }?.get(1) ?: authentication.principal return new PreAuthenticatedAuthenticationToken( - new User(rfc822Name as String, null, null, [], anonymousAccountsService.allowedAccounts), + new User(email: rfc822Name, roles: [], allowedAccounts: anonymousAccountsService.allowedAccounts, username: rfc822Name), authentication.credentials) } diff --git a/gate-web/src/main/groovy/org/springframework/session/data/redis/config/annotation/web/http/GateRedisHttpSessionConfiguration.groovy b/gate-web/src/main/groovy/org/springframework/session/data/redis/config/annotation/web/http/GateRedisHttpSessionConfiguration.groovy deleted file mode 100644 index c886a6adfc..0000000000 --- a/gate-web/src/main/groovy/org/springframework/session/data/redis/config/annotation/web/http/GateRedisHttpSessionConfiguration.groovy +++ /dev/null @@ -1,48 +0,0 @@ -/* - * Copyright 2015 Netflix, Inc. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -package org.springframework.session.data.redis.config.annotation.web.http - -import org.springframework.beans.factory.annotation.Value -import org.springframework.context.annotation.Bean -import org.springframework.context.annotation.Configuration -import org.springframework.core.type.AnnotationMetadata -import org.springframework.data.redis.connection.RedisConnectionFactory -import org.springframework.data.redis.core.RedisTemplate -import org.springframework.session.ExpiringSession -import org.springframework.session.data.redis.RedisOperationsSessionRepository - -@Configuration -class GateRedisHttpSessionConfiguration extends RedisHttpSessionConfiguration { - - @Value('${session.expiration:1800}') - int expiration - - public void setImportMetadata(AnnotationMetadata importMetadata) { - } - - @Bean - public RedisOperationsSessionRepository sessionRepository(RedisTemplate sessionRedisTemplate) { - RedisOperationsSessionRepository sessionRepository = new RedisOperationsSessionRepository(sessionRedisTemplate); - sessionRepository.setDefaultMaxInactiveInterval(expiration); - return sessionRepository; - } - - @Override - public RedisHttpSessionConfiguration.EnableRedisKeyspaceNotificationsInitializer enableRedisKeyspaceNotificationsInitializer(RedisConnectionFactory connectionFactory) { - null - } -} diff --git a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy index 15c712a3f7..49288f9859 100644 --- a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy +++ b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy @@ -47,7 +47,7 @@ class BuildControllerSpec extends Specification { void setup() { igorService = Mock(IgorService) buildService = new BuildService(igorService: igorService) - server.play() + server.start() mockMvc = MockMvcBuilders.standaloneSetup(new BuildController(buildService: buildService)).build() } diff --git a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy index ea077f7250..8d11e8ab03 100644 --- a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy +++ b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy @@ -45,10 +45,10 @@ class CredentialsServiceSpec extends Specification { expect: AuthenticatedRequest.propagate({ new CredentialsService(clouddriverService: clouddriverService).getAccounts() - }, false, new User("email", null, null, [], userAccounts)).call() as List == allowedACcounts + }, false, new User(email: "email", roles: [], allowedAccounts: userAccounts, username: "email")).call() as List == allowedAccounts where: - userAccounts || allowedACcounts + userAccounts || allowedAccounts ["account1"] || [accounts[0]] ["account2"] || [accounts[1]] ["account1", "account2"] || accounts