spinnaker · cfieber · May 12, 2016 · May 12, 2016 · cfieber · May 12, 2016
diff --git a/build.gradle b/build.gradle
@@ -17,7 +17,7 @@ allprojects {
   apply plugin: 'groovy'
 
   spinnaker {
-    dependenciesVersion = "0.23.0"
+    dependenciesVersion = "0.34.0"
   }
 
   configurations.all {
@@ -26,6 +26,11 @@ allprojects {
     resolutionStrategy {
       force 'org.codehaus.groovy:groovy-all:2.4.5'
       force 'org.spockframework:spock-core:1.0-groovy-2.4'
+      eachDependency {
+        if (it.requested.group == 'org.springframework') {
+          it.useVersion spinnaker.version('spring')
+        }
+      }
     }
   }
 

diff --git a/gate-web/gate-web.gradle b/gate-web/gate-web.gradle
@@ -21,7 +21,7 @@ dependencies {
   compile spinnaker.dependency("korkWeb")
   compile spinnaker.dependency("frigga")
   compile spinnaker.dependency('cglib')
-  compile('org.springframework.session:spring-session-data-redis:1.0.1.RELEASE')
+  compile('org.springframework.session:spring-session-data-redis:1.1.1.RELEASE')
   compile('org.opensaml:opensaml:2.6.4')
 
   testCompile "com.squareup.okhttp:mockwebserver:${spinnaker.version('okHttp')}"

diff --git a/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy b/gate-web/src/main/groovy/com/netflix/spinnaker/gate/config/GateConfig.groovy
@@ -16,6 +16,9 @@
 
 package com.netflix.spinnaker.gate.config
 
+import org.springframework.session.data.redis.config.ConfigureRedisAction
+import org.springframework.session.data.redis.config.annotation.web.http.EnableRedisHttpSession
+
 import java.util.concurrent.ExecutorService
 import java.util.concurrent.Executors
 import javax.servlet.*
@@ -38,11 +41,9 @@ import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty
 import org.springframework.boot.context.embedded.FilterRegistrationBean
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
-import org.springframework.context.annotation.Import
 import org.springframework.core.Ordered
 import org.springframework.core.annotation.Order
 import org.springframework.data.redis.connection.jedis.JedisConnectionFactory
-import org.springframework.session.data.redis.config.annotation.web.http.GateRedisHttpSessionConfiguration
 import org.springframework.stereotype.Component
 import org.springframework.web.client.RestTemplate
 import retrofit.Endpoint
@@ -54,7 +55,7 @@ import static retrofit.Endpoints.newFixedEndpoint
 @CompileStatic
 @Configuration
 @Slf4j
-@Import(GateRedisHttpSessionConfiguration)
+@EnableRedisHttpSession
 class GateConfig {
   @Value('${retrofit.logLevel:BASIC}')
   String retrofitLogLevel
@@ -82,6 +83,12 @@ class GateConfig {
     new RestTemplate()
   }
 
+  @Bean
+  @ConditionalOnProperty("redis.configuration.secure")
+  ConfigureRedisAction configureRedisAction() {
+    return ConfigureRedisAction.NO_OP
+  }
+
   @Bean
   ExecutorService executorService() {
     Executors.newCachedThreadPool()

diff --git a/.../main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy b/.../main/groovy/com/netflix/spinnaker/gate/security/anonymous/AnonymousSecurityConfig.groovy
@@ -47,7 +47,7 @@ class AnonymousSecurityConfig implements WebSecurityAugmentor {
                  AuthenticationManager authenticationManager) {
     def filter = new AnonymousAuthenticationFilter(
       // it seems like a smell that this is statically initialized with the allowedAccounts
-      key, new User(defaultEmail, null, null, ["anonymous"], anonymousAccountsService.getAllowedAccounts()), [new SimpleGrantedAuthority("anonymous")]
+      key, new User(email: defaultEmail, roles: ["anonymous"], allowedAccounts: anonymousAccountsService.getAllowedAccounts(), username: defaultEmail), [new SimpleGrantedAuthority("anonymous")]
     )
     http.addFilter(filter)
     http.csrf().disable()

diff --git a/...eb/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy b/...eb/src/main/groovy/com/netflix/spinnaker/gate/security/oauth2/OAuth2SecurityConfig.groovy
@@ -113,7 +113,7 @@ class OAuth2SecurityConfig implements WebSecurityAugmentor {
     @Override
     Authentication extractAuthentication(Map<String, ?> map) {
       def allowedAccounts = (map.scope ?: []).collect { String scope -> scope.replace("spinnaker_", "")}
-      def user = new User(map.client_id as String, null, null, [], allowedAccounts)
+      def user = new User(email: map.client_id as String, roles: [], allowedAccounts: allowedAccounts, username: map.client_id)
       return new UsernamePasswordAuthenticationToken(user, "N/A", [])
     }
   }

diff --git a/...eb/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy b/...eb/src/main/groovy/com/netflix/spinnaker/gate/security/saml/SAMLSecurityController.groovy
@@ -172,11 +172,12 @@ class SAMLSecurityController {
     }
 
     def user = new User(
-      assertion.getSubject().nameID.value,
-      attributes[userAttributeMapping.firstName]?.get(0),
-      attributes[userAttributeMapping.lastName]?.get(0),
-      roles,
-      allowedAccounts
+      email: assertion.getSubject().nameID.value,
+      firstName: attributes[userAttributeMapping.firstName]?.get(0),
+      lastName: attributes[userAttributeMapping.lastName]?.get(0),
+      roles: roles,
+      allowedAccounts: allowedAccounts,
+      username: assertion.getSubject().nameID.value
     )
 
     return user

diff --git a/...rc/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy b/...rc/main/groovy/com/netflix/spinnaker/gate/security/x509/X509AuthenticationProvider.groovy
@@ -57,7 +57,7 @@ class X509AuthenticationProvider implements AuthenticationProvider {
     }?.get(1) ?: authentication.principal
 
     return new PreAuthenticatedAuthenticationToken(
-      new User(rfc822Name as String, null, null, [], anonymousAccountsService.allowedAccounts),
+      new User(email: rfc822Name, roles: [], allowedAccounts: anonymousAccountsService.allowedAccounts, username: rfc822Name),
       authentication.credentials)
   }
 

diff --git a/...rk/session/data/redis/config/annotation/web/http/GateRedisHttpSessionConfiguration.groovy b/...rk/session/data/redis/config/annotation/web/http/GateRedisHttpSessionConfiguration.groovy
diff --git a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/controllers/BuildControllerSpec.groovy
@@ -47,7 +47,7 @@ class BuildControllerSpec extends Specification {
   void setup() {
     igorService = Mock(IgorService)
     buildService = new BuildService(igorService: igorService)
-    server.play()
+    server.start()
     mockMvc = MockMvcBuilders.standaloneSetup(new BuildController(buildService: buildService)).build()
   }
 

diff --git a/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy b/gate-web/src/test/groovy/com/netflix/spinnaker/gate/services/CredentialsServiceSpec.groovy
@@ -45,10 +45,10 @@ class CredentialsServiceSpec extends Specification {
     expect:
     AuthenticatedRequest.propagate({
       new CredentialsService(clouddriverService: clouddriverService).getAccounts()
-    }, false, new User("email", null, null, [], userAccounts)).call() as List<ClouddriverService.Account> == allowedACcounts
+    }, false, new User(email: "email", roles: [], allowedAccounts: userAccounts, username: "email")).call() as List<ClouddriverService.Account> == allowedAccounts
 
     where:
-    userAccounts                         || allowedACcounts
+    userAccounts                         || allowedAccounts
     ["account1"]                         || [accounts[0]]
     ["account2"]                         || [accounts[1]]
     ["account1", "account2"]             || accounts