diff b/w nov and main

.github/workflows/clouddriver-oes.yml

@@ -2,9 +2,10 @@ name: Branch Build clouddriver
 
 on:
   workflow_call:
+  workflow_dispatch:
   push:
     branches:
-    - OES-1.30.1
+    - OES-1.30.1-nov-cve
 
 env:
   GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g
@@ -49,8 +50,12 @@ jobs:
           sed  -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i settings.gradle
           sed  -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i build.gradle
           sed  -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i build.gradle
+
+          sed  's/^korkVersion=.*/korkVersion=OES-1.30.1-nov-cve-SNAPSHOT/; s/^fiatVersion=.*/fiatVersion=OES-1.30.1-nov-cve-SNAPSHOT/' gradle.properties > gradle.properties-bkp
+
+           mv gradle.properties-bkp gradle.properties
 
-          ./gradlew --no-daemon -PenableCrossCompilerPlugin=true clouddriver-web:installDist -x test 
+           ./gradlew --no-daemon -PenableCrossCompilerPlugin=true clouddriver-web:installDist -x test 
 
           #./gradlew --no-daemon clouddriver-web:installDist -x test
 

.github/workflows/clouddriver-publish.yml

@@ -3,7 +3,7 @@ name: Branch Build clouddriver publish
 on:
   push:
     branches:
-    - OES-1.30.1
+    - OES-1.30.1-nov-cve
 
 env:
   GRADLE_OPTS: -Dorg.gradle.daemon=false -Xmx6g -Xms6g
@@ -21,10 +21,9 @@ jobs:
         with:
           java-version: 17
           distribution: 'temurin'
-          cache: 'gradle'
       - name: Build
         env:
-          NEXUS_VERSION: 1-0-SNAPSHOT
+          NEXUS_VERSION: OES-1.30.1-nov-cve-SNAPSHOT
         run: |
 
               cat <<EOF>> patch
@@ -93,5 +92,8 @@ jobs:
                   sed  -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i settings.gradle
                   sed  -e 's/NEXUS_USERNAME/${{ secrets.NEXUS_USERNAME }}/' -i build.gradle
                   sed  -e 's/NEXUS_PASSWORD/${{ secrets.NEXUS_PASSWORD }}/' -i build.gradle
-
+
+              sed  's/^korkVersion=.*/korkVersion=OES-1.30.1-nov-cve-SNAPSHOT/; s/^fiatVersion=.*/fiatVersion=OES-1.30.1-nov-cve-SNAPSHOT/' gradle.properties > gradle.properties-bkp
+
+               mv gradle.properties-bkp gradle.properties
                 ./gradlew --no-daemon -PenableCrossCompilerPlugin=true  publish -x test

clouddriver-appengine/clouddriver-appengine.gradle

@@ -33,6 +33,8 @@ dependencies {
   implementation "org.springframework.boot:spring-boot-starter-web"
   implementation "org.springframework.cloud:spring-cloud-context"
   implementation "org.springframework.cloud:spring-cloud-config-server"
+  implementation "software.amazon.awssdk:s3:2.22.12"
+  implementation "software.amazon.awssdk:secretsmanager:2.22.12"
   implementation "com.jcraft:jsch:0.1.55"
   implementation("org.eclipse.jgit:org.eclipse.jgit.ssh.jsch:6.4.0.202211300538-r")//:5.12.0.202106070339-r")
 /*  implementation("com.jcraft:jsch.agentproxy.connector-factory:0.0.9")

clouddriver-cloudrun/clouddriver-cloudrun.gradle

@@ -33,6 +33,8 @@ dependencies {
   implementation "org.springframework.boot:spring-boot-starter-web"
   implementation "org.springframework.cloud:spring-cloud-context"
   implementation "org.springframework.cloud:spring-cloud-config-server"
+  implementation "software.amazon.awssdk:s3:2.22.12"
+  implementation "software.amazon.awssdk:secretsmanager:2.22.12"
 
   testImplementation "org.assertj:assertj-core"
   testImplementation "cglib:cglib-nodep:3.3.0"

clouddriver-configserver/clouddriver-configserver.gradle

@@ -20,6 +20,8 @@ dependencies {
   implementation "org.apache.commons:commons-lang3"
   implementation "org.springframework.cloud:spring-cloud-context"
   implementation "org.springframework.cloud:spring-cloud-config-server"
+  implementation "software.amazon.awssdk:s3:2.22.12"
+  implementation "software.amazon.awssdk:secretsmanager:2.22.12"
   implementation "com.github.wnameless.json:json-flattener:0.14.2"
 }
 

clouddriver-google/clouddriver-google.gradle

@@ -34,6 +34,8 @@ dependencies {
   implementation "org.springframework.boot:spring-boot-starter-web"
   implementation "org.springframework.cloud:spring-cloud-context"
   implementation "org.springframework.cloud:spring-cloud-config-server"
+  implementation "software.amazon.awssdk:s3:2.22.12"
+  implementation "software.amazon.awssdk:secretsmanager:2.22.12"
 
   testImplementation "org.assertj:assertj-core"
   testImplementation "cglib:cglib-nodep:3.3.0"

clouddriver-kubernetes/clouddriver-kubernetes.gradle

@@ -95,6 +95,8 @@ dependencies {
   implementation "org.springframework.security:spring-security-config"
   implementation "org.springframework.cloud:spring-cloud-context"
   implementation "org.springframework.cloud:spring-cloud-config-server"
+  implementation "software.amazon.awssdk:s3:2.22.12"
+  implementation "software.amazon.awssdk:secretsmanager:2.22.12"
   implementation "io.github.resilience4j:resilience4j-retry"
   implementation "io.github.resilience4j:resilience4j-micrometer"
   implementation "joda-time:joda-time:2.12.5"

clouddriver-web/config/clouddriver.yml

@@ -52,8 +52,8 @@ default:
   account:
     env: default
 
-aws:
-  enabled: ${AWS_ENABLED:false}
+#aws:
+ # enabled: ${AWS_ENABLED:false}
   #  features:
   #    launch-templates:
   #      enabled: true
@@ -71,25 +71,25 @@ aws:
   #  proxyDomain: foo
   #  proxyWorkstation: foo
   #  protocol: HTTP
-  defaults:
-    iamRole: BaseIAMRole
-    unknownInstanceTypeBlockDevice:
-      deviceName: /dev/sdb
-      size: 40
-    instanceClassBlockDevices:
-      - instanceClass: m3
-        blockDevices:
-          - deviceName: /dev/sdb
-            virtualName: ephemeral0
-          - deviceName: /dev/sdc
-            virtualName: ephemeral1
-  defaultRegions:
-    - name: us-east-1
-  defaultKeyPairTemplate: '{{name}}-keypair'
+ # defaults:
+ #  iamRole: BaseIAMRole
+ #   unknownInstanceTypeBlockDevice:
+ #     deviceName: /dev/sdb
+ #     size: 40
+ #   instanceClassBlockDevices:
+ #     - instanceClass: m3
+ #       blockDevices:
+ #         - deviceName: /dev/sdb
+ #           virtualName: ephemeral0
+ #         - deviceName: /dev/sdc
+ #           virtualName: ephemeral1
+ # defaultRegions:
+ #   - name: us-east-2
+ # defaultKeyPairTemplate: '{{name}}-keypair'
 
   # an empty list means we are directly managing the AWS account we have credentials for (named default.account.env)
   # see prod profile section below for an example configuration to manage other accounts via STS assume role
-  accounts: []
+ # accounts: []
 
 azure:
   enabled: ${AZURE_ENABLED:false}
@@ -257,9 +257,6 @@ kubernetes:
   v2:
     applyAppLabels: true
 
-dockerRegistry:
-  enabled: ${DOCKER_REGISTRY_ENABLED:false}
-
 dcos:
   enabled: false
 

docker/ubi8/Dockerfile-dev

@@ -53,7 +53,7 @@ USER root
 
 #RUN yum -y install bash jq  tar unzip wget procps  java-17-openjdk-devel.x86_64 vim  net-tools curl git 
 
-RUN yum -y install  wget git
+RUN yum -y install  wget git  procps
 
 
 # AWS CLI
@@ -81,7 +81,7 @@ RUN wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RE
 	&& mv ./aws-iam-authenticator /usr/local/bin/aws-iam-authenticator\
     && ln -sf /usr/local/bin/aws-iam-authenticator /usr/local/bin/heptio-authenticator-aws
 
-#COPY clouddriver-web/build/install/clouddriver /opt/clouddriver
+COPY clouddriver-web/build/install/clouddriver /opt/clouddriver
 RUN mkdir -p /opt/jaeger
 COPY jaeger/opentelemetry-javaagent.jar /opt/jaeger/opentelemetry-javaagent.jar
 

docker/ubi8/gradle-build-dockerfile

@@ -0,0 +1,140 @@
+FROM gradle:latest AS BUILD
+WORKDIR /opsmx/clouddriver/
+COPY . . 
+RUN ./gradlew --no-daemon clouddriver-web:installDist -x test
+
+
+# Modify DEFAULT_JVM_OPTS in clouddriver/bin/clouddriver
+#ENV EXTRA_OPTS="-Djava.security.egd=file:/dev/./urandom -Dspring.config.import=optional:/opt/spinnaker/config/ --add-opens=java.base/sun.net=ALL-UNNAMED --add-exports=java.base/sun.net=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED"
+
+#RUN sed -i "s#^\(DEFAULT_JVM_OPTS\)\s*=\s*'.*'\$#\1='-Djava.security.egd=file:/dev/./urandom -Dspring.config.import=optional:/opt/spinnaker/config/ --add-opens=java.base/sun.net=ALL-UNNAMED --add-exports=java.base/sun.net=ALL-UNNAMED --add-opens=java.base/java.time=ALL-UNNAMED --add-exports=java.base/sun.security.rsa=ALL-UNNAMED --add-exports=java.base/sun.security.pkcs=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED'#" /opt/clouddriver/bin/clouddriver
+
+
+FROM registry.access.redhat.com/ubi8/ubi:8.8 as java-builder
+LABEL maintainer="OpsMx"
+
+ARG JAVA_PACKAGE=java-17-openjdk-jmods
+RUN yum -y update && yum -y install --nodocs ${JAVA_PACKAGE}
+
+# Build a custom JRE.
+# For now, we will include all modules.  We could try to remove the ones
+# we don't need to reduce image size and security attack surface.
+WORKDIR /jrebuild
+RUN java --list-modules | cut -d'@' -f1 > modules
+RUN jlink --output runtime --add-modules `paste -sd, - < modules` --compress 2 --vm server
+
+# Build a minimal base image with our custom Java installed.
+
+FROM registry.access.redhat.com/ubi8/ubi:8.8 AS awscli-install
+RUN yum install -y unzip
+RUN curl https://awscli.amazonaws.com/awscli-exe-linux-`uname -m`.zip -o awscliv2.zip
+RUN unzip awscliv2.zip
+RUN ./aws/install
+
+FROM registry.access.redhat.com/ubi8/ubi:8.8 AS java-base
+LABEL maintainer="OpsMx"
+COPY --from=java-builder /jrebuild/runtime /opsmx-java-runtime
+COPY --from=awscli-install /usr/local/aws-cli /usr/local/aws-cli/
+RUN ln -sf /usr/local/aws-cli/v2/current/bin/aws /usr/local/bin/aws && ln -sf /usr/local/aws-cli/v2/current/bin/aws_completer /usr/local/bin/aws_completer
+ARG OPSMXUSER=1001
+ENV JAVA_HOME=/opsmx-java-runtime \
+    PATH=${PATH}:/opsmx-java-runtime/bin \
+    WORK_DIR=/opsmx/workdir \
+    CONF_DIR=/opsmx/conf
+
+# Enabling fips mode
+RUN fips-mode-setup --enable
+
+# Setting crypto policies to FIPS
+RUN update-crypto-policies --set FIPS
+
+RUN yum install -y python38
+ARG TARGETARCH
+
+
+ENV KUBECTL_RELEASE=1.22.0
+ENV AWS_CLI_S3_CMD=2.0.2
+ENV AWS_AIM_AUTHENTICATOR_VERSION=0.6.14
+ENV GOOGLE_CLOUD_SDK_VERSION=458.0.1
+ENV ECR_TOKEN_VERSION=v1.0.2
+
+ENV PATH "$PATH:/usr/local/bin/:/opt/google-cloud-sdk/bin/:/usr/local/bin/aws-iam-authenticator"
+
+USER root
+
+
+#RUN yum -y install bash jq  tar unzip wget procps  java-17-openjdk-devel.x86_64 vim  net-tools curl git
+
+RUN yum -y install  wget git
+
+
+# AWS CLI
+RUN yum -y install python3-pip && \
+    pip3 install --upgrade pyyaml==5.4 s3cmd==${AWS_CLI_S3_CMD} python-magic \
+     && yum -y remove  python3-pip && \
+    yum clean all
+
+
+RUN   wget -nv https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz \
+  && mkdir -p /opt \
+  && tar -xzf google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz -C /opt \
+  && rm google-cloud-sdk-${GOOGLE_CLOUD_SDK_VERSION}-linux-x86_64.tar.gz \
+  && CLOUDSDK_PYTHON="python3" /opt/google-cloud-sdk/install.sh --usage-reporting=false --bash-completion=false \
+     --additional-components app-engine-java app-engine-go gke-gcloud-auth-plugin \
+  && rm -rf ~/.config/gcloud \
+  && rm -rf /opt/google-cloud-sdk/.install/.backup
+
+# kubectl + AWS IAM authenticator
+RUN wget https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_RELEASE}/bin/linux/${TARGETARCH}/kubectl \
+  && chmod +x kubectl \
+  && mv ./kubectl /usr/local/bin/kubectl \
+  && wget -O aws-iam-authenticator https://github.com/kubernetes-sigs/aws-iam-authenticator/releases/download/v${AWS_AIM_AUTHENTICATOR_VERSION}/aws-iam-authenticator_${AWS_AIM_AUTHENTICATOR_VERSION}_linux_${TARGETARCH} \
+	&& chmod +x ./aws-iam-authenticator \
+	&& mv ./aws-iam-authenticator /usr/local/bin/aws-iam-authenticator\
+    && ln -sf /usr/local/bin/aws-iam-authenticator /usr/local/bin/heptio-authenticator-aws
+
+
+ENV APP_HOME=/opsmx/clouddriver/
+WORKDIR $APP_HOME
+COPY --from=BUILD $APP_HOME/clouddriver-web/build/install/clouddriver /opt/clouddriver
+
+
+RUN mkdir -p /opt/jaeger
+COPY jaeger/opentelemetry-javaagent.jar /opt/jaeger/opentelemetry-javaagent.jar
+
+#RUN yum -y remove  tar  curl
+#RUN yum -y remove  vim  jq unzip
+RUN yum -y remove clean all && rm -rf /var/cache
+
+
+
+RUN adduser spinnaker
+RUN mkdir -p /opt/clouddriver/plugins
+
+#custom plugin zip files adding
+#ARG CUSTOMPLUGIN_RELEASEVERSION
+#ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+
+ARG CUSTOMPLUGIN_RELEASEORG
+ENV CUSTOMPLUGIN_RELEASEORG=$CUSTOMPLUGIN_RELEASEORG
+
+ARG CUSTOMPLUGIN_RELEASEREPO
+ENV CUSTOMPLUGIN_RELEASEREPO=$CUSTOMPLUGIN_RELEASEREPO
+
+ARG CUSTOMPLUGIN_RELEASEVERSION
+ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+
+RUN wget -O Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip -c https://github.com/${CUSTOMPLUGIN_RELEASEORG}/${CUSTOMPLUGIN_RELEASEREPO}/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}.zip -P /opt/clouddriver/plugins
+
+RUN mv Armory.armory-observability-plugin-${CUSTOMPLUGIN_RELEASEVERSION}-SNAPSHOT.zip /opt/clouddriver/plugins/
+
+RUN chmod -R 777 /opt/clouddriver/plugins/
+RUN chown -R spinnaker:spinnaker /opt/
+
+RUN mkdir -p /etc/pki/tls/certs
+RUN chmod -R 777 /etc/pki/tls/certs
+RUN chmod -R 777 /var/
+RUN chown -R spinnaker:spinnaker /var
+USER spinnaker
+ENV SLEEP_TIME=10s
+CMD  sleep $SLEEP_TIME ; "/opt/clouddriver/bin/clouddriver"

gradle.properties

@@ -1,5 +1,5 @@
 fiatVersion=1-0-SNAPSHOT
-korkVersion=1-0-SNAPSHOT
+korkVersion=nov13-SNAPSHOT
 org.gradle.parallel=true
 spinnakerGradleVersion=1-0-SNAPSHOT
 #targetJava11=true