diff --git a/Jenkinsfile b/Jenkinsfile
index c148948cdb66e9d6dd9fd188d4772daf0c76c3dc..8067b2b13cf8a55649df6c6a7909d9518ea0daaf 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,7 +1,7 @@
pipeline {
agent {
node {
- label 'ozgcloud-jenkins-build-agent'
+ label 'ozgcloud-jenkins-build-agent-jdk21'
}
}
diff --git a/pom.xml b/pom.xml
index 895e31b0d688877b9b530c5c005521206810b344..d320766c93782dfcba189622247edf423051d886 100644
--- a/pom.xml
+++ b/pom.xml
@@ -29,7 +29,7 @@
<parent>
<groupId>de.ozgcloud.common</groupId>
<artifactId>ozgcloud-common-dependencies</artifactId>
- <version>3.0.1</version>
+ <version>4.0.1</version>
</parent>
<modelVersion>4.0.0</modelVersion>
@@ -44,19 +44,16 @@
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
<ozgcloud.license.version>1.3.0</ozgcloud.license.version>
- <jakarta.interceptor.version>2.1.0</jakarta.interceptor.version>
- <jakarta.annotatioin.version>2.1.1</jakarta.annotatioin.version>
- <lombok.version>1.18.24</lombok.version>
- <keycloak-adapter.version>22.0.5</keycloak-adapter.version>
+ <lombok.version>1.18.30</lombok.version>
<!-- plugins -->
- <maven.compiler.release>17</maven.compiler.release>
+ <maven.compiler.release>21</maven.compiler.release>
<jandex-maven-plugin-version>1.2.3</jandex-maven-plugin-version>
- <compiler-plugin.version>3.8.1</compiler-plugin.version>
- <jacoco.plugin.version>0.8.8</jacoco.plugin.version>
- <surefire-plugin.version>3.2.2</surefire-plugin.version>
- <maven-failsafe-plugin.version>3.2.2</maven-failsafe-plugin.version>
- <git-commit-id-plugin.version>4.9.10</git-commit-id-plugin.version>
+ <compiler-plugin.version>3.11.0</compiler-plugin.version>
+ <jacoco.plugin.version>0.8.11</jacoco.plugin.version>
+ <surefire-plugin.version>3.2.5</surefire-plugin.version>
+ <maven-failsafe-plugin.version>3.2.5</maven-failsafe-plugin.version>
+ <git-commit-id-maven-plugin.version>7.0.0</git-commit-id-maven-plugin.version>
<maven-source.plugin.version>3.3.0</maven-source.plugin.version>
</properties>
@@ -87,12 +84,12 @@
<dependency>
<groupId>jakarta.interceptor</groupId>
<artifactId>jakarta.interceptor-api</artifactId>
- <version>${jakarta.interceptor.version}</version>
+ <version>${jakarta.version}</version>
</dependency>
<dependency>
<groupId>jakarta.annotation</groupId>
<artifactId>jakarta.annotation-api</artifactId>
- <version>${jakarta.annotatioin.version}</version>
+ <version>${jakarta.version}</version>
</dependency>
<!-- Mapstruct -->
@@ -181,9 +178,9 @@
<version>${maven-failsafe-plugin.version}</version>
</plugin>
<plugin>
- <groupId>pl.project13.maven</groupId>
- <artifactId>git-commit-id-plugin</artifactId>
- <version>${git-commit-id-plugin.version}</version>
+ <groupId>io.github.git-commit-id</groupId>
+ <artifactId>git-commit-id-maven-plugin</artifactId>
+ <version>${git-commit-id-maven-plugin.version}</version>
<executions>
<execution>
<id>get-the-git-infos</id>
diff --git a/src/main/helm/templates/_helpers.tpl b/src/main/helm/templates/_helpers.tpl
index 786c783668e06784ebb8cbee7812ea609ea5a338..bc963ce6bd8e0c73640351838f8696ba487f786b 100644
--- a/src/main/helm/templates/_helpers.tpl
+++ b/src/main/helm/templates/_helpers.tpl
@@ -145,4 +145,21 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- else -}}
{{ printf "user-manager-truststore" }}
{{- end -}}
+{{- end -}}
+
+{{- define "app.getCustomList" -}}
+{{- with (.Values.env).customList -}}
+{{- if kindIs "map" . -}}
+{{ include "app.dictToList" . }}
+{{- else if kindIs "slice" . -}}
+{{ . | toYaml }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{- define "app.dictToList" -}}
+{{- range $key, $value := . -}}
+- name: {{ $key }}
+ value: {{ $value }}
+{{- end -}}
{{- end -}}
\ No newline at end of file
diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 70fdfc86a1434988821a3a276710a9f900247ff9..7cd58a170bb847804981867c17124c2148886c83 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -113,8 +113,8 @@ spec:
- name: QUARKUS_GRPC_SERVER_SSL_KEY
value: ""
{{- end }}
- {{- with (.Values.env).customList }}
-{{ toYaml . | indent 8 }}
+ {{- with include "app.getCustomList" . }}
+{{ . | indent 8 }}
{{- end }}
{{- if not .Values.disableNamespaceTruststore }}
- name: TRUSTSTORE_PASSWORD
diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index d5cea4894bc1add8a6d33239cb7d3fe2cd45d563..fb3ab3968eab6183274431f6247c7ddd099b84f5 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -49,7 +49,10 @@ spec:
- podSelector:
matchLabels:
component: alfa
-{{- with (.Values.networkPolicy).additionalIngressConfig }}
+{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalIngressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
egress:
@@ -77,7 +80,10 @@ spec:
protocol: UDP
- port: 5353
protocol: TCP
-{{- with (.Values.networkPolicy).additionalEgressConfig }}
+{{- with (.Values.networkPolicy).additionalEgressConfigLocal }}
+{{ toYaml . | indent 2 }}
+{{- end }}
+{{- with (.Values.networkPolicy).additionalEgressConfigGlobal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/test/helm/deployment_env_test.yaml b/src/test/helm/deployment_env_test.yaml
index c0acc80b8d90dd1c36534024f7fa19a1277d40a8..cb37ebc09607640a09ad1df61d45ac38e132a3bb 100644
--- a/src/test/helm/deployment_env_test.yaml
+++ b/src/test/helm/deployment_env_test.yaml
@@ -35,7 +35,7 @@ set:
baseUrl: test.sh.ozg-cloud.de
imagePullSecret: image-pull-secret
tests:
- - it: check customList
+ - it: check customList as list
set:
env.customList:
- name: my_test_environment_name
@@ -46,6 +46,16 @@ tests:
content:
name: my_test_environment_name
value: "A test value"
+ - it: check customList as dict
+ set:
+ env.customList:
+ my_test_environment_name: "A test value"
+ asserts:
+ - contains:
+ path: spec.template.spec.containers[0].env
+ content:
+ name: my_test_environment_name
+ value: "A test value"
- it: check customList test value is not set by default
asserts:
- notContains:
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index 28914dc3ded0ae7c2b93b4d90a0451e50d72f3af..1e098799bc505edb7fa400cfa8b6ec91ecb28e88 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -99,16 +99,16 @@ tests:
- port: 5353
protocol: TCP
- - it: add ingress rule by values
+ - it: should add additionalIngressConfigLocal
set:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-namespace-dns
- additionalIngressConfig:
+ additionalIngressConfigLocal:
- from:
- podSelector:
matchLabels:
- component: client2
+ component: local-client
asserts:
- contains:
path: spec.ingress
@@ -116,14 +116,64 @@ tests:
from:
- podSelector:
matchLabels:
- component: client2
+ component: local-client
- - it: add egress rules by values
+ - it: should add additionalIngressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfigGlobal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+
+ - it: should add additionalIngressConfigGlobal and additionalIngressConfigLocal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ additionalIngressConfigGlobal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ additionalIngressConfigLocal:
+ - from:
+ - podSelector:
+ matchLabels:
+ component: local-client
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: global-client
+ - contains:
+ path: spec.ingress
+ content:
+ from:
+ - podSelector:
+ matchLabels:
+ component: local-client
+
+ - it: should add additionalEgressConfigLocal
set:
networkPolicy:
ssoPublicIp: 51.89.117.53/32
dnsServerNamespace: test-dns-namespace
- additionalEgressConfig:
+ additionalEgressConfigLocal:
- to:
- ipBlock:
cidr: 1.2.3.4/32
@@ -135,6 +185,50 @@ tests:
- ipBlock:
cidr: 1.2.3.4/32
+ - it: should add additionalEgressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigGlobal:
+ - to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+
+ - it: should add additionalEgressConfigLocal and additionalEgressConfigGlobal
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-dns-namespace
+ additionalEgressConfigLocal:
+ - to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
+ additionalEgressConfigGlobal:
+ - to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+ asserts:
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 1.2.3.4/32
+ - contains:
+ path: spec.egress
+ content:
+ to:
+ - ipBlock:
+ cidr: 2.3.4.5/32
+
- it: test network policy disabled
set:
networkPolicy:
diff --git a/user-manager-server/pom.xml b/user-manager-server/pom.xml
index bdf2cfc8503a661e768b8c85b5b1126d4eae69da..3229b0b6b0eca874417c8eff5207a7dffb1547bb 100644
--- a/user-manager-server/pom.xml
+++ b/user-manager-server/pom.xml
@@ -239,8 +239,8 @@
<extensions>true</extensions>
</plugin>
<plugin>
- <groupId>pl.project13.maven</groupId>
- <artifactId>git-commit-id-plugin</artifactId>
+ <groupId>io.github.git-commit-id</groupId>
+ <artifactId>git-commit-id-maven-plugin</artifactId>
</plugin>
<plugin>
<groupId>org.jacoco</groupId>
diff --git a/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncScheduler.java b/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncScheduler.java
index 0fe18bc239a37c83b2b93c4c9bfc44ee913a55fd..9804d6482ee9a3ff9732512076703c99947d9f23 100644
--- a/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncScheduler.java
+++ b/user-manager-server/src/main/java/de/ozgcloud/user/sync/SyncScheduler.java
@@ -25,10 +25,10 @@ package de.ozgcloud.user.sync;
import static io.quarkus.scheduler.Scheduled.ConcurrentExecution.*;
-import de.ozgcloud.user.common.lock.LockService;
import jakarta.enterprise.context.ApplicationScoped;
import jakarta.inject.Inject;
+import de.ozgcloud.user.common.lock.LockService;
import io.quarkus.scheduler.Scheduled;
import lombok.extern.log4j.Log4j2;
@@ -48,7 +48,7 @@ public class SyncScheduler {
sync(lock.getTimestamp());
} else {
- LOG.warn("UserManager: Database is locked, no sync happend.");
+ LOG.debug("UserManager: Database is locked, no sync happend.");
if (syncLockService.isLockOlderThanADay()) {
LOG.warn("Database lock is older than a day, removing it now");
syncLockService.unlock();