diff --git a/Jenkinsfile b/Jenkinsfile
index 1fc467b125fe484ac84d66018e84e0479d749e00..bbd253fb1f24c8436f6031342b8bada4be5e058e 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -184,22 +184,20 @@ pipeline {
}
}
- stage ('OWASP Dependency-Check Vulnerabilities') {
+ stage ('Deploy SBOM to DependencyTrack') {
steps {
- dependencyCheck additionalArguments: '''
- -o "./"
- -s "./"
- -f "ALL"
- -d /dependency-check-data
- --suppression dependency-check-supressions.xml
- --disableKnownExploited
- --noupdate
- --disableArchive
- --prettyPrint''', odcInstallation: 'dependency-check-owasp'
-
- dependencyCheckPublisher(
- pattern: 'dependency-check-report.xml'
- )
+ script {
+ IMAGE_TAG = generateImageTag()
+
+ configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
+ withCredentials([string(credentialsId: 'dependency-track-api-key', variable: 'API_KEY')]) {
+
+ catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
+ sh "mvn --no-transfer-progress -s $MAVEN_SETTINGS io.github.pmckeown:dependency-track-maven-plugin:upload-bom -Ddependency-track.apiKey=$API_KEY -Ddependency-track.projectVersion=${IMAGE_TAG} -Ddependency-track.dependencyTrackBaseUrl=https://dependency-track.ozg-sh.de"
+ }
+ }
+ }
+ }
}
}
}
diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconciler.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconciler.java
index 707a4b5a02daeb6fddc8d59e77a92862fc69cd73..07a5d9d87a3826b4556c50628be5d62e72aec674 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconciler.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconciler.java
@@ -69,7 +69,7 @@ public class KeycloakRealmReconciler implements Reconciler<OzgCloudKeycloakRealm
LOG.info("keep data");
return DeleteControl.defaultDelete();
}
- if (!service.realmExists(realm.getMetadata().getName())) {
+ if (!service.realmExists(realm.getMetadata().getNamespace())) {
return DeleteControl.defaultDelete();
}
return deleteRealm(realm);
diff --git a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
index f219de315809bc8aeb2de57248ad069b3f1cffd7..82e2ebe07788b96acd5123ca5e48485f068c1daa 100644
--- a/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
+++ b/ozgcloud-keycloak-operator/src/main/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmService.java
@@ -49,14 +49,14 @@ class KeycloakRealmService {
private final KeycloakGenericRemoteService keycloakGenericRemoteService;
- void createOrUpdateRealm(OzgCloudKeycloakRealmSpec realm, String realmName) {
+ public void createOrUpdateRealm(OzgCloudKeycloakRealmSpec realm, String realmName) {
keycloakGenericRemoteService.getRealmRepresentation(realmName)
.ifPresentOrElse(existingRealm -> updateRealm(existingRealm, realm),
() -> createRealm(realm, realmName));
+ addOrUpdateRealmRoles(realm, realmName);
}
void updateRealm(RealmRepresentation existingRealm, OzgCloudKeycloakRealmSpec spec) {
-
try {
LOG.debug("{}: Updating existing realm...", existingRealm);
var realmRepresentation = mapper.update(existingRealm, spec);
@@ -66,20 +66,14 @@ class KeycloakRealmService {
LOG.warn(existingRealm + ": Updating existing realm failed: ", e);
throw e;
}
- addOrUpdateRealmRoles(spec, existingRealm.getRealm());
}
void createRealm(OzgCloudKeycloakRealmSpec realm, String realmName) {
Optional.of(realm)
.map(mapper::map)
.map(realmRepresentation -> addRealmName(realmRepresentation, realmName))
- // TODO dieser Filter kann vermutlich gelöscht werden, die Prüfung auf
- // realmExists passiert bereits vorher
.filter(realmRepresentation -> !keycloakGenericRemoteService.realmExists(realmName))
- .ifPresent(realmRepresentation -> {
- remoteService.createRealm(realmRepresentation);
- addUserProfileAttributes(realmRepresentation);
- });
+ .ifPresent(remoteService::createRealm);
}
void addOrUpdateRealmRoles(OzgCloudKeycloakRealmSpec spec, String realm) {
diff --git a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconcilerTest.java b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconcilerTest.java
index e2eb0e9a1debf37dab96328083c157d61cbc83b8..b38f73c89c0d37bfbc80abb52597d25a81d2453c 100644
--- a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconcilerTest.java
+++ b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmReconcilerTest.java
@@ -134,7 +134,7 @@ class KeycloakRealmReconcilerTest {
void shouldCallRealmExists() {
reconciler.cleanup(realm, null);
- verify(service).realmExists(realm.getMetadata().getName());
+ verify(service).realmExists(OzgCloudKeycloakRealmTestFactory.METADATA_NAMESPACE);
}
@Test
diff --git a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmServiceTest.java b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmServiceTest.java
index 0513da54c8c864285440b794f104bd82ad731e2f..8d413c5891726be28f7b4aefb5fa98e2108ac321 100644
--- a/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmServiceTest.java
+++ b/ozgcloud-keycloak-operator/src/test/java/de/ozgcloud/operator/keycloak/realm/KeycloakRealmServiceTest.java
@@ -95,6 +95,13 @@ class KeycloakRealmServiceTest {
verify(keycloakGenericRemoteService).getRealmRepresentation(REALM_NAME);
}
+ @Test
+ void shouldCallAddOrUpdateRealmRoles() {
+ service.createOrUpdateRealm(REALM, REALM_NAME);
+
+ verify(service).addOrUpdateRealmRoles(REALM, REALM_NAME);
+ }
+
}
@DisplayName("Update Realm")
@@ -122,13 +129,6 @@ class KeycloakRealmServiceTest {
verify(mapper).update(realmRepresentation, REALM);
}
- @Test
- void shouldCallAddOrUpdateRealmRoles() {
-
- service.updateRealm(realmRepresentation, REALM);
-
- verify(service).addOrUpdateRealmRoles(REALM, realmRepresentation.getRealm());
- }
@Test
void createRealmShouldCallAddAttributes() {
diff --git a/pom.xml b/pom.xml
index 8e8cb9d876bd13667bb9279595fce98f181f18a5..9cac92830811d994aa6f0b0a4bbaa69726370eea 100644
--- a/pom.xml
+++ b/pom.xml
@@ -42,6 +42,10 @@
<!-- plugin -->
<license-maven-plugin.version>4.1</license-maven-plugin.version>
<ozgcloud-license.version>1.6.0</ozgcloud-license.version>
+
+ <dependency-track-maven-plugin.version>1.7.0</dependency-track-maven-plugin.version>
+ <cyclonedx-maven-plugin.version>2.7.11</cyclonedx-maven-plugin.version>
+
</properties>
<dependencies>
@@ -222,8 +226,35 @@
</dependency>
</dependencies>
</plugin>
+
+ <plugin>
+ <groupId>io.github.pmckeown</groupId>
+ <artifactId>dependency-track-maven-plugin</artifactId>
+ <version>${dependency-track-maven-plugin.version}</version>
+ <configuration>
+ <dependencyTrackBaseUrl>https://dependency-track.ozg-sh.de</dependencyTrackBaseUrl>
+ <failOnError>true</failOnError>
+ <createProject>true</createProject>
+ </configuration>
+ </plugin>
</plugins>
</pluginManagement>
+
+ <plugins>
+ <plugin>
+ <groupId>org.cyclonedx</groupId>
+ <artifactId>cyclonedx-maven-plugin</artifactId>
+ <version>${cyclonedx-maven-plugin.version}</version>
+ <executions>
+ <execution>
+ <phase>package</phase>
+ <goals>
+ <goal>makeAggregateBom</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ </plugins>
</build>
<distributionManagement>