Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Issue-ID: AAF-1196
Signed-off-by: Sean Hassan <sean.hassan@att.com>
Change-Id: Ic10219cc0ed2186780aec7845a97f588a653c03f
|
|
Issue-ID: AAF-111
Change-Id: I88ce5fc1015448b0a14d0ed15fdb230cfac94d6c
Signed-off-by: GANDHAM <sg481n@att.com>
|
|
Issue-ID: AAF-111
Change-Id: I8285dc77f60723408a1ca73d043aa674dcf45e8e
Signed-off-by: GANDHAM <sg481n@att.com>
|
|
Issue-ID: AAF-111
Change-Id: Id22107054dc0081dc4c803c89f1d75713a083055
Signed-off-by: GANDHAM <sg481n@att.com>
|
|
Modify fproxy, rproxy and tproxy-config docker container image due to arm64 compatibility
Issue-ID: INT-1174
Issue-ID: INT-1175
Issue-ID: INT-1176
Signed-off-by: Simon Hrabos <simon.hrabos@tieto.com>
Change-Id: Ibbf9e1d15bea9ebb1b82ff50c8671927c68be2ed
|
|
Issue-ID: AAF-824
Change-Id: I77afc63282a98ecf02a16b8e8d36135fe3d5c09a
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
This is to circumvent the issue of latest fproxy and rproxy
snapshot artifacts disappearing from nexus, causing the sonar
job to fail
Change-Id: I48448e3db09797392c4c7e833270165aca17bff6
Issue-ID: AAF-806
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
|
|
Authorization filter now takes into account the
request method. The desired method can now be
added to the authorization file defaulting to
GET if not supplied. The request URI & method
can now be checked against the authorization
configuration along with the needed permissions.
Issue-ID: AAF-786
Change-Id: I25f6f2180ac9d94a30ca5ba1aa349fb424c18d81
Signed-off-by: IanB <IanB@amdocs.com>
|
|
Fix to rproxy and fproxy to allow the log file to be generated at runtime.
Changes to the sidecar pom.xml by adding logback-classic in the
dependency management
- Makes sure the correct logback-classic plugin version is pulled in from its transitive dependency
- Override the scope dependency that was recently set to test
Change-Id: I55ffee62e3e052c97fdda6d934cf3213473298b3
Issue-ID: AAF-781
Signed-off-by: bwong21 <bwong@amdocs.com>
|
|
Change-Id: I55e2c54427433aff7ddeb704da86e28a3b10f87d
Issue-ID: AAF-774
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Also, improve Logging
Issue-ID: AAF-771
Change-Id: I4cf286b5c474596f5e824e5204598cf0c1bb014c
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-655
Change-Id: I6719683718ec8dc2695df1eb14b6b490df5976c5
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
Issue-ID: AAF-655
Change-Id: I1e1439efbee5900c82a6065a0581faae15622581
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
Issue-ID: AAF-655
Change-Id: I12cab0cff0e8244cd6d477fb5cb6aa64ad353bf5
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
Submodule: FProxy service
By default, Spring-Boot uses Jackson dependencies to marshall/unmarshall
JSON. However, all current releases of Jackson contain security
vulnerabilities.
This change will configure Spring-Boot to use the GSON library instead
of Jackson, which contains no security vulnerabilities.
Change-Id: Ifd36d2ddb79fa5da9310e1872f8936ab7ae91073
Issue-ID: AAF-693
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Upversion to latest 2.1.1.RELEASE to fix new NexusIQ security
vulnerabilities
Change-Id: I8d7759d5f5dbdf70b1056bc4b6875caf8c25893d
Issue-ID: AAF-693
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
After recent commits, sidecar unit tests had been disabled. These
changes re-enable them and allow them to complete successfully.
After review comments removed the dependency on Mockito and added
a comment on the Surefire plugin configuration.
Change-Id: I301b524e06460480e37d180a3fc9977588e87892
Issue-ID: AAF-642
Signed-off-by: IanB <IanB@amdocs.com>
|
|
Issue-ID: AAF-634
Change-Id: I3586bc4da38853b6320b887248f32c45f9704585
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-630
Change-Id: I4c7b46b578921d53e0821dcee53ba66de96b6bd4
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
* Create default truststore, fproxy_truststore.
* Require TRUST_STORE_PASSWORD system parameter on application start.
* Harden parameter checks in FProxyApplication PostConstruct.
* Rationalise properties in RestTemplateConfig.
* Update unit tests to handle trust store.
* Correct spring dependency in pom.
Change-Id: I0254e5d27ff76bbd7a44b961169d7fe47761d3f9
Issue-ID: AAF-614
Signed-off-by: Michael Arrastia <MArrasti@amdocs.com>
|
|
Issue-ID: AAF-613
Change-Id: Ic13411eebbf3c1c9b6d8492aff1b37db37a965e4
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-613
Change-Id: I14531b546aebb9e5326ddc67eb3ec4eb9e17dac1
Signed-off-by: Instrumental <jonathan.gathman@att.com>
|
|
Issue-ID: AAF-611
Change-Id: I0a273cdfc61798f77b22a58e2190cb5333eab730
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
By default any container is accessible from any pod inside
a Kubernetes cluster. It is therefore possible to send requests
directly to the primary microservice even if sidecar security
is enabled.
An additional netfilter rule will redirect any incoming TCP
requests to the Reverse Proxy. The Reverse Proxy service
listens on the hard coded port (10692)
Issue-ID: AAF-591
Change-Id: I9afccadb08add4312cef770221702942d811cbdd
Signed-off-by: IanB <IanB@amdocs.com>
|
|
|
|
Change-Id: Ia7f94f8903039a7b55946c9cab4f026fe3558f1c
Issue-ID: AAF-586
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Change-Id: I99ead3648f0175f188e280c76868da7c117d9a28
Signed-off-by: Stanislav Chlebec <stanislav.chlebec@pantheon.tech>
Issue-ID: AAF-582
|
|
Issue-ID: AAF-576
Change-Id: I758608684f469610693c9682d10eb2746a89d970
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
The connection to cassandra is not http/https. Hence bypassing it from
going through the forward proxy.
Change-Id: Ic4f65222fca5f3698d6ed806333b265d0e392314
Issue-ID: AAF-572
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
|
|
Change-Id: I180e584b78dbe32d4c00b05672c2f6aa182ce4b1
Issue-ID: AAF-562
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Added more information on how to configure URIs & needed permissions
for the ReverseProxyAuthorization filter, the authorization enforcement
point. Added the necessary steps to use an alternative authorization
provider.
Issue-ID: AAI-1604
Change-Id: Ia16dd2687b0032a0bd75641c1523307e90ceeb32
Signed-off-by: IanB <IanB@amdocs.com>
|
|
|
|
Change-Id: I1531731713729dec57590f014dfe0c947ef55d37
Issue-ID: AAF-553
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
Ensure that the fproxy unit tests are specifically testing the
propagation of the X-TransactionId header in downstream requests.
Change-Id: I5e2da81eacaaf2f30e08b2cb95a12049fd5da6ff
Issue-ID: AAF-529
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Adding relative path to oparent
Issue-ID: AAF-537
Change-Id: I6601b919c3e96bb7987aa316e460077a6de4e0bd
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
rproxy sonar job is failing because fproxy artifact is not being
deployed.
Change-Id: I32d1b52e9420f76c0c1e27e0c87a2ecb5996e864
Issue-ID: AAF-528
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
Issue-ID: AAF-537
Change-Id: Ifc517cc153b0e1cb0b3b990e347349b148ba883d
Signed-off-by: Sai Gandham <sg481n@att.com>
|
|
Remove Spring Boot Jackson dependencies and replace with Gson
implementation.
Fix potential source of NullPointerException.
Change-Id: I3a715a023223b596e8a0979f0e0d381511fca32d
Issue-ID: AAF-529
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
The docker jobs are failing when reading the version.properties.
Also. remove unused version.properties under sub modules
Change-Id: If2940ac3a158e8c0bfba7fcb34ca241838a34597
Issue-ID: AAI-1689
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
The docker java daily job is hanging when it tries to build the image.
Add rproxy and tproxy-config as submodules to sidecar. Align the groupid
of sidecar pom.
Change-Id: Idb24459b9eae43dbbef39b4a14b6167762fa126f
Issue-ID: AAI-1676
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|
|
|
|
|
|
The Reverse Proxy sidecar is used to separate the responsibility of
authentication and authorization away from the primary microservice. In
conjunction with the Forward Proxy sidecar, it is responsible for
controlling access to the REST URL endpoints exposed by the primary
microservice, and propogating security credentials to downstream
microservices.
Change-Id: I5d80429e5422d7b3937cde73ac10c2ec00d264e8
Issue-ID: AAI-1604
Signed-off-by: Lee, Tian (tl5884) <TianL@amdocs.com>
|
|
The tproxy-config init container sets up a pod's internal
network routing such that any traffic outbound from
the primary service is routed through the forward
proxy.
Change-Id: Ieca438fbed07db5fe7bce6162811634237c61b2a
Issue-ID: AAI-1664
Signed-off-by: Blackwell, Ian (ib733q) <ib733q@att.com>
|
|
Add a maven module called sidecar to cadi.
Add forward proxy as a maven module to sidecar.
Note that though sidecar is a module of cadi it does not inherit from cadi's pom.
Change-Id: I617ecb1a66a3cbdd3f03287f28c6527693c6dfc6
Issue-ID: AAI-1603
Signed-off-by: Ravi Geda <gravik@amdocs.com>
|