summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSunil Unnava <su622b@att.com>2018-02-27 03:39:09 -0500
committerSunil Unnava <su622b@att.com>2018-02-27 03:40:08 -0500
commit0afd0dd2f1fa4435fa730a287e68fec4f271e617 (patch)
tree018918dbbbf1758c63cae176b7d65b22902bf0dd
parent1ab29ec8a91e845a59a2990ca2fe17166111a458 (diff)
Security issues fixes
Issue-ID: DMAAP-205 Change-Id: I26dd72a7c1d0c366974983b263cc2d44b4c5cafa Signed-off-by: Sunil Unnava <su622b@att.com>
-rw-r--r--pom.xml516
-rw-r--r--version.properties2
2 files changed, 283 insertions, 235 deletions
diff --git a/pom.xml b/pom.xml
index c79d947..e5fbc61 100644
--- a/pom.xml
+++ b/pom.xml
@@ -1,241 +1,289 @@
<?xml version="1.0"?>
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
- <modelVersion>4.0.0</modelVersion>
- <groupId>org.onap.dmaap.dbcapi</groupId>
- <artifactId>dbcapi</artifactId>
- <version>${artifact.version}</version>
- <name>dmaap-dbcapi</name>
- <parent>
- <groupId>org.onap.oparent</groupId>
- <artifactId>oparent</artifactId>
- <version>0.1.1</version>
- <relativePath/>
- </parent>
- <build>
- <finalName>dbcapi</finalName>
- <resources>
- <resource>
- <directory>src/main/java/org/onap/dmaap/dbcapi/logging</directory>
- </resource>
- <resource>
- <directory>src/main/resources</directory>
- </resource>
- </resources>
- <plugins>
-<!-- reference: https://tech.homeaway.com/development/2016/06/02/generating-swagger-spec.html
--->
- <plugin>
- <groupId>com.github.kongchen</groupId>
- <artifactId>swagger-maven-plugin</artifactId>
- <version>3.1.5</version>
- <configuration>
- <apiSources>
- <apiSource>
- <springmvc>false</springmvc>
- <locations>
- <location>org.onap.dmaap.dbcapi.resources</location>
- </locations>
- <schemes>
- <scheme>http</scheme>
- <scheme>https</scheme>
- </schemes>
- <host>www.[host]:[port]</host>
- <basePath>/webapi</basePath>
- <info>
- <title>DMaaP Bus Controller REST API</title>
- <version>1.1.0</version>
- <description>
-provides an API for OpenDCAE components which need to provision underlying DMaaP technologies (Data Router and Message Router). Primary clients for this API are anticipated to be the OpenDCAE Controller, OpenDCAE Orchestrator, OpenDCAE Inventory and the ECOMP Portal.
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+ <modelVersion>4.0.0</modelVersion>
+ <groupId>org.onap.dmaap.dbcapi</groupId>
+ <artifactId>dbcapi</artifactId>
+ <version>${artifact.version}</version>
+ <name>dmaap-dbcapi</name>
+ <parent>
+ <groupId>org.onap.oparent</groupId>
+ <artifactId>oparent</artifactId>
+ <version>0.1.1</version>
+ <relativePath />
+ </parent>
+ <build>
+ <finalName>dbcapi</finalName>
+ <resources>
+ <resource>
+ <directory>src/main/java/org/onap/dmaap/dbcapi/logging</directory>
+ </resource>
+ <resource>
+ <directory>src/main/resources</directory>
+ </resource>
+ </resources>
+ <plugins>
+ <!-- reference: https://tech.homeaway.com/development/2016/06/02/generating-swagger-spec.html -->
+ <plugin>
+ <groupId>com.github.kongchen</groupId>
+ <artifactId>swagger-maven-plugin</artifactId>
+ <version>3.1.5</version>
+ <configuration>
+ <apiSources>
+ <apiSource>
+ <springmvc>false</springmvc>
+ <locations>
+ <location>org.onap.dmaap.dbcapi.resources</location>
+ </locations>
+ <schemes>
+ <scheme>http</scheme>
+ <scheme>https</scheme>
+ </schemes>
+ <host>www.[host]:[port]</host>
+ <basePath>/webapi</basePath>
+ <info>
+ <title>DMaaP Bus Controller REST API</title>
+ <version>1.1.0</version>
+ <description>
+ provides an API for OpenDCAE components which need to provision
+ underlying DMaaP technologies (Data Router and Message Router).
+ Primary clients for this API are anticipated to be the OpenDCAE
+ Controller, OpenDCAE Orchestrator, OpenDCAE Inventory and the
+ ECOMP Portal.
-Objects managed by DMaaP are deployed in a dcaeLocation which is a unique identifier for an OpenStack tenant for a dcaeLayer, opendcae-central (aka ecomp) or opendcae-local-ntc (aka edge).
+ Objects managed by DMaaP are deployed in a dcaeLocation which is a
+ unique identifier for an OpenStack tenant for a dcaeLayer,
+ opendcae-central (aka ecomp) or opendcae-local-ntc (aka edge).
-A dcaeEnvironment (e.g. FTL or prod) has a single DMaaP. A DMaaP is managed by a one or more stateless DMaaP Bus Controller(s), though Bus Controller relies on PGaaS for persistence. Each DMaaP has a single instance of Data Router, which has 1 or more DR_Nodes deployed at each dcaeLocation. DR Clients of type DR_Pub generally publish to a DR_Node that is local to its dcaeLocation. Routing for a Feed is determined by the dcaelocation of its DR_Sub clients.
+ A dcaeEnvironment (e.g. FTL or prod) has a single DMaaP. A
+ DMaaP is managed by a one or more stateless DMaaP Bus
+ Controller(s), though Bus Controller relies on PGaaS for
+ persistence. Each DMaaP has a single instance of Data Router,
+ which has 1 or more DR_Nodes deployed at each dcaeLocation. DR
+ Clients of type DR_Pub generally publish to a DR_Node that is
+ local to its dcaeLocation. Routing for a Feed is determined by
+ the dcaelocation of its DR_Sub clients.
-A DMaaP may have many Message Router instances. Each instance is deployed as an MR_Cluster. One MR_Cluster is deployed at each dcaeLocation. MR_Clients generally communicate to the MR_Cluster at the same dcaeLocation. Replication of messages between MR_Clusters is accomplished by MR Bridge, which is provioned by DMaaP Bus Controller based on Topic attributes.
+ A DMaaP may have many Message Router instances. Each instance is
+ deployed as an MR_Cluster. One MR_Cluster is deployed at each
+ dcaeLocation. MR_Clients generally communicate to the
+ MR_Cluster at the same dcaeLocation. Replication of messages
+ between MR_Clusters is accomplished by MR Bridge, which is
+ provioned by DMaaP Bus Controller based on Topic attributes.
-Therefore, the role of DMaaP Bus Controller is to support other DCAE infrastructure components to dynamically provision DMaaP services on behalf of DMaaP clients, and to assist in any management or discovery activity of its clients.
+ Therefore, the role of DMaaP Bus Controller is to support other
+ DCAE infrastructure components to dynamically provision DMaaP
+ services on behalf of DMaaP clients, and to assist in any
+ management or discovery activity of its clients.
-A convention of this API is to return JSON responses per OpenStack style.
- </description>
- <termsOfService>
- http://www.apache.org/licenses/LICENSE-2.0
- </termsOfService>
- <contact>
- <url>http://www.onap.org</url>
- </contact>
- <license>
- <url>http://www.apache.org/licenses/LICENSE-2.0</url>
- <name>Licensed under the Apache License, Version 2.0</name>
- </license>
- </info>
- <swaggerDirectory>target/generated-sources/</swaggerDirectory>
- </apiSource>
- </apiSources>
- </configuration>
- <executions>
- <execution>
- <phase>compile</phase>
- <goals>
- <goal>generate</goal>
- </goals>
- </execution>
- </executions>
- </plugin>
-
- </plugins>
- <pluginManagement>
- <plugins>
- <!--This plugin's configuration is used to store Eclipse m2e settings only. It has no influence on the Maven build itself.-->
- <plugin>
- <groupId>org.eclipse.m2e</groupId>
- <artifactId>lifecycle-mapping</artifactId>
- <version>1.0.0</version>
- <configuration>
- <lifecycleMappingMetadata>
- <pluginExecutions>
- <pluginExecution>
- <pluginExecutionFilter>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-dependency-plugin</artifactId>
- <versionRange>[2.10,)</versionRange>
- <goals>
- <goal>copy-dependencies</goal>
- </goals>
- </pluginExecutionFilter>
- <action>
- <ignore/>
- </action>
- </pluginExecution>
- </pluginExecutions>
- </lifecycleMappingMetadata>
- </configuration>
- </plugin>
- </plugins>
- </pluginManagement>
- </build>
- <dependencyManagement>
- <dependencies>
-
- <dependency>
- <groupId>org.glassfish.jersey</groupId>
- <artifactId>jersey-bom</artifactId>
- <version>${jersey.version}</version>
- <type>pom</type>
- <scope>import</scope>
- </dependency>
- </dependencies>
- </dependencyManagement>
- <dependencies>
- <dependency>
- <groupId>io.swagger</groupId>
- <artifactId>swagger-core</artifactId>
- <version>1.5.13</version>
- </dependency>
- <dependency>
- <groupId>io.swagger</groupId>
- <artifactId>swagger-jersey2-jaxrs</artifactId>
- <version>1.5.13</version>
- </dependency>
- <dependency>
- <groupId>io.swagger</groupId>
- <artifactId>swagger-annotations</artifactId>
- <version>1.5.13</version>
- </dependency>
- <dependency>
- <groupId>org.glassfish.jersey.containers</groupId>
- <artifactId>jersey-container-servlet-core</artifactId>
- <!-- use the following artifactId if you don't need servlet 2.x compatibility -->
- <!-- artifactId>jersey-container-servlet</artifactId -->
- </dependency>
- <dependency>
- <groupId>org.glassfish.jersey.media</groupId>
- <artifactId>jersey-media-moxy</artifactId>
- </dependency>
- <dependency>
- <groupId>log4j</groupId>
- <artifactId>log4j</artifactId>
- <version>1.2.17</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-server</artifactId>
- <version>${jettyVersion}</version>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlet</artifactId>
- <version>${jettyVersion}</version>
- <scope>compile</scope>
- </dependency>
- <dependency>
- <groupId>org.eclipse.jetty</groupId>
- <artifactId>jetty-servlets</artifactId>
- <version>${jettyVersion}</version>
- <scope>compile</scope>
- </dependency>
- <!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple -->
- <dependency>
- <groupId>com.googlecode.json-simple</groupId>
- <artifactId>json-simple</artifactId>
- <version>1.1.1</version>
- </dependency>
- <dependency>
- <groupId>commons-codec</groupId>
- <artifactId>commons-codec</artifactId>
- <version>1.6</version>
- </dependency>
- <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
- <dependency>
- <groupId>org.postgresql</groupId>
- <artifactId>postgresql</artifactId>
- <version>9.4.1208.jre7</version>
- </dependency>
- <dependency>
- <groupId>com.att.eelf</groupId>
- <artifactId>eelf-core</artifactId>
- <version>${eelf.version}</version>
- </dependency>
- <dependency>
- <groupId>org.slf4j</groupId>
- <artifactId>slf4j-api</artifactId>
- <version>1.7.22</version>
- </dependency>
- </dependencies>
- <reporting>
- <plugins>
- <plugin>
- <groupId>org.apache.maven.plugins</groupId>
- <artifactId>maven-javadoc-plugin</artifactId>
- <version>2.10.4</version>
- <configuration>
- <failOnError>false</failOnError>
- <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet>
- <docletArtifact>
- <groupId>org.umlgraph</groupId>
- <artifactId>umlgraph</artifactId>
- <version>5.6</version>
- </docletArtifact>
- <additionalparam>-views</additionalparam>
- <useStandardDocletOptions>true</useStandardDocletOptions>
- </configuration>
- </plugin>
- </plugins>
- </reporting>
- <properties>
- <jersey.version>2.16</jersey.version>
- <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <jettyVersion>9.3.7.v20160115</jettyVersion>
- <eelf.version>0.0.1</eelf.version>
- <artifact.version>1.0.1-SNAPSHOT</artifact.version>
- <!-- SONAR -->
- <jacoco.version>0.7.7.201606060606</jacoco.version>
- <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
- <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
- <!-- Default Sonar configuration -->
- <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>
- <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>
- <!-- Note: This list should match jacoco-maven-plugin's exclusion list below -->
- <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>
- </properties>
- <description>Data Movement as a Platform (DMaaP) Bus Controller provides a REST API for other DCAE infrastructure components to provision DMaaP resources. A DMaaP resource is a Data Router Feed or a Message Router Topic, and their associated publishers and subscribers.</description>
+ A convention of this API is to return JSON responses per
+ OpenStack style.
+ </description>
+ <termsOfService>
+ http://www.apache.org/licenses/LICENSE-2.0
+ </termsOfService>
+ <contact>
+ <url>http://www.onap.org</url>
+ </contact>
+ <license>
+ <url>http://www.apache.org/licenses/LICENSE-2.0</url>
+ <name>Licensed under the Apache License, Version 2.0</name>
+ </license>
+ </info>
+ <swaggerDirectory>target/generated-sources/</swaggerDirectory>
+ </apiSource>
+ </apiSources>
+ </configuration>
+ <executions>
+ <execution>
+ <phase>compile</phase>
+ <goals>
+ <goal>generate</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+
+ </plugins>
+ <pluginManagement>
+ <plugins>
+ <!--This plugin's configuration is used to store Eclipse m2e settings
+ only. It has no influence on the Maven build itself. -->
+ <plugin>
+ <groupId>org.eclipse.m2e</groupId>
+ <artifactId>lifecycle-mapping</artifactId>
+ <version>1.0.0</version>
+ <configuration>
+ <lifecycleMappingMetadata>
+ <pluginExecutions>
+ <pluginExecution>
+ <pluginExecutionFilter>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-dependency-plugin</artifactId>
+ <versionRange>[2.10,)</versionRange>
+ <goals>
+ <goal>copy-dependencies</goal>
+ </goals>
+ </pluginExecutionFilter>
+ <action>
+ <ignore />
+ </action>
+ </pluginExecution>
+ </pluginExecutions>
+ </lifecycleMappingMetadata>
+ </configuration>
+ </plugin>
+ </plugins>
+ </pluginManagement>
+ </build>
+ <dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>org.glassfish.jersey</groupId>
+ <artifactId>jersey-bom</artifactId>
+ <version>${jersey.version}</version>
+ <type>pom</type>
+ <scope>import</scope>
+ </dependency>
+ </dependencies>
+ </dependencyManagement>
+ <dependencies>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-annotations</artifactId>
+ <version>2.8.9</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.core</groupId>
+ <artifactId>jackson-databind</artifactId>
+ <version>2.8.9</version>
+ </dependency>
+ <dependency>
+ <groupId>com.fasterxml.jackson.dataformat</groupId>
+ <artifactId>jackson-dataformat-yaml</artifactId>
+ <version>2.8.9</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-core</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>ch.qos.logback</groupId>
+ <artifactId>logback-classic</artifactId>
+ <version>1.2.0</version>
+ </dependency>
+ <dependency>
+ <groupId>io.swagger</groupId>
+ <artifactId>swagger-core</artifactId>
+ <version>1.5.13</version>
+ </dependency>
+ <dependency>
+ <groupId>io.swagger</groupId>
+ <artifactId>swagger-jersey2-jaxrs</artifactId>
+ <version>1.5.13</version>
+ </dependency>
+ <dependency>
+ <groupId>io.swagger</groupId>
+ <artifactId>swagger-annotations</artifactId>
+ <version>1.5.13</version>
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jersey.containers</groupId>
+ <artifactId>jersey-container-servlet-core</artifactId>
+ <!-- use the following artifactId if you don't need servlet 2.x compatibility -->
+ <!-- artifactId>jersey-container-servlet</artifactId -->
+ </dependency>
+ <dependency>
+ <groupId>org.glassfish.jersey.media</groupId>
+ <artifactId>jersey-media-moxy</artifactId>
+ </dependency>
+ <dependency>
+ <groupId>log4j</groupId>
+ <artifactId>log4j</artifactId>
+ <version>1.2.17</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-server</artifactId>
+ <version>${jettyVersion}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlet</artifactId>
+ <version>${jettyVersion}</version>
+ <scope>compile</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.eclipse.jetty</groupId>
+ <artifactId>jetty-servlets</artifactId>
+ <version>${jettyVersion}</version>
+ <scope>compile</scope>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/com.googlecode.json-simple/json-simple -->
+ <dependency>
+ <groupId>com.googlecode.json-simple</groupId>
+ <artifactId>json-simple</artifactId>
+ <version>1.1.1</version>
+ </dependency>
+ <dependency>
+ <groupId>commons-codec</groupId>
+ <artifactId>commons-codec</artifactId>
+ <version>1.6</version>
+ </dependency>
+ <!-- https://mvnrepository.com/artifact/org.postgresql/postgresql -->
+ <dependency>
+ <groupId>org.postgresql</groupId>
+ <artifactId>postgresql</artifactId>
+ <version>9.4.1208.jre7</version>
+ </dependency>
+ <dependency>
+ <groupId>com.att.eelf</groupId>
+ <artifactId>eelf-core</artifactId>
+ <version>${eelf.version}</version>
+ </dependency>
+ <dependency>
+ <groupId>org.slf4j</groupId>
+ <artifactId>slf4j-api</artifactId>
+ <version>1.7.22</version>
+ </dependency>
+ </dependencies>
+ <reporting>
+ <plugins>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-javadoc-plugin</artifactId>
+ <version>2.10.4</version>
+ <configuration>
+ <failOnError>false</failOnError>
+ <doclet>org.umlgraph.doclet.UmlGraphDoc</doclet>
+ <docletArtifact>
+ <groupId>org.umlgraph</groupId>
+ <artifactId>umlgraph</artifactId>
+ <version>5.6</version>
+ </docletArtifact>
+ <additionalparam>-views</additionalparam>
+ <useStandardDocletOptions>true</useStandardDocletOptions>
+ </configuration>
+ </plugin>
+ </plugins>
+ </reporting>
+ <properties>
+ <jersey.version>2.16</jersey.version>
+ <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+ <jettyVersion> 9.3.9.v20160517</jettyVersion>
+ <eelf.version>0.0.1</eelf.version>
+ <artifact.version>1.0.2-SNAPSHOT</artifact.version>
+ <!-- SONAR -->
+ <jacoco.version>0.7.7.201606060606</jacoco.version>
+ <sonar-jacoco-listeners.version>3.2</sonar-jacoco-listeners.version>
+ <sonar.core.codeCoveragePlugin>jacoco</sonar.core.codeCoveragePlugin>
+ <!-- Default Sonar configuration -->
+ <sonar.jacoco.reportPath>target/code-coverage/jacoco-ut.exec</sonar.jacoco.reportPath>
+ <sonar.jacoco.itReportPath>target/code-coverage/jacoco-it.exec</sonar.jacoco.itReportPath>
+ <!-- Note: This list should match jacoco-maven-plugin's exclusion list
+ below -->
+ <sonar.exclusions>**/gen/**,**/generated-sources/**,**/yang-gen**,**/pax/**</sonar.exclusions>
+ </properties>
+ <description>Data Movement as a Platform (DMaaP) Bus Controller provides a REST API for other DCAE infrastructure components to provision DMaaP resources. A DMaaP resource is a Data Router Feed or a Message Router Topic, and their associated publishers and subscribers.</description>
</project>
diff --git a/version.properties b/version.properties
index 71c1fed..f94c740 100644
--- a/version.properties
+++ b/version.properties
@@ -27,7 +27,7 @@
major=1
minor=0
-patch=1
+patch=2
base_version=${major}.${minor}.${patch}
# Release must be completed with git revision # in Jenkins