diff --git a/CHANGES_NEXT_RELEASE b/CHANGES_NEXT_RELEASE index e69de29..49d9d40 100644 --- a/CHANGES_NEXT_RELEASE +++ b/CHANGES_NEXT_RELEASE @@ -0,0 +1 @@ +- Remove: RPM stuff \ No newline at end of file diff --git a/rpm/SPECS/pepProxy.spec b/Changelog similarity index 53% rename from rpm/SPECS/pepProxy.spec rename to Changelog index 43858af..f6ee68a 100644 --- a/rpm/SPECS/pepProxy.spec +++ b/Changelog @@ -1,352 +1,203 @@ -Summary: Orion Policy Enforcement Point -Name: fiware-pep-steelskin -Version: %{_product_version} -Release: %{_product_release} -License: AGPLv3 -BuildRoot: %{_topdir}/BUILDROOT/ -BuildArch: noarch -# Requires: nodejs >= 0.10.24 -Requires: logrotate -Requires(post): /sbin/chkconfig, /usr/sbin/useradd npm -Requires(preun): /sbin/chkconfig, /sbin/service -Requires(postun): /sbin/service -Group: Applications/Engineering -Vendor: Telefonica I+D -BuildRequires: npm - -%description -The Orion Policy Enforcement Point is a proxy designed to filter requests to the -Orion Context Broker by validating its security role and user token against the -policies stored in the Access Control component of the Fiware Platform. - -# System folders -%define _srcdir $RPM_BUILD_ROOT/../../.. -%define _service_name pepProxy -%define _install_dir /opt/pepProxy -%define _pepProxy_log_dir /var/log/pepProxy -%define _pepProxy_pid_dir /var/run/pepProxy - -# RPM Building folder -%define _build_root_project %{buildroot}%{_install_dir} -# -------------------------------------------------------------------------------------------- # -# prep section, setup macro: -# -------------------------------------------------------------------------------------------- # -%prep -echo "[INFO] Preparing installation" -# Create rpm/BUILDROOT folder -rm -Rf $RPM_BUILD_ROOT && mkdir -p $RPM_BUILD_ROOT -[ -d %{_build_root_project} ] || mkdir -p %{_build_root_project} - -# Copy src files -cp -R %{_srcdir}/lib \ - %{_srcdir}/bin \ - %{_srcdir}/config.js \ - %{_srcdir}/package.json \ - %{_srcdir}/LICENSE \ - %{_build_root_project} - -[ -f %{_srcdir}/npm-shrinkwrap.json ] && /bin/cp %{_srcdir}/npm-shrinkwrap.json %{_build_root_project} - -cp -R %{_topdir}/SOURCES/etc %{buildroot} - -# -------------------------------------------------------------------------------------------- # -# Build section: -# -------------------------------------------------------------------------------------------- # -%build -echo "[INFO] Building RPM" -cd %{_build_root_project} - -# Only production modules. We have found that --force is required to make this work for Node v8 -rm -fR node_modules/ -npm cache clear --force -npm install --production - -# -------------------------------------------------------------------------------------------- # -# pre-install section: -# -------------------------------------------------------------------------------------------- # -%pre -echo "[INFO] Creating %{_project_user} user" -grep ^%{_project_user}: /etc/passwd -RET_VAL=$? -if [ "$RET_VAL" != "0" ]; then - /usr/sbin/useradd -s "/bin/bash" -d %{_install_dir} %{_project_user} - RET_VAL=$? - if [ "$RET_VAL" != "0" ]; then - echo "[ERROR] Unable create %{_project_user} user" \ - exit $RET_VAL - fi -fi - -# -------------------------------------------------------------------------------------------- # -# post-install section: -# -------------------------------------------------------------------------------------------- # -%post -echo "[INFO] Configuring application" - - echo "[INFO] Creating the home pepproxy directory" - mkdir -p _install_dir - echo "[INFO] Creating log & run directory" - mkdir -p %{_pepProxy_log_dir} - chown -R %{_project_user}:%{_project_user} %{_pepProxy_log_dir} - chown -R %{_project_user}:%{_project_user} _install_dir - chmod g+s %{_pepProxy_log_dir} - setfacl -d -m g::rwx %{_pepProxy_log_dir} - setfacl -d -m o::rx %{_pepProxy_log_dir} - - mkdir -p %{_pepProxy_pid_dir} - chown -R %{_project_user}:%{_project_user} %{_pepProxy_pid_dir} - chown -R %{_project_user}:%{_project_user} _install_dir - chmod g+s %{_pepProxy_pid_dir} - setfacl -d -m g::rwx %{_pepProxy_pid_dir} - setfacl -d -m o::rx %{_pepProxy_pid_dir} - - echo "[INFO] Configuring application service" - cd /etc/init.d - chkconfig --add %{_service_name} - -echo "Done" - -# -------------------------------------------------------------------------------------------- # -# pre-uninstall section: -# -------------------------------------------------------------------------------------------- # -%preun - -echo "[INFO] stoping service %{_service_name}" -service %{_service_name} stop &> /dev/null - -if [ $1 == 0 ]; then - - echo "[INFO] Checking Context Broker installations" - service --status-all |grep contextBroker - CONTEXT_BROKER=$? - - if [ -e /etc/sysconfig/contextBroker ] && [ $CONTEXT_BROKER = 0 ]; then - service contextBroker stop - CURRENT_PORT=$(cat /etc/sysconfig/pepProxy |grep "PROXY_PORT=" |awk -F '=' '{print $2}') - sed -i "s/BROKER_PORT=.*/BROKER_PORT=$CURRENT_PORT/g" /etc/sysconfig/contextBroker - service contextBroker start - fi - - echo "[INFO] Removing application log files" - # Log - [ -d %{_pepProxy_log_dir} ] && rm -rfv %{_pepProxy_log_dir} - - echo "[INFO] Removing application run files" - # Log - [ -d %{_pepProxy_pid_dir} ] && rm -rfv %{_pepProxy_pid_dir} - - echo "[INFO] Removing application files" - # Installed files - [ -d %{_install_dir} ] && rm -rfv %{_install_dir} - - echo "[INFO] Removing application user" - userdel -fr %{_project_user} - - echo "[INFO] Removing application service" - chkconfig --del %{_service_name} - rm -Rf /etc/init.d/%{_service_name} - echo "Done" -fi - -# -------------------------------------------------------------------------------------------- # -# post-uninstall section: -# clean section: -# -------------------------------------------------------------------------------------------- # -%postun -%clean -rm -rf $RPM_BUILD_ROOT - -# -------------------------------------------------------------------------------------------- # -# Files to add to the RPM -# -------------------------------------------------------------------------------------------- # -%files -%defattr(755,%{_project_user},%{_project_user},755) -%config /etc/init.d/%{_service_name} -%config /etc/%{_service_name}.d -%config /etc/sysconfig/logrotate-pepproxy-size -%config /etc/logrotate.d/logrotate-pepproxy.conf -%config /etc/cron.d/cron-logrotate-pepproxy-size -%config %attr(644,root,root) /etc/tmpfiles.d/pepProxy.conf -%{_install_dir} - -%changelog -* Mon Nov 20 2022 Fermin Galan 1.16.0 -- Remove: dependency on deprecated `domain` node module, improving performance -- Remove: `disableDomainMiddleware` config option -- Remove: `DISABLE_DOMAIN_MIDDLEWARE` environment variable -- Remove: operations no longer supported in CB API (aligned with Orion 3.10.1) -- Upgrade NodeJS version from 14-slim to 16-slim in Dockerfile - -* Mon May 23 2022 Alvaro Vega 1.15.0 -- Add: INSPECT_ENABLED env var to enable node inspection/debuging (#489) -- Add: conf and env var (DISABLE_DOMAIN_MIDDLEWARE) to disable domain middleware to reduce overhead (but loosing some info in logs) (#498) -- Add: new API to retrieve and reset cache stats (GET, DELETE /admin/cacheStats) -- Add: new API to reset cache (DELETE /admin/cache) -- Fix: Dockerfile to include initial packages upgrade -- Remove: unrequired dep underscore -- Upgrade winston dep from ~2.3.1 to 2.4.6 -- Upgrade mustache dep from 2.2.1 to 2.3.2 -- Upgrade node-cache dep from 1.0.3 to 5.1.2 -- Upgrade uuid dep from ~3.0.0 to 8.3.2 -- Upgrade sax dep from 0.6.0 to 1.2.4 -- Upgrade body-parser dep from 1.18.3 to 1.20.0 -- Upgrade express dep from 4.16.4 to 4.18.1 -- Upgrade async dep from 0.9.0 to 2.6.4 -- Set Nodejs 12 as minimum version in packages.json (effectively removing Nodev10 from supported versions) - -* Thu Mar 24 2022 Alvaro Vega 1.14.0 -- Add: Add graceful shutdown listening to SIGINT (#487) -- Fix: use logops library instead of direct console.log printing in all cases (#487) -- Upgrade logops dep from 2.1.0 to 2.1.2 due to colors dependency corruption -- Upgrade NodeJS version from 10.19.0 to 14-slim in Dockerfile - -* Tue Dec 21 2021 Alvaro Vega 1.13.0 -- Add: url to get perseo-fe version -- Add: Docker healthcheck by asking to pep admin API -- Fix: URL for get orion version -- Fix: possible race condition on variable requestTemplate and roleTemplate at server startup (#477) - -* Wed Nov 24 2021 Alvaro Vega 1.12.0 -- Add: support both WARN and WARNING log levels -- Fix: propagate correlator in FWD request (#468) -- Fix: propagate correlator in validation (Access Control) requests -- Fix: request log properly, based in its content-type -- Upgrade requests dep from 2.88.0 to 2.88.2 -- Upgrade underscore dep from 1.7.0 to 1.12.1 - -* Wed Apr 28 2021 Alvaro Vega 1.11.0 -- Add: print object detail in debug logs about cache -- Fix: not logrotate logs of PEP in deploy no Docker (#457) -- Remove: availability subscription related actions in Orion plugin - -* Tue Jan 12 2021 Alvaro Vega 1.10.0 -- Add PUT action for perseo /rules plugin - -* Thu Oct 29 2020 Alvaro Vega 1.9.0 -- Add `from` based on fowarder header in log context -- Check 401 status response before body content in retrieveSubserviceId -- Set Nodejs 10 as minimum version in packages.json (effectively removing Nodev8 from supported versions) -- Compatibility with RedHat 7 (or Centos 7) RPM - -* Tue Jun 30 2020 Fermin Galan 1.8.0 -- Add: docker env vars for tune authentication cacheTTL -- Fix: logs about invalid PEP token to debug level (#439) -- Fix: to info all access account logs (#376) -- Fix: Check boolean access account config value against right boolean value -- Upgrade NodeJS version from 8.16.0 to 10.19.0 in Dockerfile due to Node 8 End-of-Life -- Make optional PM2 usage in docker entrypoint - -* Mon Nov 11 2019 Fermin Galan 1.7.0 -- Add URL /v2/registration actions for ContextBroker -- Set body parser limit to 1 MB explicitly - -* Mon Jul 29 2019 Fermin Galan 1.6.0 -- Add: version to orion urls as read action (#416) -- Add: access control disabled flag as config environment variable (for docker) -- Add: support REPLACE (NGSIv1), replace (NGSIv2) and appendStrict (NGSIv2) as action type for ContextBroker requests (#422) -- Upgrade from node:8.12.0-slim to node:8.16.0-slim as base image in Dockerfile - -* Wed Dec 19 2018 Fermin Galan 1.5.0 -- Set Nodejs 8.12.0 as minimum version in packages.json (effectively removing Nodev4 and Nodev6 as supported versions) -- Add: use NodeJS 8 in Dockerfile -- Add: use PM2 in Dockerfile -- Upgrade: update logops depedence from 1.0.0 to 2.1.0 -- Upgrade: update express dependence from 3.5.1 to 4.16.4 -- Upgrade: update request dependence from 2.39.0 to 2.88.0 -- Upgrade: update mocha development dependence from ~1.13.0 to 5.2.0 -- Upgrade: update istanbul development dependence from ~0.1.34 to 0.4.5 -- Remove: old unused development dependencies (closure-linter-wrapper, chai, sinon, sinon-chai, grunt and grunt related module) - -* Mon Oct 22 2018 Fermin Galan 1.4.0 -- Add: init script in RPM is able to deal with multiple instances of PEP running on the same system (#390) -- Fix: init script in RPM fixes start stop errors in pep service (#390) -- Fix: check boolean config fields against right boolean value -- Fix: mustache dependence version to 2.2.1 due to detected medium vulnerability -- Fix: allow log level in uppercase for access logger and lowercase for tracerequest -- Using precise dependencies (~=) in packages.json - -* Wed Oct 18 2017 Fermin Galan 1.3.0 -- FEATURE update node version to 4.8.4 -- FEATURE access accounting in a file of each operation (including user, service/servicepath and action) [#350] -- FIX text/plain bodies are not forwarded (impacting on "PUT /v2/entities/E/attrs/A/value" operation for CB) [#345] -- FIX size of validation cache according with cacheTTLS.validation instead of cacheTTLS.users [#349] - -* Tue Oct 4 2016 Daniel Moran 1.2.0 -- Update Context Broker plugin with v2 operations (#325). -- Add an administrative operation to get the log level (#323). -- Add the 'comp' field to the PEP log (#328) -- Create a cache for Keypass requests (#324). - -* Thu Dec 17 2015 Daniel Moran 0.7.2 -- FIX Makes loading of xacml templates relative to source code (not working directory). -- FIX Race condition causes requests that will never be responsed (#269). -- FIX Nginx error when transfer-encoding: chunked is specified (#268). -- FIX Race condition causes "The token doesn't belong to the provided service" (#272). - -* Thu Oct 29 2015 Daniel Moran 0.7.1 -- Bugfix: init.d service script start PEP Proxy correctly (#236) -- Make the PEP Proxy die when an error is received in a request resend (#225) -- Added environment variable to customize component name (#240) -- Remove query parameters from the FRN generated by the REST plugin (#244) -- Init script fixed due to a COMPONENT_NAME was used in PEP proxy configuration (#246) -- Add Dockerfile for the PEP. -- PEP Crashes when unable to authenticate (#256) -- ADD First NGSIv2 operations to the convenience list (#259) -- Distinguish POST actions in NGSIv2 using query parameters (#262) - -* Thu May 21 2015 Daniel Moran 0.7.0 -- Add capacity to start several instances of PEP Proxy using init.d script (#211) -- Add log debug statements for role extraction -- Fix error obtaining subservice ID from its name (208). -- Add integration with Travis CI. - -* Mon Apr 13 2015 Daniel Moran 0.6.0 -- FIX Service not found for tokens coming from a trust. -- FIX XAuth Token not checked if validation is off (#197) -- FIX Wrong JSON payload generates wrong type of error (#194) -- ADD Tests for the IOTAgent plugin (using the generic REST plugin). -- ADD Remove slow operations in debug logs (#48). -- ADD Tracing debug mode (#64). -- ADD Rest component plugin to the executable and environment variables. - -* Fri Feb 27 2015 Daniel Moran 0.5.0 -- Added /v1/contextTypes to the URL Mappings of Orion. -- Fix right plugins directory in pepProxy binary. -- Fix accept content-type header with charset -- Fix proxy query params -- Fix some urls are not recognized with query params (#148) -- Add "effective" flag to the request to Keystone (#147) -- Fix UpdateContext operations with query parameters are not recognized (#155) -- Remove specific setup for RPM installation in Context Broker uses (#159) -- Add administration port with Version resource (#164) -- Check all the mandatory headers before processing the request (#165) (#110) -- Group and redefine error codes. -- Add execution mode without Access Control authorization for the PEP Proxy (#173) -- Check the service and subservice headers for content (#176) -- Fix the Keystone user authentication error was raised as a connection one (#174) -- Fix type of error when authenticating PEP Proxy (#182) -- Fix some errors appear in the API documentation and don't ever occur (#180) -- Add a guard in the release script to abort if there are unstagged git changes (#181) - -* Fri Jan 16 2015 Daniel Moran 0.4.1 -- FIX XML requests wrongly forwarded as an empty JSON (#103). -- FIX Logs don't show Access Control response due to a wrong format placeholder (#105). - -* Thu Dec 18 2014 Daniel Moran 0.4.0 -- ADD: Environment variable to select the plugin to execute (#49). -- ADD: Process the "/" value for the fiware-servicepath header as a domain-scoped request instead of project scoped (#70). -- ADD: Cache for every call to Keystone (#46). -- FIX: Slash scaped in Access Control Templates (#73). -- FIX: Capture request forwarding errors (#82). -- FIX: Wrong roles attribute in cached value (#84). -- FIX: Missing "v1" prefix in some standard ops (#86). -- FIX: Make the retries on Keystone requests dependent on the error type (#78) -- FIX: Fixed subscribe action (it was 'suscribe') (#94) - -* Tue Dec 02 2014 Daniel Moran 0.3.0 -- Add: Reuse the token instead of authenticating for each request (Issue #22). -- Add: Support for Keystone as the authentication mechanism. -- Add: Admin role bypass for privileged usage of the proxy. -- Add: Plugin to sucure Keypass PAP. -- Add: Plugin to secure Perseo CEP Rules API. -- Add: Change expected headers form UUIDs to Names (and resolve UUIDs against Keystone). +1.16.0 (November 20th, 2023) + +- Remove: dependency on deprecated `domain` node module, improving performance +- Remove: `disableDomainMiddleware` config option +- Remove: `DISABLE_DOMAIN_MIDDLEWARE` environment variable +- Remove: operations no longer supported in CB API (aligned with Orion 3.10.1) +- Upgrade NodeJS version from 14-slim to 16-slim in Dockerfile + +1.15.0 (May 23rd, 2022) + +- Add: INSPECT_ENABLED env var to enable node inspection/debuging (#489) +- Add: conf and env var (DISABLE_DOMAIN_MIDDLEWARE) to disable domain middleware to reduce overhead (but loosing some info in logs) (#498) +- Add: new API to retrieve and reset cache stats (GET, DELETE /admin/cacheStats) +- Add: new API to reset cache (DELETE /admin/cache) +- Fix: Dockerfile to include initial packages upgrade +- Remove: unrequired dep underscore +- Upgrade winston dep from ~2.3.1 to 2.4.6 +- Upgrade mustache dep from 2.2.1 to 2.3.2 +- Upgrade node-cache dep from 1.0.3 to 5.1.2 +- Upgrade uuid dep from ~3.0.0 to 8.3.2 +- Upgrade sax dep from 0.6.0 to 1.2.4 +- Upgrade body-parser dep from 1.18.3 to 1.20.0 +- Upgrade express dep from 4.16.4 to 4.18.1 +- Upgrade async dep from 0.9.0 to 2.6.4 +- Set Nodejs 12 as minimum version in packages.json (effectively removing Nodev10 from supported versions) + +1.14.0 (March 24th, 2022) + +- Add: Add graceful shutdown listening to SIGINT (#487) +- Fix: use logops library instead of direct console.log printing in all cases (#487) +- Upgrade logops dep from 2.1.0 to 2.1.2 due to colors dependency corruption +- Upgrade NodeJS version from 10.19.0 to 14-slim in Dockerfile + +1.13.0 (December 21st, 2021) + +- Add: url to get perseo-fe version +- Add: Docker healthcheck by asking to pep admin API +- Fix: URL for get orion version +- Fix: possible race condition on variable requestTemplate and roleTemplate at server startup (#477) + +1.12.0 (November 24th, 2021) + +- Add: support both WARN and WARNING log levels +- Fix: propagate correlator in FWD request (#468) +- Fix: propagate correlator in validation (Access Control) requests +- Fix: request log properly, based in its content-type +- Upgrade requests dep from 2.88.0 to 2.88.2 +- Upgrade underscore dep from 1.7.0 to 1.12.1 + +1.11.0 (April 28th, 2021) + +- Add: print object detail in debug logs about cache +- Fix: not logrotate logs of PEP in deploy no Docker (#457) +- Remove: availability subscription related actions in Orion plugin + +1.10.0 (January 12th, 2021) + +- Add PUT action for perseo /rules plugin + +1.9.0 (October 29th, 2020) + +- Add `from` based on fowarder header in log context +- Check 401 status response before body content in retrieveSubserviceId +- Set Nodejs 10 as minimum version in packages.json (effectively removing Nodev8 from supported versions) +- Compatibility with RedHat 7 (or Centos 7) RPM + +1.8.0 (June 30th, 2020) + +- Add: docker env vars for tune authentication cacheTTL +- Fix: logs about invalid PEP token to debug level (#439) +- Fix: to info all access account logs (#376) +- Fix: Check boolean access account config value against right boolean value +- Upgrade NodeJS version from 8.16.0 to 10.19.0 in Dockerfile due to Node 8 End-of-Life +- Make optional PM2 usage in docker entrypoint + +1.7.0 (November 11th, 2019) + +- Add URL /v2/registration actions for ContextBroker +- Set body parser limit to 1 MB explicitly + +1.6.0 (July 29th, 2019) + +- Add: version to orion urls as read action (#416) +- Add: access control disabled flag as config environment variable (for docker) +- Add: support REPLACE (NGSIv1), replace (NGSIv2) and appendStrict (NGSIv2) as action type for ContextBroker requests (#422) +- Upgrade from node:8.12.0-slim to node:8.16.0-slim as base image in Dockerfile + +1.5.0 (December 19th, 2018) + +- Set Nodejs 8.12.0 as minimum version in packages.json (effectively removing Nodev4 and Nodev6 as supported versions) +- Add: use NodeJS 8 in Dockerfile +- Add: use PM2 in Dockerfile +- Upgrade: update logops depedence from 1.0.0 to 2.1.0 +- Upgrade: update express dependence from 3.5.1 to 4.16.4 +- Upgrade: update request dependence from 2.39.0 to 2.88.0 +- Upgrade: update mocha development dependence from ~1.13.0 to 5.2.0 +- Upgrade: update istanbul development dependence from ~0.1.34 to 0.4.5 +- Remove: old unused development dependencies (closure-linter-wrapper, chai, sinon, sinon-chai, grunt and grunt related module) + +1.4.0 (October 22nd, 2018) + +- Add: init script in RPM is able to deal with multiple instances of PEP running on the same system (#390) +- Fix: init script in RPM fixes start stop errors in pep service (#390) +- Fix: check boolean config fields against right boolean value +- Fix: mustache dependence version to 2.2.1 due to detected medium vulnerability +- Fix: allow log level in uppercase for access logger and lowercase for tracerequest +- Using precise dependencies (~=) in packages.json + +1.3.0 (October 18th, 2017) + +- FEATURE update node version to 4.8.4 +- FEATURE access accounting in a file of each operation (including user, service/servicepath and action) [#350] +- FIX text/plain bodies are not forwarded (impacting on "PUT /v2/entities/E/attrs/A/value" operation for CB) [#345] +- FIX size of validation cache according with cacheTTLS.validation instead of cacheTTLS.users [#349] + +1.2.0 (October 4th, 2016) + +- Update Context Broker plugin with v2 operations (#325). +- Add an administrative operation to get the log level (#323). +- Add the 'comp' field to the PEP log (#328) +- Create a cache for Keypass requests (#324). + +0.7.2 (December 17th, 2015) + +- FIX Makes loading of xacml templates relative to source code (not working directory). +- FIX Race condition causes requests that will never be responsed (#269). +- FIX Nginx error when transfer-encoding: chunked is specified (#268). +- FIX Race condition causes "The token doesn't belong to the provided service" (#272). + +0.7.1 (October 29th, 2015) + +- Bugfix: init.d service script start PEP Proxy correctly (#236) +- Make the PEP Proxy die when an error is received in a request resend (#225) +- Added environment variable to customize component name (#240) +- Remove query parameters from the FRN generated by the REST plugin (#244) +- Init script fixed due to a COMPONENT_NAME was used in PEP proxy configuration (#246) +- Add Dockerfile for the PEP. +- PEP Crashes when unable to authenticate (#256) +- ADD First NGSIv2 operations to the convenience list (#259) +- Distinguish POST actions in NGSIv2 using query parameters (#262) + +0.7.0 (May 21st, 2015) + +- Add capacity to start several instances of PEP Proxy using init.d script (#211) +- Add log debug statements for role extraction +- Fix error obtaining subservice ID from its name (208). +- Add integration with Travis CI. + +0.6.0 (April 13th, 2015) + +- FIX Service not found for tokens coming from a trust. +- FIX XAuth Token not checked if validation is off (#197) +- FIX Wrong JSON payload generates wrong type of error (#194) +- ADD Tests for the IOTAgent plugin (using the generic REST plugin). +- ADD Remove slow operations in debug logs (#48). +- ADD Tracing debug mode (#64). +- ADD Rest component plugin to the executable and environment variables. + +0.5.0 (February 27th, 2015) + +- Added /v1/contextTypes to the URL Mappings of Orion. +- Fix right plugins directory in pepProxy binary. +- Fix accept content-type header with charset +- Fix proxy query params +- Fix some urls are not recognized with query params (#148) +- Add "effective" flag to the request to Keystone (#147) +- Fix UpdateContext operations with query parameters are not recognized (#155) +- Remove specific setup for RPM installation in Context Broker uses (#159) +- Add administration port with Version resource (#164) +- Check all the mandatory headers before processing the request (#165) (#110) +- Group and redefine error codes. +- Add execution mode without Access Control authorization for the PEP Proxy (#173) +- Check the service and subservice headers for content (#176) +- Fix the Keystone user authentication error was raised as a connection one (#174) +- Fix type of error when authenticating PEP Proxy (#182) +- Fix some errors appear in the API documentation and don't ever occur (#180) +- Add a guard in the release script to abort if there are unstagged git changes (#181) + +0.4.1 (January 16th, 2015) + +- FIX XML requests wrongly forwarded as an empty JSON (#103). +- FIX Logs don't show Access Control response due to a wrong format placeholder (#105). + +0.4.0 (December 18th, 2014) + +- ADD: Environment variable to select the plugin to execute (#49). +- ADD: Process the "/" value for the fiware-servicepath header as a domain-scoped request instead of project scoped (#70). +- ADD: Cache for every call to Keystone (#46). +- FIX: Slash scaped in Access Control Templates (#73). +- FIX: Capture request forwarding errors (#82). +- FIX: Wrong roles attribute in cached value (#84). +- FIX: Missing "v1" prefix in some standard ops (#86). +- FIX: Make the retries on Keystone requests dependent on the error type (#78) +- FIX: Fixed subscribe action (it was 'suscribe') (#94) + +0.3.0 (December 2nd, 2014) + +- Add: Reuse the token instead of authenticating for each request (Issue #22). +- Add: Support for Keystone as the authentication mechanism. +- Add: Admin role bypass for privileged usage of the proxy. +- Add: Plugin to sucure Keypass PAP. +- Add: Plugin to secure Perseo CEP Rules API. +- Add: Change expected headers form UUIDs to Names (and resolve UUIDs against Keystone). diff --git a/README.md b/README.md index cd78fbc..43c43ff 100644 --- a/README.md +++ b/README.md @@ -45,9 +45,8 @@ Three other documents provide further information about the PEP Proxy: ## Deployment ### Dependencies -The PEP Proxy is standard Node.js app and doesn't require more dependencies than the Node.js interpreter (0.10 or higher) and the NPM package utility. For RPM installations using Yum, those dependencies should be automatically installed. +The PEP Proxy is standard Node.js app and doesn't require more dependencies than the Node.js interpreter and the NPM package utility. -### Without RPM Packages Just checkout this directory and install the Node.js dependencies using: ``` @@ -56,26 +55,6 @@ npm install --production The proxy should be then ready to be configured and used. -### With RPM Packages -This project provides the specs to create the RPM Package for the project, that may (in the future) be installed in a package repository. - -To generate the RPM, checkout the project to a machine with the RPM Build Tools installed, and, from the `rpm/` folder, -execute the following command: - -``` -./create-rpm.sh -``` - -This command will generate some folders, including one called RPMS, holding the RPM created for every architecture (noarch is currently generated). - -In order to install the generated RPM from the local file, use the following command (changing the PEP RPM for the one you have just generated; X.Y.Z being the version you are about to install): - -``` -yum --nogpgcheck localinstall pep-proxy-X.Y-Z.noarch.rpm -``` - -It should automatically download all the dependencies provided they are available (Node.js and NPM may require the EPEL repositories to be added). - ### With Docker There are automatic builds of the development version of the Steelskin PEP Proxy published in Docker hub. In order to install using the docker version, just execute the following: @@ -129,22 +108,10 @@ docker run --name pep -e INSPECT_ENABLED=true -d fiware/fiware-pep-steelskin Use of node inspection is **disabled** by default. ### Undeployment -In order to undeploy the proxy: -* If it was installed directly from the GIT repositories, just kill the process and remove the directory. -* If it was installed using the RPM, use standard YUM commands to remove it: - -``` -yum remove pep-proxy -``` - -### Configuration with an RPM package -If the PEP Proxy is deployed in a machine with an installed Context Broker service, the PEP Proxy will automatically change the Context Broker port to the 10026 and install itself on the port where the Context Broker was listening, so no further configuration should be needed for the connectivity. - -During the uninstallation of the PEP Proxy, this process is reversed, to revert the Broker to its original state. -If there is no previous Context Broker instance, the default behaviour of the PEP Proxy is to listen in the port 1026 and redirect its requests to the port 10026 in the local host. This behaviour can be changed configuring the attributes PROXY_PORT and TARGET_PORT in the configuration file. +In order to undeploy the proxy, if it was installed directly from the GIT repositories, just kill the process and remove the directory. -### Configuration without an RPM package -If the PEP Proxy is deployed directly from the source code, it won't add itself as a service, and the running ports should be configured manually. This configuration will involve two steps: +### Configuration +Assuming the PEP Proxy is deployed directly from the source code, it won't add itself as a service, and the running ports should be configured manually. This configuration will involve two steps: * Changing the port of the Context Broker to a different internal port (not open to external connections). Refer to the Orion Context Broker Deployment Manual for instructions on how to do it. * Changing the port of the proxy to listen in the Context Broker original port, and to redirect to the new one. This parameters can be changed in the config.js file in the root folder. Once configured, the service can be started as a demon with the following comand: @@ -567,7 +534,7 @@ If SSL Termination is not available, the PEP Proxy can be configured to listen H ### Multi-instance configuration PEP Proxy is able to start multiple instances by adding and configuring certain files in `/etc/pepProxy.d` and using `pepProxy` service script -In order to start multiple instances of the proxy, just add one configuration file per instance in the `/etc/pepProxy.d` folder. RPM comes with one preconfigured instance (config file called pepproxy_default.conf) that can be used as a template to configure another instances. +In order to start multiple instances of the proxy, just add one configuration file per instance in the `/etc/pepProxy.d` folder. In its starting sequence, the `pepProxy` service looks for files in `/etc/pepProxy.d` that begins with `pepproxy_` prefix and has `.conf` extension and start (or stop or status or restat) one process for file found. diff --git a/operations.md b/operations.md index 3e12bba..7036cd3 100644 --- a/operations.md +++ b/operations.md @@ -65,7 +65,7 @@ The following sections list all the critical errors that may completely stop the ### Validation errors #### VALIDATION-FATAL-001 Validation Request templates not found Indicates that the XACML templates used to generate the validation requests are not present, so no interaction with the validation system will be possible. This is a critical error and must be fixed before the system starts working. -Considering the templates come packaged inside the RPM, the problem is most likely to be an installation problem. Check the contents of the RPM are all unpackaged, specifically the directory /opt/pepProxy/lib/templates. +Considering the templates come packaged inside the Docker container, the problem is most likely to be an installation problem. Check the contents of the Docker container are all unpackaged, specifically the directory /opt/pepProxy/lib/templates. #### PROXY-FATAL-001 Configured to die upon error in a redirection. Stopping process. Indicates that the PEP Proxy was configured to die upon error in a redirection, and that redirection did occurr, so the PEP diff --git a/rpm/SOURCES/etc/cron.d/cron-logrotate-pepproxy-size b/rpm/SOURCES/etc/cron.d/cron-logrotate-pepproxy-size deleted file mode 100644 index d108ba7..0000000 --- a/rpm/SOURCES/etc/cron.d/cron-logrotate-pepproxy-size +++ /dev/null @@ -1,22 +0,0 @@ -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of Orion Policy Enforcement Point. -# -# Orion Policy Enforcement Point is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# Orion Policy Enforcement Point is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Orion Policy Enforcement Point. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# fermin at tid dot es - -# cron job to test and execute log rotate by size. -*/30 * * * * pepproxy /usr/sbin/logrotate /etc/sysconfig/logrotate-pepproxy-size diff --git a/rpm/SOURCES/etc/init.d/pepProxy b/rpm/SOURCES/etc/init.d/pepProxy deleted file mode 100755 index 973f8b1..0000000 --- a/rpm/SOURCES/etc/init.d/pepProxy +++ /dev/null @@ -1,242 +0,0 @@ -#!/usr/bin/env bash -# -# pepProxy Start/Stop the PEP Proxy -# -# chkconfig: 2345 99 60 -# description: Orion Policy Enforcement Point -### BEGIN INIT INFO -# Provides: pepProxy -# Required-Start: $local_fs $syslog -# Required-Stop: $local_fs $syslog -# Default-Start: 345 -# Default-Stop: 90 -# Short-Description: run pepProxy -# Description: The Policy Enforcement Point is part of the Access Control system of -# the Fiware Platform. Its main purpose is to filter the access to the Context Broker -# based on policies defined in the Access Control system. The PEP Proxy validates all -# the incoming requests against the Access Control. -### END INIT INFO - -export SYSTEMCTL_SKIP_REDIRECT=true - -# Copyright 2013 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of Orion Policy Enforcement Point. -# -# Orion Policy Enforcement Point is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# Orion Policy Enforcement Point is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Orion Policy Enforcement Point. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# fermin at tid dot es - - -. /etc/rc.d/init.d/functions - -PARAM=${1} -INSTANCE=${2} -PEP_COMPONENT_NAME="pepProxy" -COMPONENT_PATH="/opt/${PEP_COMPONENT_NAME}" -COMPONENT_EXE="${COMPONENT_PATH}/bin/${PEP_COMPONENT_NAME}" -COMPONENT_CONF_PATH="/etc/${PEP_COMPONENT_NAME}.d" -COMPONENT_PREFIX="pepproxy_" -# The PSINFO stores the output of psinfo function that shown the process area (ps) filtered by a PATTERN regexp -PSINFO="" -# The regexp used for filter in the process area (ps) -PSPATTERN="" -# No path for Node -NODEPATH="node" - -# Assure that exist PID_DIR and LOG_DIR -mkdir -p /var/run/${PEP_COMPONENT_NAME} /var/log/${PEP_COMPONENT_NAME} -chown pepproxy.pepproxy /var/run/${PEP_COMPONENT_NAME} /var/log/${PEP_COMPONENT_NAME} - - -# Function that show the process area (ps) filtered by a regexp (PSPATTERN) -# The first parameter is optional and define the instancename -# Two behavihours -# - Find all results for all instances of one service "${NODEPATH} ${COMPONENT_EXE}" -# - Find all results for one instance of one service "${NODEPATH} ${COMPONENT_EXE} ${1}\$" -function psinfo -{ - [[ "${1}" == "" ]] && PSPATTERN="${NODEPATH} ${COMPONENT_EXE}" - [[ "${1}" != "" ]] && PSPATTERN="${NODEPATH} ${COMPONENT_EXE} ${1}\$" - # TODO: For RH7 we will use pgrep -la -f "PATTERN" - PSINFO="$(pgrep -l -f "^${PSPATTERN}")" -} - -component_start() -{ - - local result=0 - local run_instance=${1} - - if [[ ! -x ${COMPONENT_EXE} ]]; then - printf "%s\n" "Fail - missing ${COMPONENT_EXE} executable" - exit 1 - fi - - if [[ -z ${run_instance} ]]; then - list_instances="${COMPONENT_CONF_PATH}/${COMPONENT_PREFIX}*.conf" - else - list_instances="${COMPONENT_CONF_PATH}/${COMPONENT_PREFIX}${run_instance}.conf" - fi - - if [[ $(ls -l ${list_instances} 2> /dev/null | wc -l) -eq 0 ]]; then - if [[ ${run_instance} == "" ]]; then - printf "%s\n" "There aren't any instance of ${PEP_COMPONENT_NAME} configured. Refer to file ${COMPONENT_CONF_PATH}/README.md for further information." - else - printf "%s\n" "There aren't any instance of ${PEP_COMPONENT_NAME} configured with the name ${run_instance}. Refer to file ${COMPONENT_CONF_PATH}/README.md for further information." - fi - return 1 - fi - - for _instance in ${list_instances} - do - - local NAME - NAME=${_instance%.conf} - NAME=${NAME#*${COMPONENT_PREFIX}} - - set -a - source ${_instance} - - local LOG_FILE="/var/log/${PEP_COMPONENT_NAME}/${COMPONENT_PREFIX}${NAME}.log" - local PID_FILE="/var/run/${PEP_COMPONENT_NAME}/${COMPONENT_PREFIX}${NAME}.pid" - - printf "%s" "Starting instance ${NAME} of ${PEP_COMPONENT_NAME}... " - - status -p ${PID_FILE} ${COMPONENT_EXE} &> /dev/null - if [[ ${?} -eq 0 ]]; then - printf "%s\n" " Already running, skipping $(success)" - continue - fi - - # Launch one instance with first parameter being the name of instance - su $PROXY_USER -p -c "cd ${COMPONENT_PATH}; ${COMPONENT_EXE} ${NAME} &>> ${LOG_FILE} & echo \$! > ${PID_FILE}" - sleep 2 # some cortesy time to process startup or die - local PID=$(cat ${PID_FILE}) - local PEP_PID=$(ps -ef | grep -v "grep" | grep "${PID:-not_found}") - if [[ -z ${PEP_PID} ]]; then - printf "%s\n" "$(failure)" - result=$((${result}+1)) - rm -f ${PID_FILE} &> /dev/null - else - chown ${COMPONENT_USER}:${COMPONENT_USER} ${PID_FILE} - printf "%s\n" "$(success)" - fi - - done - - return ${result} - -} - -component_stop() -{ - local result=0 - local run_instance=${1} - - if [[ -z ${run_instance} ]]; then - list_instances="${COMPONENT_CONF_PATH}/${COMPONENT_PREFIX}*.conf" - else - list_instances="${COMPONENT_CONF_PATH}/${COMPONENT_PREFIX}${run_instance}.conf" - fi - - if [[ $(ls -l ${list_instances} 2> /dev/null | wc -l) -eq 0 ]]; then - printf "%s\n" "There aren't any instance of ${PEP_COMPONENT_NAME} running $(success)" - return 0 - fi - - for _instance in ${list_instances} - do - - local NAME - NAME=${_instance%.conf} - NAME=${NAME#*${COMPONENT_PREFIX}} - - printf "%s" "Stopping instance ${NAME} of ${PEP_COMPONENT_NAME}... " - - # Obtain process status - psinfo ${NAME} - if [ -z "${PSINFO}" ] - then - echo "INFO: Instance ${NAME} of ${PEP_COMPONENT_NAME} it is not running. Do not nothing" - else - echo "INFO: Stop instance ${NAME} of ${PEP_COMPONENT_NAME}... " - echo "${PSINFO}" - echo "${PSINFO}" | awk '{print $1}' | xargs -r kill - sleep 1 - psinfo ${NAME} - echo "${PSINFO}" | awk '{print $1}' | xargs -r kill -9 - fi - - # Remove the PID file instance - rm -f /var/run/${PEP_COMPONENT_NAME}/${COMPONENT_PREFIX}${NAME}.pid &> /dev/null - - done - return ${result} -} - -component_status() -{ - local result=0 - local run_instance=${1} - - if [[ -z ${run_instance} ]]; then - list_run_instances="/var/run/${PEP_COMPONENT_NAME}/${COMPONENT_PREFIX}*.pid" - else - list_run_instances="/var/run/${PEP_COMPONENT_NAME}/${COMPONENT_PREFIX}${run_instance}.pid" - fi - - if [[ $(ls -l ${list_run_instances} 2> /dev/null | wc -l) -eq 0 ]]; then - printf "%s\n" "There aren't any instance of ${PEP_COMPONENT_NAME} running." - return 1 - fi - - for _instance in ${list_run_instances} - do - - local NAME - NAME=${_instance%.pid} - NAME=${NAME#*${COMPONENT_PREFIX}} - - printf "%s\n" "${PEP_COMPONENT_NAME} instance ${NAME} status... " - status -p ${_instance} ${NODE_EXEC} - result=$((${result}+${?})) - - done - - return ${result} -} - -case ${PARAM} in - - 'start') - component_start ${INSTANCE} - ;; - - 'stop') - component_stop ${INSTANCE} - ;; - - 'restart') - component_stop ${INSTANCE} - component_start ${INSTANCE} - ;; - - 'status') - component_status ${INSTANCE} - ;; - -esac - diff --git a/rpm/SOURCES/etc/logrotate.d/logrotate-pepproxy.conf b/rpm/SOURCES/etc/logrotate.d/logrotate-pepproxy.conf deleted file mode 100644 index 4cf9029..0000000 --- a/rpm/SOURCES/etc/logrotate.d/logrotate-pepproxy.conf +++ /dev/null @@ -1,29 +0,0 @@ -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of Orion Policy Enforcement Point. -# -# Orion Policy Enforcement Point is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# Orion Policy Enforcement Point is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Orion Policy Enforcement Point. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# fermin at tid dot es - -/var/log/pepProxy/*.log -{ - daily - rotate 7 - copytruncate - compress - notifempty - missingok -} diff --git a/rpm/SOURCES/etc/pepProxy.d/README.md b/rpm/SOURCES/etc/pepProxy.d/README.md deleted file mode 100644 index 06f59a3..0000000 --- a/rpm/SOURCES/etc/pepProxy.d/README.md +++ /dev/null @@ -1,28 +0,0 @@ -# PEP Proxy configuration procedure - -PEP Proxy is able to start multiple instances by adding and configuring certain files in `/etc/pepProxy.d` -and using `pepProxy` service script - -In order to start multiple instances of the proxy, just add one configuration file per instance in the -`/etc/pepProxy.d` folder. RPM comes with one preconfigured instance (config file called pepproxy_default.conf) -that can be used as a template to configure another instances. - -In its starting sequence, the `pepProxy` service looks for files in `/etc/pepProxy.d` that begins with `pepproxy_` -prefix and has `.conf` extension and start (or stop or status or restat) one process for file found. - -It is important to change `PROXY_PORT` and `ADMIN_PORT` to one not used by other PEP intances/services. - -`pepProxy` init.d is packaged into the RPM and is needed to execute PEP Proxy -in multiinstace explained above. It has the next operations: -- **start**: `sudo /sbin/service pepProxy start []` If `` is not provided, the script -tries to start as many instances as found in the configuration folder as possible (matching the configuration - file pattern). Otherwise, it only starts a single instance with the provided name. -- **stop**: `sudo /sbin/service pepProxy stop []` if `` is not provided, script tries to -stop all the instances by listing all pid files under `/var/run/pepProxy` with the pattern `pepproxy_*.pid`. -If `` is provided try to stop a instance with a pid file `/var/run/pepProxy/pepproxy_.pid` -- **status**: `sudo /sbin/service pepProxy status []` work in the same way that `stop` works but -showing information about intances status instead stopping it. -- **restart** `sudo /sbin/service pepProxy stop []` performs a `stop` and a `start` opetarions -applying to one or all instances if `` is provided or not respectively. - -Process PEP Proxy (node) is running as `pepproxy` user diff --git a/rpm/SOURCES/etc/pepProxy.d/pepproxy_default.conf b/rpm/SOURCES/etc/pepProxy.d/pepproxy_default.conf deleted file mode 100644 index f670821..0000000 --- a/rpm/SOURCES/etc/pepProxy.d/pepproxy_default.conf +++ /dev/null @@ -1,71 +0,0 @@ -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of Orion Policy Enforcement Point. -# -# Orion Policy Enforcement Point is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# Orion Policy Enforcement Point is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Orion Policy Enforcement Point. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# fermin at tid dot es - -# -# General Configuration -############################################################################ - -# Port where the proxy will listen for requests -PROXY_PORT=1026 - -# Administration port -ADMIN_PORT=11211 - -# User to execute the PEP Proxy with -PROXY_USER=pepproxy - -# Host where the target Context Broker is located -# TARGET_HOST=localhost - -# Port where the target Context Broker is listening -# TARGET_PORT=10026 - -# Maximum level of logs to show (FATAL, ERROR, WARNING, INFO, DEBUG) -LOG_LEVEL=ERROR - -# Indicates what component plugin should be loaded with this PEP: orion, keypass, perseo -COMPONENT_PLUGIN=orion - -# Indicates the name that will be used to refer to the component in the XACML rules. The component will be -# referred to with a FRN with the following pattern: "fiware::". -# If left blank or not defined, the same value as the COMPONENT_PLUGIN will be used. -COMPONENT_NAME= - -# -# Access Control Configuration -############################################################################ - -# Host where the Access Control (the component who knows the policies for the incoming requests) is located -# ACCESS_HOST= - -# Port where the Access Control is listening -# ACCESS_PORT= - -# Host where the authentication authority for the Access Control is located -# AUTHENTICATION_HOST= - -# Port where the authentication authority is listening -# AUTHENTICATION_PORT= - -# User name of the PEP Proxy in the authentication authority -PROXY_USERNAME=pep - -# Password of the PEP Proxy in the Authentication authority -PROXY_PASSWORD=pep diff --git a/rpm/SOURCES/etc/sysconfig/logrotate-pepproxy-size b/rpm/SOURCES/etc/sysconfig/logrotate-pepproxy-size deleted file mode 100644 index 781e2a2..0000000 --- a/rpm/SOURCES/etc/sysconfig/logrotate-pepproxy-size +++ /dev/null @@ -1,30 +0,0 @@ -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of Orion Policy Enforcement Point. -# -# Orion Policy Enforcement Point is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# Orion Policy Enforcement Point is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with Orion Policy Enforcement Point. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# fermin at tid dot es - - -/var/log/pepProxy/*.log -{ - size 100M - rotate 7 - copytruncate - compress - notifempty - missingok -} diff --git a/rpm/SOURCES/etc/tmpfiles.d/pepProxy.conf b/rpm/SOURCES/etc/tmpfiles.d/pepProxy.conf deleted file mode 100644 index c9a6232..0000000 --- a/rpm/SOURCES/etc/tmpfiles.d/pepProxy.conf +++ /dev/null @@ -1,2 +0,0 @@ -d /var/run/pepProxy 0755 pepproxy pepproxy - diff --git a/rpm/create-rpm.sh b/rpm/create-rpm.sh deleted file mode 100755 index 353d924..0000000 --- a/rpm/create-rpm.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of the Fiware PEP Proxy. -# -# the Fiware PEP Proxy is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# the Fiware PEP Proxy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with the Fiware PEP Proxy. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# iot_support at tid dot es - - -function usage() { - SCRIPT=$(basename $0) - - printf "\n" >&2 - printf "usage: ${SCRIPT} [options] \n" >&2 - printf "\n" >&2 - printf "Options:\n" >&2 - printf "\n" >&2 - printf " -h show usage\n" >&2 - printf " -v VERSION Mandatory parameter. Version for rpm product preferably in format x.y.z \n" >&2 - printf " -r RELEASE Mandatory parameter. Release for product. I.E. 0.ge58dffa \n" >&2 - printf "\n" >&2 -} - -while getopts ":v:r:u:a:h" opt - -do - case $opt in - v) - VERSION_ARG=${OPTARG} - ;; - r) - RELEASE_ARG=${OPTARG} - ;; - h) - usage - exit 0 - ;; - *) - echo "invalid argument: '${OPTARG}'" - exit 1 - ;; - esac -done - -BASE_DIR="$(cd ${0%/*} && pwd -P)/.." -RPM_BASE_DIR="${BASE_DIR}/rpm" - -if [[ ! -z ${VERSION_ARG} ]]; then - PRODUCT_VERSION=${VERSION_ARG} -else - echo "A product version must be specified with -v parameter." - usage - exit 2 -fi - -if [[ ! -z ${RELEASE_ARG} ]]; then - PRODUCT_RELEASE=${RELEASE_ARG} -else - echo "A product reslease must be specified with -r parameter." - usage - exit 2 -fi - -PROXY_USER="pepproxy" - -rpmbuild -ba ${RPM_BASE_DIR}/SPECS/pepProxy.spec \ - --define "_topdir ${RPM_BASE_DIR}" \ - --define "_project_user ${PROXY_USER}" \ - --define "_product_version ${PRODUCT_VERSION}" \ - --define "_product_release ${PRODUCT_RELEASE}" diff --git a/scripts/build/release.sh b/scripts/build/release.sh deleted file mode 100755 index e9babdc..0000000 --- a/scripts/build/release.sh +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash -# Copyright 2014 Telefonica Investigacion y Desarrollo, S.A.U -# -# This file is part of the Fiware PEP Proxy. -# -# the Fiware PEP Proxy is free software: you can redistribute it and/or -# modify it under the terms of the GNU Affero General Public License as -# published by the Free Software Foundation, either version 3 of the -# License, or (at your option) any later version. -# -# the Fiware PEP Proxy is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero -# General Public License for more details. -# -# You should have received a copy of the GNU Affero General Public License -# along with the Fiware PEP Proxy. If not, see http://www.gnu.org/licenses/. -# -# For those usages not covered by this license please contact with -# iot_support at tid dot es - -# ------------------------------------------------------------------------------ -# -# Example execution: -# scripts/build/release.sh 0.3.0 dev -# -progName=$0 -CHANGELOG_FILE="CHANGES_NEXT_RELEASE" - -# -# usage -# -function usage -{ - cat < [dev | cc | sprint] - Creates a new release changing the version to the one specified in the arguments. - The second argument indicates what type of release is it going to be released: - - - sprint: releases that are meant to be created each sprint end. A tag is automatically - generated along with the branch. - - - cc: code complete releases meant to be created when the product is about to go - into production with the rest of the platform. No tag is generated. - - - dev: intermediate releases that do not require following the same SCM specs. - -EOF - - exit 1 -} - -# -# Check git status and abort if it is dirty -# -function checkGitStatus() { - git status |grep "Changes not staged for commit" > /dev/null - RESULT=$? - - if [ $RESULT = 0 ]; then - echo "There are unstaged changes in your git workspace. Clean them before proceeding with the release" - exit 0 - fi -} - -# -# Chewcking command line parameters -# -if [ "$1" == "-u" ] -then - usage -fi - -if [ $# != 2 ] -then - usage -fi - - -# -# Command line parameters -# -export NEW_VERSION=$1 -export PEP_RELEASE=$2 - -# -# correct date format -# -DATE=$(LANG=C date +"%a %b %d %Y") -export dateLine="$DATE Daniel Moran ${NEW_VERSION}" - -checkGitStatus - -# Modify rpm/SPECS/pepProxy.spec only when step to a non-devel release -if [ "$PEP_RELEASE" != "dev" ] -then - # - # Edit rpm/SPECS/pepProxy.spec, adding the new changes from CHANGELOG_FILE - # - # 1. Find the line in rpm/SPECS/pepProxy.spec, where to add the content of CHANGELOG_FILE plus the info-line for the changes. - # o LINES: number of lines before the insertion - # 2. Get the total number of lines in rpm/SPECS/pepProxy.spec - # 3. Get the number of lines in rpm/SPECS/pepProxy.spec after the insertion - # o LAST_LINES: number of lines after the insertion - # 4. To a temporal file, add the four 'chunks': - # 1. LINES - # 2. the info-line for the changes - # 3. the content of CHANGELOG_FILE - # 4. LAST_LINES - # 5. Replace using the temporal file - - # - # 1. Find the line in rpm/SPECS/pepProxy.spec, where to add the content of CHANGELOG_FILE - # The for is because these is more than one oceuurence of '%changelog'. We are only - # interested in the last one. - # - for line in $(grep -n '%changelog' rpm/SPECS/pepProxy.spec | awk -F: '{ print $1 }') - do - LINE=$line - done - - - # - # 2. Get the total number of lines in rpm/SPECS/pepProxy.spec - # - LINES=$(wc -l < rpm/SPECS/pepProxy.spec) - - - # - # 3. Get the number of lines in rpm/SPECS/pepProxy.spec after the insertion - # - LAST_LINES=$(($LINES-$LINE)) - - - # - # 4. To a temporal file, add the four 'chunks' - # - head -$LINE rpm/SPECS/pepProxy.spec > /tmp/pepProxy.spec - - echo -n '* ' >> /tmp/pepProxy.spec - echo $dateLine >> /tmp/pepProxy.spec - - cat $CHANGELOG_FILE >> /tmp/pepProxy.spec - echo >> /tmp/pepProxy.spec - - tail -$LAST_LINES rpm/SPECS/pepProxy.spec >> /tmp/pepProxy.spec - - # 5. Replace using the temporal file - mv /tmp/pepProxy.spec rpm/SPECS/pepProxy.spec - -fi - - -# -# Get the current version (maintained in src/app/contextBroker/version.h) -# -currentVersion=$(cat package.json |grep version |awk '{print $2}'|tr -d "\"" | tr -d ",") - -echo "current version: $currentVersion" -echo "new version: $NEW_VERSION" - - -# -# Edit files that depend on the current version (which just changed) -# -sed "s/\"version\": \"$currentVersion\"/\"version\": \"$NEW_VERSION\"/" package.json > /tmp/package.json -sed "s/$currentVersion/$NEW_VERSION/" rpm/create-rpm.sh > /tmp/create-rpm.sh - -mv /tmp/package.json package.json -mv /tmp/create-rpm.sh rpm/create-rpm.sh - - -# Clean the inter-release changes file -rm -rf $CHANGELOG_FILE -touch $CHANGELOG_FILE - -# -# Do the git stuff only if we are in develop branch -# -CURRENT_BRANCH=$(git branch | grep '^*' | cut -c 3-10) -if [ "$CURRENT_BRANCH" == "master" ] -then - git add rpm/SPECS/pepProxy.spec - git add rpm/create-rpm.sh - git add package.json - git add CHANGES_NEXT_RELEASE - git commit -m "ADD Step: $currentVersion -> $NEW_VERSION" - git push origin master - - # We do the tag only and merge to master only in the case of non "dev" release - if [ "$PEP_RELEASE" = "sprint" ] - then - git checkout -b release/$NEW_VERSION - git tag $NEW_VERSION - git push --tags origin release/$NEW_VERSION - git checkout $CURRENT_BRANCH - elif [ "$PEP_RELEASE" = "cc" ] - then - git checkout -b release/$NEW_VERSION - git push origin release/$NEW_VERSION - git checkout $CURRENT_BRANCH - fi - - # - # Prepare master for the next version - # - sed "s/\"version\": \"$NEW_VERSION\"/\"version\": \"$NEW_VERSION-next\"/" package.json > /tmp/package.json - sed "s/$NEW_VERSION/$NEW_VERSION-next/" rpm/create-rpm.sh > /tmp/create-rpm.sh - mv /tmp/package.json package.json - mv /tmp/create-rpm.sh rpm/create-rpm.sh - - git add rpm/create-rpm.sh - git add package.json - git commit -m "ADD Prepare new version numbers for master" - git push origin master - -else - echo "Your current branch is $CURRENT_BRANCH. You need to be at master branch to do the final part of the process" -fi -