Go upgrade, Azure SDK upgrade with azure api scan filtering enabled (#…

…5870) * scaffolding version and golang version Signed-off-by: Vivek Shankar <vshankar@progress.com> * changes for azure sdk upgrade Signed-off-by: Vivek Shankar <vshankar@progress.com> * license scout crypto Signed-off-by: Vivek Shankar <vshankar@progress.com> * added filtering in backend api for api scan azure Signed-off-by: Vivek Shankar <vshankar@progress.com> * fixed duplicates Signed-off-by: Vivek Shankar <vshankar@progress.com> * revert changes on go.sum Signed-off-by: Vivek Shankar <vshankar@progress.com> * revert changes on go.sum Signed-off-by: Vivek Shankar <vshankar@progress.com> * fixed integration test cases for azure api Signed-off-by: Vivek Shankar <vshankar@progress.com> * add go sum Signed-off-by: Vivek Shankar <vshankar@progress.com> * certificate incompatibility issue fix for go 1.15 Signed-off-by: Vivek Shankar <vshankar@progress.com> * filter logic modified Signed-off-by: Vivek Shankar <vshankar@progress.com> * added fget fields Signed-off-by: Vivek Shankar <vshankar@progress.com> * removed logs and extra lines Signed-off-by: Vivek Shankar <vshankar@progress.com> * added unit and integration tests Signed-off-by: Vivek Shankar <vshankar@progress.com> * added unit and integration tests Signed-off-by: Vivek Shankar <vshankar@progress.com> * print subs Signed-off-by: Vivek Shankar <vshankar@progress.com> * check integration test Signed-off-by: Vivek Shankar <vshankar@progress.com> * added go debug env Signed-off-by: Vivek Shankar <vshankar@progress.com> * init method added for GODEBUG Signed-off-by: Vivek Shankar <vshankar@progress.com> * added tests of env Signed-off-by: Vivek Shankar <vshankar@progress.com> * set GODEBUG to PIPELINE Signed-off-by: Vivek Shankar <vshankar@progress.com> * more tests added Signed-off-by: Vivek Shankar <vshankar@progress.com> * refactored and timeout increase Signed-off-by: Vivek Shankar <vshankar@progress.com> * revereted vm changes Signed-off-by: Vivek Shankar <vshankar@progress.com>
chef · Oct 26, 2021 · 3358606 · 3358606
1 parent da470bf
commit 3358606
Show file tree

Hide file tree

Showing 70 changed files with 623 additions and 52 deletions.
diff --git a/.expeditor/verify.pipeline.yml b/.expeditor/verify.pipeline.yml
@@ -195,7 +195,7 @@ steps:
       - scripts/install_golang.sh
       - scripts/setup_buildkite_pg.sh cereal_test
       - cd lib
-      - PG_USER="postgres" PATH=/usr/lib/postgresql/9.6/bin/:\$PATH make lint unit cereal_integration
+      - PG_USER="postgres" PATH=/usr/lib/postgresql/9.6/bin/:\$PATH GODEBUG=x509ignoreCN=0 make lint unit cereal_integration
     timeout_in_minutes: 10
     retry:
       automatic:

diff --git a/.expeditor/verify_private.pipeline.yml b/.expeditor/verify_private.pipeline.yml
@@ -717,7 +717,7 @@ steps:
   - label: "ontop backup"
     command:
       - integration/run_test integration/tests/backup_ontop.sh
-    timeout_in_minutes: 25
+    timeout_in_minutes: 30
     expeditor:
       executor:
         linux:

diff --git a/.license_scout.yml b/.license_scout.yml
@@ -294,6 +294,9 @@ fallbacks:
     - name: github.com/shirou/w32
       license_id: w32-Authors
       license_content: https://raw.githubusercontent.com/shirou/w32/master/LICENSE
+    - name: golang.org/x/crypto
+      license_id: BSD-3-Clause
+      license_content: https://raw.githubusercontent.com/golang/crypto/master/LICENSE
 
   habitat:
     - name: chef/mlsa

diff --git a/GOLANG_VERSION b/GOLANG_VERSION
@@ -1 +1 @@
-1.14
+1.15
diff --git a/components/applications-load-gen/habitat/hooks/run b/components/applications-load-gen/habitat/hooks/run
@@ -4,6 +4,9 @@ set -e
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/applications-service/habitat/hooks/run b/components/applications-service/habitat/hooks/run
@@ -4,6 +4,9 @@ set -e
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/authn-service/habitat/hooks/run b/components/authn-service/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/authz-service/habitat/hooks/run b/components/authz-service/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/automate-backend-curator/habitat/hooks/run b/components/automate-backend-curator/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 while [ 1 ]
 do
   PYTHONWARNINGS=ignore curator --config {{pkg.svc_path}}/config/curator.yml {{pkg.svc_path}}/config/actions.yml &

diff --git a/components/automate-backend-elasticsearch/habitat/hooks/run b/components/automate-backend-elasticsearch/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 
 half_mem=$(echo $(( $(free -m | grep Mem | awk '{print $2}') / 2 )))
 if [ $half_mem -lt 26624 ]; then heapsize=$half_mem; heapsize+=m;else heapsize=26624m; fi

diff --git a/components/automate-backend-elasticsidecar/habitat/hooks/run b/components/automate-backend-elasticsidecar/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 echo "extracting ops dashboards"
 mkdir -p /hab/svc/automate-backend-elasticsidecar/config/dashboards/
 tar -xzf {{pkg.path}}/data/dashboards.tar.gz -C /hab/svc/automate-backend-elasticsidecar/config/dashboards/

diff --git a/components/automate-backend-haproxy/habitat/hooks/run b/components/automate-backend-haproxy/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 export PGLEADERCHK_PORT
 
 {{~#if bind.pgleaderchk}}

diff --git a/components/automate-backend-journalbeat/habitat/hooks/run b/components/automate-backend-journalbeat/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:{{pkgPathFor "core/systemd"}}/lib
 
 exec journalbeat \

diff --git a/components/automate-backend-kibana/habitat/hooks/run b/components/automate-backend-kibana/habitat/hooks/run
@@ -2,4 +2,7 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 exec kibana -c {{pkg.svc_path}}/config/kibana.yml
diff --git a/components/automate-backend-metricbeat/habitat/hooks/run b/components/automate-backend-metricbeat/habitat/hooks/run
@@ -2,6 +2,8 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
 
 exec metricbeat \
   -c "{{pkg.svc_config_path}}/metricbeat.yml" \

diff --git a/components/automate-backend-pgleaderchk/habitat/hooks/run b/components/automate-backend-pgleaderchk/habitat/hooks/run
@@ -2,4 +2,7 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 exec pgleaderchk -c {{pkg.svc_config_path}}/config.toml serve
diff --git a/components/automate-backend-postgresql/habitat/hooks/run b/components/automate-backend-postgresql/habitat/hooks/run
@@ -4,6 +4,9 @@ set -Exeuo pipefail
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 echo 'Executing run hook'
 
 source {{pkg.svc_config_path}}/functions.sh

diff --git a/components/automate-builder-api-proxy/habitat/hooks/run b/components/automate-builder-api-proxy/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 mkdir -p "{{pkg.svc_var_path}}/nginx"
 chown -R hab:hab "{{pkg.svc_config_path}}" "{{pkg.svc_data_path}}" "{{pkg.svc_var_path}}"
 

diff --git a/components/automate-builder-api/habitat/hooks/run b/components/automate-builder-api/habitat/hooks/run
@@ -4,6 +4,9 @@ exec 2>&1
 
 set -e
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 export HOME="{{pkg.svc_data_path}}"
 
 export RUST_LOG="{{cfg.log.level}},{{strJoin cfg.log.scoped_levels ","}}"

diff --git a/components/automate-builder-memcached/habitat/hooks/run b/components/automate-builder-memcached/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # From memcache 1.5.19:
 #
 # - ssl_chain_cert:      certificate chain file in PEM format

diff --git a/components/automate-cds/habitat/hooks/run b/components/automate-cds/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/automate-cs-bookshelf/habitat/hooks/run b/components/automate-cs-bookshelf/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 
 mkdir -p {{pkg.svc_var_path}}/logs

diff --git a/components/automate-cs-nginx/habitat/hooks/run b/components/automate-cs-nginx/habitat/hooks/run
@@ -4,6 +4,9 @@ exec 2>&1
 
 set -e
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{#if cfg.required_recipe.enabled ~}}
 # Copy the required_recipe into the service's data directory and
 # ensure it has permissions that the service user can read.

diff --git a/components/automate-cs-oc-bifrost/habitat/hooks/run b/components/automate-cs-oc-bifrost/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 
 mkdir -p {{pkg.svc_var_path}}/logs

diff --git a/components/automate-cs-oc-erchef/habitat/hooks/run b/components/automate-cs-oc-erchef/habitat/hooks/run
@@ -3,6 +3,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 "{{pkgPathFor "chef/mlsa"}}/bin/accept" {{cfg.mlsa.accept}}
 
 mkdir -p {{pkg.svc_var_path}}/logs

diff --git a/components/automate-deployment/habitat/hooks/run b/components/automate-deployment/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/automate-dex/habitat/hooks/run b/components/automate-dex/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 export A2_SVC_DB_USER="dex"
 
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}

diff --git a/components/automate-elasticsearch/habitat/hooks/run b/components/automate-elasticsearch/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{#if cfg.disable ~}}
 while true
 do

diff --git a/components/automate-es-gateway/habitat/hooks/run b/components/automate-es-gateway/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # We shipped a version of A2 where es-gateway would write logs into the /hab/pkgs
 # path. Attempt to clean up those log files if they exist:
 rm -f /hab/pkgs/core/nginx/1.15.6/20181212185120/chef /hab/pkgs/core/nginx/1.15.6/20190115154053/chef

diff --git a/components/automate-gateway/habitat/hooks/run b/components/automate-gateway/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/automate-load-balancer/habitat/hooks/run b/components/automate-load-balancer/habitat/hooks/run
@@ -1,6 +1,10 @@
 #!{{pkgPathFor "core/bash"}}/bin/bash
 
 exec 2>&1
+
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 
 source {{pkg.svc_config_path}}/render-certs.sh

diff --git a/components/automate-minio/habitat/hooks/run b/components/automate-minio/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 mkdir -p "{{pkg.svc_data_path}}/depot"
 
 # Minio requires TLS certs to be in a 'certs' subdirectory of the config-dir.

diff --git a/components/automate-pg-gateway/habitat/hooks/run b/components/automate-pg-gateway/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 chmod 0600 {{pkg.svc_config_path}}/service.crt
 chmod 0600 {{pkg.svc_config_path}}/service.key
 chmod 0600 {{pkg.svc_config_path}}/root_ca.crt

diff --git a/components/automate-postgresql/habitat/hooks/run b/components/automate-postgresql/habitat/hooks/run
@@ -4,6 +4,9 @@
 set -e
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{#if cfg.disable ~}}
 echo "Internal Postgres Disabled"
 while true

diff --git a/components/automate-prometheus/habitat/hooks/run b/components/automate-prometheus/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 exec {{pkgPathFor "core/prometheus"}}/bin/prometheus \
   --config.file={{pkg.svc_config_path}}/prometheus.yml \
   --web.listen-address=":{{cfg.port}}" \

diff --git a/components/automate-scaffolding-go/habitat/plan.sh b/components/automate-scaffolding-go/habitat/plan.sh
@@ -9,7 +9,7 @@ pkg_version="0.1.0"
 pkg_license=('Chef-MLSA')
 pkg_source=nosuchfile.tar.gz
 pkg_deps=(
-  core/go/1.14 # This is only pinned to force a scaffolding rebuild to this version
+  core/go/1.15 # This is only pinned to force a scaffolding rebuild to this version
   core/git
 )
 

diff --git a/components/automate-ui-devproxy/habitat/hooks/run b/components/automate-ui-devproxy/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 echo "Setting UI proxy to $DEVPROXY_URL based on \$DEVPROXY_URL which is set differently by .studiorc for either the Docker-based or Vagrant-based studio dev env."
 sed -i -e "s/WILL_GET_REPLACED_BY_INIT_HOOK/$DEVPROXY_URL/g" /hab/svc/automate-ui/config/nginx.conf || true
 

diff --git a/components/automate-ui/habitat/hooks/run b/components/automate-ui/habitat/hooks/run
@@ -2,5 +2,8 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 exec {{ pkgPathFor "core/nginx" }}/bin/nginx -c "{{ pkg.svc_config_path }}/nginx.conf"
diff --git a/components/automate-ui/src/app/page-components/job-nodes-form/job-nodes-form.component.ts b/components/automate-ui/src/app/page-components/job-nodes-form/job-nodes-form.component.ts
@@ -132,6 +132,6 @@ export class JobNodesFormComponent {
   }
 
   supportsFilterByTag(managerType: string): boolean {
-    return ['automate', 'aws-ec2', 'azure-vm'].includes(managerType);
+    return ['automate', 'aws-ec2', 'azure-vm', 'azure-api'].includes(managerType);
   }
 }
diff --git a/components/automate-workflow-nginx/habitat/hooks/run b/components/automate-workflow-nginx/habitat/hooks/run
@@ -4,6 +4,9 @@ set -e
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}
 

diff --git a/components/automate-workflow-server/habitat/hooks/run b/components/automate-workflow-server/habitat/hooks/run
@@ -2,6 +2,9 @@
 
 exec 2>&1
 
+# Required to allow common name feild in certificate. Feature soon to deprecated by 1.17
+export GODEBUG=x509ignoreCN=0
+
 # Call the script to block until user accepts the MLSA via the package's config
 {{pkgPathFor "chef/mlsa"}}/bin/accept {{cfg.mlsa.accept}}