From fc0d886f6c388d27cf74d73d9f26cdf563b62323 Mon Sep 17 00:00:00 2001 From: Jochen Just Date: Tue, 21 Mar 2023 15:33:39 +0100 Subject: [PATCH 1/2] Uses double quotes consistently --- build.gradle | 72 ++++++++++++++++++++++++++-------------------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/build.gradle b/build.gradle index f4c48dd..0e971c4 100644 --- a/build.gradle +++ b/build.gradle @@ -1,6 +1,6 @@ plugins { - id 'org.springframework.boot' version "${springboot_version}" - id 'com.palantir.docker' version "0.21.0" + id "org.springframework.boot" version "${springboot_version}" + id "com.palantir.docker" version "0.21.0" id "org.cyclonedx.bom" version "1.7.2" } @@ -8,21 +8,21 @@ repositories { mavenCentral() } -apply plugin: 'java' -apply plugin: 'io.spring.dependency-management' -apply plugin: 'jacoco' +apply plugin: "java" +apply plugin: "io.spring.dependency-management" +apply plugin: "jacoco" -group = 'rocks.inspectit.ocelot' -sourceCompatibility = '1.8' +group = "rocks.inspectit.ocelot" +sourceCompatibility = "1.8" -if (!project.hasProperty('buildVersion') || project.getProperty('buildVersion').empty) { - ext.buildVersion = 'SNAPSHOT' +if (!project.hasProperty("buildVersion") || project.getProperty("buildVersion").empty) { + ext.buildVersion = "SNAPSHOT" } version = "$buildVersion" task downloadBoomerangjs() { - logger.info('Downloading Boomerangjs version {}.', boomerangVersion) + logger.info("Downloading Boomerangjs version {}.", boomerangVersion) ext.dest = new File(buildDir, "boomerang-source-${boomerangVersion}.tgz") outputs.files(ext.dest) doLast { @@ -39,14 +39,14 @@ task deleteBoomerangjs(type: Delete) { task downloadAndExtractBoomerang(dependsOn: [deleteBoomerangjs, downloadBoomerangjs], type: Copy) { from tarTree(downloadBoomerangjs.dest) into new File(project.buildDir, "boomerangjs-${boomerangVersion}") - filter { line -> line.replaceAll('%boomerang_version%', "${boomerangVersion}") } + filter { line -> line.replaceAll("%boomerang_version%", "${boomerangVersion}") } } task generateVersionFile { ext.versionFile = new File(project.buildDir, "eum-version.info") doLast { def currentDate = new Date().toString() - ext.versionFile.withWriter('UTF-8') { writer -> + ext.versionFile.withWriter("UTF-8") { writer -> writer << "$version\n$currentDate\n$boomerangVersion" } } @@ -68,11 +68,11 @@ bootJar { dependsOn downloadAndExtractBoomerang dependsOn downloadOpenTelemetryPlugin - archivesBaseName = 'inspectit-ocelot-eum-server' + archivesBaseName = "inspectit-ocelot-eum-server" version = "${buildVersion}" manifest { - attributes 'Start-Class': 'rocks.inspectit.oce.eum.server.EUMServerApplication' + attributes "Start-Class": "rocks.inspectit.oce.eum.server.EUMServerApplication" } // include version file @@ -102,14 +102,14 @@ test { useJUnitPlatform() testLogging { - exceptionFormat = 'full' + exceptionFormat = "full" } } dependencies { implementation( "org.springframework.boot:spring-boot-starter-web", - 'org.springframework.boot:spring-boot-starter-actuator', + "org.springframework.boot:spring-boot-starter-actuator", "org.springframework.boot:spring-boot-starter-validation", "org.springframework.boot:spring-boot-starter-security", @@ -140,11 +140,11 @@ dependencies { "com.google.protobuf:protobuf-java:3.15.7", "com.google.protobuf:protobuf-java-util:3.15.7", - 'com.maxmind.geoip2:geoip2:2.12.0', - 'commons-net:commons-net:3.3', + "com.maxmind.geoip2:geoip2:2.12.0", + "commons-net:commons-net:3.3", "org.apache.commons:commons-lang3:3.+", - 'org.apache.commons:commons-math3:3.6.1', - 'commons-io:commons-io:2.11.0', + "org.apache.commons:commons-math3:3.6.1", + "commons-io:commons-io:2.11.0", "org.influxdb:influxdb-java:2.15", "rocks.inspectit:opencensus-influxdb-exporter:1.2", @@ -154,27 +154,27 @@ dependencies { annotationProcessor "org.projectlombok:lombok:${lombokVersion}" testImplementation( - //project(':inspectit-ocelot-config'), + //project(":inspectit-ocelot-config"), "org.springframework.boot:spring-boot-starter-test", "io.opencensus:opencensus-impl:${openCensusVersion}", - 'org.apache.httpcomponents:httpclient:4.5.6', - 'commons-io:commons-io:2.11.0', + "org.apache.httpcomponents:httpclient:4.5.6", + "commons-io:commons-io:2.11.0", "org.mockito:mockito-core:${mockitoVersion}", - 'org.junit.jupiter:junit-jupiter-api:5.7.2', - 'org.awaitility:awaitility:3.1.5', - 'org.mockito:mockito-junit-jupiter:2.23.0', - 'org.testcontainers:testcontainers:1.15.2', - 'org.testcontainers:junit-jupiter:1.15.2', + "org.junit.jupiter:junit-jupiter-api:5.7.2", + "org.awaitility:awaitility:3.1.5", + "org.mockito:mockito-junit-jupiter:2.23.0", + "org.testcontainers:testcontainers:1.15.2", + "org.testcontainers:junit-jupiter:1.15.2", // ServerExtension - 'com.linecorp.armeria:armeria-junit5:1.14.1', - 'com.linecorp.armeria:armeria-grpc-protocol:1.14.1', + "com.linecorp.armeria:armeria-junit5:1.14.1", + "com.linecorp.armeria:armeria-grpc-protocol:1.14.1", "io.opentelemetry:opentelemetry-semconv:1.20.0-alpha", // for docker test containers - 'org.testcontainers:testcontainers:1.16.3', - 'org.testcontainers:junit-jupiter:1.16.3', + "org.testcontainers:testcontainers:1.16.3", + "org.testcontainers:junit-jupiter:1.16.3", ) @@ -186,13 +186,13 @@ task copyServerJar(type: Copy) { from("${buildDir}/libs/inspectit-ocelot-eum-server-${version}.jar") into("${buildDir}/docker-jar") rename("inspectit-ocelot-eum-server-${version}\\.jar", - 'inspectit-ocelot-eum-server.jar') + "inspectit-ocelot-eum-server.jar") } docker { + dependsOn copyServerJar name "inspectit/inspectit-ocelot-eum-server" tags "${version}" - dockerfile file('docker/Dockerfile') - files 'docker/entrypoint.sh', "$buildDir/docker-jar/inspectit-ocelot-eum-server.jar" + dockerfile file("docker/Dockerfile") + files "docker/entrypoint.sh", "$buildDir/docker-jar/inspectit-ocelot-eum-server.jar" } -docker.dependsOn copyServerJar From d401f4163b3556f9525ec6a32c0e626c595d8e33 Mon Sep 17 00:00:00 2001 From: Jochen Just Date: Thu, 23 Mar 2023 17:19:10 +0100 Subject: [PATCH 2/2] Upgrades various dependencies * Centralizes all versions in gradle.properties * add guava as a direct dependency as it is used in the source code * uses version of Spring boot where ever possible --- build.gradle | 67 +++++++++---------- gradle.properties | 56 +++++++++++----- .../internal/metrics/MetricAdapter.java | 6 +- .../ExporterIntTestBaseWithOtelCollector.java | 10 +-- .../metrics/BeaconMetricManagerTest.java | 3 +- 5 files changed, 81 insertions(+), 61 deletions(-) diff --git a/build.gradle b/build.gradle index 0e971c4..7ff368b 100644 --- a/build.gradle +++ b/build.gradle @@ -1,7 +1,9 @@ plugins { - id "org.springframework.boot" version "${springboot_version}" - id "com.palantir.docker" version "0.21.0" - id "org.cyclonedx.bom" version "1.7.2" + id "org.springframework.boot" version "${springBootVersion}" + id "com.palantir.docker" version "${palantirDockerVersion}" + id "org.cyclonedx.bom" version "${cyclonedxBomVersion}" + id "io.spring.dependency-management" version "${springDependencyManangementVersion}" + id "org.owasp.dependencycheck" version "${owaspDependencyCheckVersion}" } repositories { @@ -9,7 +11,6 @@ repositories { } apply plugin: "java" -apply plugin: "io.spring.dependency-management" apply plugin: "jacoco" group = "rocks.inspectit.ocelot" @@ -113,6 +114,8 @@ dependencies { "org.springframework.boot:spring-boot-starter-validation", "org.springframework.boot:spring-boot-starter-security", + "org.yaml:snakeyaml:${snakeYamlVersion}", + // pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total" // see: https://github.com/prometheus/client_java/issues/640, https://github.com/prometheus/client_java/pull/653 "io.prometheus:simpleclient:${prometheusClientVersion}", @@ -123,62 +126,58 @@ dependencies { "io.opencensus:opencensus-impl:${openCensusVersion}", "io.opencensus:opencensus-exporter-stats-prometheus:${openCensusVersion}", - "io.grpc:grpc-netty-shaded:1.36.1", - "io.grpc:grpc-protobuf:1.36.1", - "io.grpc:grpc-stub:1.36.1", + "io.grpc:grpc-netty-shaded:${grpcVersion}", + "io.grpc:grpc-protobuf:${grpcVersion}", + "io.grpc:grpc-stub:${grpcVersion}", platform("io.opentelemetry:opentelemetry-bom-alpha:${openTelemetryAlphaVersion}"), - "io.opentelemetry:opentelemetry-proto", "io.opentelemetry:opentelemetry-semconv", platform("io.opentelemetry:opentelemetry-bom:${openTelemetryVersion}"), "io.opentelemetry:opentelemetry-exporter-otlp", "io.opentelemetry:opentelemetry-exporter-jaeger", "io.opentelemetry:opentelemetry-exporter-jaeger-thrift", "io.opentelemetry:opentelemetry-sdk", + "io.opentelemetry:opentelemetry-proto:${openTelemetryProtoVersion}", - "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml:2.12.5", + "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", - "com.google.protobuf:protobuf-java:3.15.7", - "com.google.protobuf:protobuf-java-util:3.15.7", + "com.google.protobuf:protobuf-java:${protobufVersion}", + "com.google.protobuf:protobuf-java-util:${protobufVersion}", - "com.maxmind.geoip2:geoip2:2.12.0", - "commons-net:commons-net:3.3", - "org.apache.commons:commons-lang3:3.+", - "org.apache.commons:commons-math3:3.6.1", - "commons-io:commons-io:2.11.0", - "org.influxdb:influxdb-java:2.15", - "rocks.inspectit:opencensus-influxdb-exporter:1.2", + "com.google.guava:guava:${guavaVersion}", + "com.maxmind.geoip2:geoip2:${geoip2Version}", + "commons-net:commons-net:${commonsNetVersion}", + "org.apache.commons:commons-lang3", + "org.apache.commons:commons-math3:${commonsMath3Version}", + "commons-io:commons-io:${commonsIoVersion}", + "org.influxdb:influxdb-java:${influxdbJavaVersion}", + "rocks.inspectit:opencensus-influxdb-exporter:${opencensusInfluxdbExporterVersion}", ) compileOnly "org.projectlombok:lombok:${lombokVersion}" annotationProcessor "org.projectlombok:lombok:${lombokVersion}" testImplementation( - //project(":inspectit-ocelot-config"), "org.springframework.boot:spring-boot-starter-test", "io.opencensus:opencensus-impl:${openCensusVersion}", - "org.apache.httpcomponents:httpclient:4.5.6", - "commons-io:commons-io:2.11.0", - "org.mockito:mockito-core:${mockitoVersion}", - "org.junit.jupiter:junit-jupiter-api:5.7.2", - "org.awaitility:awaitility:3.1.5", - "org.mockito:mockito-junit-jupiter:2.23.0", - "org.testcontainers:testcontainers:1.15.2", - "org.testcontainers:junit-jupiter:1.15.2", + "org.apache.httpcomponents:httpclient", + "org.mockito:mockito-core", + "org.junit.jupiter:junit-jupiter-api", + "org.awaitility:awaitility", + "org.mockito:mockito-junit-jupiter", // ServerExtension - "com.linecorp.armeria:armeria-junit5:1.14.1", - "com.linecorp.armeria:armeria-grpc-protocol:1.14.1", + "com.linecorp.armeria:armeria-junit5:${armeriaVersion}", + "com.linecorp.armeria:armeria-grpc-protocol:${armeriaVersion}", - "io.opentelemetry:opentelemetry-semconv:1.20.0-alpha", + "io.opentelemetry:opentelemetry-semconv:${openTelemetryAlphaVersion}", // for docker test containers - "org.testcontainers:testcontainers:1.16.3", - "org.testcontainers:junit-jupiter:1.16.3", - + "org.testcontainers:testcontainers:${testContainersVersion}", + "org.testcontainers:junit-jupiter:${testContainersVersion}" ) - testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine:5.7.2" + testRuntimeOnly "org.junit.jupiter:junit-jupiter-engine" } task copyServerJar(type: Copy) { diff --git a/gradle.properties b/gradle.properties index 0eb1515..e85a863 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1,25 +1,45 @@ # The boomerang version to ship with the EUM server boomerangVersion=1.737.0 - # The open-telemetry-boomerang version to ship with the EUM server -boomerangOpenTelemetryPluginVersion=0.25.0-5 - -# cannot use higher version due to a conflict with swagger2 and spring boot 2.6 - see https://stackoverflow.com/a/70503395/2478009 -springboot_version=2.5.6 - -# overrides the default logback version used by spring boot -logback.version=1.2.10 - - +boomerangOpenTelemetryPluginVersion=0.25.0-6 +# 2.7 is the latest release line which runs on Java 8 +springBootVersion=2.7.10 +# We do not really use snakeyaml directly. We overwrite the version of +# spring due to a security report +# For 1.33 CVE-2022-1471 is still identified. Since EUM-Server +# does not read yaml from untrusted sources, it is not affected. +# We cannot use 2.0 because EUM-Server actually parses a YAML file via Jackson. +# Jackson uses SnakeYaml and cannot deal with version 2.0 +snakeYamlVersion=1.33 # Ensure to adapt the netty version (inspectit-ocelot-core/build.gradle) when changing the OpenCensus version -openCensusVersion=0.28.3 - +openCensusVersion=0.31.1 # pin Prometheus client to 0.6.0 to prevent auto prefixing counter metrics with "_total" # see: https://github.com/prometheus/client_java/issues/640, https://github.com/prometheus/client_java/pull/653 prometheusClientVersion = 0.6.0 - -mockitoVersion=4.1.0 -lombokVersion=1.18.22 - -openTelemetryVersion=1.20.0 -openTelemetryAlphaVersion=1.1.0-alpha \ No newline at end of file +lombokVersion=1.18.26 +openTelemetryVersion=1.24.0 +openTelemetryAlphaVersion=1.24.0-alpha +openTelemetryProtoVersion=1.7.1-alpha +grpcVersion=1.53.0 +protobufVersion=3.22.2 +guavaVersion=31.1-jre +# there are newer version, but they are not compatible with Java 8 +geoip2Version=2.16.1 +commonsNetVersion=3.9.0 +commonsMath3Version=3.6.1 +commonsIoVersion=2.11.0 +influxdbJavaVersion=2.23 +opencensusInfluxdbExporterVersion=1.2 +armeriaVersion=1.22.1 +testContainersVersion=1.17.6 + +### gradle plugin versions +### Check for newer version at https://plugins.gradle.org/ +# io.spring.dependency-management +springDependencyManangementVersion=1.1.0 +# org.owasp.dependencycheck +owaspDependencyCheckVersion=8.0.2 +# org.cyclonedx.bom +cyclonedxBomVersion=1.7.3 +# com.palantir.docker +palantirDockerVersion=0.34.0 diff --git a/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java b/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java index 6d12946..360ca9e 100644 --- a/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java +++ b/src/main/java/io/opentelemetry/opencensusshim/internal/metrics/MetricAdapter.java @@ -237,8 +237,10 @@ static Collection convertHistogramPoints(Metric censusMetric endTimestamp, attributes, distribution.getSum(), - null, - null, + false, + -1, + false, + -1, mapBoundaries(distribution.getBucketOptions()), mapCounts(distribution.getBuckets()), mapExemplars(distribution.getBuckets())), diff --git a/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java b/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java index ccb7f71..23212b6 100644 --- a/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java +++ b/src/test/java/rocks/inspectit/oce/eum/server/exporters/ExporterIntTestBaseWithOtelCollector.java @@ -211,9 +211,9 @@ protected void awaitMetricsExported(String metricName, double value, ViewDefinit .getMetricsList() .stream() .filter(metric -> metric.getName().equalsIgnoreCase(metricName)) - .anyMatch(metric -> (aggregation == ViewDefinitionSettings.Aggregation.LAST_VALUE ? metric.getDoubleGauge() - .getDataPointsList() : metric.getDoubleSum() - .getDataPointsList()).stream().anyMatch(d -> d.getValue() == value))))); + .anyMatch(metric -> (aggregation == ViewDefinitionSettings.Aggregation.LAST_VALUE ? metric.getGauge() + .getDataPointsList() : metric.getSum() + .getDataPointsList()).stream().anyMatch(d -> d.getAsDouble() == value))))); } /** @@ -230,10 +230,10 @@ protected void assertMetric(double value, boolean expected) { .stream() .anyMatch(iml -> iml.getMetricsList() .stream() - .anyMatch(metric -> metric.getDoubleSum() + .anyMatch(metric -> metric.getSum() .getDataPointsList() .stream() - .anyMatch(d -> expected ? d.getValue() == value : d.getValue() != value)))))); + .anyMatch(d -> expected ? d.getAsDouble() == value : d.getAsDouble() != value)))))).isTrue(); } /** diff --git a/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java b/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java index b047b46..6c39857 100644 --- a/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java +++ b/src/test/java/rocks/inspectit/oce/eum/server/metrics/BeaconMetricManagerTest.java @@ -1,6 +1,5 @@ package rocks.inspectit.oce.eum.server.metrics; -import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import io.opencensus.stats.StatsRecorder; import io.opencensus.stats.ViewManager; @@ -47,7 +46,7 @@ public class BeaconMetricManagerTest { ViewManager viewManager; @Spy - List beaconRecorders = ImmutableList.of(mock(BeaconRecorder.class)); + List beaconRecorders = new ArrayList<>(Arrays.asList(mock(BeaconRecorder.class))); private final Set registeredTags = new HashSet<>(Arrays.asList("first", "second", "third"));