New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Jakarta Security 3.0 #462
Jakarta Security 3.0 #462
Conversation
Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
✅ Deploy Preview for jakartaee-specifications ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
It looks good to me. |
Mentor's Spec Review Checklist
|
@arjantijms Can you provide some insight on where we are with this overall? Looks like we're still missing staged binaries and a TCK run, so I suspect you all might still be working on the spec itself. Is there an ETA on when this spec is ready to go final? |
From the Security dev list, it looks like there's still work to be done to add the needed coverage for the features introduced in Security 3.0 https://www.eclipse.org/lists/es-dev/msg00162.html |
Nope, that's not correct. The spec has been fully ready since about a month. The binaries should really be there. I see them here:
That's not correct. The new Security 3.0 features are covered, at least, to a reasonable degree. For something as large as OpenID Connect there's always more that can be tested. The new tests are: |
@arjantijms Thanks. I read your email to Security dev a bit closer, it looks like you were talking about tests still lacking in the Authorization TCK, not the Security TCK. As the Security spec and TCK are stable, is there any blocker or ETA to checking off more items in the checklist such as staged API jars, staged TCK binary and compatible implementation TCK results? |
The item for the staged API jars can surely be checked-off. |
Email to PMC: https://eclipse.org/lists/ee4j-pmc/msg03328.html |
Release review tracking issue: https://gitlab.eclipse.org/eclipsefdn/emo-team/emo/-/issues/279 |
@arjantijms You mentioned the userguide might need work, but I have gone through the guide and candidate TCK zip and it meets all of the requirements. |
@starksm64 if it does that, then it's fine. I haven't looked at it yet, but does it also contain the parts about the new TCK? (the junit / arquillian bits) |
@starksm64 additionally, does it correctly say how many tests need to pass? This is the current output from a TCK run:
I guess this bit is what we should ask for?
So 116 new tests, and 84 old tests, right? |
The guides don't generally say how many tests need to pass as it can vary based on optional features and environment. |
Hey @arjantijms Downloaded the TCK from the link at the top of this PR and ran the shasum command.
Both the CSR jakartaee/security#239 and the result page https://eclipse-ee4j.github.io/soteria/certifications/jakarta-security/3.0/TCK-Results do reference another TCK. I noticed there is a TCK 3.0.1 with JDK11 support in the index file, but did not find it to download for additional checking. In your comment to Scott, you dropped the log of the TCK run which on the other hand seems to be the same as I have download.
Can you double check this please? |
That is probably a mistake. Could be a build of the old TCK that's still lingering around? |
Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
Signed-off-by: Arjan Tijms <arjan.tijms@gmail.com>
Downloading the TCK manually and checking SHA on the terminal:
|
I think this is all looking good now. Thanks a lot @arjantijms |
Am I being blind or does the staged TCK not have a user guide? |
I'll have to double check the actual archive that got uploaded, but from the assembly they should be there: |
The |
Checked the staged zip again, the user guide PDF I expect to be there under Is it in a different format and located somewhere else within the zip? |
Hmmm, then we have to think about what to do with the ballot. If it would be okay to just update the zip with the docs that were technically already there (in the repo, but have magically not been included in the zip), or that we have to restart the ballot. I also have to check what exactly happened. At one point I had a local zip file with the docs in it, but it's clearly not there now. |
@arjantijms Ballot is now canceled. Lemme know if you need something |
@jeanouii I'll re-roll the TCK, thanks! |
@arjantijms When do you think you can update the TCK and following PRs? |
I'd like to get it done before the weekend, or at the very latest this Saturday. |
Sorry @arjantijms . Don't want to be a pain but clock is running and we need some days to create the ballot and finalize the release. Do you think you can still do it or should we find a plan B? |
@jeanouii @Pandrex247 The updated TCK is staged here: https://download.eclipse.org/ee4j/jakartaee-tck/jakartaee10/staged/eftl/jakarta-security-tck-3.0.0.zip I checked that it contained the user guide this time. The SHA is now '696776046dfeaed74266a5d1c4dac7fea5437b6f51743b7fe10962dde755ff8f' and updated here: jakartaee/security#239 and here https://eclipse-ee4j.github.io/soteria/certifications/jakarta-security/3.0/TCK-Results |
Ballot successful |
On ballot completion, the specification committee mentor:
|
Specification PR template
When creating a specification project release review, create PRs with the content defined as follows.
Include the following in the PR:
https://github.com/jakartaee/specification-committee/blob/master/spec_page_template.md
Instructions MAY be by reference.
https://jakarta.oss.sonatype.org/content/repositories/staging/jakarta/security/enterprise/jakarta.security.enterprise-api/3.0.0/
https://download.eclipse.org/ee4j/jakartaee-tck/jakartaee10/staged/eftl/jakarta-security-tck-3.0.0.zip
Compatibility certification request for Jakarta Security 3.0 security#239
If desired, an optional second PR can be created to contain just the JavaDoc in the
apidocs
directory.Note: If any item does not apply, check it and mark N/A below it.
Signed-off-by: Arjan Tijms arjan.tijms@gmail.com