Skip to content

Commit

Permalink
fix(dependency): fix dependency version leak of google-api-services-s…
Browse files Browse the repository at this point in the history 
…torage from kork in front50-web (#1302) (#1384)

With reference to the spinnaker issue spinnaker/spinnaker#6866, google-api-services-storage dependency version (v1-rev20200326-1.30.9) is not forced by front50-gcs module to other front50 modules like front50-web and it is leaked by kork-secret-gcp module (v1-rev141-1.25.0) to front50 modules.
```
$ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath

> Task :front50-web:dependencyInsight
com.google.apis:google-api-services-storage:v1-rev141-1.25.0
  Variant runtime:
    | Attribute Name                 | Provided     | Requested    |
    |--------------------------------|--------------|--------------|
    | org.gradle.status              | release      |              |
    | org.gradle.category            | library      | library      |
    | org.gradle.libraryelements     | jar          | jar          |
    | org.gradle.usage               | java-runtime | java-runtime |
    | org.gradle.dependency.bundling |              | external     |
    | org.gradle.jvm.environment     |              | standard-jvm |
    | org.gradle.jvm.version         |              | 11           |
   Selection reasons:
      - By constraint
      - Forced

com.google.apis:google-api-services-storage:v1-rev141-1.25.0
+--- io.spinnaker.kork:kork-bom:7.188.0
|    +--- runtimeClasspath
|    +--- project :front50-migrations
|    |    \--- runtimeClasspath
|    +--- project :front50-azure
|    |    \--- runtimeClasspath
|    +--- project :front50-gcs
|    |    \--- runtimeClasspath
|    +--- project :front50-oracle
|    |    \--- runtimeClasspath
|    +--- project :front50-redis
|    |    \--- runtimeClasspath
|    +--- project :front50-s3
|    |    \--- runtimeClasspath
|    +--- project :front50-swift
|    |    \--- runtimeClasspath
|    +--- project :front50-sql
|    |    \--- runtimeClasspath
|    +--- project :front50-core
|    |    +--- runtimeClasspath
|    |    +--- project :front50-migrations (*)
|    |    +--- project :front50-azure (*)
|    |    +--- project :front50-gcs (*)
|    |    +--- project :front50-oracle (*)
|    |    +--- project :front50-redis (*)
|    |    +--- project :front50-s3 (*)
|    |    +--- project :front50-swift (*)
|    |    \--- project :front50-sql (*)
|    +--- project :front50-api
|    |    +--- runtimeClasspath
|    |    +--- project :front50-migrations (*)
|    |    +--- project :front50-azure (*)
|    |    +--- project :front50-gcs (*)
|    |    +--- project :front50-oracle (*)
|    |    +--- project :front50-redis (*)
|    |    +--- project :front50-s3 (*)
|    |    +--- project :front50-swift (*)
|    |    +--- project :front50-sql (*)
|    |    \--- project :front50-core (*)
|    +--- project :front50-sql-mysql
|    |    \--- project :front50-sql (*)
|    \--- project :front50-sql-postgres
|         \--- project :front50-sql (*)
\--- io.spinnaker.kork:kork-secrets-gcp:7.188.0
     +--- io.spinnaker.kork:kork-bom:7.188.0 (*)
     \--- io.spinnaker.kork:kork-runtime:7.188.0
          +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime)
          \--- io.spinnaker.kork:kork-bom:7.188.0 (*)

com.google.apis:google-api-services-storage:v1-rev20220401-1.32.1 -> v1-rev141-1.25.0
\--- com.google.cloud:google-cloud-storage:2.6.1
     +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage)
     |    \--- runtimeClasspath
     \--- io.spinnaker.kork:kork-bom:7.188.0
          +--- runtimeClasspath
          +--- project :front50-migrations
          |    \--- runtimeClasspath
          +--- project :front50-azure
          |    \--- runtimeClasspath
          +--- project :front50-gcs (*)
          +--- project :front50-oracle
          |    \--- runtimeClasspath
          +--- project :front50-redis
          |    \--- runtimeClasspath
          +--- project :front50-s3
          |    \--- runtimeClasspath
          +--- project :front50-swift
          |    \--- runtimeClasspath
          +--- project :front50-sql
          |    \--- runtimeClasspath
          +--- project :front50-core
          |    +--- runtimeClasspath
          |    +--- project :front50-migrations (*)
          |    +--- project :front50-azure (*)
          |    +--- project :front50-gcs (*)
          |    +--- project :front50-oracle (*)
          |    +--- project :front50-redis (*)
          |    +--- project :front50-s3 (*)
          |    +--- project :front50-swift (*)
          |    \--- project :front50-sql (*)
          +--- project :front50-api
          |    +--- runtimeClasspath
          |    +--- project :front50-migrations (*)
          |    +--- project :front50-azure (*)
          |    +--- project :front50-gcs (*)
          |    +--- project :front50-oracle (*)
          |    +--- project :front50-redis (*)
          |    +--- project :front50-s3 (*)
          |    +--- project :front50-swift (*)
          |    +--- project :front50-sql (*)
          |    \--- project :front50-core (*)
          +--- project :front50-sql-mysql
          |    \--- project :front50-sql (*)
          \--- project :front50-sql-postgres
               \--- project :front50-sql (*)

com.google.apis:google-api-services-storage -> v1-rev141-1.25.0
\--- project :front50-gcs
     \--- runtimeClasspath

```
To fix this force constraints have to be applied to build.gradle.
After the fix :
```
$ ./gradlew front50-web:dI --dependency google-api-services-storage --configuration runtimeClasspath

> Task :front50-web:dependencyInsight
com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9
  Variant runtime:
    | Attribute Name                 | Provided     | Requested    |
    |--------------------------------|--------------|--------------|
    | org.gradle.status              | release      |              |
    | org.gradle.category            | library      | library      |
    | org.gradle.libraryelements     | jar          | jar          |
    | org.gradle.usage               | java-runtime | java-runtime |
    | org.gradle.dependency.bundling |              | external     |
    | org.gradle.jvm.environment     |              | standard-jvm |
    | org.gradle.jvm.version         |              | 11           |
   Selection reasons:
      - Forced
      - By constraint

com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9
\--- com.google.cloud:google-cloud-storage:1.108.0
     +--- project :front50-gcs (requested com.google.cloud:google-cloud-storage)
     |    \--- runtimeClasspath
     \--- io.spinnaker.kork:kork-bom:7.188.0 (requested com.google.cloud:google-cloud-storage:2.6.1)
          +--- runtimeClasspath
          +--- project :front50-migrations
          |    \--- runtimeClasspath
          +--- project :front50-azure
          |    \--- runtimeClasspath
          +--- project :front50-gcs (*)
          +--- project :front50-oracle
          |    \--- runtimeClasspath
          +--- project :front50-redis
          |    \--- runtimeClasspath
          +--- project :front50-s3
          |    \--- runtimeClasspath
          +--- project :front50-swift
          |    \--- runtimeClasspath
          +--- project :front50-sql
          |    \--- runtimeClasspath
          +--- project :front50-core
          |    +--- runtimeClasspath
          |    +--- project :front50-migrations (*)
          |    +--- project :front50-azure (*)
          |    +--- project :front50-gcs (*)
          |    +--- project :front50-oracle (*)
          |    +--- project :front50-redis (*)
          |    +--- project :front50-s3 (*)
          |    +--- project :front50-swift (*)
          |    \--- project :front50-sql (*)
          +--- project :front50-api
          |    +--- runtimeClasspath
          |    +--- project :front50-migrations (*)
          |    +--- project :front50-azure (*)
          |    +--- project :front50-gcs (*)
          |    +--- project :front50-oracle (*)
          |    +--- project :front50-redis (*)
          |    +--- project :front50-s3 (*)
          |    +--- project :front50-swift (*)
          |    +--- project :front50-sql (*)
          |    \--- project :front50-core (*)
          +--- project :front50-sql-mysql
          |    \--- project :front50-sql (*)
          \--- project :front50-sql-postgres
               \--- project :front50-sql (*)

com.google.apis:google-api-services-storage:v1-rev141-1.25.0 -> v1-rev20200326-1.30.9
+--- io.spinnaker.kork:kork-bom:7.188.0
|    +--- runtimeClasspath
|    +--- project :front50-migrations
|    |    \--- runtimeClasspath
|    +--- project :front50-azure
|    |    \--- runtimeClasspath
|    +--- project :front50-gcs
|    |    \--- runtimeClasspath
|    +--- project :front50-oracle
|    |    \--- runtimeClasspath
|    +--- project :front50-redis
|    |    \--- runtimeClasspath
|    +--- project :front50-s3
|    |    \--- runtimeClasspath
|    +--- project :front50-swift
|    |    \--- runtimeClasspath
|    +--- project :front50-sql
|    |    \--- runtimeClasspath
|    +--- project :front50-core
|    |    +--- runtimeClasspath
|    |    +--- project :front50-migrations (*)
|    |    +--- project :front50-azure (*)
|    |    +--- project :front50-gcs (*)
|    |    +--- project :front50-oracle (*)
|    |    +--- project :front50-redis (*)
|    |    +--- project :front50-s3 (*)
|    |    +--- project :front50-swift (*)
|    |    \--- project :front50-sql (*)
|    +--- project :front50-api
|    |    +--- runtimeClasspath
|    |    +--- project :front50-migrations (*)
|    |    +--- project :front50-azure (*)
|    |    +--- project :front50-gcs (*)
|    |    +--- project :front50-oracle (*)
|    |    +--- project :front50-redis (*)
|    |    +--- project :front50-s3 (*)
|    |    +--- project :front50-swift (*)
|    |    +--- project :front50-sql (*)
|    |    \--- project :front50-core (*)
|    +--- project :front50-sql-mysql
|    |    \--- project :front50-sql (*)
|    \--- project :front50-sql-postgres
|         \--- project :front50-sql (*)
\--- io.spinnaker.kork:kork-secrets-gcp:7.188.0
     +--- io.spinnaker.kork:kork-bom:7.188.0 (*)
     \--- io.spinnaker.kork:kork-runtime:7.188.0
          +--- runtimeClasspath (requested io.spinnaker.kork:kork-runtime)
          \--- io.spinnaker.kork:kork-bom:7.188.0 (*)

com.google.apis:google-api-services-storage -> v1-rev20200326-1.30.9
\--- project :front50-gcs
     \--- runtimeClasspath

```

(cherry picked from commit fb5850c)

Co-authored-by: Sandesh <30489233+j-sandy@users.noreply.github.com>
  • Loading branch information
@mergify @j-sandy
mergify[bot] and j-sandy committed Sep 5, 2023
1 parent 3909af7 commit f049457
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 7 deletions.
7 changes: 7 additions & 0 deletions build.gradle
View file
Expand Up @@ -74,6 +74,13 @@ subprojects { project ->
testRuntimeOnly("org.junit.vintage:junit-vintage-engine")
testRuntimeOnly("org.objenesis:objenesis")
}
// Keep this constraint till all other components get bumped up to this version and subsequently updated in the kork.
configurations.all {
resolutionStrategy.force 'com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9'
resolutionStrategy.force 'com.google.auth:google-auth-library-oauth2-http:0.20.0'
// TODO(plumpy): remove version once added to kork
resolutionStrategy.force 'com.google.cloud:google-cloud-storage:1.108.0'
}
}
}

Expand Down
7 changes: 0 additions & 7 deletions front50-gcs/front50-gcs.gradle
View file
Expand Up @@ -42,10 +42,3 @@ dependencies {
testImplementation "io.mockk:mockk"
testImplementation "org.junit.jupiter:junit-jupiter-api"
}

configurations.all {
resolutionStrategy.force 'com.google.apis:google-api-services-storage:v1-rev20200326-1.30.9'
resolutionStrategy.force 'com.google.auth:google-auth-library-oauth2-http:0.20.0'
// TODO(plumpy): remove version once added to kork
resolutionStrategy.force 'com.google.cloud:google-cloud-storage:1.108.0'
}

0 comments on commit f049457

Please sign in to comment.