Merged master

zalando · Jun 5, 2023 · 9894d6a · 9894d6a
2 parents f61aa8f + 04a30f2
commit 9894d6a
Show file tree

Hide file tree

Showing 106 changed files with 2,824 additions and 1,857 deletions.
diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
@@ -1 +1 @@
-* @whiskeysierra @lukasniemeier-zalando @fatroom
+* @whiskeysierra @lukasniemeier-zalando @fatroom @Semernitskaya @dingxiangfei2009 @joyfolk @gpradeepkrishna
diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -22,20 +22,19 @@ jobs:
     runs-on: ubuntu-latest
     steps:
     - name: Checkout
-      uses: actions/checkout@v1
+      uses: actions/checkout@v3
     - name: Cache
-      uses: actions/cache@v1
+      uses: actions/cache@v3
       with:
         path: ~/.m2
         key: m2
     - name: Set up JDK
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v3
       with:
-        java-version: 1.8
+        distribution: 'temurin'
+        java-version-file: .java-version
     - name: Compile
       run: ./mvnw clean test-compile -B
     - name: Test
       run: ./mvnw verify -B
-    - name: Coverage
-      if: github.event_name != 'pull_request'
-      run: ./mvnw coveralls:report -B -D repoToken=${{ secrets.COVERALLS_TOKEN }}
+
diff --git a/.java-version b/.java-version
@@ -1 +1 @@
-1.8
+17.0
diff --git a/MIGRATION.md b/MIGRATION.md
@@ -1,3 +1,37 @@
+# Riptide 4.0 Migration Guide
+
+## Before you start
+
+**Riptide 4** requires java 17 or or up.
+**Riptide 4** requires Spring 6 or or up.
+
+## Failsafe
+
+**Riptide now requires Failsafe 3.3.x**
+
+There are many breaking changes between Failsafe version 2.4.3 and version 3.3.0, 
+see [Failsafe CHANGELOG](https://github.com/failsafe-lib/failsafe/blob/master/CHANGELOG.md#330) for all details.    
+Here are some of the breaking changes that can affect `riptide-failsafe` users:
+
+- The maven group id for Failsafe has changed to `dev.failsafe`
+- All files have been moved to the `dev.failsafe` package
+- `Scheduler`, `DefaultScheduledFuture` and `PolicyExecutor` were moved to the spi package
+- All policies now use a builder API instead of constructors
+- `DelayFunction` interface has been removed, `ContextualSupplier` should be used instead since it provides access to the same information
+- `CircuitBreakerBuilder` `onOpen`, `onClose`, and `onHalfOpen` methods now accept an `EventListener<CircuitBreakerStateChangedEvent>` argument
+
+## Spring
+
+Since Spring 5, `AsyncRestTemplate` is deprecated in favor of `WebClient`.
+For that reason, we have removed `AsyncHttpOperations` from `riptide-compatibility` layer.
+
+## OpenTracing
+
+The `SpanDecorators` obtained by `ServiceLoaderSpanDecorator` 
+(via the [`ServiceLoader`](https://docs.oracle.com/en/java/javase/17/docs/api/java.base/java/util/ServiceLoader.html) facility) 
+are loaded eagerly and only once.
+
+
 # Riptide 3.0 Migration Guide
 
 ## Before You Start

diff --git a/cve-suppressions.xml b/cve-suppressions.xml
@@ -16,15 +16,15 @@
     </suppress>
 
     <suppress>
-	<cve>CVE-2016-1000027</cve>
+        <cve>CVE-2016-1000027</cve>
         <cve>CVE-2019-12814</cve>
         <cve>CVE-2020-5421</cve>
         <cve>CVE-2020-7712</cve>
         <cve>CVE-2020-9488</cve>
         <cve>CVE-2020-10663</cve>
-	<cve>CVE-2022-22965</cve>
-	<cve>CVE-2022-38752</cve>
-	<cve>CVE-2022-38751</cve>
+        <cve>CVE-2022-22965</cve>
+        <cve>CVE-2022-38752</cve>
+        <cve>CVE-2022-38751</cve>
         <cve>CVE-2022-38750</cve>
         <cve>CVE-2022-25857</cve>
         <cve>CVE-2022-38749</cve>
@@ -35,6 +35,7 @@
 	<cve>CVE-2022-3064</cve>
 	<cve>CVE-2021-4235</cve>
 	<cve>CVE-2022-45688</cve>
+        <cve>CVE-2020-8908</cve>
     </suppress>
 
     <!-- https://github.com/jeremylong/DependencyCheck/issues/1921 -->
@@ -52,6 +53,15 @@
         <cve>CVE-2021-44228</cve>
         <cve>CVE-2021-45105</cve>
         <cve>CVE-2021-45046</cve>
-	<cve>CVE-2021-44832</cve>
+        <cve>CVE-2021-44832</cve>
+    </suppress>
+
+    <!--TODO: disabled temporary to fix the build-->
+    <suppress>
+        <cve>CVE-2023-20860</cve>
+        <cve>CVE-2023-20861</cve>
+        <cve>CVE-2023-20863</cve>
+        <cve>CVE-2023-1370</cve>
+        <cve>CVE-2023-20873</cve>
     </suppress>
 </suppressions>
diff --git a/docs/resilience.md b/docs/resilience.md
@@ -34,11 +34,13 @@ riptide.clients:
 The [riptide-faults](../riptide-faults) module provides a set `TransientFaults` predicates that detects transient faults:
 
 ```java
-Http.builder()
-    .plugin(new FailsafePlugin()
-        .withPolicy(new RetryRequestPolicy(
-            new RetryPolicy().handleIf(transientSocketFaults()))
-))
+Http.builder().requestFactory(new HttpComponentsClientHttpRequestFactory())
+        .plugin(new FailsafePlugin()
+            .withPolicy(new RetryRequestPolicy(
+                    RetryPolicy.<ClientHttpResponse>builder()
+                        .handleIf(CheckedPredicateConverter.toCheckedPredicate(transientSocketFaults()))
+                        .build())
+            ));
 ```
 
 ```yaml

diff --git a/pom.xml b/pom.xml
@@ -74,8 +74,8 @@
 
     <properties>
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
-        <maven.compiler.source>1.8</maven.compiler.source>
-        <maven.compiler.target>1.8</maven.compiler.target>
+        <maven.compiler.source>17</maven.compiler.source>
+        <maven.compiler.target>17</maven.compiler.target>
 
         <spring.version>5.3.27</spring.version>
     </properties>
@@ -104,7 +104,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-enforcer-plugin</artifactId>
-                    <version>3.1.0</version>
+                    <version>3.3.0</version>
                     <executions>
                         <execution>
                             <id>enforce-maven</id>
@@ -122,7 +122,7 @@
                 <plugin>
                     <groupId>org.owasp</groupId>
                     <artifactId>dependency-check-maven</artifactId>
-                    <version>8.0.0</version>
+                    <version>8.2.1</version>
                     <executions>
                         <execution>
                             <goals>
@@ -141,7 +141,7 @@
                 <plugin>
                     <groupId>org.basepom.maven</groupId>
                     <artifactId>duplicate-finder-maven-plugin</artifactId>
-                    <version>1.5.1</version>
+                    <version>2.0.1</version>
                     <executions>
                         <execution>
                             <phase>validate</phase>
@@ -164,12 +164,12 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-resources-plugin</artifactId>
-                    <version>3.3.0</version>
+                    <version>3.3.1</version>
                 </plugin>
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-compiler-plugin</artifactId>
-                    <version>3.10.1</version>
+                    <version>3.11.0</version>
                     <configuration>
                         <compilerArgs>
                             <compilerArg>-Xlint:unchecked</compilerArg>
@@ -180,7 +180,7 @@
                 <plugin>
                     <groupId>org.apache.maven.plugins</groupId>
                     <artifactId>maven-surefire-plugin</artifactId>
-                    <version>2.22.2</version>
+                    <version>3.1.0</version>
                     <configuration>
                         <failIfNoTests>true</failIfNoTests>
                         <parallel>classesAndMethods</parallel>
@@ -193,7 +193,7 @@
                 <plugin>
                     <groupId>org.jacoco</groupId>
                     <artifactId>jacoco-maven-plugin</artifactId>
-                    <version>0.8.8</version>
+                    <version>0.8.10</version>
                     <executions>
                         <execution>
                             <id>prepare-agent</id>
@@ -242,7 +242,7 @@
                 <plugin>
                     <groupId>org.codehaus.mojo</groupId>
                     <artifactId>versions-maven-plugin</artifactId>
-                    <version>2.14.2</version>
+                    <version>2.15.0</version>
                     <configuration>
                         <generateBackupPoms>false</generateBackupPoms>
                     </configuration>
@@ -270,7 +270,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-source-plugin</artifactId>
-                        <version>3.2.1</version>
+                        <version>3.3.0</version>
                         <executions>
                             <execution>
                                 <id>attach-sources</id>
@@ -283,7 +283,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-javadoc-plugin</artifactId>
-                        <version>3.4.1</version>
+                        <version>3.5.0</version>
                         <executions>
                             <execution>
                                 <id>attach-javadocs</id>
@@ -296,7 +296,7 @@
                     <plugin>
                         <groupId>org.apache.maven.plugins</groupId>
                         <artifactId>maven-gpg-plugin</artifactId>
-                        <version>3.0.1</version>
+                        <version>3.1.0</version>
                         <executions>
                             <execution>
                                 <id>sign-artifacts</id>

diff --git a/riptide-auth/pom.xml b/riptide-auth/pom.xml
@@ -26,8 +26,9 @@
             <artifactId>spring-test</artifactId>
         </dependency>
         <dependency>
-            <groupId>com.github.rest-driver</groupId>
-            <artifactId>rest-client-driver</artifactId>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>mockwebserver</artifactId>
+            <scope>test</scope>
         </dependency>
         <dependency>
             <groupId>org.zalando</groupId>

diff --git a/riptide-auth/src/test/java/org/zalando/riptide/auth/AuthorizationPluginTest.java b/riptide-auth/src/test/java/org/zalando/riptide/auth/AuthorizationPluginTest.java
@@ -1,63 +1,65 @@
 package org.zalando.riptide.auth;
 
-import com.github.restdriver.clientdriver.ClientDriver;
-import com.github.restdriver.clientdriver.ClientDriverFactory;
+import lombok.SneakyThrows;
+import okhttp3.mockwebserver.MockWebServer;
 import org.junit.jupiter.api.AfterEach;
 import org.junit.jupiter.api.Test;
 import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.zalando.riptide.Http;
 
 import java.util.concurrent.ExecutorService;
 
-import static com.github.restdriver.clientdriver.RestClientDriver.giveEmptyResponse;
-import static com.github.restdriver.clientdriver.RestClientDriver.onRequestTo;
 import static java.util.concurrent.Executors.newSingleThreadExecutor;
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.springframework.http.HttpMethod.GET;
 import static org.zalando.riptide.PassRoute.pass;
+import static org.zalando.riptide.auth.MockWebServerUtil.emptyMockResponse;
+import static org.zalando.riptide.auth.MockWebServerUtil.getBaseUrl;
+import static org.zalando.riptide.auth.MockWebServerUtil.verify;
 
 final class AuthorizationPluginTest {
 
-    private final ClientDriver driver = new ClientDriverFactory().createClientDriver();
+    private final MockWebServer server = new MockWebServer();
 
     private final ExecutorService executor = newSingleThreadExecutor();
 
     private final Http http = Http.builder()
             .executor(executor)
             .requestFactory(new SimpleClientHttpRequestFactory())
-            .baseUrl(driver.getBaseUrl())
+            .baseUrl(getBaseUrl(server))
             .plugin(new AuthorizationPlugin(() -> "Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.e30."))
             .build();
 
+    @SneakyThrows
     @AfterEach
     void tearDown() {
         executor.shutdown();
-    }
-
-    @AfterEach
-    void verify() {
-        driver.verify();
+        server.shutdown();
     }
 
     @Test
     void shouldFail() {
-        driver.addExpectation(
-                onRequestTo("/").withHeader("Authorization", "Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.e30."),
-                giveEmptyResponse());
+        server.enqueue(emptyMockResponse());
 
         http.get("/")
                 .call(pass())
                 .join();
+
+        verify(server, 1, "/", GET.toString(), headers ->
+                assertEquals("Bearer eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.e30.", headers.get("Authorization")));
     }
 
     @Test
     void shouldNotOverwriteAuthorizationHeader() {
-        driver.addExpectation(
-                onRequestTo("/").withHeader("Authorization", "Basic dXNlcjpzZWNyZXQK"),
-                giveEmptyResponse());
+        server.enqueue(emptyMockResponse());
 
         http.get("/")
                 .header("Authorization", "Basic dXNlcjpzZWNyZXQK")
                 .call(pass())
                 .join();
+
+        verify(server, 1, "/", GET.toString(), headers ->
+                assertEquals("Basic dXNlcjpzZWNyZXQK", headers.get("Authorization")));
     }
 
 }