StoRM WebDAV release v1.5.0

.github/workflows/maven.yml

@@ -22,22 +22,22 @@ on:
 
 jobs:
   build:
-
     runs-on: ubuntu-latest
-
+    if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v4
     - name: Set up JDK 11
-      uses: actions/setup-java@v1
+      uses: actions/setup-java@v4
       with:
+        distribution: 'temurin'
         java-version: 11
     - name: Cache Maven packages
-      uses: actions/cache@v2
+      uses: actions/cache@v4
       with:
         path: ~/.m2
         key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
         restore-keys: ${{ runner.os }}-m2
     - name: Build with Maven
-      run: mvn -B clean package -s maven/cnaf-mirror-settings.xml
+      run: mvn -B clean package
     - name: Checkstyle with Maven
-      run: mvn clean compile -s maven/cnaf-mirror-settings.xml -U -Dmaven.test.failure.ignore -DfailIfNoTests=false checkstyle:check -Dcheckstyle.config.location=google_checks.xml
+      run: mvn clean compile -U -Dmaven.test.failure.ignore -DfailIfNoTests=false checkstyle:check -Dcheckstyle.config.location=google_checks.xml

.github/workflows/run-testsuite.yml

@@ -0,0 +1,53 @@
+name: Run testsuite
+
+on:
+  push:
+
+jobs:
+  run-testsuite:
+    name: WebDAV test suite
+
+    runs-on: ubuntu-latest
+
+    env:
+      ARTIFACTS: ${HOME}/artifacts
+      ROBOT_ARGS: -L DEBUG --variable dav.host:storm.test.example --variable remote.dav.host:storm-alias.test.example --variable remote.davs.port:443 --exclude known-issue
+      OIDC_AGENT_SECRET: ${{ secrets.OIDC_AGENT_SECRET }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Provide trustanchors
+        working-directory: compose
+        run: docker compose up trust
+
+      - name: Start services
+        working-directory: compose
+        run: docker compose up --build -d storage-setup webdav nginx
+
+      - name: Run testsuite
+        if: ${{ always() }}
+        working-directory: compose
+        run: |
+          docker compose up -d ts
+          docker compose exec -T ts bash -c '/scripts/ci-run-testsuite.sh'
+
+      - name: Create artifacts directory
+        if: ${{ always() }}
+        run: mkdir -p ${ARTIFACTS}
+
+      - name: Collect test reports
+        if: ${{ always() }}
+        run: docker cp storm-webdav-ts-1:/home/test/robot/reports ${ARTIFACTS}
+
+      - name: Collect service log
+        if: ${{ always() }}
+        run: docker logs storm-webdav-webdav-1 > ${ARTIFACTS}/storm-webdav-server.log 2>&1
+
+      - name: Archive reports
+        if: ${{ always() }}
+        uses: actions/upload-artifact@v4
+        with:
+          name: logs-and-reports
+          path: ${{ env.ARTIFACTS }}

.github/workflows/sonar.yml

@@ -10,21 +10,22 @@ jobs:
     name: Build and analyze
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v4
         with:
           fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
-      - name: Set up JDK 11
-        uses: actions/setup-java@v1
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
         with:
-          java-version: 11
+          distribution: 'temurin'
+          java-version: 17
       - name: Cache SonarCloud packages
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ~/.sonar/cache
           key: ${{ runner.os }}-sonar
           restore-keys: ${{ runner.os }}-sonar
       - name: Cache Maven packages
-        uses: actions/cache@v1
+        uses: actions/cache@v4
         with:
           path: ~/.m2
           key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
@@ -33,4 +34,4 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # Needed to get PR information, if any
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: mvn -s maven/cnaf-mirror-settings.xml -B -U install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=italiangrid_storm-webdav
+        run: mvn -B -U install org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=italiangrid_storm-webdav

.gitignore

@@ -6,3 +6,5 @@
 .springBeans
 .idea
 storm-webdav-server.iml
+/robot/reports
+.vscode

CHANGELOG.md

@@ -1,36 +1,65 @@
 # Changelog
 
+## 1.4.2 (2023-06-27)
+
+## Description
+
+This release:
+
+* upgrades significant dependencies (spring-boot, canl, bouncycastle, jQuery)
+* removes the support for TRACE method
+* tunes some default values (default TPC timeout, default heap size, etc.)
+* and fixes other minor bugs/issues.
+
+### fixes
+
+* [[STOR-1396](https://issues.infn.it/jira/browse/STOR-1396)] - Ensure adler32 checksums are always 8 chars long
+* [[STOR-1450](https://issues.infn.it/jira/browse/STOR-1450)] - Increase default timeout for TPC to 30 seconds
+* [[STOR-1500](https://issues.infn.it/jira/browse/STOR-1500)] - When redis is disabled the health indicator for redis should be disabled
+* [[STOR-1574](https://issues.infn.it/jira/browse/STOR-1574)] - Old java/canl creates problems with encoding of subject/issuer names in self-signed certificates
+* [[STOR-1440](https://issues.infn.it/jira/browse/STOR-1440)] - StoRM WebDAV should configure a bigger heap by default
+* [[STOR-1497](https://issues.infn.it/jira/browse/STOR-1497)] - Upgrade canl-java to v2.6.0
+* [[STOR-1515](https://issues.infn.it/jira/browse/STOR-1515)] - StoRM WebDAV metrics on TPC.pull/push.throughput
+* [[STOR-1555](https://issues.infn.it/jira/browse/STOR-1555)] - Upgrade jQuery version
+* [[STOR-1556](https://issues.infn.it/jira/browse/STOR-1556)] - Remove TRACE from allowed methods
+* [[STOR-1557](https://issues.infn.it/jira/browse/STOR-1557)] - Upgrade Spring Boot version to the latest
+* [[STOR-1558](https://issues.infn.it/jira/browse/STOR-1558)] - Update bouncycastle version to 1.67
+* [[STOR-1576](https://issues.infn.it/jira/browse/STOR-1576)] - Add .well-known endpoint for StoRM WebDAV to point to the Tape REST endpoint
+
+
+## 1.4.1 (2021-05-12)
+
+This release fixes the failed state shown on stop/restart of the service due to a misunderstood exit code meaning.
+
+### Fixed
+
+- [[STOR-1400](https://issues.infn.it/jira/browse/STOR-1400)] - StoRM WebDAV service enters failed state when stopped
+
 ## 1.4.0 (2021-04-01)
 
 ### Added
 
-- [Add support for externalized session management](https://issues.infn.it/jira/browse/STOR-1336)
+- [[STOR-1336](https://issues.infn.it/jira/browse/STOR-1336)] - Add support for externalized session management
 
 ### Fixed
 
-- [Login with OIDC button not shown for error
-  pages](https://issues.infn.it/jira/browse/STOR-1335) 
-- [StoRM WebDAV: Login with OIDC button displayed only on storage area index
-  page]( https://issues.infn.it/jira/browse/STOR-1332)
-- [StoRM WebDAV rpm doesn't set the proper ownership on
-  /var/log/storm](https://issues.infn.it/jira/browse/STOR-1298)
-- [StoRM WebDAV package should install Java
-  11](https://issues.infn.it/jira/browse/STOR-1358)
+- [[STOR-1335](https://issues.infn.it/jira/browse/STOR-1335)] - Login with OIDC button not shown for error
+  pages
+- [[STOR-1332](https://issues.infn.it/jira/browse/STOR-1332)] - Login with OIDC button displayed only on storage area index page
+- [[STOR-1298](https://issues.infn.it/jira/browse/STOR-1298)] - StoRM WebDAV RPM doesn't set the proper ownership on `/var/log/storm`
+- [[STOR-1358](https://issues.infn.it/jira/browse/STOR-1358)] - StoRM WebDAV package should install Java 11
 
 ## 1.2.0 (2019-08-??)
 
 ### Added
 
-- [Spring boot updated to 2.1.4.RELEASE][STOR-1098]
-- [Introduced support for Conscrypt JSSE provider to improve TLS
-  performace][STOR-1097]
+- [[STOR-1098](https://issues.infn.it/jira/browse/STOR-1098)] - Spring boot updated to 2.1.4.RELEASE
+- [[STOR-1097](https://issues.infn.it/jira/browse/STOR-1097)] - Introduced support for Conscrypt JSSE provider to improve TLS performance
 
 ### Fixed
 
-- [StoRM WebDAV default configuration does not depend anymore on
-  iam-test.indigo-datacloud.eu][STOR-1095]
-- [Unreachable OpenID Connect provider causes StoRM WebDAV startup
-  failure][STOR-1096]
+- [[STOR-1095](https://issues.infn.it/jira/browse/STOR-1095)] - StoRM WebDAV default configuration does not depend anymore on `iam-test.indigo-datacloud.eu`
+- [[STOR-1096](https://issues.infn.it/jira/browse/STOR-1096)] - Unreachable OpenID Connect provider causes StoRM WebDAV startup failure
 
 ## 1.1.0 (2019-02-28)
 
@@ -46,8 +75,3 @@
 
 - POST handled as GET fixed 
 
-
-[STOR-1095]: https://issues.infn.it/jira/browse/STOR-1095
-[STOR-1096]: https://issues.infn.it/jira/browse/STOR-1096
-[STOR-1097]: https://issues.infn.it/jira/browse/STOR-1097
-[STOR-1098]: https://issues.infn.it/jira/browse/STOR-1098

Dockerfile

@@ -0,0 +1,34 @@
+# https://spring.io/guides/topicals/spring-boot-docker#_multi_stage_build
+FROM eclipse-temurin:11-jdk-alpine as build
+WORKDIR /workspace/app
+RUN apk add maven
+COPY pom.xml .
+RUN mvn dependency:resolve
+RUN mvn dependency:resolve-plugins
+COPY .git .git
+COPY etc etc
+COPY src src
+RUN mvn package -Dmaven.test.skip
+RUN mkdir -p target/dependency && (cd target/dependency; jar -xf ../*.jar)
+
+FROM eclipse-temurin:11-centos7
+ENV STORM_WEBDAV_JVM_OPTS="-Dspring.profiles.active=dev"
+ARG DEPENDENCY=/workspace/app/target/dependency
+
+#WORKDIR /app
+COPY --from=build ${DEPENDENCY}/BOOT-INF/lib /app/lib
+COPY --from=build ${DEPENDENCY}/META-INF /app/META-INF
+COPY --from=build ${DEPENDENCY}/BOOT-INF/classes /app
+COPY src src
+
+ARG USERNAME=storm
+ARG USER_UID=1000
+ARG USER_GID=${USER_UID}
+
+RUN groupadd --gid ${USER_GID} ${USERNAME}
+RUN useradd --uid ${USER_UID} --gid ${USER_GID} -m ${USERNAME}
+RUN echo ${USERNAME} ALL=\(root\) NOPASSWD:ALL > /etc/sudoers
+RUN chmod 0440 /etc/sudoers
+USER ${USERNAME}
+
+ENTRYPOINT java ${STORM_WEBDAV_JVM_OPTS} -cp app:app/lib/* org.italiangrid.storm.webdav.WebdavService

compose/.env

@@ -1 +1,9 @@
 COMPOSE_PROJECT_NAME=storm-webdav
+TRUST_IMAGE=indigoiam/egi-trustanchors
+TRUST_IMAGE_TAG=igi-test-ca
+WEBDAV_IMAGE=italiangrid/storm-webdav-centos7
+WEBDAV_IMAGE_TAG=latest
+TS_IMAGE=indigoiam/robot-framework
+TS_IMAGE_TAG=latest
+NGINX_IMAGE=baltig.infn.it:4567/cnafsd/ngx_http_voms_module/nginx-httpg-voms
+NGINX_IMAGE_TAG=latest

compose/README.md

@@ -0,0 +1,25 @@
+# Docker compose for StoRM WebDAV
+
+Run the services with
+
+```
+$ docker-compose up -d
+```
+
+The docker-compose contains several services:
+
+* `trust`: docker image for the GRID CA certificates, mounted in the `/etc/grid-security/certificates` path of the other services. The _igi-test-ca_ used in this deployment is also present in that path
+* `storage-setup`: sidecar container, used to allocate proper volumes (i.e. storage areas) owned by _storm_
+* `webdav`: is the main service, also known as StoRM WebDAV. The StoRM WebDAV base URL is https://storm.test.example:8443. It serves the following storage areas:
+  * `test.vo` for users presenting a proxy issued by a _test.vo_ VO
+  * `noauth`: which allows read/write mode also to anonymous users
+  * `fga`: for a fined grained authorization storage area. Its access policies are set in the [application](./assets/etc/storm/webdav/config/application-policies.yml) file
+  * `oauth-authz`: for users presenting a token issued by the [IAM DEV](https://iam-dev.cloud.cnaf.infn.it)
+* `ts`: used for running the StoRM WebDAV testsuite. It shares the storage with the `webdav` service, to run local tests
+* `nginx`: is the NGINX service supporting VOMS authentication, used as remote StoRM server for WebDAV calls. It does not forward requests to StoRM WebDAV, but just serves local resources in a separate storage. URL of this service is https://storm-alias.test.example. In the testsuite, the local resources are served by an `oauth-authz` endpoint, that does not require authentication.
+
+To resolve the hostname of the service, add a line in your `/etc/hosts` file with
+
+```
+127.0.0.1	storm.test.example    storm-alias.test.example
+```