{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":364366331,"defaultBranch":"master","name":"kork","ownerLogin":"dbyron-sf","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2021-05-04T19:36:24.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/82477955?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1715363461.0","currentOid":""},"activityList":{"items":[{"before":"3818eb00748d8f0364a8f75097dc14a35a852e25","after":null,"ref":"refs/heads/testcontainers-1.19.8","pushedAt":"2024-05-10T17:51:01.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"9e68dc34021d2e5fc5734adf7fd4dfdd3cfda782","after":"3818eb00748d8f0364a8f75097dc14a35a852e25","ref":"refs/heads/testcontainers-1.19.8","pushedAt":"2024-05-10T17:41:35.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"chore(dependencies): use version 1.19.8 of testcontainers\n\nto stay up to date","shortMessageHtmlLink":"chore(dependencies): use version 1.19.8 of testcontainers"}},{"before":null,"after":"9e68dc34021d2e5fc5734adf7fd4dfdd3cfda782","ref":"refs/heads/testcontainers-1.19.8","pushedAt":"2024-05-09T02:13:25.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"chore(dependencies) use version 1.19.8 of testcontainers\n\nto stay up to date","shortMessageHtmlLink":"chore(dependencies) use version 1.19.8 of testcontainers"}},{"before":"1a3d82632ce34ef54984c0904ec3655c8b38e865","after":null,"ref":"refs/heads/use-UserPermissionEvaluator-in-S3ArtifactStoreGetter","pushedAt":"2024-04-28T02:48:14.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":null,"after":"1a3d82632ce34ef54984c0904ec3655c8b38e865","ref":"refs/heads/use-UserPermissionEvaluator-in-S3ArtifactStoreGetter","pushedAt":"2024-04-27T01:49:32.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"fix(artifacts): authenticate against AuthenticatedRequest.getSpinnakerUser in S3ArtifactStoreGetter\n\ninstead of SecurityContextHolder.getContext() which might be null.  Previously\nhasAuthorization would only user userId for logging.  Now it's used for authentication\ntoo.  This fixes the bug that https://github.com/spinnaker/kork/pull/1178 demonstrates.","shortMessageHtmlLink":"fix(artifacts): authenticate against AuthenticatedRequest.getSpinnake…"}},{"before":"82593c873883cb82ead1b62765b0dfd12de80100","after":null,"ref":"refs/heads/add-UserPermissionEvaluator","pushedAt":"2024-04-27T00:16:57.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"791c9e8b7706565d5e6c1da03afc043fd3ea3fbd","after":"82593c873883cb82ead1b62765b0dfd12de80100","ref":"refs/heads/add-UserPermissionEvaluator","pushedAt":"2024-04-27T00:06:56.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"mergify[bot]","name":null,"path":"/apps/mergify","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/10562?s=80&v=4"},"commit":{"message":"Merge branch 'master' into add-UserPermissionEvaluator","shortMessageHtmlLink":"Merge branch 'master' into add-UserPermissionEvaluator"}},{"before":"1c74ba7dff5a67d03e9adc0a950befa508aec688","after":null,"ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-27T00:05:46.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"684c599ed56df66df131974f5cd87733d1851404","after":"791c9e8b7706565d5e6c1da03afc043fd3ea3fbd","ref":"refs/heads/add-UserPermissionEvaluator","pushedAt":"2024-04-26T23:54:36.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"feat(security): add UserPermissionEvaluator\n\nso S3ArtifactStoreGetter can call a username-based hasPermission method.\nFiatPermissionEvaluator has this method, but using FiatPermissionEvaluator in kork would\ncreate a circular dependency.\n\nThe plan is:\n\n- publish a kork jar with UserPermissionEvaluator,\n- consume it in fiat and change FiatPermissionEvaluator to implement UserPermissionEvaluator instead of PermissionEvaluator\n- publish a fiat jar and consume it everywhere\n- change S3ArtifactStoreGetter to use UserPermissionEvaluator to fix the bug that https://github.com/spinnaker/kork/pull/1178 demonstrates\n- publish yet another kork jar and consume it everywhere to fix use of fetchReference in Evaluate Variables stages","shortMessageHtmlLink":"feat(security): add UserPermissionEvaluator"}},{"before":null,"after":"684c599ed56df66df131974f5cd87733d1851404","ref":"refs/heads/add-UserPermissionEvaluator","pushedAt":"2024-04-26T23:53:29.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"feat(security): add UserPermissionEvaluator\n\nso S3ArtifactStoreGetter can call a username-based hasPermission method.\nFiatPermissionEvaluator has this method, but using FiatPermissionEvaluator in kork would\ncreate a circular dependency.\n\nThe plan is:\n\n- publish a kork jar with UserPermissionEvaluator,\n- consume it in fiat and change FiatPermissionEvaluator to implement UserPermissionEvaluator instead of PermissionEvaluator\n- publish a fiat jar and consume it everywhere\n- change S3ArtifactStoreGetter to use UserPermissionEvaluator to fix the bug that https://github.com/spinnaker/kork/pull/1178 generates\n- publish yet another kork jar and consume it everywhere to fix use of fetchReference in Evaluate Variables stages","shortMessageHtmlLink":"feat(security): add UserPermissionEvaluator"}},{"before":"30dfe7c4353e20bdc2898af3e0ce34c26f0b09be","after":"1c74ba7dff5a67d03e9adc0a950befa508aec688","ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-26T23:20:16.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not use AuthenticatedRequest.getSpinnakerUser\n\nwhen authenticating with the permission evaluator.  It uses\nSecurityContextHolder.getContext() which may be null depending how the context is\npropagated across threads. This is the case in some scenarios during pipeline execution in\norca (e.g. using #fetchReference in an Evaluate Variables stage).","shortMessageHtmlLink":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not …"}},{"before":"9069f582fb31a9f8a5d99f7743d6985c221d354c","after":"30dfe7c4353e20bdc2898af3e0ce34c26f0b09be","ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-26T23:19:23.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not use AuthenticatedRequest.getSpinnakerUser\n\nwhen authenticating with the permission evaluator.  It uses\nSecurityContextHolder.getContext() which may be null depending how the context is\npropagated across threads, which is the case in some scenarios during pipeline execution\nin orca (e.g. using #fetchReference in an Evaluate Variables stage).","shortMessageHtmlLink":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not …"}},{"before":"423f6121244ff14925e7eaba59ce9f7614bf31bf","after":"9069f582fb31a9f8a5d99f7743d6985c221d354c","ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-26T23:17:03.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not use AuthenticatedRequest.getSpinnakerUser\n\nwhen authenticating with the permission evaluator.","shortMessageHtmlLink":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not …"}},{"before":"e286a88e8e9ea4b867bcdd08cf4adedf5da0b6a5","after":"423f6121244ff14925e7eaba59ce9f7614bf31bf","ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-26T23:15:24.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not use AuthenticatedRequest.getSpinnakerUser\n\nwhen authenticating with the permission evalulator.","shortMessageHtmlLink":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not …"}},{"before":null,"after":"e286a88e8e9ea4b867bcdd08cf4adedf5da0b6a5","ref":"refs/heads/demonstrate-artifact-store-getter-auth-bug","pushedAt":"2024-04-26T23:14:46.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not use AuthenticatedRequest.getSpinnakerUser\n\nwhen authenticating with the permission evalulator.\n\n@W-15161054","shortMessageHtmlLink":"test(artifacts): demonstrate that S3ArtifactStoreGetter.get does not …"}},{"before":"40f717d3cc74635e5e72aa1bad00f15f5f29bc56","after":null,"ref":"refs/heads/jsonpath-2.9.0","pushedAt":"2024-03-11T15:07:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"681e24363f68121945983a14ee5e3966c1be9a44","after":"40f717d3cc74635e5e72aa1bad00f15f5f29bc56","ref":"refs/heads/jsonpath-2.9.0","pushedAt":"2024-03-11T03:28:43.000Z","pushType":"push","commitsCount":3,"pusher":{"login":"mergify[bot]","name":null,"path":"/apps/mergify","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/10562?s=80&v=4"},"commit":{"message":"Merge branch 'master' into jsonpath-2.9.0","shortMessageHtmlLink":"Merge branch 'master' into jsonpath-2.9.0"}},{"before":"e39831c73c1be7c6c7b6b08a29b040aedcd3ce65","after":null,"ref":"refs/heads/logback-1.2.13","pushedAt":"2024-03-11T03:27:52.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"bfc0d0a09e3aedea5f26fd25166594052c6baa64","after":"e39831c73c1be7c6c7b6b08a29b040aedcd3ce65","ref":"refs/heads/logback-1.2.13","pushedAt":"2024-03-11T03:19:17.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"mergify[bot]","name":null,"path":"/apps/mergify","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/10562?s=80&v=4"},"commit":{"message":"Merge branch 'master' into logback-1.2.13","shortMessageHtmlLink":"Merge branch 'master' into logback-1.2.13"}},{"before":"47c9f7de70b16305c4580991062205a77dcfcf91","after":null,"ref":"refs/heads/bitbucket-jose4j-0.9.4","pushedAt":"2024-03-11T03:18:17.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":null,"after":"681e24363f68121945983a14ee5e3966c1be9a44","ref":"refs/heads/jsonpath-2.9.0","pushedAt":"2024-03-11T02:33:24.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"chore(dependencies): use version 2.9.0 of com.jayway.jsonpath:json-path\n\nto resolve CVE-2023-51074.\n\nbefore:\n\n     +--- com.jayway.jsonpath:json-path:2.5.0\n     |    +--- net.minidev:json-smart:2.3 -> 2.4.10\n     |    |    \\--- net.minidev:accessors-smart:2.4.9\n     |    |         \\--- org.ow2.asm:asm:9.3\n     |    \\--- org.slf4j:slf4j-api:1.7.30 -> 1.7.36\n\nafter:\n\n     +--- com.jayway.jsonpath:json-path:2.5.0 -> 2.9.0\n     |    +--- net.minidev:json-smart:2.5.0\n     |    |    \\--- net.minidev:accessors-smart:2.5.0\n     |    |         \\--- org.ow2.asm:asm:9.3\n     |    \\--- org.slf4j:slf4j-api:2.0.11 -> 1.7.36","shortMessageHtmlLink":"chore(dependencies): use version 2.9.0 of com.jayway.jsonpath:json-path"}},{"before":null,"after":"bfc0d0a09e3aedea5f26fd25166594052c6baa64","ref":"refs/heads/logback-1.2.13","pushedAt":"2024-03-10T18:56:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"chore(dependencies): use version 1.2.13 of logback\n\nto resolve CVE-2023-6378 and CVE-2023-6481.  See See\nhttps://logback.qos.ch/news.html#1.3.12 and https://logback.qos.ch/news.html#1.2.13.\n\nbefore:\n\n|    |    |    +--- ch.qos.logback:logback-classic:1.2.12\n|    |    |    |    +--- ch.qos.logback:logback-core:1.2.12\n|    |    |    |    \\--- org.slf4j:slf4j-api:1.7.32 -> 1.7.36\n\nafter:\n\n|    |    |    +--- ch.qos.logback:logback-classic:1.2.12 -> 1.2.13\n|    |    |    |    +--- ch.qos.logback:logback-core:1.2.13\n|    |    |    |    \\--- org.slf4j:slf4j-api:1.7.32 -> 1.7.36","shortMessageHtmlLink":"chore(dependencies): use version 1.2.13 of logback"}},{"before":null,"after":"47c9f7de70b16305c4580991062205a77dcfcf91","ref":"refs/heads/bitbucket-jose4j-0.9.4","pushedAt":"2024-03-10T16:56:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"chore(dependencies): use version 0.9.4 of org.bitbucket.b_c:jose4j\n\nto resolve CVE-2023-51775.\n\nNo change to dependencies in kork.  $ ./gradlew clouddriver-kubernetes:dependencies and ./gradlew orca-clouddriver:dependencies change as follows:\n\nbefore:\n\n+--- io.kubernetes:client-java -> 11.0.4\n|    \\--- org.bitbucket.b_c:jose4j:0.7.3 -> 0.9.3\n|         \\--- org.slf4j:slf4j-api:1.7.21 -> 1.7.32\n\nafter:\n\n+--- io.kubernetes:client-java -> 11.0.4\n|    \\--- org.bitbucket.b_c:jose4j:0.7.3 -> 0.9.4\n|         \\--- org.slf4j:slf4j-api:1.7.36 -> 1.7.32","shortMessageHtmlLink":"chore(dependencies): use version 0.9.4 of org.bitbucket.b_c:jose4j"}},{"before":"efd51627da540a709fcc5bb47045316a6bf15ff7","after":null,"ref":"refs/heads/applicationsRegex-test-tweaks","pushedAt":"2024-03-04T22:23:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"3330260d4e4c69e26bc075b3dc91fca4d164a9d5","after":null,"ref":"refs/heads/applicationsRegex-tweaks","pushedAt":"2024-03-04T22:14:13.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":null,"after":"efd51627da540a709fcc5bb47045316a6bf15ff7","ref":"refs/heads/applicationsRegex-test-tweaks","pushedAt":"2024-03-04T22:14:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"test(artifacts): extend testing of applicationsRegex\n\nto verify exact matches and use of regexes in both the \"allow list\" and \"deny list\" cases.","shortMessageHtmlLink":"test(artifacts): extend testing of applicationsRegex"}},{"before":null,"after":"3330260d4e4c69e26bc075b3dc91fca4d164a9d5","ref":"refs/heads/applicationsRegex-tweaks","pushedAt":"2024-03-03T05:03:36.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"},"commit":{"message":"perf(artifacts): compile appliationsRegex once instead of on each use","shortMessageHtmlLink":"perf(artifacts): compile appliationsRegex once instead of on each use"}},{"before":"b5932711c75afa9debac44aecc0d4db210c55731","after":null,"ref":"refs/heads/guava-33.0.0","pushedAt":"2024-02-27T04:58:27.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"9aeead58da8d74808073e0f8ed7bc02befe3ae89","after":null,"ref":"refs/heads/bitbucket-jose4j-0.9.3","pushedAt":"2024-02-27T04:58:22.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"dbyron-sf","name":"David Byron","path":"/dbyron-sf","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/82477955?s=80&v=4"}},{"before":"5d47cf907d01aebfc42840c7dcf2e34727813509","after":"b5932711c75afa9debac44aecc0d4db210c55731","ref":"refs/heads/guava-33.0.0","pushedAt":"2024-02-27T04:38:51.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"mergify[bot]","name":null,"path":"/apps/mergify","primaryAvatarUrl":"https://avatars.githubusercontent.com/in/10562?s=80&v=4"},"commit":{"message":"Merge branch 'master' into guava-33.0.0","shortMessageHtmlLink":"Merge branch 'master' into guava-33.0.0"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERs-fmQA","startCursor":null,"endCursor":null}},"title":"Activity · dbyron-sf/kork"}