Notes:
1. (!) Eclipselink shall be migrated to 5.0 (in 4.0.8 there are incompatible classes, e.g EJBQueryImpl doesn't implement some newer methods). In the moment is with beta (5.0.0-B12) - JUST for testing!
2. (!) Ethlo plugin doesn't work with Eclipselink 5.0, it builds with Eclipselink 4.0.8 (could be a problem)
3. Dependencies - new starters, test starters changes, some dependencies refactoring
4. Auto-configs split - package changes, some properties classes changes
5. Spring nullable org.springframework.lang.Nullable/NonNull are depecated and replaced with jspcify -> org.jspecify.annotations.Nullable/NonNull (NullMarked)
6. Lombok config - adding lombok.addNullAnnotations=jspecify - to do not mess annotations
7. Distributed lock table changes - SP_LOCK table db migration
8. Spring Retry replaced with Spring Core Retry - does repace retry in hawkbit
9. Specifications -> added Update/Delete(/Predicate) Specifications and JpaSpecificationExecutor changed
10. HawkbitBaseRepositoryFactoryBean modified to register properly
11. Jackson - 2 -> 3, package migrations, finals are not deserialized by default(enable finals deserialization, consider make non-final), too ‘smart’ tries to set complex objects instead of using non args constructor (-> @JsonIgnore), some other default configs made
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
1. (breaking changes) hawkbit.server.ddi.security.rp.cnHeader and sslIssuerHashHeader are renamed to controllerIdHeader and authorityHeader correspondingly.
2. (breaking changes) their default values are changed: X-Ssl-Client-Cn -> X-Controller-Id and X-Ssl-Issuer-Hash-%d -> X-Authority
3. Now the authority header configuration is not a string forma but just a string. The implemenation checks for this header as comma or ; separated list or seeks for header iteration <authority_header>-%d (iteration starts from 0 or 1
4. Doc fixed
5. As there are breaking changes configuration changes may be needed: a) with changing the hawkbit.server.ddi.security.rp you could turn back the previous default headers (note X-Ssl-Issuer-Hash-%d shall now be X-Ssl-Issuer-Hash), or b) you may change the headers sent by the reverse proxy
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Fix some compile warnings
* Some classes made final
* JPA entities made not serializable
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* remove generic 405 - put only where needed
* remove 429 from get/post update where not expected (not quota related in general)
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Refactor hawkbit core and security
* improve access to the base core features - static
* thus easiear access
* and less boilerplate passing of instances
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Refactor context classes
* make JSON context serialization default
* AccessContext
* Split hawkbit-security-core to other modules and remove it
---------
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* ActionFields.DETAILSTATUS removed and replaces with STATUS (so status is with changed semantic - not active but real status)
* MgmtAction.detailStatus removed and replaced with status (so status is with changed semantic - not active but real status)
* MgmtTargetTagRestApi.assignTargetsPut removed - use POST method
* ActionStatusFields.REPORTEDAT deprecation removed - it is a synonym of CREATEDAT but is part of timestamp/reported aspect while createdat is part of creted at/by
* MgmtDistributionSetRequestBodyPost.os/runtime/application is removed
and
* ActionStatusFields.TIMESTAMPT added
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
Remove Java security context serialization - it is replaced by JSON security context serialization (optimized as size). Backward incompatible change.
Java security context serialization was not used in default hawkbit runtime out of the box. So, it's assumed none uses it.
Anyway, if anyone has enabled it, he could, in order to keep backward compatibility, get the java security context serialization from the previous hawkbit releases/commits and register it again as a spring bean in his hawkbit extension.
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
keeps backward compatibility by being able to fallback to JAVA_SERIALIZATION
+ fix DMF messages with status code
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Move EventPublisher to hawkbit-repository-core making hawkbit-repository-api non dependent to rabbit binders
* Move EventPublisherHolder to org.eclipse.hawkbit.repository.event
* Fix overriding default values of RemoteEvents and rabbit binder
---------
Co-authored-by: vasilchev <vasil.ilchev@bosch.com>
1. Introduce @PrreAuthorize check based on hasPermission - allowing custom processing (compared with non-modifiable hasAuthority/Role processing)
2. Dedicated permissions could be implemented on management api level. Check is made by plugged in PermissionEvaluator
3. Thus common XXX_REPOSITORY permissions could differ for extending services
4. Change create/update entity builder pattern - not via EntityFactory but via clean static lombok based builders (with fine fluent api).
5. Implement abstract repository management jpa class that handles the boilerplate code from extending classes in single place consistently -> AbsreactJpaRepositoryManagement
6. Register management api-s as **Sevice**-s instead of **Bean**-s in order to make easier maintainable and get away from heavy argument forwading
7. Simplify custom hawkbit repository registration + adding proxy to handle exception mapping at lower level - thus not depending on Aspects for converting exceptions
8. Implemented general purpose 'copy' utility (ObjectCopyUtil) that using getter/setter patterns is able to copy (e.g. Create/Update) objects to other objects (e.g. JPA entity objects)
* Add support for pollingTime overrides
* the current format HH:mm:ss is still supported
* add option for deviation percent (HH:mm:ss~\d{1,2}%) which allows the system to do some randomizing of the poll interval
* add support for overriding default polling time interval for devices matching some RSQL filters (in order), e.g. 01:00:00~10%, group == 'eu' -> 00:02:00~15%, status != in_sync -> 00:05:00
* IMPORTANT: overdue time is calculated according to the default polling time. So, the overdue status might be incorrect for targets with overridden poll interval
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Remove min polling time from the tenant config - it is a system configuration
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
* Add support for bigger poll intervals and overdue + duration format config support
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
---------
Signed-off-by: Avgustin Marinov <Avgustin.Marinov@bosch.com>
