[
https://issues.apache.org/jira/browse/STRATOS-1623?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Akila updated STRATOS-1623:
---------------------------
Description:
Currently Stratos components do not properly import/export packages to/from
OSGi bundles. This might lead to unexpected behaviors in an OSGi runtime. Also
dependency versions in pom files are currently hard-coded which is less
maintainable.
Following is a summary of changes done;
- Removed hard-coded maven dependency versions and moved everything to parent
pom
- Parameterized dependency versions with maven properties
- Added OSGi import ranges for external dependencies which are set from parent
pom as a maven property
- Added OSGi import version for Stratos internal dependencies as
project.version. This will ensure only intended component will always
- Upgraded commons-collections dependency to version 3.2.2 to mitigate the
security vulnerability as reported in [1]
While working on this I found several issues in the code base. I've summarized
the issues and fixes done below.
- Incorrect import of Arrays class in [2]
Changed the import to java.util.Arrays
- CloudController imports a private package of StratosCommon component [3]
Changed the import to CC's service holder class
- Incorrect dependency to org.wso2.carbon.identity.oauth.stub component at
[4,5] resulting unrunnable code at [6, 7]
This is because actual identity.oauth.stub bundle version packed into the
distribution is 4.2.3 and the dependency version defined in the Stratos
component is 4.2.0. Changed the dependency version to 4.2.3 and updated code to
be compatible with newer version.
- Metadata service webapp imports a private package of StratosCommon component
[8]
- Stratos rest endpoint webapp imports a private package of StratosManager
component [9]
Removed the private package import and used
PrivilegedCarbonContext->getOSGiService method in the Carbon kernel to retrieve
the ComponentStartUpSynchronizer OSGi service.
- Unnecessary Activator class in Autoscaler component [10].
Removed the class and reference in maven-bundle-plugin Bundle-Activator
directive.
- Embedded dependencies are not added as maven dependencies in the pom for
fabric8/kubernetes-api [11]
Added all relevant maven dependencies to the parent pom (with versions) and
sub-module (without versions).
[1] https://issues.apache.org/jira/browse/COLLECTIONS-580
[2]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/algorithms/networkpartition/AllAtOnceAlgorithm.java#L21
[3]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/registry/RegistryManager.java#L26
[4]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/pom.xml#L99
[5]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/pom.xml#L101
[6]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/oauth2/ValidationServiceClient.java#L54
[7]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java#L53
[8]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/registry/MetadataApiRegistry.java#L253
[9]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java#L28
[10]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/internal/ASBundleActivater.java
[11]
https://github.com/apache/stratos/blob/4.1.4/dependencies/fabric8/kubernetes-api/pom.xml#L153
was:
Currently Stratos components do not properly import/export packages to/from
OSGi bundles. This might lead to unexpected behaviors in an OSGi runtime. Also
dependency versions in pom files are currently hard-coded which is less
maintainable. I've done a refactoring of all pom files to fix the above issues.
Following is a summary of changes done;
- Removed hard-coded maven dependency versions and moved everything to parent
pom
- Parameterized dependency versions with maven properties
- Added OSGi import ranges for external dependencies which are set from parent
pom as a maven property
- Added OSGi import version for Stratos internal dependencies as
project.version. This will ensure only intended component will always
- Upgraded commons-collections dependency to version 3.2.2 to mitigate the
security vulnerability as reported in [1]
While working on this I found several issues in the code base;
- Incorrect import of Arrays class in [2].
- CloudController imports a private package of StratosCommon component [3]
- Incorrect dependency to org.wso2.carbon.identity.oauth.stub component at
[4,5] resulting unrunnable code at [6, 7]
This is because actual identity.oauth.stub bundle version packed into the
distribution is 4.2.3 and the dependency version defined in the Stratos
component is 4.2.0.
- Metadata service webapp imports a private package of StratosCommon component
[8]
- Stratos rest endpoint webapp imports a private package of StratosManager
component [9]
To fix this I've added a new boolean; "isActive" to indicate whether
StratosManager component is activated. This field has a public getter method
but no setters. The variable is updated via a ComponentSynchronizer listener.
- Unnecessary Activator class in Autoscaler component [10].
Removed the class and reference in maven-bundle-plugin Bundle-Activator
directive.
[1] https://issues.apache.org/jira/browse/COLLECTIONS-580
[2]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/algorithms/networkpartition/AllAtOnceAlgorithm.java#L21
[3]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/registry/RegistryManager.java#L26
[4]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/pom.xml#L99
[5]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/pom.xml#L101
[6]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/oauth2/ValidationServiceClient.java#L54
[7]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java#L53
[8]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/registry/MetadataApiRegistry.java#L253
[9]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java#L28
[10]
https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/internal/ASBundleActivater.java
> Refactoring pom files and fixing OSGi imports/exports
> -----------------------------------------------------
>
> Key: STRATOS-1623
> URL: https://issues.apache.org/jira/browse/STRATOS-1623
> Project: Stratos
> Issue Type: Improvement
> Components: Autoscaler, CEP, Cloud Controller, Messaging, Metadata
> API, Mock IaaS, Stratos Manager
> Affects Versions: 4.0.0, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4
> Reporter: Akila
> Assignee: Akila
> Fix For: 4.1.5
>
>
> Currently Stratos components do not properly import/export packages to/from
> OSGi bundles. This might lead to unexpected behaviors in an OSGi runtime.
> Also dependency versions in pom files are currently hard-coded which is less
> maintainable.
> Following is a summary of changes done;
> - Removed hard-coded maven dependency versions and moved everything to
> parent pom
> - Parameterized dependency versions with maven properties
> - Added OSGi import ranges for external dependencies which are set from
> parent pom as a maven property
> - Added OSGi import version for Stratos internal dependencies as
> project.version. This will ensure only intended component will always
> - Upgraded commons-collections dependency to version 3.2.2 to mitigate the
> security vulnerability as reported in [1]
> While working on this I found several issues in the code base. I've
> summarized the issues and fixes done below.
> - Incorrect import of Arrays class in [2]
> Changed the import to java.util.Arrays
> - CloudController imports a private package of StratosCommon component [3]
> Changed the import to CC's service holder class
> - Incorrect dependency to org.wso2.carbon.identity.oauth.stub component at
> [4,5] resulting unrunnable code at [6, 7]
> This is because actual identity.oauth.stub bundle version packed into the
> distribution is 4.2.3 and the dependency version defined in the Stratos
> component is 4.2.0. Changed the dependency version to 4.2.3 and updated code
> to be compatible with newer version.
> - Metadata service webapp imports a private package of StratosCommon
> component [8]
> - Stratos rest endpoint webapp imports a private package of StratosManager
> component [9]
> Removed the private package import and used
> PrivilegedCarbonContext->getOSGiService method in the Carbon kernel to
> retrieve the ComponentStartUpSynchronizer OSGi service.
> - Unnecessary Activator class in Autoscaler component [10].
> Removed the class and reference in maven-bundle-plugin Bundle-Activator
> directive.
> - Embedded dependencies are not added as maven dependencies in the pom for
> fabric8/kubernetes-api [11]
> Added all relevant maven dependencies to the parent pom (with versions) and
> sub-module (without versions).
> [1] https://issues.apache.org/jira/browse/COLLECTIONS-580
> [2]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/algorithms/networkpartition/AllAtOnceAlgorithm.java#L21
> [3]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.cloud.controller/src/main/java/org/apache/stratos/cloud/controller/registry/RegistryManager.java#L26
> [4]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/pom.xml#L99
> [5]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/pom.xml#L101
> [6]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/oauth2/ValidationServiceClient.java#L54
> [7]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/oauth2/ValidationServiceClient.java#L53
> [8]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.metadata.service/src/main/java/org/apache/stratos/metadata/service/registry/MetadataApiRegistry.java#L253
> [9]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.rest.endpoint/src/main/java/org/apache/stratos/rest/endpoint/handlers/ComponentSynchronizerHandler.java#L28
> [10]
> https://github.com/apache/stratos/blob/4.1.4/components/org.apache.stratos.autoscaler/src/main/java/org/apache/stratos/autoscaler/internal/ASBundleActivater.java
> [11]
> https://github.com/apache/stratos/blob/4.1.4/dependencies/fabric8/kubernetes-api/pom.xml#L153
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
