Fixed
Status Update
Comments
lu...@gmail.com <lu...@gmail.com> #2
lu...@gmail.com <lu...@gmail.com> #3
Project: plugins/replication
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug: Issue 320715545
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
https://gerrit-review.googlesource.com/429897
Branch: master
commit d1ad7d504171c8f68d2cf956bb3422fa84a8194f
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Thu Jun 13 17:56:43 2024
Use SecureStore to access replication credentials
Gerrit introduced the SecureStore in Ibbb15ad2aa over 10 years
ago, however, the replication plugin was never adapted and then
unable to access the remote endpoint credentials when Gerrit
has a custom secure provider installed that would provide
data encryption at rest.
Replace the direct reading of the secure.config with the abstract
implementation of the Gerrit SecureStore, so that it can still
be working as expected with encrypted credentials.
Existing installations may have used a mix of encrypted and clear text
credentials in secure.config, leveraging the replication plugin bug
that was not accessing it using the correct API. Introduce a legacy
feature flag 'gerrit.useLegacyCredentials' that allow the Gerrit
admin to still use the legacy mode.
Whenever the replication plugin detects the legacy mode, it displays
a warning explaining what is happening and how to adjust the
configuration and enable full encryption in secure.config.
Release-Notes: Use SecureStore for reading username/password credentials
Bug:
Change-Id: Ie5b6339d65d144536416cf070d52f11342b39fe6
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadConfigDecorator.java
M src/main/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecorator.java
A src/main/java/com/googlesource/gerrit/plugins/replication/LegacyCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/ReplicationConfigImpl.java
M src/main/java/com/googlesource/gerrit/plugins/replication/SecureCredentialsFactory.java
M src/main/java/com/googlesource/gerrit/plugins/replication/api/ReplicationConfig.java
M src/main/resources/Documentation/config.md
M src/test/java/com/googlesource/gerrit/plugins/replication/AbstractConfigTest.java
A src/test/java/com/googlesource/gerrit/plugins/replication/AutoReloadSecureCredentialsFactoryDecoratorTest.java
hj...@cornell.edu <hj...@cornell.edu> #4
Thanks for the quick fix! Can confirm that the replication looks fixed!
ap...@google.com <ap...@google.com> #5
Project: plugins/replication
Branch: master
commit 3982574d28f254b525b093c2ecae8caa47825910
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Tue Jul 09 19:46:42 2024
Fix FanoutConfigurationResource update API
When updating the FanoutConfigurationResource, the remote subsection
needs to be removed as the subsection name is part of the config
filename.
Bug: Issue 351843807
Change-Id: Ib434a434a82de7e237387c7d7df8eb0e78cfa5a6
M src/main/java/com/googlesource/gerrit/plugins/replication/FanoutConfigResource.java
M src/test/java/com/googlesource/gerrit/plugins/replication/FanoutConfigResourceTest.java
https://gerrit-review.googlesource.com/432879
Branch: master
commit 3982574d28f254b525b093c2ecae8caa47825910
Author: Luca Milanesio <luca.milanesio@gmail.com>
Date: Tue Jul 09 19:46:42 2024
Fix FanoutConfigurationResource update API
When updating the FanoutConfigurationResource, the remote subsection
needs to be removed as the subsection name is part of the config
filename.
Bug:
Change-Id: Ib434a434a82de7e237387c7d7df8eb0e78cfa5a6
M src/main/java/com/googlesource/gerrit/plugins/replication/FanoutConfigResource.java
M src/test/java/com/googlesource/gerrit/plugins/replication/FanoutConfigResourceTest.java
Description
** If you are interested in activating a new Support contract, use the
** This is for bugs in Gerrit sites hosted at *.
GerritHub/GitHub username:
arklian
GerritHub/GitHub projects names:
arklian/patina
arklian/patina2
arklian/TestRepo
Full URL exhibiting the problem:
Expected behavior:
Github should sync changes from Gerrit.
Observed behavior:
Both refs/meta/config and main are no longer syncing in all 3 repos.
Timestamp when the error occurred (include timezone):
Approx. 3AM EST
Has this worked before? If yes, when?
Before I cloned arklian/patina, the syncs seemed to be working fine for both TestRepo and arklian/patina2
Thanks!