starchart-labs / lockdown Goto Github PK

DO what is necessary for a banner to appear notifying users of old group ID to new one

Once APIs are deprecated, add overall major-version-by-major-version guide (linked from front README) to assist users in migrating

The CII URLs must be updated for the move - may require re-doing the process, as it appears that the repo URL is unchangable

I used ssh-keygen -t rsa to create a key pair called lockdown_rsa.
I defined a gradle task as such:

task addPgCredentials(type: com.coronaide.lockdown.gradle.task.AddCredentialsTask){
    publicKey "${rootDir}/lockdown_rsa.pub"
    credentialFile "${projectDir}/src/main/resources/credentials-dev.properties"
}

lockdown_rsa.pub is present in ${rootDir}. When running my task: ./gradlew :repository.pg:addPgCredentials -PlookupKey=key --stacktrace I see the following stack trace:

* What went wrong:
Execution failed for task ':repository.pg:addPgCredentials'.
> java.lang.NullPointerException (no error message)

...cutting out the boring part of the stack trace....
Caused by: java.lang.NullPointerException
        at com.coronaide.lockdown.CredentialStore.readAndDecodeKey(CredentialStore.java:341)
        at com.coronaide.lockdown.CredentialStore.addOrUpdateCredentials(CredentialStore.java:87)
        at com.coronaide.lockdown.CredentialStore$addOrUpdateCredentials$0.call(Unknown Source)
        at com.coronaide.lockdown.gradle.task.AddCredentialsTask.exec(AddCredentialsTask.groovy:52)
        at org.gradle.internal.reflect.JavaMethod.invoke(JavaMethod.java:75)
        at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.doExecute(DefaultTaskClassInfoStore.java:133)
        at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:126)
        at org.gradle.api.internal.project.taskfactory.DefaultTaskClassInfoStore$StandardTaskAction.execute(DefaultTaskClassInfoStore.java:115)
        at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:623)
        at org.gradle.api.internal.AbstractTask$TaskActionWrapper.execute(AbstractTask.java:606)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeAction(ExecuteActionsTaskExecuter.java:80)
        at org.gradle.api.internal.tasks.execution.ExecuteActionsTaskExecuter.executeActions(ExecuteActionsTaskExecuter.java:61)
        ... 68 more

By dint of owning coronaide.com, we can use things like com.coronaide.lockdown as the group name. Do so to keep things organized on the nexus side

The group ID and packages are currently com.coronaide - this should be migrated to org.starchartlabs. The group ID change will require update in Nexus - the packages will need to be deprecated for a major release before removal

Allow setting the login dialog title, so clients may use the login to collect other credentials at runtime if desired

The generated POM is currently missing the following values required by Maven:

• Project URL
• License information
• SCM URL
• Developer information

These need to be added to the output of the maven-publish operation

TestNG introduces a vulnerable dependency on BeanShell - upgrade to TestNG 6.11 to remove it

My ownership of a 4K monitor bites me again. The prompt from the gradle plugin does not respect Windows' display scaling property, and so is rendered at half the size as everything else on my monitor

Currently, the only way to check if a key is available is to try to use it, getting an exception if it isn't present. If would be nice to be able to check before attempting use to allow better client use patterns

The headers for license files are currently EPL - either change the target license, or update the headers

When entering passwords with the addkey function of lockdown-cli, the password is visible in the shell. Lots of command line tools I've used do not show characters as you're typing them for sensitive fields such as passwords, we should do the same thing

Once released on nexus, add badge for maven nexus location

To better allow those using Java 9 to utilize lockdown, provide an automatic module name manifest entry in the generated Jar files

Currently, the main use documentation is the README in the repository root - add README files for each project (linked from the abbreviated version) going into more detail for each specific project

Once v1.0.0 is released under the new group ID, update the URLs in the maven badges