diff --git a/Dockerfile b/Dockerfile index 744444c08277d489ca8ca301a61fe9906556a3b0..7df1494a97f926722c8896e0a9b6eafd2dce9c47 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,8 @@ FROM ${BASE_REGISTRY}/${BASE_IMAGE}:${BASE_TAG} ENV LANG="C.UTF-8" # IB custom ENV vars -ENV RPM_VERSION=6.1.1-1 -ENV IMG_TAR_VERSION=6.1.1.0 +ENV RPM_VERSION=6.1.2-1 +ENV IMG_TAR_VERSION=6.1.2.1 USER root @@ -60,7 +60,7 @@ ARG KAFKA_ADVERTISED_LISTENERS ENV KAFKA_ADVERTISED_LISTENERS=${KAFKA_ADVERTISED_LISTENERS} ENV COMPONENT=connect -ENV CONFLUENT_VERSION=6.1.1 +ENV CONFLUENT_VERSION=6.1.2 ENV CUB_CLASSPATH='"/usr/share/java/cp-base-new/*"' # primary @@ -104,15 +104,11 @@ COPY cp-server-connect-operator-*_EtcConfluent.tar.gz /etc/ ## For auditing & debugging COPY Dockerfile /etc/confluent/ironbank/ COPY hardening_manifest.yaml /etc/confluent/ironbank/ -COPY maven-artifact-3.8.1.jar /tmp/ -COPY acl-6.1.1_custom.jar /tmp/ RUN echo "===> Installing operator stuff" \ && cd /usr/share && tar -xvf *_UsrShareJava.tar.gz && rm *_UsrShareJava.tar.gz \ && cd /opt && tar -xvf *_OptCaas.tar.gz && rm *_OptCaas.tar.gz \ && cd /etc && tar -xvf *_EtcConfluent.tar.gz && rm *_EtcConfluent.tar.gz \ - && find /usr/share/java -type f \( -name "maven-artifact-3.3.3.jar" -o -name "maven-artifact-3.6.3.jar" \) -execdir cp /tmp/maven-artifact-3.8.1.jar . \; -exec rm {} \; \ - && find /usr/share/java -type f -name "acl-6.1.1.jar" -execdir cp /tmp/acl-6.1.1_custom.jar acl-6.1.1.jar \; \ && chown -R appuser:appuser /etc/confluent \ && mkdir -p "${CONNECT_LOG4J_DIR}" "${CONNECT_SECRETS_DIR}" "${CONNECT_CONFIG_DIR}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}" "${COMPONENT_SCRIPT_DIR}/${COMPONENT}/jars" \ && chmod -R ag+w "${CONNECT_LOG4J_DIR}" "${CONNECT_SECRETS_DIR}" "${CONNECT_CONFIG_DIR}" "/opt" \ diff --git a/hardening_manifest.yaml b/hardening_manifest.yaml index 9b389df7be0308a5b7ee7a40ce9d141850da79de..417522853dbc9e23f5ff3f042b11a6592aa0b6a9 100644 --- a/hardening_manifest.yaml +++ b/hardening_manifest.yaml @@ -8,7 +8,8 @@ name: "confluentinc/cp-server-connect-operator" # The most specific version should be the first tag and will be shown # on ironbank.dso.mil tags: -- "6.1.1.0" +- "6.1.2.1" +- "6.1.2" - "6.1.1" - "6.1.x" - "6.1" @@ -23,9 +24,9 @@ labels: org.opencontainers.image.title: "cp-server-connect-operator" org.opencontainers.image.description: "Confluent Operator image for cp-server-connect." org.opencontainers.image.licenses: "CONFLUENT ENTERPRISE LICENSE" - org.opencontainers.image.url: "https://docs.confluent.io/6.1.1/installation/operator/index.html" + org.opencontainers.image.url: "https://docs.confluent.io/6.1.2/installation/operator/index.html" org.opencontainers.image.vendor: "Confluent" - org.opencontainers.image.version: "6.1.1" + org.opencontainers.image.version: "6.1.2.1" mil.dso.ironbank.image.keywords: "confluent,kafka,zookeeper,operator" mil.dso.ironbank.image.type: "commercial" mil.dso.ironbank.product.name: "Confluent Platform" @@ -222,111 +223,101 @@ resources: validation: type: sha256 value: 6753aba4eab80062784a903af0314877d36fa4f998333adffecb0fcba81113cd -- filename: confluent-common-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.1-1.noarch.rpm +- filename: confluent-common-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-common-6.1.2-1.noarch.rpm validation: type: sha256 - value: 3ad1efeceed8b2febedc2534191e92980766ebc88d6a44e665b8febd7978a105 -- filename: confluent-control-center-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-control-center-6.1.1-1.noarch.rpm + value: 26c1f0295805e05ec8ff5883c11d4755231f5fddb0b5b9ff49108d0354779244 +- filename: confluent-control-center-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-control-center-6.1.2-1.noarch.rpm validation: type: sha256 - value: a5aeb1dab7320b4b7e8bc39722ea30d93a3ef6bfb513bc274b3a374701de680e -- filename: confluent-control-center-fe-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-control-center-fe-6.1.1-1.noarch.rpm + value: 510ed4f5ec779b05942c0ed3baeff4e7183f840725f1cbff58d38335b14a1fab +- filename: confluent-control-center-fe-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-control-center-fe-6.1.2-1.noarch.rpm validation: type: sha256 - value: c1189f5b3525b05240074883b8f483ac55ef378b0230ea3731a3733ff9767e10 -- filename: confluent-rebalancer-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-rebalancer-6.1.1-1.noarch.rpm + value: e0d14eaf6e5f4218034aa9e8580fd615c1665eaa13b2f7542e8c78681d5673d0 +- filename: confluent-rebalancer-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-rebalancer-6.1.2-1.noarch.rpm validation: type: sha256 - value: dfcc9e938c2f50c7bb3c1a41835a912df8cb49bba6e41d94d5d6ff4317ab3237 -- filename: confluent-rest-utils-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-rest-utils-6.1.1-1.noarch.rpm + value: ae1a92fab61357ed7a29e2cdc345e79ad69ffb79b3c8c118378b01319ca670cb +- filename: confluent-rest-utils-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-rest-utils-6.1.2-1.noarch.rpm validation: type: sha256 - value: 5413105783d24493747351c358137eb60ce4645ffe88fd91629cb3d716a02930 -- filename: confluent-security-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-security-6.1.1-1.noarch.rpm + value: 5f4a62b06e0d61e7350cd0928ea601253dbc1ecf143d81f38468d8e4f456cd49 +- filename: confluent-security-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-security-6.1.2-1.noarch.rpm validation: type: sha256 - value: efb748578c9c14b9ac8eec16da3bc1bdfb47bcd9eb8f741a0be393df8b3a9867 -- filename: confluent-schema-registry-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-schema-registry-6.1.1-1.noarch.rpm + value: 21b93b892a1b6814440357c7d3658e5c4a2385ef60acef8d6c0b35e1f29ab825 +- filename: confluent-schema-registry-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-schema-registry-6.1.2-1.noarch.rpm validation: type: sha256 - value: 6ea825e3d9eecc82b2adb633483770960decdab2a268f45fc18e0a78801a0416 -- filename: confluent-hub-client-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-hub-client-6.1.1-1.noarch.rpm + value: c19a098bf8487a7722d0fc408ceff6a350fc3a990713ed43cae7557ade2449cf +- filename: confluent-hub-client-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-hub-client-6.1.2-1.noarch.rpm validation: type: sha256 - value: 43da2b6c9362043ff12bc436bc325a407ca44e1c90a1794e00e856da4ec17e01 -- filename: confluent-metadata-service-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-metadata-service-6.1.1-1.noarch.rpm + value: 539ecc095fc639383d56a5cb823821a489b896f8f7f1921d6dd59caadf09d5e4 +- filename: confluent-metadata-service-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-metadata-service-6.1.2-1.noarch.rpm validation: type: sha256 - value: 98a182c7a8a8e559447088a344339511559043091c259b3367e41c02709b639f -- filename: confluent-kafka-connect-replicator-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-kafka-connect-replicator-6.1.1-1.noarch.rpm + value: 3e4100be4aa5996b33ad3ab10ef37453d479e08187186c38b36734c97129ac97 +- filename: confluent-kafka-connect-replicator-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-kafka-connect-replicator-6.1.2-1.noarch.rpm validation: type: sha256 - value: fff17926fc2e2e9b631d80c3192f66d7d2767e3a3971c4df7be9fb332ac49a31 -- filename: confluent-server-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-server-6.1.1-1.noarch.rpm + value: 2254c4984fa35115e7738c647359bccd93abfbc3eab85e1028a82216c8254842 +- filename: confluent-server-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-server-6.1.2-1.noarch.rpm validation: type: sha256 - value: 3a187333e1b222d61775be372ba88549592e375bf2cd8a496f4608148d7006d9 -- filename: confluent-server-rest-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-server-rest-6.1.1-1.noarch.rpm + value: be25eff13dc44fece6a8ef414d59f8e1fe59ee26b503730eef54d15c0f9b14a2 +- filename: confluent-ce-kafka-http-server-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-ce-kafka-http-server-6.1.2-1.noarch.rpm validation: type: sha256 - value: 308277179451038d44405ea860b974f500529b4328982576a4f74b56d02c3548 -- filename: confluent-telemetry-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-telemetry-6.1.1-1.noarch.rpm + value: f16faa923f6c870ccc8509bab96b603ef1f6fd6bdc4a75553ae850f1807d709c +- filename: confluent-server-rest-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-server-rest-6.1.2-1.noarch.rpm validation: type: sha256 - value: 339ae6258cb2e1152d91633defdabb5d76ba13cc12a5eedc06f3cd12a3fffd4c -- filename: confluent-kafka-rest-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-kafka-rest-6.1.1-1.noarch.rpm + value: d95b65083ccaa3519669b8837feb2017e3e7221ff2affa9b2e30a212cd6f9e3e +- filename: confluent-telemetry-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-telemetry-6.1.2-1.noarch.rpm validation: type: sha256 - value: e87df3f088b64384cbcc529565d3321557ea297e768a965620744937eda03768 -- filename: confluent-ce-kafka-http-server-6.1.1-1.noarch.rpm - url: https://packages.confluent.io/rpm/6.1/confluent-ce-kafka-http-server-6.1.1-1.noarch.rpm + value: b9bdf6ab71228d7cd1b7aff857bc44c7c8638e66d7ee420ec9a7f1a8df78a704 +- filename: confluent-kafka-rest-6.1.2-1.noarch.rpm + url: https://packages.confluent.io/rpm/6.1/confluent-kafka-rest-6.1.2-1.noarch.rpm validation: type: sha256 - value: 6e275400d2dab2e4789336478a9a484f960a0910568896923a55f77cc32bafab -- filename: cp-server-connect-operator-6.1.1.0_OptCaas.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.1.0_OptCaas.tar.gz + value: 177ab2bde9d5608d8589c91d6ff85b7123a5f5c9a9e22afa4bc4657657d63e96 +- filename: cp-server-connect-operator-6.1.2.1_OptCaas.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.2.1_OptCaas.tar.gz validation: type: sha256 - value: 8a7d52e8a586824a412ac01b14e4238b53c4509b168e21491ee8d01052bf6a4f -- filename: cp-server-connect-operator-6.1.1.0_UsrShareJava.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.1.0_UsrShareJava.tar.gz + value: cbb7a926a99a6f272861376752d7801b54788b2c446a012a279487805d902b2a +- filename: cp-server-connect-operator-6.1.2.1_UsrShareJava.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.2.1_UsrShareJava.tar.gz validation: type: sha256 - value: c8e4c2ca46bb00e796e4e52f0e54386114c5a7ef5a2e196a48f113728fb76cb7 -- filename: cp-server-connect-operator-6.1.1.0_UsrShareDoc.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.1.0_UsrShareDoc.tar.gz + value: ae3eb6e9a85e97945f3f4683738e2c76fcd33958bde439a62b86312263dfe530 +- filename: cp-server-connect-operator-6.1.2.1_UsrShareDoc.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.2.1_UsrShareDoc.tar.gz validation: type: sha256 - value: 1cf04dd78fe9cec013d7f08a7dacd7b71028fe0d95d74f74d843fbb26ed9a47a -- filename: cp-server-connect-operator-6.1.1.0_EtcConfluent.tar.gz - url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.1.0_EtcConfluent.tar.gz + value: bc3e7d33ae12bdd53498586fe99566b313bcb739888b38bbcf5c6a31571861bf +- filename: cp-server-connect-operator-6.1.2.1_EtcConfluent.tar.gz + url: https://ironbank-files.s3.amazonaws.com/cp-server-connect-operator-6.1.2.1_EtcConfluent.tar.gz validation: type: sha256 - value: f38b3ea9e8b0271f0335f9df515ce0e389555091767faf6c7fcdd2806149b0ad -- filename: maven-artifact-3.8.1.jar - url: https://repo1.maven.org/maven2/org/apache/maven/maven-artifact/3.8.1/maven-artifact-3.8.1.jar - validation: - type: sha256 - value: 9dbd3db15ac4816471e72981cb06ef90f3ffa8be6628dddf7135f7bd69bee0c0 -- filename: acl-6.1.1_custom.jar - url: https://ironbank-files.s3.amazonaws.com/acl-6.1.1_custom.jar - validation: - type: sha256 - value: f30b96e1d6a7c1a5e9f613a7772937ce1832c97a927421cb6a706b6b36596d93 + value: 6c7e15dd48b982c069fd047115b27e873a4dbadcb614fa5eca3e1c7dc134e61a # List of project maintainers