Migrate from edpName usage to ReleaseName as default variable in helm chart.
https://github.com/epam/edp-install/blob/master/deploy-templates/values.yaml#L10

AC:

• align remove edpName from values.yaml
• align helm Release Name usege;
• align documentation;

Upgrade golang.org/x/net to version 0.17.0

Acceptance Criteria:

• as a result of release pipeline we need to automate 'Deployment Certifications and Source Traceability' section creation in release tag;

Is your feature request related to a problem? Please describe.
Go version 1.20 needs to be updated. Most libraries already require a newer version.

Describe the solution you'd like
Bump Go from 1.20 to the 1.22 version.

Describe alternatives you've considered
Stay on the outdated 1.20 version.

Change Api script to receive get-nuget-token in Sonatype Nexus in version 3.59.0

Acceptance Criteria:

• the get-nuget-token task can get the nuget-token and push the artifact to the nexus.

To clarify the nexus-operator usage, it is crucial to add the Quick Start section to the README.md file in the edp-nexus-operator repository.

Headlamp UI use label to find and display secrets for integration with Nexus.

Acceptance Criteria:

• nexus-operator create nexus-ci.user secret with label "app.edp.epam.com/secret-type: nexus";

NexusRepository CR should contain the format for the repository(go/npm, maven...), type (proxy, hosted, group), and all configurations for the specific format/type.

NexusScript should contain:

• name
• content(groovy script)
• payload

Acceptance Criteria:

• nexus-operator 2.16.0 released;

Acceptance Criteria:

• nexus-operator 3.1.0 released;
• nexus-operator available on OperatorHub;

For these nexus repositories default values are missing:

• maven2(hosted
  • Version policy
  • Layout policy
  • Content disposition
• maven2(group
  • Version policy
  • Layout policy
  • Content disposition
• nuget(proxy)
  • metadata query cache age

Acceptance Criteria:

• project contain valid code owners;
• project configured with RBAC for contributors;

The user should contain the following fields:

• ID
• First name
• Last name
• Email
• Password
• Status (active, disabled)
• Roles

Currently, the Nexus operator creates and runs NexusScript.
Running some scripts is the pipeline's responsibility.
Make the run script step from the NexusScrip reconciliation optional.

To integrate Nexus with the EDP, we must manage Nexus cleanup policies through custom resources.

NexuRole should contain:

• id
• name
• description
• privileges

Add operator-sdk configuration for publishing operator on the operatorHub.
Prepare operator Helm deploy-templates.

Acceptance Criteria:

• nexus-operator 3.0.0 released;
• nexus-operator available on OperatorHub;

Package github.com/go-resty/resty/v2
Affected versions >= 2.10.0

A race condition in go-resty can result in HTTP request body disclosure across requests.

This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to sync.Pool.Get will then return a bytes.Buffer that hasn't had bytes.Buffer.Reset called on it. This dirty buffer will contain the HTTP request body from an unrelated request, and go-resty will append the current HTTP request body to it, sending two bodies in one request.

The sync.Pool in question is defined at package level scope, so a completely unrelated server could receive the request body.

https://github.com/epam/edp-nexus-operator/security/dependabot/4

Related issue go-resty/resty#743

What happened:

Docker repositories created in Nexus are inaccessible with HTTP error 404.

What you expected to happen:

When docker repositories are created in Nexus they should be available for curl "${nexus_url}/v2/_catalog" and docker push/pull commands.

How to reproduce it (as minimally and precisely as possible):

Create a docker repository in Nexus, that was deployed as a part of EDP.
Try to get the new repository's catalog with curl "${nexus_url}/v2/_catalog"
The response would be HTTP error 404.

Anything else we need to know?:

The issue is in the NEXUS_CONTEXT environment variable, which is filled with "//" (double forward slash) rather than the correct "/" (a single forward slash).

The defect happens due to the first forward slash introduced in the Nexus' default properties ConfigMap:
https://github.com/epam/edp-nexus-operator/blob/master/deploy-templates/templates/cm/configuration/nexus_default.properties.yaml#L9

And the second forward slash is specified in both the Deployment for Kubernetes and DeploymentConfig for OpenShift:
https://github.com/epam/edp-nexus-operator/blob/master/deploy-templates/templates/deployment/nexus_deployment_kubernetes.yaml#L37
https://github.com/epam/edp-nexus-operator/blob/master/deploy-templates/templates/deployment/nexus_deployment_config_openshift.yaml#L39

Environment:

• Platform (e.g: cat /etc/os-release): Kubernetes and OpenShift
• EDP version: All
• Nexus Operator version: 2.5.0-RC.1 - 2.13.0
• Others: -

Acceptance Criteria:

• nexus-operator 2.17.0 released;

Acceptance Criteria:

• nexus-operator 3.2.0 released;
• nexus-operator available on OperatorHub;

A/C

• CI pipeline exist step with integration tests

• Remove all configurations from Nexus CR.
• Nexus CR should contain only base parameters to get the connection - URL and credentials.
• Move CR to the group edp and version v1alpha1.
• Update operator dependencies.
• Add integration tests for the Nexus CR.

We can use https://github.com/datadrivers/go-nexus-client to work with Nexus API.

Is your feature request related to a problem? Please describe.

Currently, we can create NexusRepository with multiple formats and types.
Example:

apiVersion: edp.epam.com/v1alpha1
kind: NexusRepository
metadata:
  name: npm-hosted
spec:
  nexusRef:
    name: nexus-sample
  npm:
    hosted:
      name: npm-hosted
    proxy:
      name: npm-proxy
      proxy:
        remoteUrl: https://test.com
  go:
    group:
      name: go-group
      group:
          memberNames:
          - go-proxy

The operator doesn't support multiple types and formats in one CR. So we will get an error during resource reconciliation.

Describe the solution you'd like
Create a validation web-hook to validate NexusRepository.

• Every repository should contain only one format (go,nmp, maven, etc.) and only one type (proxy, group, hosted).
• Don't allow to change format and type.

To configure Nexus with EDP, the nexus operator should manage blob stores.
Add NexusBlobStore custom resource for configuring blob stores.

To reproduce create pypi hosted repository

apiVersion: edp.epam.com/v1alpha1
kind: NexusRepository
metadata: 
  name: python-hosted
  namespace: nexus
status: 
  error: 'failed to get repository data: no pypi repository set'
  value: error
spec: 
  nexusRef: 
    kind: Nexus
    name: nexus
  pypi: 
    hosted: 
      component: 
        proprietaryComponents: true
      name: edp-python-snapshots
      online: true
      storage: 
        blobStoreName: edp-python
        strictContentTypeValidation: true
        writePolicy: ALLOW_ONCE

The repository is not created, and we have the error 'failed to get repository data: no pypi repository set.'
But from the Nexus UI we can create such type of the repository.