fix(ci): master updated from develop

CHANGELOG.md

@@ -4,10 +4,27 @@
 
 ### Fixes
 
-*storage*
+#### Broker
 
-Waiting longer for conflict manager to be connected
+*stream gRPC*
 
-*tls*
+A gRPC stream connector did not stop correctly on cbd stop.
 
-Printing encrypted write log on trace level only
+*BAM*
+
+On BAM misconfiguration, cbd could crash. This is fixed now. That was due to
+an issue in mysql code with promises handling.
+
+### Enhancements
+
+#### Broker
+
+*downtimes*
+
+They are inserted in bulk now.
+
+#### Engine
+
+*comments*
+
+They are sent only once to broker.

CMakeLists.txt

@@ -47,7 +47,7 @@ endif ()
 # Version.
 set(COLLECT_MAJOR 22)
 set(COLLECT_MINOR 04)
-set(COLLECT_PATCH 0)
+set(COLLECT_PATCH 1)
 set(COLLECT_VERSION "${COLLECT_MAJOR}.${COLLECT_MINOR}.${COLLECT_PATCH}")
 add_definitions(-DCENTREON_CONNECTOR_VERSION=\"${COLLECT_VERSION}\")
 # add_definitions(-DCENTREON_BROKER_VERSION=\"${COLLECT_VERSION}\")

Jenkinsfile

@@ -28,12 +28,6 @@ if (env.BRANCH_NAME.startsWith('release-')) {
   env.BUILD = 'CI'
 }
 
-// Skip sonarQ analysis on branch without PR  - Unable to merge
-def securityAnalysisRequired = 'yes'
-if (!env.CHANGE_ID && env.BUILD == 'CI') {
-    securityAnalysisRequired = 'no'
-}
-
 /*
 ** Pipeline code.
 */
@@ -61,37 +55,21 @@ stage('Build / Unit tests // Packaging / Signing') {
   },
   'centos7 SQ analysis': {
     node("C++") {
-      if (securityAnalysisRequired == 'no') {
-        Utils.markStageSkippedForConditional('centos7 SQ analysis')
-      } else {
-        dir('centreon-collect-centos7') {
-          checkout scm
-          loadCommonScripts()
-          sh 'ci/scripts/collect-sonar-scanner-common.sh "install"'
-          withSonarQubeEnv('SonarQubeDev') {
-            if (env.CHANGE_ID) {
-              sh 'ci/scripts/collect-sonar-scanner-common.sh "get"'
-              sh 'docker run -i --entrypoint /src/ci/scripts/collect-sources-analysis.sh -v "$PWD:/src" registry.centreon.com/centreon-collect-centos7-dependencies:22.04 "PR" "$SONAR_AUTH_TOKEN" "$SONAR_HOST_URL" "$VERSION" "$CHANGE_TARGET" "$CHANGE_BRANCH" "$CHANGE_ID"'
-            } else {
-              sh 'docker run -i --entrypoint /src/ci/scripts/collect-sources-analysis.sh -v "$PWD:/src" registry.centreon.com/centreon-collect-centos7-dependencies:22.04 "NotPR" "$SONAR_AUTH_TOKEN" "$SONAR_HOST_URL" "$VERSION" "$BRANCH_NAME"'
-            }
-            if (env.BUILD == "REFERENCE" || env.BUILD == "QA") {
-              // Saving cache's tarball if generated
-              sh 'ci/scripts/collect-sonar-scanner-common.sh "set"'
-            }
+      dir('centreon-collect-centos7') {
+        checkout scm
+        loadCommonScripts()
+        withSonarQubeEnv('SonarQubeDev') {
+          sh 'ci/scripts/collect-sonar-scanner-common.sh "get" "master"'
+          if (env.CHANGE_ID) {
+            sh 'docker run -i --entrypoint /src/ci/scripts/collect-sources-analysis.sh -v "$PWD:/src" registry.centreon.com/centreon-collect-centos7-dependencies:22.04 "PR" "$SONAR_AUTH_TOKEN" "$SONAR_HOST_URL" "$VERSION" "$CHANGE_TARGET" "$CHANGE_BRANCH" "$CHANGE_ID"'
+          } else {
+            sh 'docker run -i --entrypoint /src/ci/scripts/collect-sources-analysis.sh -v "$PWD:/src" registry.centreon.com/centreon-collect-centos7-dependencies:22.04 "NotPR" "$SONAR_AUTH_TOKEN" "$SONAR_HOST_URL" "$VERSION" "$BRANCH_NAME"'
           }
+          sh 'ci/scripts/collect-sonar-scanner-common.sh "set"'
         }
       }
     }
-  },/*
-  'centos8 Build and UT': {
-    node("C++") {
-      dir('centreon-collect-centos8') {
-        checkout scm
-        sh 'docker run -i --entrypoint /src/ci/scripts/collect-unit-tests.sh -v "$PWD:/src" registry.centreon.com/centreon-collect-centos8-dependencies:22.04-testdocker'
-      }
-    }
-  },*/
+  },
   'centos7 rpm packaging and signing': {
     node("C++") {
       dir('centreon-collect-centos7') {
@@ -147,28 +125,24 @@ stage('Build / Unit tests // Packaging / Signing') {
       dir('centreon-collect') {
         checkout scm
       }
-      sh 'docker run -i --entrypoint /src/centreon-collect/ci/scripts/collect-deb-package.sh -v "$PWD:/src" -e DISTRIB="Debian11" -e VERSION=$VERSION -e RELEASE=$RELEASE registry.centreon.com/centreon-collect-debian11-dependencies:22.04'
-      stash name: 'Debian11', includes: 'Debian11/*.deb'
-      archiveArtifacts artifacts: "Debian11/*"
+      sh 'docker run -i --entrypoint /src/centreon-collect/ci/scripts/collect-deb-package.sh -v "$PWD:/src" -e DISTRIB="bullseye" -e VERSION=$VERSION -e RELEASE=$RELEASE registry.centreon.com/centreon-collect-debian11-dependencies:22.04'
+      stash name: 'Debian11', includes: 'bullseye/*.deb'
+      archiveArtifacts artifacts: "bullseye/*"
     }
   }
 }
 
 stage('Quality Gate') {
   node("C++") {
-    if (securityAnalysisRequired == 'no') {
-      Utils.markStageSkippedForConditional('Quality Gate')
-    } else {
-      timeout(time: 10, unit: 'MINUTES') {
-        def qualityGate = waitForQualityGate()
-        if (qualityGate.status != 'OK') {
-          error "Pipeline aborted due to quality gate failure: ${qualityGate.status}"
-        }
-      }
-      if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') {
-        error("Quality gate failure: ${qualityGate.status}.");
+    timeout(time: 10, unit: 'MINUTES') {
+      def qualityGate = waitForQualityGate()
+      if (qualityGate.status != 'OK') {
+        error "Pipeline aborted due to quality gate failure: ${qualityGate.status}"
       }
     }
+    if ((currentBuild.result ?: 'SUCCESS') != 'SUCCESS') {
+      error("Quality gate failure: ${qualityGate.status}.");
+    }
   }
 }
 

broker/SECURITY.md → SECURITY.md

@@ -12,7 +12,7 @@ Send an email to security@centreon.com. If possible, encrypt your message with o
 
 You should receive a response within 48 hours. If for some reason you do not, please follow up via email to ensure we received your original message.
 
-To help us better understand the nature and scope of the possible issue, please describe as much as you can:
+To help us better understand the nature and scope of the possible issue, please describe as much as you can: 
 
 * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.)
 * Full paths of source file(s) related to the manifestation of the issue
@@ -22,10 +22,94 @@ To help us better understand the nature and scope of the possible issue, please
 * Proof-of-concept or exploit code (if possible)
 * Impact of the issue, including how an attacker might exploit the issue
 
+## Bug bounty
+
+We don't have a bug bounty program but this is something we are thinking about.
+
 ## PGP information
 
 ### Public key
 
+| Tag | Value |
+| -- | -- |
+| ID | F92686A9EC269C1A |
+| Type | RSA |
+| Size | 4096 |
+| Created | 2022-12-28 |
+| Expires | 2023-01-22 |
+| Fingerprint | 3552 91EA 7DAF 9E2A 192C 62B6 F926 86A9 EC26 9C1A |
+
+```
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mQINBGHLO4IBEADB5ZlFUNNH/Y5TEVHAAHIMjHEt63M5hA+C94EYv89R2+swz212
+Hla4f5sVl5wPNSwiIAed+bJNKnGiaDM/508aMcTHurGRu3x5/MyvuxpXmzOSY1Mt
+JZxLBBkonL1iX0tCytWriOhgAty9gi58DPKA6f7sVDgt3Hm/NtIEULSbXy6xfDYo
+m+Sz39+hb0PcKKEkacRGzOGDIR0UgOAUGDBEbDoLPxjM6flHjXcjs4fZNY2HHQXO
+AB65qM9my4ALxxsrIbsKfu25HY52qSZoqZD90AxKdNtRFlnkXClWN0l26fVqiGjv
+oCPMYGPp80OYvymE2QhtlD+jRAepwyWx1YY96VFIA9LsZtjmoRxw/KLghdeP4Q7p
+/BUCVkT393OOTayNhoNa7iCqbK0lmB6mequi7KV3vNXn79WP0Hm8AQ9/9bEJaY8x
+oNTKAxsR6gLP1fc7S/zg9iIHUuTj6XU9CbW45ADrCJRel5LoM+MZ3DWXh+kd0Iuw
+yANU+XVgC1fXQOf76BJeYSalZS8Ln1vpYjDwEZBSmLdyefCYBjspxjDNzpCAy+wH
+gc/vpQbjmFxgkbZ3AroGDaNu1JVhA3yy8oXAEwAxl8BzsYye2YbhAUb2RgZhIndd
+TCcWkwhEWey3XYMCtnFWxsXnteA1cvWD8PvCiWy53yc/Ng59H3XyB3sJbQARAQAB
+tJJDZW50cmVvbiBTZWN1cml0eSAoRW1haWwgdXNlZCB0byByZXBvcnQgYSB2dWxu
+ZXJhYmlsaXR5IG9uIENlbnRyZW9uJ3MgcHJvZHVjdHMgb3IgdG8gY29udGFjdCB0
+aGUgQ2VudHJlb24ncyBzZWN1cml0eSB0ZWFtKSA8c2VjdXJpdHlAY2VudHJlb24u
+Y29tPokCVAQTAQoAPhYhBPSiLqQfofMIpmrARo99hgxsMlQ6BQJhyzuCAhsDBQkC
+AikABQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEI99hgxsMlQ6Ms0P/1lJfoaj
+5/mRIKvaWZnTZm6OCpJtRT/9WrBGxbVi0TfyFb8M5OHeoz2oXc7WEPDJNNW9aRat
+i40oHfQExW0UBsMvpfGlhPc5nwIxzpvFuckPrSTU3Y9ZLQvCoyxPIWMsXlghwwHD
+OFW5oYg+rAvtmFuLyM18MdkH3YmrUHs7wyZczvi5hqdv5yB92kEjDTRbCYG8k9ep
+P1rr3U/WyQ6u5BEZLTFNceK//VQsEfN7l8QLQV5CtG7PtdnLh5V4lkDHV7DW3PCg
+TXyy8A5IatLh7z+ODQ/GDwCw7NNQm5M8dB1T/tLZn7+kTf8KqjHz4Qbh2PFBu5R7
+sDPEM81EMSAN/dfuZyQKbABnJk0JalvZeuZYUQYZWTgK6mSFJ3Rac8aX4TX7fwfS
+kjh0ivG/FWzKaDa/dGfpH0J69IE2SACLRF+022hPLz7dRmSyNQSFZ4McXC+ihQps
+mDJrqLmBPSNIRkfTwczINPSAX051w3GsJDSoAID+X0iqmoZTPYuf9XJO689vx+5B
+g4FwhFwETkCqq6sZLzBI8+8dHKCn7imCtmrJ7JN8uy4mPS4Y2yVTBr1sZiAuvHzN
+4314o3N30OZeqG61OuE6XO67mlw5Rk5Kay7P/s3uu5wXEL01z5+VKH/hjzVV+GXq
+9J+VKYfXOcvu9PDhVBzlXgtP5xNuhh/IlvoDuQINBGHLPM4BEADdN4QbeuBSFts7
+9iIJXBmYiwcfDUOyZYaam6tI1fi1MbWCTAwpDpR0e8wdAon5yrF5jF6f6PIzqSfV
+jc1rtLfdftVlzCMobXyjPxO9LkwChSm+b1tR6R7FyxfkUu5Og7TdrTpzzbTPN6TA
+0BReEy20NpU6b3xC96BdaxE2ePlDOm26C5ygmAWszGD29ztxVtbBq7w0M+q7MO5Q
+UH286bNQXKL5C5wZuA18li/hk7Cri4XwtRyMMh0dlT7hYYuKKJN5d8swx793JdlP
+uYxmL93bM7rlka+W9fHYEbW5Zr7KUKwGygju/R2kx567iZyNwhFdeNsMFXFRIxCL
+sEqNBc6EexafaxoJc4Ms0FD5WXiy9Je5+c5ue5Qb3SzavRu8u/z4bnjmpXqodBOS
+jB4KPPGp4iCZPIOD98HyQ4XlYPSFc4hFEDxM6JGjfiKzFGaSmroSqwoKYYUjLsI+
+SuFPciOnH73KvwGX0uDYOKKZp5kmhKwu+AWaOfjoMGC2j+aOCQswziYBwr32bgyf
+S/CM4uha7XhY4vi5IaRgXrSSsCRFwskTRQwtAHtu8m17D0CH7K5blKXtx+pHB+6x
+cYTX9u2N2rqnOTma6+KEXFzVj0JiXsT3OwFmAFRvDU+erGSlAF3bQkZcu0hoFZmh
+XBeRV+vA3D/rkwXal8vMRcn2V+XZ5wARAQABiQI8BBgBCgAmFiEE9KIupB+h8wim
+asBGj32GDGwyVDoFAmHLPM4CGwwFCQICKQAACgkQj32GDGwyVDqkbg/+NVEZw2A4
+Uk6h4Exo9T0+ttd/ywi8P5aGnoiJ9Fw92RHgmSNUwIwgdeGKrgBbhVaO/V4CDGJp
+iiwIAxzU/xCNibEGTUkH79AZvFHXxXwRKf/vWW1w3gyh9ppRLBlUw3S2DdEkxlzJ
+5R1ryYTeV4yFAVK1Ln1v/UCA2WHho3IN/PIgDt701zONUEn1OOxHrMlKsgHIBAAk
+NA6IQ1Tr8RW9abK3uAtJxxnyOqEMkiE03sJfd1dAUtvirGxr7g3t1Gfi8BPnQR5T
+ZNqDOblM6fiY05AngPOLtV0n6LazK/buNenvUUhT0R9noMX6ZcApGpS4fFhADw1q
+vrFYSG/4rLSGKvLqw5pQ7PzLDHPfn/HIME//SPuBnYrTYjiupzdmgtjGOc1iMV0X
+YVXuA1yj+aJFaObLnVD31v2GIKvVS4WMsG74Mf5vMiMkbc0Zg2ULGun3sXscW0Yh
+2MnvI5oYQcKmzjmhPdKHrmkiy9QC4442PbE8Bn9KUpcVoxCtFr/Zsc18iUVHYyIG
+rrmZBE8MF1tGGBsdFC4Aktujuj3EevBo26QLozyfOLXXATHhmGh4SWsH68iyzynw
+ARzB/pCyvB1Y/QbRn3ClFIksAyjrMxiNkSQXgToc8Ph+vLnHS3Y4399c74WZCHCH
+i51yIfcTAPmxOst/YN5WXOxWHZjZ/STVi0Y=
+=8Gny
+-----END PGP PUBLIC KEY BLOCK-----
+```
+
+### Revoked Public key
+
+**_Kindly use the new key instead_**
+
+| Tag | Value |
+| -- | -- |
+| ID | BEAF6EBF631106F9 |
+| Type | RSA |
+| Size | 4096 |
+| Created | 2020-02-11 |
+| Expires | 2022-01-13 |
+| Cipher |AES-256|
+| Fingerprint | C377 E9D5 2D5C 137D 3DD5 73B5 BEA F6EBF 6311 06F9 |
+
 ```
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 
@@ -80,17 +164,3 @@ SL4taAGY0BDuA3zhB7p5tP8=
 =YBvx
 -----END PGP PUBLIC KEY BLOCK-----
 ```
-
-| Tag | Value |
-| -- | -- |
-| ID | BEAF6EBF631106F9 |
-| Type | RSA |
-| Size | 4096 |
-| Created | 2020-02-11 |
-| Expires | 2022-01-13 |
-| Cipher |AES-256|
-| Fingerprint | C377 E9D5 2D5C 137D 3DD5 73B5 BEA F6EBF 6311 06F9 |
-
-## Bug bounty
-
-We don't have a bug bounty program but this is something we are thinking about.

ci/docker/Dockerfile.collect-centos7-dependencies

@@ -7,7 +7,8 @@ RUN curl https://downloads.mariadb.com/MariaDB/mariadb-10.5.8/yum/centos7-amd64/
     curl https://downloads.mariadb.com/MariaDB/mariadb-10.5.8/yum/centos7-amd64/rpms/MariaDB-server-10.5.8-1.el7.centos.x86_64.rpm --output MariaDB-server-10.5.8-1.el7.centos.x86_64.rpm && \
     curl https://downloads.mariadb.com/MariaDB/mariadb-10.5.8/yum/centos7-amd64/rpms/galera-4-26.4.6-1.el7.centos.x86_64.rpm --output galera-4-26.4.6-1.el7.centos.x86_64.rpm && \
     curl http://yum-1.centreon.com/standard/21.10/el7/stable/x86_64/RPMS/rrdtool-devel-1.7.2-1.el7.centos.x86_64.rpm --output rrdtool-devel-1.7.2-1.el7.centos.x86_64.rpm && \
-    curl http://yum-1.centreon.com/standard/21.10/el7/stable/x86_64/RPMS/rrdtool-1.7.2-1.el7.centos.x86_64.rpm --output rrdtool-1.7.2-1.el7.centos.x86_64.rpm
+    curl http://yum-1.centreon.com/standard/21.10/el7/stable/x86_64/RPMS/rrdtool-1.7.2-1.el7.centos.x86_64.rpm --output rrdtool-1.7.2-1.el7.centos.x86_64.rpm && \
+    curl https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-4.7.0.2747-linux.zip --output sonar-scanner-cli-4.7.0.2747-linux.zip
 RUN yum -y upgrade && yum -y update && \
     yum -y install make \
     openssh-server \
@@ -54,6 +55,9 @@ RUN cat conanfile.txt
 RUN source /opt/rh/devtoolset-9/enable && source /opt/rh/rh-python38/enable && \
     conan install . -s compiler.cppstd=14 -s compiler.libcxx=libstdc++11 --build='*'
 
+RUN unzip -q sonar-scanner-cli-4.7.0.2747-linux.zip
+RUN rm -rf sonar-scanner-cli-4.7.0.2747-linux.zip
+RUN mv sonar-scanner-4.7.0.2747-linux sonar-scanner
 WORKDIR /src
 ENV PATH=/opt/rh/devtoolset-9/root/usr/bin:$PATH:/opt/rh/rh-php73/root/usr/bin
 ENV LD_LIBRARY_PATH=/opt/rh/devtoolset-9/root/usr/lib64:/opt/rh/devtoolset-9/root/usr/lib:/opt/rh/devtoolset-9/root/usr/lib64/dyninst:/opt/rh/devtoolset-9/root/usr/lib/dyninst:/opt/rh/devtoolset-9/root/usr/lib64:/opt/rh/devtoolset-9/root/usr/lib

ci/release/Jenkinsfile

@@ -15,7 +15,7 @@ pipeline {
           echo 'Releasing Centreon Collect'
           loadCommonScripts()
           withCredentials([string(credentialsId: 'download-token', variable: 'DOWNLOAD_TOKEN')]) {
-            sh './ci/release/collect-release.sh $DOWNLOAD_TOKEN'
+            sh './ci/release/collect-release.sh' "$DOWNLOAD_TOKEN"
           }
         }
       }

ci/scripts/collect-deb-package.sh

@@ -11,14 +11,17 @@ echo "################################################## PACKAGING COLLECT #####
 AUTHOR="Luiz Costa"
 AUTHOR_EMAIL="me@luizgustavo.pro.br"
 
+# fix version to debian format accept
+VERSION="$(echo $VERSION | sed 's/-/./g')"
+
 if [ -d centreon-collect/build ] ; then
     rm -rf centreon-collect/build
 fi
 tar czpf centreon-collect-$VERSION.tar.gz centreon-collect
 cd centreon-collect/
 cp -rf ci/debian .
-sed -i "s/^centreon:version=.*$/centreon:version=${VERSION}/" debian/substvars
-debmake -f "${AUTHOR}" -e "${AUTHOR_EMAIL}" -u "$VERSION" -r "$RELEASE"
+sed -i "s/^centreon:version=.*$/centreon:version=$(echo $VERSION | egrep -o '^[0-9][0-9].[0-9][0-9]')/" debian/substvars
+debmake -f "${AUTHOR}" -e "${AUTHOR_EMAIL}" -u "$VERSION" -r "$DISTRIB"
 debuild-pbuilder
 cd ../
 if [ -d "$DISTRIB" ] ; then