V3.9

README.md

@@ -1,4 +1,4 @@
-Spinnaker Gateway Service
+Spinnaker Gateway Service    
 ------------------------------------
 [![Build Status](https://api.travis-ci.org/spinnaker/gate.svg?branch=master)](https://travis-ci.org/spinnaker/gate)
 

build.gradle

@@ -34,6 +34,7 @@ allprojects {
       annotationProcessor "org.projectlombok:lombok"
       testAnnotationProcessor "org.projectlombok:lombok"
       compile("org.springframework.cloud:spring-cloud-starter-vault-config")
+      compile("io.micrometer:micrometer-registry-prometheus")
 
 
       implementation "org.codehaus.groovy:groovy-all"
@@ -51,6 +52,11 @@ allprojects {
     configurations.all {
       exclude group: 'javax.servlet', module: 'servlet-api'
       exclude group: 'javax.servlet', module: 'javax.servlet-api'
+      resolutionStrategy.eachDependency { DependencyResolveDetails details ->
+        if (details.requested.group == 'org.apache.logging.log4j') {
+          details.useVersion '2.16.0'
+        }
+      }
     }
 
     tasks.withType(JavaExec) {

docker/custom-plugin.json

@@ -0,0 +1,58 @@
+[
+  {
+    "id": "Opsmx.VerificationGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom pipeline stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-06-24T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "VERIFICATION_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.TestVerificationGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom pipeline stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-25T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "TESTVERIFICATION_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.VisibilityApprovalPlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom policy stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-20T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "APPROVAL_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.PolicyGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom policy stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-25T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "POLICY_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  }
+]

docker/ubi8/Gate-Dockerfile

@@ -4,6 +4,25 @@ COPY ./gate-web/build/install/gate /opt/gate
 RUN yum -y install java-11-openjdk-headless.x86_64 wget vim curl net-tools nettle
 RUN yum -y update
 RUN adduser spinnaker
-RUN mkdir -p /opt/gate/plugins
+RUN mkdir -p /opt/gate/plugins && mkdir -p /opt/spinnaker/plugins 
+####adding customplugin zip 
+ARG CUSTOMPLUGIN_RELEASEVERSION
+ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+COPY custom-plugin.json /opt/spinnaker/plugins/plugins.json
+RUN wget -O VerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/VerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O TestVerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O policyPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/policyPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip
+RUN mv VerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv TestVerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv policyPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ 
+
+RUN sed -i 's/"VERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"TESTVERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"POLICY_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"APPROVAL_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json
+RUN chown -R spinnaker:spinnaker /opt/spinnaker
+#####
 USER spinnaker
 CMD ["/opt/gate/bin/gate"]

docker/ubuntu/Gate-Dockerfile

@@ -3,6 +3,25 @@ MAINTAINER [email protected]
 COPY ./gate-web/build/install/gate /opt/gate
 RUN apt-get update && apt-get -y install openjdk-8-jre-headless wget vim  net-tools curl
 RUN adduser --disabled-login --system spinnaker
-RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins
+RUN mkdir -p /opt/gate/plugins && chown -R spinnaker:nogroup /opt/gate/plugins && mkdir -p /opt/spinnaker/plugins
+####adding customplugin zip
+ARG CUSTOMPLUGIN_RELEASEVERSION
+ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+COPY custom-plugin.json /opt/spinnaker/plugins/plugins.json
+RUN wget -O VerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/VerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O TestVerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O policyPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/policyPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Pf4jCustomStagePlugin/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip
+RUN mv VerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv TestVerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv policyPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/
+
+RUN sed -i 's/"VERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"TESTVERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"POLICY_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"APPROVAL_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json
+RUN chown -R spinnaker:spinnaker /opt/spinnaker
+#####
 USER spinnaker
 CMD ["/opt/gate/bin/gate"]

docker_build/Dockerfile.rhel8-ubi8

@@ -12,10 +12,11 @@ COPY /docker_build/nginx.repo /etc/yum.repos.d/nginx.repo
 RUN adduser opsmx \
     && usermod -aG wheel opsmx \
     && mkdir -p /opsmx/workdir/logs \
-    && mkdir -p /opt/spinnaker/config
+    && mkdir -p /opt/spinnaker/config \
+    && mkdir -p /opt/spinnaker/plugins 
 
 # Install procps(ps)
-RUN yum install -y procps nginx net-tools
+RUN yum install -y procps nginx net-tools wget
 # Install java 11 
 RUN yum -y install java-11-openjdk-headless.x86_64
 # Install ping
@@ -32,6 +33,24 @@ COPY /docker_build/gate.yml /opt/spinnaker/config/
 COPY /docker_build/startup.sh /opsmx/workdir/
 RUN  chmod +x /opsmx/workdir/startup.sh
 
+# === CUSTOM PLUGINS
+ARG CUSTOMPLUGIN_RELEASEVERSION
+ENV CUSTOMPLUGIN_RELEASEVERSION=$CUSTOMPLUGIN_RELEASEVERSION
+COPY /docker_build/custom-plugin.json /opt/spinnaker/plugins/plugins.json
+RUN wget -O VerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/VerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O TestVerificationPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O policyPlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/policyPlugin-v1.0.1-SNAPSHOT.zip \
+    && wget -O ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip -c https://github.com/OpsMx/Customplugins/releases/download/${CUSTOMPLUGIN_RELEASEVERSION}/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip
+RUN mv VerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv TestVerificationPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv policyPlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ \
+    && mv ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip /opt/spinnaker/plugins/ 
+
+RUN sed -i 's/"VERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"TESTVERIFICATION_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"POLICY_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json \
+    && sed -i 's/"APPROVAL_SHASUM"/'\""$(sha512sum /opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip | awk '{print $1}')"\"'/g' /opt/spinnaker/plugins/plugins.json
+
 # === Copy Gate Build Files ===
 COPY /gate-web/build/install/gate  /opsmx/workdir/gate
 RUN chown -R opsmx:root ${WORK_DIR}/* /opt/* && chmod 777 /opt/* ${WORK_DIR}/*

docker_build/custom-plugin.json

@@ -0,0 +1,58 @@
+[
+  {
+    "id": "Opsmx.VerificationGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom pipeline stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-06-24T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "VERIFICATION_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/VerificationPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.TestVerificationGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom pipeline stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-25T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "TESTVERIFICATION_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/TestVerificationPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.VisibilityApprovalPlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom policy stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-20T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "APPROVAL_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/ApprovalStagePlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  },
+  {
+    "id": "Opsmx.PolicyGatePlugin",
+    "description": "An example of a PF4J-based plugin that provides a custom policy stage.",
+    "releases": [
+      {
+        "version": "1.0.1",
+        "date": "2021-07-25T16:20:59.469168Z",
+        "requires": "orca>=0.0.0,deck>=0.0.0",
+        "sha512sum": "POLICY_SHASUM",
+        "state": "",
+        "url": "file:///opt/spinnaker/plugins/policyPlugin-v1.0.1-SNAPSHOT.zip"
+      }
+    ]
+  }
+]

docker_build/gate.yml

@@ -17,6 +17,14 @@ services:
     enabled: true
   oesui:
     externalUrl: http://150.238.22.102
+
+retrofit:
+  connectTimeout: 30000
+  readTimeout: 30000
+  callTimeout: 30000
+  writeTimeout: 30000
+  retryOnConnectionFailure: true
+
 security:
   basic:
     enabled: false
@@ -80,3 +88,22 @@ server:
     protocolHeader: X-Forwarded-Proto
     remoteIpHeader: X-Forwarded-For
     internalProxies: .*
+
+management:
+  health:
+    elasticsearch:
+      enabled: false
+    ldap:
+      enabled: false
+  endpoints:
+    web:
+      exposure:
+        include: health,info,metrics,prometheus
+  endpoint:
+    health:
+      show-details: always
+      show-components: always
+
+gate:
+  installation:
+    mode: common

gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy

@@ -112,15 +112,30 @@ class AuthConfig {
         .antMatchers(HttpMethod.POST,'/visibilityservice/v1/approvalGates/{id}/trigger').permitAll()
         .antMatchers(HttpMethod.POST,'/visibilityservice/v2/approvalGates/{id}/trigger').permitAll()
         .antMatchers(HttpMethod.POST,'/visibilityservice/v4/approvalGates/{id}/trigger').permitAll()
+        .antMatchers(HttpMethod.POST,'/visibilityservice/v5/approvalGates/{id}/trigger').permitAll()
         .antMatchers(HttpMethod.GET,'/visibilityservice/v2/approvalGateInstances/{id}/status').permitAll()
         .antMatchers(HttpMethod.GET,'/visibilityservice/v1/approvalGateInstances/{id}/status').permitAll()
         .antMatchers(HttpMethod.POST,'/oes/echo').permitAll()
+        .antMatchers(HttpMethod.POST,'/oes/echo/').permitAll()
         .antMatchers(HttpMethod.GET,'/autopilot/mgmt/**').permitAll()
         .antMatchers('/plugins/deck/**').permitAll()
         .antMatchers(HttpMethod.POST, '/webhooks/**').permitAll()
         .antMatchers(HttpMethod.POST, '/notifications/callbacks/**').permitAll()
         .antMatchers(HttpMethod.POST, '/managed/notifications/callbacks/**').permitAll()
+        .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/agents/apple/automation').permitAll()
+        .antMatchers(HttpMethod.POST, '/oes/accountsConfig/v1/agents/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v1/agents/{agentName}/manifest/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/{agentName}/{accountName}/apple/automation').permitAll()
+        .antMatchers(HttpMethod.POST, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v3/spinnaker/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/dashboardservice/v4/getAllDatasources/apple/automation').permitAll()
+        .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll()
+        .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll()
         .antMatchers('/health').permitAll()
+        .antMatchers('/prometheus').permitAll()
+        .antMatchers('/info').permitAll()
+        .antMatchers('/metrics').permitAll()
         .antMatchers('/**').authenticated()
 
     if (fiatSessionFilterEnabled) {
@@ -172,17 +187,32 @@ class AuthConfig {
       .antMatchers(HttpMethod.POST,'/visibilityservice/v1/approvalGates/{id}/trigger').permitAll()
       .antMatchers(HttpMethod.POST,'/visibilityservice/v2/approvalGates/{id}/trigger').permitAll()
       .antMatchers(HttpMethod.POST,'/visibilityservice/v4/approvalGates/{id}/trigger').permitAll()
+      .antMatchers(HttpMethod.POST,'/visibilityservice/v5/approvalGates/{id}/trigger').permitAll()
       .antMatchers(HttpMethod.GET,'/visibilityservice/v2/approvalGateInstances/{id}/status').permitAll()
       .antMatchers(HttpMethod.GET,'/visibilityservice/v1/approvalGateInstances/{id}/status').permitAll()
       .antMatchers(HttpMethod.POST,'/oes/echo').permitAll()
+      .antMatchers(HttpMethod.POST,'/oes/echo/').permitAll()
       .antMatchers(HttpMethod.GET,'/autopilot/mgmt/**').permitAll()
       .antMatchers('/**/favicon.ico').permitAll()
       .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
       .antMatchers(PermissionRevokingLogoutSuccessHandler.LOGGED_OUT_URL).permitAll()
       .antMatchers('/plugins/deck/**').permitAll()
       .antMatchers(HttpMethod.POST, '/webhooks/**').permitAll()
       .antMatchers(HttpMethod.POST, '/notifications/callbacks/**').permitAll()
+      .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/agents/apple/automation').permitAll()
+      .antMatchers(HttpMethod.POST, '/oes/accountsConfig/v1/agents/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v1/agents/{agentName}/manifest/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/{agentName}/{accountName}/apple/automation').permitAll()
+      .antMatchers(HttpMethod.POST, '/oes/accountsConfig/v2/spinnaker/cloudProviderAccount/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/oes/accountsConfig/v3/spinnaker/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/dashboardservice/v4/getAllDatasources/apple/automation').permitAll()
+      .antMatchers(HttpMethod.GET, '/dashboardservice/v5/agents/{agentName}/accounts/{accountName}/accountType/{accountType}/apple/automation').permitAll()
+      .antMatchers(HttpMethod.POST, '/dashboardservice/v4/datasource/apple/automation').permitAll()
       .antMatchers('/health').permitAll()
+      .antMatchers('/prometheus').permitAll()
+      .antMatchers('/info').permitAll()
+      .antMatchers('/metrics').permitAll()
       .anyRequest().authenticated()
      http.addFilterBefore(jwtRequestFilter, UsernamePasswordAuthenticationFilter.class);
   }

gate-core/src/main/groovy/com/netflix/spinnaker/gate/services/OesPermissionService.groovy

@@ -22,6 +22,8 @@ class OesPermissionService extends PermissionService{
   @Autowired
   OesAuthorizationService oesAuthorizationService
 
+  static final String defaultGroup = "anonymous"
+
   @Override
   void loginWithRoles(String userId, Collection<String> roles) {
     if (fiatStatus.isEnabled()) {
@@ -36,9 +38,15 @@ class OesPermissionService extends PermissionService{
     }
     if (isOesAuthorizationServiceEnabled){
       try {
+        if (roles == null){
+          roles = new ArrayList<>()
+          roles.add(defaultGroup)
+        } else if (roles.isEmpty()){
+          roles.add(defaultGroup)
+        }
         oesAuthorizationService.cacheUserGroups(roles, userId)
       } catch(Exception e1){
-        log.error("Exception occured while login with roles : {}", e1)
+        log.error("Exception occurred while login with roles : {}", e1)
       }
     }
   }