nevis
/
adn-agov-iam-admin-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-09-04 13:52:45 +00:00
parent 9641dd21e6
commit 4f3dc20b31
12 changed files with 73 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/etc/nevis/k8s-nevisauth-ac27dd7daad0ca2b7229bfaf.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisAuth"
replicas: 1
version: "8.2405.1"
version: "8.2405.2"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/env.conf
View File

@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
)

16
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/saml_sp_nevisidm_admin_realm_extract_issuer.groovy
View File

@ -2,8 +2,17 @@ import java.util.zip.Inflater
import java.util.zip.InflaterInputStream
def extractPost(String value) {
def decoded = new String(value.decodeBase64())
def xml = new groovy.xml.XmlSlurper().parseText(decoded)
if (value == null) {
return
}
String text
if (value.startsWith("<")) {
text = value
}
else {
text = new String(value.decodeBase64())
}
def xml = new groovy.xml.XmlSlurper().parseText(text)
// according to the SAML spec Issuer is optional but we need it for dispatching
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
session.put("saml.inbound.issuer", issuer)
@ -40,6 +49,9 @@ if (inargs.containsKey("SAMLResponse")) {
else if (inargs.containsKey("SAMLRequest")) {
handleMessage("SAMLRequest")
}
else if (inargs.containsKey("soapheader")) {
handleMessage("soapheader")
}
else { // no incoming message.
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
LOG.debug("denying request without incoming message on ACS path")

16
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth/var/opt/nevisauth/default/conf/saml_sp_nevisidm_operations_realm_extract_issuer.groovy
View File

@ -2,8 +2,17 @@ import java.util.zip.Inflater
import java.util.zip.InflaterInputStream
def extractPost(String value) {
def decoded = new String(value.decodeBase64())
def xml = new groovy.xml.XmlSlurper().parseText(decoded)
if (value == null) {
return
}
String text
if (value.startsWith("<")) {
text = value
}
else {
text = new String(value.decodeBase64())
}
def xml = new groovy.xml.XmlSlurper().parseText(text)
// according to the SAML spec Issuer is optional but we need it for dispatching
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
session.put("saml.inbound.issuer", issuer)
@ -40,6 +49,9 @@ if (inargs.containsKey("SAMLResponse")) {
else if (inargs.containsKey("SAMLRequest")) {
handleMessage("SAMLRequest")
}
else if (inargs.containsKey("soapheader")) {
handleMessage("soapheader")
}
else { // no incoming message.
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
LOG.debug("denying request without incoming message on ACS path")

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/etc/nevis/k8s-nevisidm-batch-641ac4edf0c17383d3c0ea38.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisIDM"
replicas: 1
version: "8.2405.1"
version: "8.2405.2"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-559fc1c9e95f51132e6ad328d8310c6ce3073856"
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job/var/opt/nevisidm/default/conf/env.conf
View File

@ -4,5 +4,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
)

27
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-idm-db-ca0629d86201d4c4ac857d60.yaml Normal file
View File

@ -0,0 +1,27 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisDatabase"
metadata:
name: "idm"
namespace: "adn-agov-nevisidm-admin-01-uat"
labels:
deploymentTarget: "idm"
annotations:
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
patternId: "ca0629d86201d4c4ac857d60"
spec:
type: "NevisIDM"
databaseType: "MariaDB"
version: "8.2405.2"
url: "mariadb-agov-uat.mariadb.database.azure.com"
port: 3306
ssl: true
database: "nevisidm_uat"
bootstrap: false
migrate: true
rootCredentials:
name: "root-adn-agov-nevisidm-admin-01-uat-idm"
namespace: "adn-agov-nevisidm-admin-01-uat"
podSecurity:
policy: "baseline"
automountServiceAccountToken: false
timeZone: "Europe/Zurich"

8
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/etc/nevis/k8s-nevisidm-admin-ba7c7a3b091df0c4b8ba0bb2.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisIDM"
replicas: 1
version: "8.2405.1"
version: "8.2405.2"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@ -46,9 +46,12 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-23274ff50cbcc5dc1409914b80d55bad4f51e4a5"
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm"
credentials: "git-credentials"
database:
name: "idm"
requiredVersion: "8.2405.2"
keystores:
- "idm-default-identity"
truststores:
@ -60,5 +63,4 @@ spec:
timeZone: "Europe/Zurich"
secrets:
secret:
- "a2068eb83a60702322c13949-27ed70d3"
- "c418560f50e0332d087e85bf-89ec31e5"

2
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/env.conf
View File

@ -4,5 +4,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
)

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm/var/opt/nevisidm/default/conf/nevisidm-prod.properties
View File

@ -3,9 +3,9 @@ web.gui.languages.default=de
# source: pattern://ca0629d86201d4c4ac857d60
database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
# source: pattern://ca0629d86201d4c4ac857d60
database.connection.username=adndbadmin
database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
# source: pattern://ca0629d86201d4c4ac857d60
database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
# source: pattern://ba7c7a3b091df0c4b8ba0bb2
application.mail.smtp.host=greenmail.adn-agov-mail-01-dev.svc
# source: pattern://ba7c7a3b091df0c4b8ba0bb2

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-idm/etc/nevis/k8s-nevisproxy-instance-idm-3bc06037962ad13be0a3a95d.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisProxy"
replicas: 1
version: "8.2405.0"
version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-idm"
credentials: "git-credentials"
keystores:

4
DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp/etc/nevis/k8s-operations-nevisproxy-instance-bd83dfbd467e8211ffe71d28.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec:
type: "NevisProxy"
replicas: 1
version: "8.2405.0"
version: "8.2405.1"
gitInitVersion: "1.3.0"
runAsNonRoot: true
ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
credentials: "git-credentials"
keystores: