new configuration version
This commit is contained in:
haburger
parent
9641dd21e6
commit
4f3dc20b31
|
|
@ -11,7 +11,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: "NevisAuth"
|
type: "NevisAuth"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
version: "8.2405.1"
|
version: "8.2405.2"
|
||||||
gitInitVersion: "1.3.0"
|
gitInitVersion: "1.3.0"
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -45,7 +45,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
|
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
|
||||||
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/auth"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
|
|
@ -12,7 +12,7 @@ JAVA_OPTS=(
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
"-Dotel.javaagent.logging=application"
|
"-Dotel.javaagent.logging=application"
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
|
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
|
||||||
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
|
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
|
||||||
)
|
)
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,17 @@ import java.util.zip.Inflater
|
||||||
import java.util.zip.InflaterInputStream
|
import java.util.zip.InflaterInputStream
|
||||||
|
|
||||||
def extractPost(String value) {
|
def extractPost(String value) {
|
||||||
def decoded = new String(value.decodeBase64())
|
if (value == null) {
|
||||||
def xml = new groovy.xml.XmlSlurper().parseText(decoded)
|
return
|
||||||
|
}
|
||||||
|
String text
|
||||||
|
if (value.startsWith("<")) {
|
||||||
|
text = value
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
text = new String(value.decodeBase64())
|
||||||
|
}
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parseText(text)
|
||||||
// according to the SAML spec Issuer is optional but we need it for dispatching
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
session.put("saml.inbound.issuer", issuer)
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
|
@ -40,6 +49,9 @@ if (inargs.containsKey("SAMLResponse")) {
|
||||||
else if (inargs.containsKey("SAMLRequest")) {
|
else if (inargs.containsKey("SAMLRequest")) {
|
||||||
handleMessage("SAMLRequest")
|
handleMessage("SAMLRequest")
|
||||||
}
|
}
|
||||||
|
else if (inargs.containsKey("soapheader")) {
|
||||||
|
handleMessage("soapheader")
|
||||||
|
}
|
||||||
else { // no incoming message.
|
else { // no incoming message.
|
||||||
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
||||||
LOG.debug("denying request without incoming message on ACS path")
|
LOG.debug("denying request without incoming message on ACS path")
|
||||||
|
|
|
||||||
|
|
@ -2,8 +2,17 @@ import java.util.zip.Inflater
|
||||||
import java.util.zip.InflaterInputStream
|
import java.util.zip.InflaterInputStream
|
||||||
|
|
||||||
def extractPost(String value) {
|
def extractPost(String value) {
|
||||||
def decoded = new String(value.decodeBase64())
|
if (value == null) {
|
||||||
def xml = new groovy.xml.XmlSlurper().parseText(decoded)
|
return
|
||||||
|
}
|
||||||
|
String text
|
||||||
|
if (value.startsWith("<")) {
|
||||||
|
text = value
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
text = new String(value.decodeBase64())
|
||||||
|
}
|
||||||
|
def xml = new groovy.xml.XmlSlurper().parseText(text)
|
||||||
// according to the SAML spec Issuer is optional but we need it for dispatching
|
// according to the SAML spec Issuer is optional but we need it for dispatching
|
||||||
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
def issuer = xml.depthFirst().find { it -> it.name().equalsIgnoreCase("Issuer") }?.text()
|
||||||
session.put("saml.inbound.issuer", issuer)
|
session.put("saml.inbound.issuer", issuer)
|
||||||
|
|
@ -40,6 +49,9 @@ if (inargs.containsKey("SAMLResponse")) {
|
||||||
else if (inargs.containsKey("SAMLRequest")) {
|
else if (inargs.containsKey("SAMLRequest")) {
|
||||||
handleMessage("SAMLRequest")
|
handleMessage("SAMLRequest")
|
||||||
}
|
}
|
||||||
|
else if (inargs.containsKey("soapheader")) {
|
||||||
|
handleMessage("soapheader")
|
||||||
|
}
|
||||||
else { // no incoming message.
|
else { // no incoming message.
|
||||||
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
if (request.getCurrentResource().matches('^http[s]?\u003A//[^/]+/SAML2/ACS/.*$')) {
|
||||||
LOG.debug("denying request without incoming message on ACS path")
|
LOG.debug("denying request without incoming message on ACS path")
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: "NevisIDM"
|
type: "NevisIDM"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
version: "8.2405.1"
|
version: "8.2405.2"
|
||||||
gitInitVersion: "1.3.0"
|
gitInitVersion: "1.3.0"
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-559fc1c9e95f51132e6ad328d8310c6ce3073856"
|
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
|
||||||
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job"
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm-job"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
|
|
@ -4,5 +4,5 @@ JAVA_OPTS=(
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
"-Dotel.javaagent.logging=application"
|
"-Dotel.javaagent.logging=application"
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
)
|
)
|
||||||
|
|
@ -0,0 +1,27 @@
|
||||||
|
apiVersion: "operator.nevis-security.ch/v1"
|
||||||
|
kind: "NevisDatabase"
|
||||||
|
metadata:
|
||||||
|
name: "idm"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
labels:
|
||||||
|
deploymentTarget: "idm"
|
||||||
|
annotations:
|
||||||
|
projectKey: "DEFAULT-ADN-AGOV-ADMIN-PROJECT"
|
||||||
|
patternId: "ca0629d86201d4c4ac857d60"
|
||||||
|
spec:
|
||||||
|
type: "NevisIDM"
|
||||||
|
databaseType: "MariaDB"
|
||||||
|
version: "8.2405.2"
|
||||||
|
url: "mariadb-agov-uat.mariadb.database.azure.com"
|
||||||
|
port: 3306
|
||||||
|
ssl: true
|
||||||
|
database: "nevisidm_uat"
|
||||||
|
bootstrap: false
|
||||||
|
migrate: true
|
||||||
|
rootCredentials:
|
||||||
|
name: "root-adn-agov-nevisidm-admin-01-uat-idm"
|
||||||
|
namespace: "adn-agov-nevisidm-admin-01-uat"
|
||||||
|
podSecurity:
|
||||||
|
policy: "baseline"
|
||||||
|
automountServiceAccountToken: false
|
||||||
|
timeZone: "Europe/Zurich"
|
||||||
|
|
@ -11,7 +11,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: "NevisIDM"
|
type: "NevisIDM"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
version: "8.2405.1"
|
version: "8.2405.2"
|
||||||
gitInitVersion: "1.3.0"
|
gitInitVersion: "1.3.0"
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -46,9 +46,12 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-23274ff50cbcc5dc1409914b80d55bad4f51e4a5"
|
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
|
||||||
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm"
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/idm"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
|
database:
|
||||||
|
name: "idm"
|
||||||
|
requiredVersion: "8.2405.2"
|
||||||
keystores:
|
keystores:
|
||||||
- "idm-default-identity"
|
- "idm-default-identity"
|
||||||
truststores:
|
truststores:
|
||||||
|
|
@ -60,5 +63,4 @@ spec:
|
||||||
timeZone: "Europe/Zurich"
|
timeZone: "Europe/Zurich"
|
||||||
secrets:
|
secrets:
|
||||||
secret:
|
secret:
|
||||||
- "a2068eb83a60702322c13949-27ed70d3"
|
|
||||||
- "c418560f50e0332d087e85bf-89ec31e5"
|
- "c418560f50e0332d087e85bf-89ec31e5"
|
||||||
|
|
|
||||||
|
|
@ -4,5 +4,5 @@ JAVA_OPTS=(
|
||||||
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
"-javaagent:/opt/agent/opentelemetry-javaagent.jar"
|
||||||
"-Dotel.javaagent.logging=application"
|
"-Dotel.javaagent.logging=application"
|
||||||
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
|
||||||
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME"
|
"-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
|
||||||
)
|
)
|
||||||
|
|
@ -3,9 +3,9 @@ web.gui.languages.default=de
|
||||||
# source: pattern://ca0629d86201d4c4ac857d60
|
# source: pattern://ca0629d86201d4c4ac857d60
|
||||||
database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
|
database.connection.url=jdbc:mariadb://mariadb-agov-uat.mariadb.database.azure.com:3306/nevisidm_uat?pinGlobalTxToPhysicalConnection=1&useMysqlMetadata=true&cachePrepStmts=true&prepStmtCacheSize=1000&useSSL=true&trustStore=/var/opt/keys/trust/idm-db-tls-truststore/truststore.jks
|
||||||
# source: pattern://ca0629d86201d4c4ac857d60
|
# source: pattern://ca0629d86201d4c4ac857d60
|
||||||
database.connection.username=adndbadmin
|
database.connection.username=${exec:/var/opt/nevisidm/default/conf/credentials/dbUser}
|
||||||
# source: pattern://ca0629d86201d4c4ac857d60
|
# source: pattern://ca0629d86201d4c4ac857d60
|
||||||
database.connection.password=secret://a2068eb83a60702322c13949-27ed70d3
|
database.connection.password=${exec:/var/opt/nevisidm/default/conf/credentials/dbPassword}
|
||||||
# source: pattern://ba7c7a3b091df0c4b8ba0bb2
|
# source: pattern://ba7c7a3b091df0c4b8ba0bb2
|
||||||
application.mail.smtp.host=greenmail.adn-agov-mail-01-dev.svc
|
application.mail.smtp.host=greenmail.adn-agov-mail-01-dev.svc
|
||||||
# source: pattern://ba7c7a3b091df0c4b8ba0bb2
|
# source: pattern://ba7c7a3b091df0c4b8ba0bb2
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: "NevisProxy"
|
type: "NevisProxy"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
version: "8.2405.0"
|
version: "8.2405.1"
|
||||||
gitInitVersion: "1.3.0"
|
gitInitVersion: "1.3.0"
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
|
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
|
||||||
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-idm"
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-idm"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
|
|
@ -11,7 +11,7 @@ metadata:
|
||||||
spec:
|
spec:
|
||||||
type: "NevisProxy"
|
type: "NevisProxy"
|
||||||
replicas: 1
|
replicas: 1
|
||||||
version: "8.2405.0"
|
version: "8.2405.1"
|
||||||
gitInitVersion: "1.3.0"
|
gitInitVersion: "1.3.0"
|
||||||
runAsNonRoot: true
|
runAsNonRoot: true
|
||||||
ports:
|
ports:
|
||||||
|
|
@ -46,7 +46,7 @@ spec:
|
||||||
podDisruptionBudget:
|
podDisruptionBudget:
|
||||||
maxUnavailable: "50%"
|
maxUnavailable: "50%"
|
||||||
git:
|
git:
|
||||||
tag: "r-e55486a997fb8f6cdab5eac835e6374e73b3824f"
|
tag: "r-a5b664b2c1f534aab19c8301f3618a8c5096d222"
|
||||||
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
|
dir: "DEFAULT-ADN-AGOV-ADMIN-PROJECT/DEFAULT-ADN-AGOV-ADMIN-INV/proxy-sp"
|
||||||
credentials: "git-credentials"
|
credentials: "git-credentials"
|
||||||
keystores:
|
keystores:
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue