nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-09-04 14:27:44 +00:00
parent 3d9c0d9136
commit 42684d5271
13 changed files with 54 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/etc/nevis/k8s-nevisauth-sts-4bad2fe3ccc54716cc87138f.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisAuth" type: "NevisAuth"
replicas: 1 replicas: 1
version: "8.2405.1" version: "8.2405.2"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth-sts/var/opt/nevisauth/default/conf/env.conf
View File

@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-sts-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-sts-default-tls-trust/keypass}"
) )

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisAuth" type: "NevisAuth"
replicas: 1 replicas: 1
version: "8.2405.1" version: "8.2405.2"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -45,7 +45,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/env.conf
View File

@ -12,7 +12,7 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisauth/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
"-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12" "-Djavax.net.ssl.trustStore=/var/opt/keys/trust/auth-default-tls-trust/truststore.p12"
"-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}" "-Djavax.net.ssl.trustStorePassword=\${exec:/var/opt/keys/trust/auth-default-tls-trust/keypass}"
) )

41
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/saml_idp_agov_dispatcher.groovy
View File

@ -31,16 +31,33 @@ def redirect(String url) {
* @return text content of Issuer element converted or null * @return text content of Issuer element converted or null
*/ */
String getIssuer(GPathResult xml) { String getIssuer(GPathResult xml) {
return (xml.depthFirst().find { GPathResult node -> "Issuer".equalsIgnoreCase(node.name()) } as NodeChild)?.text() return xml.depthFirst().find { GPathResult node -> {
node.name().endsWith(":Issuer") || node.name().equalsIgnoreCase("Issuer")
}
}?.text()
} }
String getIssuer(String value) { String getIssuer(String value) {
if (value == null) {
return
}
String text
byte[] decoded
def parser = new XmlSlurper() def parser = new XmlSlurper()
byte[] decoded = value.decodeBase64() // if value is raw xml then continue otherwise try to parse the base64 encoding
String text = new String(decoded) if (value.startsWith("<")) {
text = new String(value)
}
else {
decoded = value.decodeBase64()
text = new String(decoded)
LOG.info("received SAML request $value")
}
// after decoded, if redirect binding, we need to parse string to xml
if (text.startsWith("<")) { if (text.startsWith("<")) {
LOG.debug("assuming POST binding") LOG.debug("assuming POST/SOAP binding")
// plain String (POST parameter) // plain String (POST/SOAP parameter)
def xml = parser.parseText(text) def xml = parser.parseText(text)
return getIssuer(xml) return getIssuer(xml)
} }
@ -107,6 +124,20 @@ if (inargs.containsKey('SAMLResponse')) { // response to IDP-initiated SAML Logo
return return
} }
if (parameters.get('spInitiated') == 'true' && inargs.containsKey('soapheader')) { // SP-initiated SOAP with soapheader
LOG.debug("found soapheader parameter for SP-initiated")
String message = inargs.get('soapheader')
dispatchMessage(i2s, message)
return
}
if (parameters.get('spInitiated') == 'true' && inargs.containsKey('')) { // SP-initiated SOAP with empty
LOG.debug("found empty parameter for SP-initiated SOAP message")
String message = inargs.get('')
dispatchMessage(i2s, message)
return
}
String issuer = inargs['Issuer'] ?: inargs['issuer'] String issuer = inargs['Issuer'] ?: inargs['issuer']
if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication if (parameters.get('idpInitiated') == 'true' && issuer != null) { // IDP-initiated authentication
LOG.debug("found Issuer parameter for IDP-initiated authentication") LOG.debug("found Issuer parameter for IDP-initiated authentication")

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisFIDO" type: "NevisFIDO"
replicas: 1 replicas: 1
version: "8.2405.1" version: "8.2405.2"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f797d55ba2e02a3422ac3de2076ce37a44cd21e5" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
credentials: "git-credentials" credentials: "git-credentials"
database: database:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-nevisfido-uaf-database-9385d1b33aefe975fb1c5914.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisFIDO" type: "NevisFIDO"
databaseType: "MariaDB" databaseType: "MariaDB"
version: "8.2405.1" version: "8.2405.2"
url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat" url: "mariadb-session-store-service.adn-agov-nevisidm-ob-01-uat"
port: 3306 port: 3306
database: "nevisfido_uaf" database: "nevisfido_uaf"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/var/opt/nevisfido/default/conf/env.conf
View File

@ -7,5 +7,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
) )

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/etc/nevis/k8s-nevisfido2-087f275433f3973a1421318f.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisFIDO" type: "NevisFIDO"
replicas: 1 replicas: 1
version: "8.2405.1" version: "8.2405.2"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido2/var/opt/nevisfido/default/conf/env.conf
View File

@ -6,5 +6,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisfido/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
) )

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisIDM" type: "NevisIDM"
replicas: 1 replicas: 1
version: "8.2405.1" version: "8.2405.2"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/var/opt/nevisidm/default/conf/env.conf
View File

@ -4,5 +4,5 @@ JAVA_OPTS=(
"-javaagent:/opt/agent/opentelemetry-javaagent.jar" "-javaagent:/opt/agent/opentelemetry-javaagent.jar"
"-Dotel.javaagent.logging=application" "-Dotel.javaagent.logging=application"
"-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties" "-Dotel.javaagent.configuration-file=/var/opt/nevisidm/default/conf/otel.properties"
"-Dotel.resource.attributes=service.version=8.2405.1,service.instance.id=$HOSTNAME" "-Dotel.resource.attributes=service.version=8.2405.2,service.instance.id=$HOSTNAME"
) )

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -11,7 +11,7 @@ metadata:
spec: spec:
type: "NevisProxy" type: "NevisProxy"
replicas: 1 replicas: 1
version: "8.2405.0" version: "8.2405.1"
gitInitVersion: "1.3.0" gitInitVersion: "1.3.0"
runAsNonRoot: true runAsNonRoot: true
ports: ports:
@ -46,7 +46,7 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-f0c2fc352ad8e75f5eae1bab7fc80e6315293282" tag: "r-be4d7b3836489983642da8c01294cab133468c44"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp" dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores: