nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2024-12-17 07:28:55 +00:00
parent 16260c53a1
commit a320c1f4d6
17 changed files with 145 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-instance-ca92034f995b39fde562293c.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-0d374b6f623df05d38b32efebf71d4666b85a42d"
tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf"
credentials: "git-credentials"
database:

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/fido-uaf/etc/nevis/k8s-fido-uaf-internal-idp-auth-signer-trust-ca92034f995b39fde562293c.yaml
View File

@ -10,7 +10,7 @@ metadata:
patternId: "ca92034f995b39fde562293c"
spec:
keystores:
- name: "auth-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"
- name: "auth-sts-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"
- name: "auth-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"

4
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-idm-idp-idm-sectoken-signer-trust-b8a36646f81c3247cdb5d90b.yaml
View File

@ -10,7 +10,7 @@ metadata:
patternId: "b8a36646f81c3247cdb5d90b"
spec:
keystores:
- name: "auth-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"
- name: "auth-sts-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"
- name: "auth-sh4r3d-internal-idp-auth-signer"
namespace: "adn-agov-nevisidm-01-uat"

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm/etc/nevis/k8s-nevisidm-b8a36646f81c3247cdb5d90b.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-0d374b6f623df05d38b32efebf71d4666b85a42d"
tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/idm"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-bdd002acfcff73d836b81b83744f3ba618e236f8"
tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials"
podSecurity:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-5ef0aed7c67a82259525e9e179953cd289458e0c"
tag: "r-3a33cc8960643d6afc30bade3f2d225bea96681a"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:

37
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua Normal file
View File

@ -0,0 +1,37 @@
package.path = package.path .. ";/opt/nevisproxy/webapp/WEB-INF/lib/lua/Utils.lua"
local Utils = require "Utils"
function inputHeader(request, response)
local trace = request:getTracer()
local queryParams = Utils.getQueryParameters(request)
-- only allow calls to the countries service
if request:getRequestPath() ~= '/resource/utility/api/v1/countries' then
trace:info("utility service called with invalid path " .. request:getRequestPath())
response:send(404)
return
end
-- only alloq one query-parameter 'lang' with the values DE, FR, IT, EN, RS
for param, values in pairs(queryParams) do
if (param ~= 'lang') then
trace:info("utility service called with invalid query param " .. param)
response:send(404)
return
end
if Helpers.tableLength(values) ~= 1 then
trace:info("utility service called with invalid value for query param " .. param)
response:send(404)
return
end
for i, value in pairs(values) do
local lang = string.upper(value)
if not ('DE' == lang or 'FR' == lang or 'IT' == lang or 'EN' == lang or 'RS' == lang) then
trace:info("utility service called with invalid value for query param " .. param .. "=" .. value)
response:send(404)
return
end
end
end
end

92
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/web.xml
View File

@ -451,6 +451,20 @@
</param-value>
</init-param>
</filter>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<filter>
<filter-name>JSON_Utility_Resource_Service</filter-name>
<filter-class>ch::nevis::isiweb4::filter::validation::JsonFilter</filter-class>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<init-param>
<param-name>BlockOnError</param-name>
<param-value>
Condition:HEADER:Content-Type:application/json
on
off
</param-value>
</init-param>
</filter>
<!-- source: pattern://162d4ee18e469c146df153cc -->
<filter>
<filter-name>Lua_CSP_Security_Response_Headers</filter-name>
@ -626,6 +640,21 @@
<param-value>outputHeader</param-value>
</init-param>
</filter>
<!-- source: pattern://3a982aa242ff4f8ebd823693 -->
<filter>
<filter-name>Lua_Utility_Resource_Service_Countries_Security_Filter</filter-name>
<filter-class>ch::nevis::isiweb4::filter::lua::LuaFilter</filter-class>
<!-- source: pattern://3a982aa242ff4f8ebd823693 -->
<init-param>
<param-name>Script.InputHeaderFunctionName</param-name>
<param-value>inputHeader</param-value>
</init-param>
<!-- source: pattern://3a982aa242ff4f8ebd823693 -->
<init-param>
<param-name>Script.Path</param-name>
<param-value>/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/WEB-INF/utility_resource_service_countries_security_filter.lua</param-value>
</init-param>
</filter>
<!-- source: pattern://cdbb957d49fdc6695a978265 -->
<filter>
<filter-name>ModSecurity_App_Icon_Application</filter-name>
@ -1057,7 +1086,7 @@
<filter-mapping>
<filter-name>ModSecurity_Request_Validation_Settings_ModSecurity</filter-name>
<url-pattern>/*</url-pattern>
<exclude-url-regex>^/AUTH/RECOVERY/.*$|^/app-info/.*$|^/auth/fidouaf$|^/auth/fidouaf/authenticationresponse/.*$|^/nevisfido/devices/credentials/.*$|^/nevisfido/devices/oobOperations/.*$|^/nevisfido/status$|^/nevisfido/token/dispatch/registration$|^/nevisfido/token/dispatch/targets/.*$|^/nevisfido/token/redeem/authentication$|^/nevisfido/token/redeem/registration$|^/nevisfido/uaf/1.1/authentication$|^/nevisfido/uaf/1.1/authentication/.*$|^/nevisfido/uaf/1.1/facets$|^/nevisfido/uaf/1.1/registration/.*$|^/nevisfido/uaf/1.1/request/deregistration/.*$|^/recovery/.*$</exclude-url-regex>
<exclude-url-regex>^/AUTH/RECOVERY/.*$|^/app-info/.*$|^/auth/fidouaf$|^/auth/fidouaf/authenticationresponse/.*$|^/nevisfido/devices/credentials/.*$|^/nevisfido/devices/oobOperations/.*$|^/nevisfido/status$|^/nevisfido/token/dispatch/registration$|^/nevisfido/token/dispatch/targets/.*$|^/nevisfido/token/redeem/authentication$|^/nevisfido/token/redeem/registration$|^/nevisfido/uaf/1.1/authentication$|^/nevisfido/uaf/1.1/authentication/.*$|^/nevisfido/uaf/1.1/facets$|^/nevisfido/uaf/1.1/registration/.*$|^/nevisfido/uaf/1.1/request/deregistration/.*$|^/recovery/.*$|^/resource/utility/.*$</exclude-url-regex>
</filter-mapping>
<!-- source: pattern://0573c2491a56e59daca47e95 -->
<filter-mapping>
@ -1084,6 +1113,16 @@
<filter-name>CSRF_Default</filter-name>
<url-pattern>/AUTH/RECOVERY</url-pattern>
</filter-mapping>
<!-- source: pattern://3a982aa242ff4f8ebd823693 -->
<filter-mapping>
<filter-name>Lua_Utility_Resource_Service_Countries_Security_Filter</filter-name>
<url-pattern>/resource/utility/*</url-pattern>
</filter-mapping>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<filter-mapping>
<filter-name>JSON_Utility_Resource_Service</filter-name>
<url-pattern>/resource/utility/*</url-pattern>
</filter-mapping>
<!-- source: pattern://bcca48cd422668aa2f78ea42 -->
<filter-mapping>
<filter-name>URLHandler_Correct_Path_to_static_Ressources</filter-name>
@ -1511,6 +1550,52 @@
<param-value>true</param-value>
</init-param>
</servlet>
<!-- source: pattern://eaa622e2a760704c1e0e22f2, pattern://eaa622e2a760704c1e0e22f2#allowedMethods, pattern://eaa622e2a760704c1e0e22f2#backends, pattern://eaa622e2a760704c1e0e22f2#responseRewrite -->
<servlet>
<servlet-name>Connector_Utility_Resource_Service</servlet-name>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<servlet-class>ch::nevis::isiweb4::servlet::connector::http::HttpsConnectorServlet</servlet-class>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#allowedMethods -->
<init-param>
<param-name>AllowedMethods</param-name>
<param-value>GET</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#responseRewrite -->
<init-param>
<param-name>AutoRewrite</param-name>
<param-value>header</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<init-param>
<param-name>CookieManager</param-name>
<param-value>block:^.*$</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2 -->
<init-param>
<param-name>DNSCache.ttl</param-name>
<param-value>60</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#backends -->
<init-param>
<param-name>InetAddress</param-name>
<param-value>utility.agov-d.azure.adnovum.net:443</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#backends -->
<init-param>
<param-name>MappingType</param-name>
<param-value>pathinfo</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#backends -->
<init-param>
<param-name>URIPrefix</param-name>
<param-value>/utility</param-value>
</init-param>
<!-- source: pattern://eaa622e2a760704c1e0e22f2#backends -->
<init-param>
<param-name>UseSSL</param-name>
<param-value>true</param-value>
</init-param>
</servlet>
<!-- source: pattern://e0fda9336be9c69dafc9b69e, pattern://c642107fde6b2e07f16bfedb, pattern://decb9b3f88d430fb5c95f466 -->
<servlet>
<servlet-name>Hosting_Default</servlet-name>
@ -1680,6 +1765,11 @@
<servlet-name>Connector_Recovery_Pdf_Generation</servlet-name>
<url-pattern>/recovery/*</url-pattern>
</servlet-mapping>
<!-- source: pattern://eaa622e2a760704c1e0e22f2, pattern://eaa622e2a760704c1e0e22f2#path -->
<servlet-mapping>
<servlet-name>Connector_Utility_Resource_Service</servlet-name>
<url-pattern>/resource/utility/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Hosting_Default</servlet-name>
<url-pattern>/*</url-pattern>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
View File

@ -63,7 +63,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
View File

@ -60,7 +60,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
View File

@ -61,7 +61,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
View File

@ -62,7 +62,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
View File

@ -59,7 +59,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
View File

@ -66,7 +66,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
View File

@ -63,7 +63,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.8.0.local-20241211T140140Z-haburger: Wed Dec 11 15:59:59 CET 2024</p>
<p>1.8.0.local-20241212T073225Z-haburger: Tue Dec 17 08:22:14 CET 2024</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>