new configuration version

2024-08-28 11:28:45 +00:00 · 2024-08-28 11:28:45 +00:00 · a4bc0c78af
parent 15910a05e8
commit a4bc0c78af
9 changed files with 31 additions and 24 deletions
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/etc/nevis/k8s-ob-auth-d00b0dcbe241793d30daf91c.yaml
@ -45,7 +45,7 @@ spec:
  podDisruptionBudget:
    maxUnavailable: "50%"
  git:
-    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
+    tag: "r-0fcea0ae54f7c32644331ee1e07ec004989e173c"
    dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth"
    credentials: "git-credentials"
  keystores:
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-auth/var/opt/nevisauth/default/conf/esauth4.xml
@ -117,7 +117,7 @@
            <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
            <property name="chooseDefaultProfile" value="true"/>
            <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
-            <property name="user.attributes" value="mobile, email, extId"/>
+            <property name="user.attributes" value="extId, loginId, firstName, name, email, language"/>
            <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
            <property name="detaillevel.default" value="EXCLUDE"/>
            <!-- source: pattern://e1784eecf2db74484dd1e1bb -->
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-d990accd4fedae1acbc7109d.yaml
@ -46,14 +46,13 @@ spec:
  podDisruptionBudget:
    maxUnavailable: "50%"
  git:
-    tag: "r-4d495f8f73f00597da5fbe633d85d96ac04db24e"
+    tag: "r-0fcea0ae54f7c32644331ee1e07ec004989e173c"
    dir: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf"
    credentials: "git-credentials"
  keystores:
  - "ob-fido-uaf-default-server-identity"
  truststores:
  - "ob-fido-uaf-agov-work-internal-trust-store"
-  - "ob-fido-uaf-default-signer-trust"
  - "ob-fido-uaf-default-client-trust"
  podSecurity:
    policy: "baseline"
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/etc/nevis/k8s-ob-fido-uaf-default-signer-trust-d990accd4fedae1acbc7109d.yaml
@ -1,12 +0,0 @@
-apiVersion: "operator.nevis-security.ch/v1"
-kind: "NevisTrustStore"
-metadata:
-  name: "ob-fido-uaf-default-signer-trust"
-  namespace: "adn-agov-nevisidm-ob-01-uat"
-  labels:
-    deploymentTarget: "ob-fido-uaf"
-  annotations:
-    projectKey: "DEFAULT-ADN-AGOV-WORK-OB-PROJECT"
-    patternId: "d990accd4fedae1acbc7109d"
-spec:
-  keystores: []
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/keypass
@ -0,0 +1,2 @@
+#!/bin/bash
+echo 'password'
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.jks
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.jks
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/keys/trust/ob-auth-signer-trust-store/truststore.pem
@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6TCCAo+gAwIBAgIQfcfd9dgdKT/5gdDbpAiKlDAKBggqhkjOPQQDAjAYMRYw
+FAYDVQQDEw1zZWxmc2lnbmVkLWNhMB4XDTI0MDUwNTE1NTAzOFoXDTI1MDUwNTE1
+NTAzOFowWDELMAkGA1UEBhMCQ0gxDDAKBgNVBAgTA0s4UzEMMAoGA1UEBxMDSzhT
+MQwwCgYDVQQKEwNLOFMxDDAKBgNVBAsTA0s4UzERMA8GA1UEAxMIZmlkby11YWYw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWcQPIzUN2zbPkB3yISIGw
+mDAd285YKm/ZLbE4WWw2SIHhjfh0XoYZ6QvLMENWcC8/iOX/6g6upQnYegzZKlST
+Lix0zJjEbtMlK8fITiPhwziWPSOeqtuW66Rj+13G6kKYVtZ8vviu73LBDkXKHSNi
+g4knNgACJpIItiDhOmtmD3Wsb8JAIQ161m7D3i2jr/kqBFKLc2DXcCHYSwxBXu3A
+99iqWxoHfprL/L7RfxBo7mKbk+xjRvw6wFHBb76m6hd8fe4yg3g9zZTsZ5KeKqtA
+8NT7CTG26F/MEBEmreU6NcNP62sYBkQiY+K5WweUs5qnDCAUPz+Upu0lX49ZDsvZ
+AgMBAAGjga8wgawwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsGAQUFBwMB
+BggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFPthGhYiMfCS8WJz
+C+TRPH/IDi5RMEwGA1UdEQRFMEOCCGZpZG8tdWFmgiFmaWRvLXVhZi5hZG4tYWdv
+di1uZXZpc2lkbS0wMS11YXSBFG5vcmVwbHlAbG9jYWwuZG9tYWluMAoGCCqGSM49
+BAMCA0gAMEUCIBCueTTUwnN53/dIs6W4FpbFtF/wkAhYjLZGuKgY08ZAAiEA9VFz
+WoaxaINHqGPR10Sh1hqeuCHRzHxnQUt07sZf2DU=
+-----END CERTIFICATE-----
--- a/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
+++ b/DEFAULT-ADN-AGOV-WORK-OB-PROJECT/DEFAULT-DEFAULT-ADN-AGOV-OB-INV/ob-fido-uaf/var/opt/nevisfido/default/conf/nevisfido.yml
@ -68,8 +68,8 @@ fido-uaf:
  authorization:
    registration:
      type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
      truststore-type: pkcs12
      username-attribute-names:
        - loginId
@ -78,16 +78,16 @@ fido-uaf:
      type: none
    deregistration:
      type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
      truststore-type: pkcs12
      username-attribute-names:
        - loginId
        - userid
    create-dispatch-target:
      type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
      truststore-type: pkcs12
      username-attribute-names:
        - loginId
@ -96,8 +96,8 @@ fido-uaf:
      type: none
    delete-dispatch-target:
      type: sectoken
-      truststore: /var/opt/keys/trust/ob-fido-uaf-default-signer-trust/truststore.p12
-      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-fido-uaf-default-signer-trust/keypass}
+      truststore: /var/opt/keys/trust/ob-auth-signer-trust-store/truststore.p12
+      truststore-passphrase: ${exec:/var/opt/keys/trust/ob-auth-signer-trust-store/keypass}
      truststore-type: pkcs12
      username-attribute-names:
        - userid