nevis
/
adn-post-iam-tknxchng-inv
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
mamo 2024-11-11 08:35:11 +00:00
parent 80ca35eb7a
commit aabe4abaff
3 changed files with 60 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-6ec6739e824c8e56d9633622.yaml
View File

@ -45,10 +45,11 @@ spec:
podDisruptionBudget: podDisruptionBudget:
maxUnavailable: "50%" maxUnavailable: "50%"
git: git:
tag: "r-324dffebbf9074ee8e65cdd5bea317dabcc4fc6e" tag: "r-439a003dc0e69fca081bd27a8677edfc5c86894b"
dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai" dir: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai"
credentials: "git-credentials" credentials: "git-credentials"
keystores: keystores:
- "nai-sh4r3d-new-nevis-sectoken-signer"
- "nai-default-identity" - "nai-default-identity"
- "nai-sh4r3d-default-default-signer" - "nai-sh4r3d-default-default-signer"
truststores: truststores:

16
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/etc/nevis/k8s-nai-sh4r3d-new-nevis-sectoken-signer-6ec6739e824c8e56d9633622.yaml Normal file
View File

@ -0,0 +1,16 @@
apiVersion: "operator.nevis-security.ch/v1"
kind: "NevisKeyStore"
metadata:
name: "nai-sh4r3d-new-nevis-sectoken-signer"
namespace: "adn-postit-tknxchng-01-dev"
labels:
deploymentTarget: "nai"
annotations:
projectKey: "DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT"
patternId: "6ec6739e824c8e56d9633622"
spec:
cn: "New_NEVIS_SecToken"
usage: "signer"
san:
dns: []
email: []

49
DEFAULT-ADN-POST-IAM-TKNXCHNG-PROJECT/DEFAULT-ADN-POST-IAM-TKNXCHNG-INV/nai/var/opt/nevisauth/default/conf/esauth4.xml
View File

@ -30,7 +30,21 @@
<!-- source: pattern://6ec6739e824c8e56d9633622 --> <!-- source: pattern://6ec6739e824c8e56d9633622 -->
<Signer key="DefaultSigner"/> <Signer key="DefaultSigner"/>
</TokenAssembler> </TokenAssembler>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 --> <!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<TokenAssembler name="Token_cossa_realm_New_NEVIS_SecToken">
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<Selector default="false"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<TokenSpec ttl="28800">
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<field src="session" key="123456" as="userid"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<field src="session" key="WEAK" as="authLevel"/>
</TokenSpec>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<Signer key="Signer_New_NEVIS_SecToken"/>
</TokenAssembler>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6 -->
<KeyStore name="DefaultKeyStore"> <KeyStore name="DefaultKeyStore">
<!-- source: pattern://6ec6739e824c8e56d9633622 --> <!-- source: pattern://6ec6739e824c8e56d9633622 -->
<KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/> <KeyObject name="DefaultSigner" certificate="/var/opt/keys/own/nai-sh4r3d-default-default-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-default-default-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-default-default-signer/keypass"/>
@ -38,6 +52,8 @@
<KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/> <KeyObject name="DefaultSignerTrust" certificate="/var/opt/keys/trust/nai-default-default-signer-trust/truststore.jks"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<KeyObject name="Signer_New_JWT_Token" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/> <KeyObject name="Signer_New_JWT_Token" certificate="/var/opt/keys/own/new-pem-key-store/cert.pem" privateKey="/var/opt/keys/own/new-pem-key-store/keystore.jks" passPhrase="pipe:///var/opt/keys/own/new-pem-key-store/keypass"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<KeyObject name="Signer_New_NEVIS_SecToken" certificate="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/cert.pem" privateKey="/var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keystore.jks" passPhrase="pipe:///var/opt/keys/own/nai-sh4r3d-new-nevis-sectoken-signer/keypass"/>
</KeyStore> </KeyStore>
</SessionCoordinator> </SessionCoordinator>
<!-- source: pattern://6ec6739e824c8e56d9633622 --> <!-- source: pattern://6ec6739e824c8e56d9633622 -->
@ -110,20 +126,20 @@
</Response> </Response>
</AuthState> </AuthState>
<AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false"> <AuthState name="cossa_realm_Prepare_Done" class="ch.nevis.esauth.auth.states.scripting.ScriptState" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="default" next="cossa_realm_Auth_Done"/> <ResultCond name="default" next="cossa_realm_Auth_Done"/>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE"> <Response value="AUTH_DONE">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/> <Gui name="ContinueResponse"/>
</Response> </Response>
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/> <property name="script" value="file:///var/opt/nevisauth/default/conf/prepare_done.groovy"/>
</AuthState> </AuthState>
<AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false"> <AuthState name="cossa_realm_Auth_Done" class="ch.nevis.esauth.auth.states.standard.AuthDone" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_DONE"> <Response value="AUTH_DONE">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07, pattern://b9cfe9de74293eececbcc4a6, pattern://b67f81a971e4c08aa79040a2 -->
<Gui name="ContinueResponse"/> <Gui name="ContinueResponse"/>
</Response> </Response>
</AuthState> </AuthState>
@ -131,6 +147,8 @@
<!-- source: pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="New_JWT_Token" next="cossa_realm_New_JWT_Token"/> <ResultCond name="New_JWT_Token" next="cossa_realm_New_JWT_Token"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="New_NEVIS_SecToken" next="cossa_realm_New_NEVIS_SecToken"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/> <ResultCond name="nomatch" next="cossa_realm_Prepare_Done"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<Response value="AUTH_ERROR"> <Response value="AUTH_ERROR">
@ -139,6 +157,8 @@
</Response> </Response>
<!-- source: pattern://b67f81a971e4c08aa79040a2 --> <!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="condition:New_JWT_Token" value="${request:requiredRoles:^token.New_JWT_Token$:true}"/> <property name="condition:New_JWT_Token" value="${request:requiredRoles:^token.New_JWT_Token$:true}"/>
<!-- source: pattern://b67f81a971e4c08aa79040a2 -->
<property name="condition:New_NEVIS_SecToken" value="${request:requiredRoles:^token.New_NEVIS_SecToken$:true}"/>
</AuthState> </AuthState>
<AuthState name="cossa_realm_New_JWT_Token" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false"> <AuthState name="cossa_realm_New_JWT_Token" class="ch.nevis.esauth.auth.states.jwt.JWTToken" final="false">
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
@ -167,5 +187,20 @@
<!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 --> <!-- source: pattern://0e9ac4dab4d3a5992a7f1b07 -->
<property name="out.custom.exp" value="test"/> <property name="out.custom.exp" value="test"/>
</AuthState> </AuthState>
<AuthState name="cossa_realm_New_NEVIS_SecToken" class="ch.nevis.esauth.auth.states.sectoken.TokenAssemblerState" final="false">
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<ResultCond name="default" next="cossa_realm_Prepare_Done" authLevel="token.New_NEVIS_SecToken"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<Response value="AUTH_ERROR">
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<Arg name="ch.nevis.isiweb4.response.status" value="403"/>
</Response>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<property name="assembler" value="Token_cossa_realm_New_NEVIS_SecToken"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<property name="key" value="token.New_NEVIS_SecToken"/>
<!-- source: pattern://b9cfe9de74293eececbcc4a6 -->
<property name="generateNow" value="true"/>
</AuthState>
</AuthEngine> </AuthEngine>
</esauth-server> </esauth-server>