Skip to content

Commit

Permalink
chore: release 1.0.2-1
Browse files Browse the repository at this point in the history 
Release-As: 1.0.2-1
  • Loading branch information
@moabu
moabu committed Aug 30, 2022
1 parent 3e51ae7 commit d01b51a
Show file tree
Hide file tree
Showing 8 changed files with 88 additions and 88 deletions.
8 changes: 4 additions & 4 deletions docker-jans-auth-server/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand All @@ -41,7 +41,7 @@ The following environment variables are supported by the container:
- `CN_SECRET_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`.
- `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created..
- `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created.
- `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds).
- `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds).
- `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`.
Expand Down Expand Up @@ -120,9 +120,9 @@ The following key-value pairs are the defaults:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
18 changes: 9 additions & 9 deletions docker-jans-certmanager/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ The following environment variables are supported by the container:
- `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`.
- `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -98,7 +98,7 @@ Global options:

Supported services:

1. `web` (nginx container or ingress)
1. `web` (nginx container or ingress)

Load from existing or re-generate:

Expand All @@ -110,7 +110,7 @@ Supported services:
- `source`: `from-files` or empty string
- `valid-to`: Validity length in days (default to `365`)

1. `auth`
2. `auth`

Re-generate:

Expand All @@ -119,15 +119,15 @@ Supported services:

Options:

- `interval`: cryto keys expiration time (in hours)
- `interval`: crypto keys expiration time (in hours)
- `push-to-container`: whether to _push_ `auth-keys.jks` and `auth-keys.json` to auth-server containers (default to `true`)
- `key-strategy`: key selection strategy (choose one of `OLDER`, `NEWER`, `FIRST`; default to `OLDER`)
- `privkey-push-delay`: delay time in seconds before pushing `auth-keys.jks` to auth containers (default to `0`)
- `privkey-push-strategy`: key selection strategy after `auth-keys.jks` is pushed to auth containers (choose one of `OLDER`, `NEWER`, `FIRST`; default to `OLDER`)
- `sig-keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
- `enc-keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)

1. `ldap`
3. `ldap`

Re-generate:

Expand All @@ -141,7 +141,7 @@ Supported services:
- `subj-alt-name`: Subject Alternative Name (SAN) for certificate (default to `localhost`)
- `valid-to`: Validity length in days (default to `365`)

1. `client-api`
4. `client-api`

Re-generate:

Expand Down Expand Up @@ -229,7 +229,7 @@ spec:
spec:
containers:
- name: auth-key-rotation
image: janssenproject/certmanager:1.0.1_dev
image: janssenproject/certmanager:1.0.2_dev
resources:
requests:
memory: "300Mi"
Expand All @@ -248,9 +248,9 @@ spec:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
6 changes: 3 additions & 3 deletions docker-jans-client-api/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -107,9 +107,9 @@ The following key-value pairs are the defaults:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
6 changes: 3 additions & 3 deletions docker-jans-config-api/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` or `kubernetes`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` or `kubernetes`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -141,9 +141,9 @@ The following key-value pairs are the defaults:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
118 changes: 59 additions & 59 deletions docker-jans-configurator/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -84,9 +84,9 @@ The load command can be used either to generate or restore config and secret for
- `ldap_pw`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope)
- `sql_pw`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope)
- `couchbase_pw`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
- `couchbase_superuser_pw`: superuser's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)
- `couchbase_superuser_pw`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope)

1. Mount the volume into container:
2. Mount the volume into container:

```sh
docker run \
Expand Down Expand Up @@ -124,38 +124,38 @@ The load command can be used either to generate or restore config and secret for
- `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`)
- `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`)

1. Create config map `config-generate-params`
2. Create config map `config-generate-params`

```sh
kubectl create cm config-generate-params --from-file=generate.json
```

1. Mount the configmap into container and apply the yaml:
3. Mount the configmap into container and apply the yaml:

```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: configurator-load-job
spec:
template:
spec:
restartPolicy: Never
volumes:
- name: config-generate-params
configMap:
name: config-generate-params
containers:
- name: configurator-load
image: janssenproject/configurator:1.0.1_dev
volumeMounts:
- mountPath: /app/db/generate.json
name: config-generate-params
subPath: generate.json
envFrom:
- configMapRef:
name: config-cm
args: ["load"]
apiVersion: batch/v1
kind: Job
metadata:
name: configurator-load-job
spec:
template:
spec:
restartPolicy: Never
volumes:
- name: config-generate-params
configMap:
name: config-generate-params
containers:
- name: configurator-load
image: janssenproject/configurator:1.0.1_dev
volumeMounts:
- mountPath: /app/db/generate.json
name: config-generate-params
subPath: generate.json
envFrom:
- configMapRef:
name: config-cm
args: ["load"]
```

- To restore configuration and secrets from a backup of `/path/to/host/volume/config.json` and `/path/to/host/volume/secret.json`: mount the directory as `/app/db` inside the container:
Expand All @@ -167,39 +167,39 @@ The load command can be used either to generate or restore config and secret for
kubectl create cm secret-params --from-file=secret.json
```

1. Mount the configmap into container and apply the yaml:
2. Mount the configmap into container and apply the yaml:

```yaml
apiVersion: batch/v1
kind: Job
metadata:
name: configurator-load-job
spec:
template:
spec:
restartPolicy: Never
volumes:
- name: config-params
configMap:
name: config-params
- name: secret-params
configMap:
name: secret-params
containers:
- name: configurator-load
image: janssenproject/configurator:1.0.1_dev
volumeMounts:
- mountPath: /app/db/config.json
name: config-params
subPath: config.json
- mountPath: /app/db/secret.json
name: secret-params
subPath: secret.json
envFrom:
- configMapRef:
name: config-cm
args: ["load"]
```
apiVersion: batch/v1
kind: Job
metadata:
name: configurator-load-job
spec:
template:
spec:
restartPolicy: Never
volumes:
- name: config-params
configMap:
name: config-params
- name: secret-params
configMap:
name: secret-params
containers:
- name: configurator-load
image: janssenproject/configurator:1.0.1_dev
volumeMounts:
- mountPath: /app/db/config.json
name: config-params
subPath: config.json
- mountPath: /app/db/secret.json
name: secret-params
subPath: secret.json
envFrom:
- configMapRef:
name: config-cm
args: ["load"]
```


### dump
Expand Down
6 changes: 3 additions & 3 deletions docker-jans-fido2/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -99,9 +99,9 @@ The following key-value pairs are the defaults:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
6 changes: 3 additions & 3 deletions docker-jans-persistence-loader/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -77,9 +77,9 @@ The following environment variables are supported by the container:

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down
8 changes: 4 additions & 4 deletions docker-jans-scim/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ The following environment variables are supported by the container:
- `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`).
- `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended.
- `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created.
- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`.
- `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`).
- `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`).
- `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`).
Expand Down Expand Up @@ -97,17 +97,17 @@ The following key-value pairs are the defaults:
"ldap_stats_log_target": "FILE",
"ldap_stats_log_level": "INFO",
"script_log_target": "FILE",
"script_log_level": "INFO",
"script_log_level": "INFO"
}
```

### Hybrid mapping

As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below:

1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`
1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid`

1. Set `CN_HYBRID_MAPPING` with the following format:
2. Set `CN_HYBRID_MAPPING` with the following format:

```
{
Expand Down

0 comments on commit d01b51a

Please sign in to comment.