From d01b51a847bb2f67b52da433ebd1c5e4a66b7c1a Mon Sep 17 00:00:00 2001 From: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com> Date: Tue, 30 Aug 2022 08:22:42 +0000 Subject: [PATCH] chore: release 1.0.2-1 Release-As: 1.0.2-1 --- docker-jans-auth-server/README.md | 8 +- docker-jans-certmanager/README.md | 18 ++-- docker-jans-client-api/README.md | 6 +- docker-jans-config-api/README.md | 6 +- docker-jans-configurator/README.md | 118 +++++++++++------------ docker-jans-fido2/README.md | 6 +- docker-jans-persistence-loader/README.md | 6 +- docker-jans-scim/README.md | 8 +- 8 files changed, 88 insertions(+), 88 deletions(-) diff --git a/docker-jans-auth-server/README.md b/docker-jans-auth-server/README.md index 5f19eb7c0c1..85d40804194 100644 --- a/docker-jans-auth-server/README.md +++ b/docker-jans-auth-server/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -41,7 +41,7 @@ The following environment variables are supported by the container: - `CN_SECRET_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. -- `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created.. +- `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. - `CN_WAIT_MAX_TIME`: How long the startup "health checks" should run (default to `300` seconds). - `CN_WAIT_SLEEP_DURATION`: Delay between startup "health checks" (default to `10` seconds). - `CN_MAX_RAM_PERCENTAGE`: Value passed to Java option `-XX:MaxRAMPercentage`. @@ -120,9 +120,9 @@ The following key-value pairs are the defaults: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-certmanager/README.md b/docker-jans-certmanager/README.md index 8e5689727fc..53df967ff6e 100644 --- a/docker-jans-certmanager/README.md +++ b/docker-jans-certmanager/README.md @@ -30,7 +30,7 @@ The following environment variables are supported by the container: - `CN_SECRET_GOOGLE_SECRET_VERSION_ID`: Janssen secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_SECRET_GOOGLE_SECRET_MANAGER_PASSPHRASE`: Passphrase for Janssen secret in Google Secret Manager. This is recommended to be changed and defaults to `secret`. - `CN_SECRET_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen secret in Google Secret Manager. Defaults to `jans`. If left `jans-secret` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -98,7 +98,7 @@ Global options: Supported services: -1. `web` (nginx container or ingress) +1. `web` (nginx container or ingress) Load from existing or re-generate: @@ -110,7 +110,7 @@ Supported services: - `source`: `from-files` or empty string - `valid-to`: Validity length in days (default to `365`) -1. `auth` +2. `auth` Re-generate: @@ -119,7 +119,7 @@ Supported services: Options: - - `interval`: cryto keys expiration time (in hours) + - `interval`: crypto keys expiration time (in hours) - `push-to-container`: whether to _push_ `auth-keys.jks` and `auth-keys.json` to auth-server containers (default to `true`) - `key-strategy`: key selection strategy (choose one of `OLDER`, `NEWER`, `FIRST`; default to `OLDER`) - `privkey-push-delay`: delay time in seconds before pushing `auth-keys.jks` to auth containers (default to `0`) @@ -127,7 +127,7 @@ Supported services: - `sig-keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`) - `enc-keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`) -1. `ldap` +3. `ldap` Re-generate: @@ -141,7 +141,7 @@ Supported services: - `subj-alt-name`: Subject Alternative Name (SAN) for certificate (default to `localhost`) - `valid-to`: Validity length in days (default to `365`) -1. `client-api` +4. `client-api` Re-generate: @@ -229,7 +229,7 @@ spec: spec: containers: - name: auth-key-rotation - image: janssenproject/certmanager:1.0.1_dev + image: janssenproject/certmanager:1.0.2_dev resources: requests: memory: "300Mi" @@ -248,9 +248,9 @@ spec: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-client-api/README.md b/docker-jans-client-api/README.md index 1f4dff1e11b..e2d9f828631 100644 --- a/docker-jans-client-api/README.md +++ b/docker-jans-client-api/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -107,9 +107,9 @@ The following key-value pairs are the defaults: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-config-api/README.md b/docker-jans-config-api/README.md index 56ab900e884..92213cab60d 100644 --- a/docker-jans-config-api/README.md +++ b/docker-jans-config-api/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` or `kubernetes`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` or `kubernetes`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -141,9 +141,9 @@ The following key-value pairs are the defaults: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-configurator/README.md b/docker-jans-configurator/README.md index 92c9c78b7dd..6c1dbe9d787 100644 --- a/docker-jans-configurator/README.md +++ b/docker-jans-configurator/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -84,9 +84,9 @@ The load command can be used either to generate or restore config and secret for - `ldap_pw`: user's password to access LDAP database (only used if `optional_scopes` list contains `ldap` scope) - `sql_pw`: user's password to access SQL database (only used if `optional_scopes` list contains `sql` scope) - `couchbase_pw`: user's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope) - - `couchbase_superuser_pw`: superuser's password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope) + - `couchbase_superuser_pw`: superusers password to access Couchbase database (only used if `optional_scopes` list contains `couchbase` scope) -1. Mount the volume into container: +2. Mount the volume into container: ```sh docker run \ @@ -124,38 +124,38 @@ The load command can be used either to generate or restore config and secret for - `auth_sig_keys`: space-separated key algorithm for signing (default to `RS256 RS384 RS512 ES256 ES384 ES512 PS256 PS384 PS512`) - `auth_enc_keys`: space-separated key algorithm for encryption (default to `RSA1_5 RSA-OAEP`) -1. Create config map `config-generate-params` +2. Create config map `config-generate-params` ```sh kubectl create cm config-generate-params --from-file=generate.json ``` -1. Mount the configmap into container and apply the yaml: +3. Mount the configmap into container and apply the yaml: ```yaml - apiVersion: batch/v1 - kind: Job - metadata: - name: configurator-load-job - spec: - template: - spec: - restartPolicy: Never - volumes: - - name: config-generate-params - configMap: - name: config-generate-params - containers: - - name: configurator-load - image: janssenproject/configurator:1.0.1_dev - volumeMounts: - - mountPath: /app/db/generate.json - name: config-generate-params - subPath: generate.json - envFrom: - - configMapRef: - name: config-cm - args: ["load"] + apiVersion: batch/v1 + kind: Job + metadata: + name: configurator-load-job + spec: + template: + spec: + restartPolicy: Never + volumes: + - name: config-generate-params + configMap: + name: config-generate-params + containers: + - name: configurator-load + image: janssenproject/configurator:1.0.1_dev + volumeMounts: + - mountPath: /app/db/generate.json + name: config-generate-params + subPath: generate.json + envFrom: + - configMapRef: + name: config-cm + args: ["load"] ``` - To restore configuration and secrets from a backup of `/path/to/host/volume/config.json` and `/path/to/host/volume/secret.json`: mount the directory as `/app/db` inside the container: @@ -167,39 +167,39 @@ The load command can be used either to generate or restore config and secret for kubectl create cm secret-params --from-file=secret.json ``` -1. Mount the configmap into container and apply the yaml: +2. Mount the configmap into container and apply the yaml: ```yaml - apiVersion: batch/v1 - kind: Job - metadata: - name: configurator-load-job - spec: - template: - spec: - restartPolicy: Never - volumes: - - name: config-params - configMap: - name: config-params - - name: secret-params - configMap: - name: secret-params - containers: - - name: configurator-load - image: janssenproject/configurator:1.0.1_dev - volumeMounts: - - mountPath: /app/db/config.json - name: config-params - subPath: config.json - - mountPath: /app/db/secret.json - name: secret-params - subPath: secret.json - envFrom: - - configMapRef: - name: config-cm - args: ["load"] - ``` + apiVersion: batch/v1 + kind: Job + metadata: + name: configurator-load-job + spec: + template: + spec: + restartPolicy: Never + volumes: + - name: config-params + configMap: + name: config-params + - name: secret-params + configMap: + name: secret-params + containers: + - name: configurator-load + image: janssenproject/configurator:1.0.1_dev + volumeMounts: + - mountPath: /app/db/config.json + name: config-params + subPath: config.json + - mountPath: /app/db/secret.json + name: secret-params + subPath: secret.json + envFrom: + - configMapRef: + name: config-cm + args: ["load"] + ``` ### dump diff --git a/docker-jans-fido2/README.md b/docker-jans-fido2/README.md index 45c8a06deec..50fa56e5fd8 100644 --- a/docker-jans-fido2/README.md +++ b/docker-jans-fido2/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -99,9 +99,9 @@ The following key-value pairs are the defaults: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-persistence-loader/README.md b/docker-jans-persistence-loader/README.md index 7dcf9e2ff0d..89489c5d53f 100644 --- a/docker-jans-persistence-loader/README.md +++ b/docker-jans-persistence-loader/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -77,9 +77,9 @@ The following environment variables are supported by the container: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` { diff --git a/docker-jans-scim/README.md b/docker-jans-scim/README.md index 43f3e5d0acc..161a9124ffc 100644 --- a/docker-jans-scim/README.md +++ b/docker-jans-scim/README.md @@ -26,7 +26,7 @@ The following environment variables are supported by the container: - `CN_CONFIG_KUBERNETES_USE_KUBE_CONFIG`: Load credentials from `$HOME/.kube/config`, only useful for non-container environment (default to `false`). - `CN_CONFIG_GOOGLE_SECRET_VERSION_ID`: Janssen configuration secret version ID in Google Secret Manager. Defaults to `latest`, which is recommended. - `CN_CONFIG_GOOGLE_SECRET_NAME_PREFIX`: Prefix for Janssen configuration secret in Google Secret Manager. Defaults to `jans`. If left intact `jans-configuration` secret will be created. -- `CN_SECRET_ADAPTER`: The secrets adapter, can be `vault` (default), `kubernetes`, or `google`. +- `CN_SECRET_ADAPTER`: The secrets' adapter, can be `vault` (default), `kubernetes`, or `google`. - `CN_SECRET_VAULT_SCHEME`: supported Vault scheme (`http` or `https`). - `CN_SECRET_VAULT_HOST`: hostname or IP of Vault (default to `localhost`). - `CN_SECRET_VAULT_PORT`: port of Vault (default to `8200`). @@ -97,7 +97,7 @@ The following key-value pairs are the defaults: "ldap_stats_log_target": "FILE", "ldap_stats_log_level": "INFO", "script_log_target": "FILE", - "script_log_level": "INFO", + "script_log_level": "INFO" } ``` @@ -105,9 +105,9 @@ The following key-value pairs are the defaults: As per v1.0.1, hybrid persistence supports all available persistence types. To configure hybrid persistence and its data mapping, follow steps below: -1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` +1. Set `CN_PERSISTENCE_TYPE` environment variable to `hybrid` -1. Set `CN_HYBRID_MAPPING` with the following format: +2. Set `CN_HYBRID_MAPPING` with the following format: ``` {