From 12b44ea110391725d418a6d6bd31cd74596af8ad Mon Sep 17 00:00:00 2001 From: CI Bot Date: Mon, 20 Nov 2023 23:19:04 +0000 Subject: [PATCH] chore(release): [ci skip] bump quickstart image to sha256@fe8af1dc8bea062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d --- quickstart/dev/ory/oathkeeper.yml | 9 ++++- quickstart/dev/ory/oathkeeper_rules.yaml | 36 ++++++++++--------- quickstart/docker-compose.tmpl.yml | 6 ++-- quickstart/docker-compose.yml | 6 ++-- quickstart/galoy/dev/ory/oathkeeper.yml | 9 ++++- .../galoy/dev/ory/oathkeeper_rules.yaml | 36 ++++++++++--------- quickstart/vendir.lock.yml | 18 +++++----- quickstart/vendir.yml | 6 ++-- quickstart/vendir/values.yml | 2 +- 9 files changed, 75 insertions(+), 53 deletions(-) diff --git a/quickstart/dev/ory/oathkeeper.yml b/quickstart/dev/ory/oathkeeper.yml index 60d91cf059..69b1fe6fae 100644 --- a/quickstart/dev/ory/oathkeeper.yml +++ b/quickstart/dev/ory/oathkeeper.yml @@ -28,8 +28,9 @@ authenticators: config: check_session_url: http://kratos:4433/sessions/whoami preserve_path: true + preserve_query: true subject_from: identity.id - extra_from: identity.traits + extra_from: "@this" oauth2_introspection: enabled: true @@ -73,6 +74,12 @@ mutators: noop: enabled: true + header: + enabled: true + config: + headers: + X-Appcheck-Jti: "{{ print .Extra.jti }}" + errors: fallback: - json diff --git a/quickstart/dev/ory/oathkeeper_rules.yaml b/quickstart/dev/ory/oathkeeper_rules.yaml index 1017ec20fd..4ba4ec4248 100644 --- a/quickstart/dev/ory/oathkeeper_rules.yaml +++ b/quickstart/dev/ory/oathkeeper_rules.yaml @@ -2,21 +2,8 @@ upstream: url: "http://bats-tests:4012" match: - url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|phone/captcha|phone/code|phone/login)>" + url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<.*>" methods: ["GET", "POST", "OPTIONS"] - authenticators: - - handler: anonymous - authorizer: - handler: allow - mutators: - - handler: noop - -- id: device-login - upstream: - url: "http://bats-tests:4012" - match: - url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/create/device-account" - methods: ["POST"] authenticators: - handler: jwt config: @@ -29,10 +16,14 @@ - file:///home/ory/jwks.json # ONLY FOR DEV, DO NOT USE IN PRODUCTION token_from: header: Appcheck + - handler: anonymous authorizer: handler: allow mutators: - - handler: noop + - handler: header + config: + headers: + X-Appcheck-Jti: "{{ print .Extra.jti }}" - id: galoy-ws upstream: @@ -61,6 +52,18 @@ token_from: header: Oauth2-Token + - handler: bearer_token + config: + token_from: + header: X-API-KEY + forward_http_headers: + - "X-API-KEY" + check_session_url: "http://bats-tests:5397/auth/check" + force_method: GET + preserve_path: true + preserve_query: true + subject_from: sub + extra_from: "@this" - handler: bearer_token config: check_session_url: http://kratos:4433/sessions/whoami @@ -68,13 +71,14 @@ preserve_query: true subject_from: identity.id extra_from: "@this" + - handler: anonymous authorizer: handler: allow mutators: - handler: id_token config: #! TODO: add aud: {"aud": ["https://api/graphql"] } - claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}" }' + claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}"}' - id: admin-backend upstream: diff --git a/quickstart/docker-compose.tmpl.yml b/quickstart/docker-compose.tmpl.yml index 151e7bc841..7e4fd56b5a 100644 --- a/quickstart/docker-compose.tmpl.yml +++ b/quickstart/docker-compose.tmpl.yml @@ -1,8 +1,8 @@ #@ load("@ytt:data", "data") -#@ galoy_api_image_digest = "sha256@d731b98fe1376fcab05607d67bacc33d70aa96201fc1704c6872923adc8665a1" -#@ galoy_trigger_image_digest = "sha256@f85d09436c222b1ea0c04bb868c39677147171f43b9dfeabe6fc087e855753d4" -#@ mongodb_migrate_image_digest = "sha256@2e5d251c5f6213ef2ef9a440b49ccf4883b8e6136ce14fe73deabde4b4c493a8" +#@ galoy_api_image_digest = "sha256@fe8af1dc8bea062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d" +#@ galoy_trigger_image_digest = "sha256@11c6a1f797fa3caa8b30d8416786dc0f2f9d158849b1637c1e1d0a06d61b39c2" +#@ mongodb_migrate_image_digest = "sha256@90bdda943c088dd1a44ce02ab128b19eae4fd0abc574d2c7641a834a168e23ec" version: #@ data.values.version services: diff --git a/quickstart/docker-compose.yml b/quickstart/docker-compose.yml index 22eb8d6cdd..4f4753f281 100644 --- a/quickstart/docker-compose.yml +++ b/quickstart/docker-compose.yml @@ -97,7 +97,7 @@ services: ports: - 5434:5432 galoy: - image: us.gcr.io/galoy-org/galoy-api@sha256:d731b98fe1376fcab05607d67bacc33d70aa96201fc1704c6872923adc8665a1 + image: us.gcr.io/galoy-org/galoy-api@sha256:fe8af1dc8bea062b58823bb118c0a45a68fab3c630bbdc89700f7394b321db3d env_file: ${HOST_PROJECT_PATH:-.}/${GALOY_QUICKSTART_PATH:-vendor/galoy-quickstart}/.env.galoy depends_on: - trigger @@ -115,7 +115,7 @@ services: aliases: - bats-tests trigger: - image: us.gcr.io/galoy-org/galoy-api-trigger@sha256:f85d09436c222b1ea0c04bb868c39677147171f43b9dfeabe6fc087e855753d4 + image: us.gcr.io/galoy-org/galoy-api-trigger@sha256:11c6a1f797fa3caa8b30d8416786dc0f2f9d158849b1637c1e1d0a06d61b39c2 env_file: ${HOST_PROJECT_PATH:-.}/${GALOY_QUICKSTART_PATH:-vendor/galoy-quickstart}/.env.galoy depends_on: - lnd1 @@ -136,7 +136,7 @@ services: - MONGODB_ADVERTISED_HOSTNAME=127.0.0.1 - MONGO_INITDB_DATABASE=galoy mongodb-migrate: - image: us.gcr.io/galoy-org/galoy-app-migrate@sha256:2e5d251c5f6213ef2ef9a440b49ccf4883b8e6136ce14fe73deabde4b4c493a8 + image: us.gcr.io/galoy-org/galoy-app-migrate@sha256:90bdda943c088dd1a44ce02ab128b19eae4fd0abc574d2c7641a834a168e23ec depends_on: - mongodb environment: diff --git a/quickstart/galoy/dev/ory/oathkeeper.yml b/quickstart/galoy/dev/ory/oathkeeper.yml index 60d91cf059..69b1fe6fae 100644 --- a/quickstart/galoy/dev/ory/oathkeeper.yml +++ b/quickstart/galoy/dev/ory/oathkeeper.yml @@ -28,8 +28,9 @@ authenticators: config: check_session_url: http://kratos:4433/sessions/whoami preserve_path: true + preserve_query: true subject_from: identity.id - extra_from: identity.traits + extra_from: "@this" oauth2_introspection: enabled: true @@ -73,6 +74,12 @@ mutators: noop: enabled: true + header: + enabled: true + config: + headers: + X-Appcheck-Jti: "{{ print .Extra.jti }}" + errors: fallback: - json diff --git a/quickstart/galoy/dev/ory/oathkeeper_rules.yaml b/quickstart/galoy/dev/ory/oathkeeper_rules.yaml index 1017ec20fd..4ba4ec4248 100644 --- a/quickstart/galoy/dev/ory/oathkeeper_rules.yaml +++ b/quickstart/galoy/dev/ory/oathkeeper_rules.yaml @@ -2,21 +2,8 @@ upstream: url: "http://bats-tests:4012" match: - url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<(clearCookies|login|logout|email/code|email/login|totp/validate|email/login/cookie|phone/captcha|phone/code|phone/login)>" + url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/<.*>" methods: ["GET", "POST", "OPTIONS"] - authenticators: - - handler: anonymous - authorizer: - handler: allow - mutators: - - handler: noop - -- id: device-login - upstream: - url: "http://bats-tests:4012" - match: - url: "<(http|https)>://<[a-zA-Z0-9-.:]+>/auth/create/device-account" - methods: ["POST"] authenticators: - handler: jwt config: @@ -29,10 +16,14 @@ - file:///home/ory/jwks.json # ONLY FOR DEV, DO NOT USE IN PRODUCTION token_from: header: Appcheck + - handler: anonymous authorizer: handler: allow mutators: - - handler: noop + - handler: header + config: + headers: + X-Appcheck-Jti: "{{ print .Extra.jti }}" - id: galoy-ws upstream: @@ -61,6 +52,18 @@ token_from: header: Oauth2-Token + - handler: bearer_token + config: + token_from: + header: X-API-KEY + forward_http_headers: + - "X-API-KEY" + check_session_url: "http://bats-tests:5397/auth/check" + force_method: GET + preserve_path: true + preserve_query: true + subject_from: sub + extra_from: "@this" - handler: bearer_token config: check_session_url: http://kratos:4433/sessions/whoami @@ -68,13 +71,14 @@ preserve_query: true subject_from: identity.id extra_from: "@this" + - handler: anonymous authorizer: handler: allow mutators: - handler: id_token config: #! TODO: add aud: {"aud": ["https://api/graphql"] } - claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}" }' + claims: '{"sub": "{{ print .Subject }}", "session_id": "{{ print .Extra.id }}", "expires_at": "{{ print .Extra.expires_at }}", "scope": "{{ print .Extra.scope }}", "client_id": "{{ print .Extra.client_id }}"}' - id: admin-backend upstream: diff --git a/quickstart/vendir.lock.yml b/quickstart/vendir.lock.yml index edbaf36ae8..bb48517e41 100644 --- a/quickstart/vendir.lock.yml +++ b/quickstart/vendir.lock.yml @@ -2,26 +2,26 @@ apiVersion: vendir.k14s.io/v1alpha1 directories: - contents: - git: - commitTitle: 'fix: decimals issue in notification service (#3577)...' - sha: 9edf1c319571c833f427024732d3575e45860c08 + commitTitle: 'chore: adding rate limit on device account creation (#3568)...' + sha: 063ee9d625e733008b5240509812288b76acb4ab tags: - - 0.16.44-1-g9edf1c319 + - 0.16.45-2-g063ee9d62 path: ./ path: dev - contents: - git: - commitTitle: 'fix: decimals issue in notification service (#3577)...' - sha: 9edf1c319571c833f427024732d3575e45860c08 + commitTitle: 'chore: adding rate limit on device account creation (#3568)...' + sha: 063ee9d625e733008b5240509812288b76acb4ab tags: - - 0.16.44-1-g9edf1c319 + - 0.16.45-2-g063ee9d62 path: ./ path: ./galoy - contents: - git: - commitTitle: 'fix: decimals issue in notification service (#3577)...' - sha: 9edf1c319571c833f427024732d3575e45860c08 + commitTitle: 'chore: adding rate limit on device account creation (#3568)...' + sha: 063ee9d625e733008b5240509812288b76acb4ab tags: - - 0.16.44-1-g9edf1c319 + - 0.16.45-2-g063ee9d62 path: ./ path: ./graphql kind: LockConfig diff --git a/quickstart/vendir.yml b/quickstart/vendir.yml index 33dc6fa36c..a4a31af1a6 100644 --- a/quickstart/vendir.yml +++ b/quickstart/vendir.yml @@ -6,7 +6,7 @@ directories: - path: ./ git: url: https://github.com/GaloyMoney/galoy.git - ref: 9edf1c319571c833f427024732d3575e45860c08 + ref: 063ee9d625e733008b5240509812288b76acb4ab includePaths: - core/api/dev/**/* excludePaths: @@ -18,7 +18,7 @@ directories: - path: ./ git: url: https://github.com/GaloyMoney/galoy.git - ref: 9edf1c319571c833f427024732d3575e45860c08 + ref: 063ee9d625e733008b5240509812288b76acb4ab includePaths: - core/api/dev/**/* - core/api/test/bats/bitcoind_signer_descriptors.json @@ -36,7 +36,7 @@ directories: - path: ./ git: url: https://github.com/GaloyMoney/galoy.git - ref: 9edf1c319571c833f427024732d3575e45860c08 + ref: 063ee9d625e733008b5240509812288b76acb4ab includePaths: - core/api/src/graphql/public/schema.graphql - core/api/src/graphql/admin/schema.graphql diff --git a/quickstart/vendir/values.yml b/quickstart/vendir/values.yml index b63311ac64..39266ef1d6 100644 --- a/quickstart/vendir/values.yml +++ b/quickstart/vendir/values.yml @@ -1,3 +1,3 @@ #@data/values --- -galoy_git_ref: 9edf1c319571c833f427024732d3575e45860c08 +galoy_git_ref: 063ee9d625e733008b5240509812288b76acb4ab