Merge branch 'jans-config-api-testng-9125_new' of https://github.com/…

…JanssenProject/jans into jans-config-api-testng-9125_new

.github/CODEOWNERS

@@ -18,7 +18,7 @@
 /jans-core/ @yurem @yuriyz @yuriyzz
 /jans-orm/ @yurem @yuriyz
 /jans-auth-server/ @yurem @yuriyz @yuriyzz
-/jans-fido2/ @yurem @yackermann
+/jans-fido2/ @yurem
 /jans-lock/ @yurem
 /jans-scim/ @jgomer2001
 /jans-config-api/ @pujavs @yuriyz @yurem

.github/workflows/build-packages.yml

@@ -30,14 +30,14 @@ jobs:
             sign_cmd: dpkg-sig -s builder -k DE92BEF14A1A4E542F678B64DC3C790386C73900
             python_version: 3.8
           - name: el8
-            asset_suffix: -el8.x86_64.rpm
+            asset_suffix: .el8.x86_64.rpm
             build_files: rpm/el8
             asset_prefix: '-'
             asset_path: jans/rpmbuild/RPMS/x86_64
             sign_cmd: rpm --addsign
             python_version: 3.6
           - name: suse15
-            asset_suffix: -suse15.x86_64.rpm
+            asset_suffix: .suse15.x86_64.rpm
             build_files: rpm/suse15
             asset_prefix: '-'
             asset_path: jans/rpmbuild/RPMS/x86_64
@@ -108,9 +108,6 @@ jobs:
          sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" run-build.sh
          cat run-build.sh
          sudo ./run-build.sh
-         if [[ ${{ matrix.name }} == "el8" || ${{ matrix.name }} == "suse15" ]] && [[ ${{ steps.previoustag.outputs.tag }} == "nightly" ]]; then
-           cp -r /home/runner/work/jans/jans/jans/rpmbuild/RPMS/x86_64/jans-0.0.0-nightly.${{ matrix.name }}.x86_64.rpm ${{github.workspace}}/${{ matrix.asset_path }}/jans${{ matrix.asset_prefix }}${{ steps.previoustag.outputs.version }}${{ matrix.asset_suffix }}
-         fi
     - name: Sign package
       id: sign_package
       run : |
@@ -124,6 +121,7 @@ jobs:
         cd jans/
         sed -i "s/%VERSION%/${{ steps.previoustag.outputs.version }}/g" checksum.sh
         sudo ./checksum.sh
+        ls ${{github.workspace}}/${{ matrix.asset_path }}
 
     - name: Upload binaries to release
       id: upload_binaries

automation/packaging/rpm/el8/checksum.sh

@@ -11,11 +11,6 @@ pushd rpmbuild/RPMS/x86_64
 
 echo "VERSION: $VERSION"
 echo "RELEASE: $RELEASE"
-if [[ $VERSION == "0.0.0" ]]; then
-  echo "Creating checksum file for nightly build"
-  sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-0.0.0-nightly-el8.x86_64.rpm.sha256sum
-else
-  echo "Creating checksum file for release build"
-  sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-"$VERSION"-"$RELEASE".x86_64.rpm.sha256sum
-fi
+echo "Creating checksum file for release build"
+sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-"$VERSION"-"$RELEASE".x86_64.rpm.sha256sum
 popd

automation/packaging/rpm/suse15/checksum.sh

@@ -10,11 +10,6 @@ fi
 pushd rpmbuild/RPMS/x86_64
 echo "VERSION: $VERSION"
 echo "RELEASE: $RELEASE"
-if [[ $VERSION == "0.0.0" ]]; then
-  echo "Creating checksum file for nightly build"
-  sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-0.0.0-nightly-suse15.x86_64.rpm.sha256sum
-else
-  echo "Creating checksum file for release build"
-  sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-"$VERSION"-"$RELEASE".x86_64.rpm.sha256sum
-fi
+echo "Creating checksum file for release build"
+sha256sum jans-"$VERSION"-"$RELEASE".x86_64.rpm > jans-"$VERSION"-"$RELEASE".x86_64.rpm.sha256sum
 popd

charts/janssen-all-in-one/README.md

@@ -244,13 +244,16 @@ Kubernetes: `>=v1.22.0-0`
 | fido2.appLoggers.scriptLogTarget | string | `"FILE"` | fido2_script.log target |
 | fido2.enabled | bool | `true` | Boolean flag to enable/disable the fido2 chart. |
 | fido2.fido2ServiceName | string | `"fido2"` | Name of the fido2 service. Please keep it as default. |
-| fido2.ingress | object | `{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice |
+| fido2.ingress | object | `{"fido2AdditionalAnnotations":{},"fido2ConfigAdditionalAnnotations":{},"fido2ConfigEnabled":false,"fido2ConfigLabels":{},"fido2Enabled":false,"fido2Labels":{},"fido2WebauthnAdditionalAnnotations":{},"fido2WebauthnEnabled":false,"fido2WebauthnLabels":{}}` | Enable endpoints in either istio or nginx ingress depending on users choice |
 | fido2.ingress.fido2AdditionalAnnotations | object | `{}` | fido2 ingress resource additional annotations. |
 | fido2.ingress.fido2ConfigAdditionalAnnotations | object | `{}` | fido2 config ingress resource additional annotations. |
 | fido2.ingress.fido2ConfigEnabled | bool | `false` | Enable endpoint /.well-known/fido2-configuration |
 | fido2.ingress.fido2ConfigLabels | object | `{}` | fido2 config ingress resource labels. key app is taken |
 | fido2.ingress.fido2Enabled | bool | `false` | Enable endpoint /jans-fido2 |
 | fido2.ingress.fido2Labels | object | `{}` | fido2 ingress resource labels. key app is taken |
+| fido2.ingress.fido2WebauthnAdditionalAnnotations | object | `{}` | fido2 webauthn ingress resource additional annotations. |
+| fido2.ingress.fido2WebauthnEnabled | bool | `false` | Enable endpoint /.well-known/webauthn |
+| fido2.ingress.fido2WebauthnLabels | object | `{}` | fido2 webauthn ingress resource labels. key app is taken |
 | fqdn | string | `"demoexample.jans.io"` | Fully qualified domain name to be used for Janssen installation. This address will be used to reach Janssen services. |
 | fullNameOverride | string | `""` |  |
 | hpa | object | `{"behavior":{},"enabled":true,"maxReplicas":10,"metrics":[],"minReplicas":1,"targetCPUUtilizationPercentage":50}` | Configure the HorizontalPodAutoscaler |

charts/janssen-all-in-one/templates/nginx-ingress.yaml

@@ -566,6 +566,54 @@ spec:
 
 ---
 
+{{ if .Values.fido2.ingress.fido2WebauthnEnabled -}}
+{{ $fullName := include "janssen-all-in-one.fullname" . -}}
+{{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-webauthn
+  labels:
+    app: {{ $fullName }}-fido2
+{{- if index .Values "nginx-ingress" "ingress" "additionalLabels" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalLabels") | indent 4 }}
+{{- end }}
+{{- if .Values.fido2.ingress.fido2WebauthnLabels }}
+{{ toYaml .Values.fido2.ingress.fido2WebauthnLabels | indent 4 }}
+{{- end }}
+  annotations:
+    nginx.ingress.kubernetes.io/ssl-redirect: "false"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
+    nginx.ingress.kubernetes.io/rewrite-target: /jans-fido2/restv1/webauthn/configuration
+{{- if .Values.fido2.ingress.fido2WebauthnAdditionalAnnotations }}
+{{ toYaml .Values.fido2.ingress.fido2WebauthnAdditionalAnnotations | indent 4 }}
+{{- end }}
+{{- if index .Values "nginx-ingress" "ingress" "additionalAnnotations" }}
+{{ toYaml (index .Values "nginx-ingress" "ingress" "additionalAnnotations") | indent 4 }}
+{{- end }}
+spec:
+  ingressClassName: {{ index .Values "nginx-ingress" "ingress" "ingressClassName" }}
+{{- if index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+  tls:
+    - hosts:
+        - {{ .Values.fqdn | quote }}
+      secretName: {{ index .Values "nginx-ingress" "ingress" "tlsSecretName" }}
+{{- end }}
+  rules:
+    - host: {{ .Values.fqdn | quote }}
+      http:
+        paths:
+          - path: /.well-known/webauthn
+            pathType: Exact
+            backend:
+              service:
+                name: {{ .Values.service.name }}
+                port:
+                  number: 8080
+{{- end }}
+
+---
+
 {{ if index .Values "auth-server" "ingress" "authServerEnabled" -}}
 {{ $fullName := include "janssen-all-in-one.fullname" . -}}
 {{- $ingressPath := index .Values "nginx-ingress" "ingress" "path" -}}

charts/janssen-all-in-one/values.yaml

@@ -440,6 +440,8 @@ fido2:
     fido2ConfigEnabled: false
     # -- Enable endpoint /jans-fido2
     fido2Enabled: false
+    # -- Enable endpoint /.well-known/webauthn
+    fido2WebauthnEnabled: false
     # -- fido2 config ingress resource labels. key app is taken
     fido2ConfigLabels: { }
     # -- fido2 config ingress resource additional annotations.
@@ -448,6 +450,10 @@ fido2:
     fido2Labels: { }
     # -- fido2 ingress resource additional annotations.
     fido2AdditionalAnnotations: { }
+    # -- fido2 webauthn ingress resource labels. key app is taken
+    fido2WebauthnLabels: { }
+    # -- fido2 webauthn ingress resource additional annotations.
+    fido2WebauthnAdditionalAnnotations: { }
 scim:
   # -- Name of the scim service. Please keep it as default.
   scimServiceName: scim