Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(jans-config-api): adding allowSmtpKeystoreEdit property in admin-ui configuration #10067 #10085

Closed
wants to merge 4,498 commits into from

Conversation

duttarnab
Copy link
Contributor

closes #10067

jgomer2001 and others added 30 commits September 2, 2024 13:34
* docs: update developer guide #8852

Signed-off-by: jgomer2001 <[email protected]>

* chore: disable super gluu extension #8852

Signed-off-by: jgomer2001 <[email protected]>

* chore: avoid image duplication #8847

Signed-off-by: jgomer2001 <[email protected]>

* chore: revert changes in login form #8852

Signed-off-by: jgomer2001 <[email protected]>

---------

Signed-off-by: jgomer2001 <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
* chore: update casa gitignore #8846

Signed-off-by: jgomer2001 <[email protected]>

* chore: remove unused files #9327

Signed-off-by: jgomer2001 <[email protected]>

* docs: re-arrange list of plugins #8852

Signed-off-by: jgomer2001 <[email protected]>

---------

Signed-off-by: jgomer2001 <[email protected]>
…records (#9334)

* feat(jans-config-api): update log/telemetry/health entries

Signed-off-by: Yuriy Movchan <[email protected]>

* feat(jans-config-api): update log/telemetry/health entries

Signed-off-by: Yuriy Movchan <[email protected]>

---------

Signed-off-by: Yuriy Movchan <[email protected]>
* feat: remove mounted files for sql persistence

Signed-off-by: iromli <[email protected]>

* feat: remove mounted files for couchbase persistence

Signed-off-by: iromli <[email protected]>

* feat: remove mounted files for ldap persistence

Signed-off-by: iromli <[email protected]>

* fix: handle hybrid persistence

Signed-off-by: iromli <[email protected]>

* feat: remove unused ldap-cron-pass secret

Signed-off-by: iromli <[email protected]>

Merging but its missing docs. Auto doc generator will take care of it.
---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
#9343)

feat(jans-config-api): add endpoint to load log/telemetery/health data for specific period

Signed-off-by: Yuriy Movchan <[email protected]>
* feat(jans-auth-server): AS supports acr aliasing but it's not published on discovery. It should be added to discovery. #9166

Signed-off-by: YuriyZ <[email protected]>

* feat(jans-auth-server): added acr_mappings to doc sample #9166

Signed-off-by: YuriyZ <[email protected]>

---------

Signed-off-by: YuriyZ <[email protected]>
…in id_token (#9358)

Signed-off-by: Arnab Dutta <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
* ci: forces download each time on packaging

Signed-off-by: moabu <[email protected]>

* ci: forces download each time on packaging

Signed-off-by: moabu <[email protected]>

---------

Signed-off-by: moabu <[email protected]>
Signed-off-by: Mohammad Abudayyeh <[email protected]>
…ly if using ldap persistence (#9323)

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
… /jans-bom (#9308)

chore(deps): bump com.mysql:mysql-connector-j in /jans-bom

Bumps [com.mysql:mysql-connector-j](https://github.com/mysql/mysql-connector-j) from 8.0.32 to 8.2.0.
- [Changelog](https://github.com/mysql/mysql-connector-j/blob/release/9.x/CHANGES)
- [Commits](mysql/mysql-connector-j@8.0.32...8.2.0)

---
updated-dependencies:
- dependency-name: com.mysql:mysql-connector-j
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /jans-casa/app-fips (#8514)

chore(deps): bump org.bouncycastle:bc-fips in /jans-casa/app-fips

Bumps org.bouncycastle:bc-fips from 1.0.2.4 to 1.0.2.5.

---
updated-dependencies:
- dependency-name: org.bouncycastle:bc-fips
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…/jans-bom (#6357)

chore(deps): bump org.apache.santuario:xmlsec in /jans-bom

Bumps org.apache.santuario:xmlsec from 2.2.4 to 2.2.6.

---
updated-dependencies:
- dependency-name: org.apache.santuario:xmlsec
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… /jans-config-api (#7911)

chore(deps-dev): bump org.bitbucket.b_c:jose4j in /jans-config-api

Bumps [org.bitbucket.b_c:jose4j](https://bitbucket.org/b_c/jose4j) from 0.9.3 to 0.9.4.
- [Commits](https://bitbucket.org/b_c/jose4j/branches/compare/jose4j-0.9.4..jose4j-0.9.3)

---
updated-dependencies:
- dependency-name: org.bitbucket.b_c:jose4j
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
chore: use pythonic style #9181

Signed-off-by: jgomer2001 <[email protected]>
* feat(jans-core): update OpeDJ version

Signed-off-by: Yuriy Movchan <[email protected]>

* feat(jans-auth): set auth_user session attribute from authenticateByUserInum method

Signed-off-by: Yuriy Movchan <[email protected]>

---------

Signed-off-by: Yuriy Movchan <[email protected]>
* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* fix(config-api): asset upload

Signed-off-by: pujavs <[email protected]>

* fix(config-api): lock review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <[email protected]>

* fix(config-api): acr validation

Signed-off-by: pujavs <[email protected]>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <[email protected]>

* feat(config-api): swagger spec

Signed-off-by: pujavs <[email protected]>

* feat(config-api): saml config attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock review point

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock endpoint fixes and SAML IDP NPE

Signed-off-by: pujavs <[email protected]>

---------

Signed-off-by: pujavs <[email protected]>
Co-authored-by: YuriyZ <[email protected]>
* Initializing branch for Cedarling MVP

Signed-off-by: Arnab Dutta <[email protected]>

* rust demo code without connect to python

* cargo improvements

* fix format rule

* add to gitignore files that is used in debug process

* add parsing roles from token and it mapping

* remove unused text in readme

* added guide how to build

* add python binding

* python example hotfix

* make Id in python example more illustrative

* update to make tokens field jti optional

* fix readme file

* feat: store the sample policy stores in demo folder #9373

Signed-off-by: Arnab Dutta <[email protected]>

* rename role mapper to token mapper

* add loading policy store from file or json

* show in example that we can use setter

* use single quote for action in python example

* update python bindings to use object Request

* add readme to demo data folder

* updated README.md

* update cedarling_python/README.md

---------

Signed-off-by: Arnab Dutta <[email protected]>
Co-authored-by: Arnab Dutta <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
…on backends (#9389)

* feat(jans-pycloudlib): handle required files for external configuration backends

Signed-off-by: iromli <[email protected]>

* feat(jans-pycloudlib): populate google credentials if using spanner persistence

Signed-off-by: iromli <[email protected]>

* fix(jans-pycloudlib): resolve broken dependency for google-cloud-secret-manager lib

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
…9398)

* feat(jans-core): add jansFilePath to document store

Signed-off-by: Yuriy Movchan <[email protected]>

* feat(jans-core): set filePath and fileName from imput path

* feat(config-api): asset mgt changes to store filePath in separate field

Signed-off-by: pujavs <[email protected]>

---------

Signed-off-by: Yuriy Movchan <[email protected]>
Signed-off-by: pujavs <[email protected]>
Co-authored-by: pujavs <[email protected]>
* fix: high CPU usage on opening tarp #9390

Signed-off-by: Arnab Dutta <[email protected]>

* feat: resolving review comments

Signed-off-by: Arnab Dutta <[email protected]>

* feat: correct comments

Signed-off-by: Arnab Dutta <[email protected]>

---------

Signed-off-by: Arnab Dutta <[email protected]>
yurem and others added 21 commits October 31, 2024 22:09
#10002)

fix(jans-core): document store manager should have not null supported list by default

Signed-off-by: Yuriy Movchan <[email protected]>
* feat(jans-cedarling): Encoding and ContentType for cedar_schema and policy_content values

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): deserialize from schema field with metadata in policy.json

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): deserialize from policy_content field with metadata in policy.json

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): Ensure that policies are only ever encoded in cedar, because parsing cedar-json is currently not handled by cedar-policy crate.

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): for very human-readable tests, you can now do test file fixtures in yaml

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): rectify clippy complaints

Signed-off-by: John Anderson <[email protected]>

* feat(jans-cedarling): local use for std::collections::HashSet

Signed-off-by: John Anderson <[email protected]>

---------

Signed-off-by: John Anderson <[email protected]>
* feat(jans-pycloudlib): detect JSON data format

Signed-off-by: iromli <[email protected]>

* refactor(jans-pycloudlib): preconfigure MYSQL_SIMPLE_JSON

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Signed-off-by: Arnab Dutta <[email protected]>
…3.10.1 to 3.11.1 in /jans-scim (#10028)

chore(deps): bump org.apache.maven.plugins:maven-javadoc-plugin

Bumps [org.apache.maven.plugins:maven-javadoc-plugin](https://github.com/apache/maven-javadoc-plugin) from 3.10.1 to 3.11.1.
- [Release notes](https://github.com/apache/maven-javadoc-plugin/releases)
- [Commits](apache/maven-javadoc-plugin@maven-javadoc-plugin-3.10.1...maven-javadoc-plugin-3.11.1)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-javadoc-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… 3.5.1 to 3.5.2 in /agama (#10024)

chore(deps): bump org.apache.maven.plugins:maven-surefire-plugin

Bumps [org.apache.maven.plugins:maven-surefire-plugin](https://github.com/apache/maven-surefire) from 3.5.1 to 3.5.2.
- [Release notes](https://github.com/apache/maven-surefire/releases)
- [Commits](apache/maven-surefire@surefire-3.5.1...surefire-3.5.2)

---
updated-dependencies:
- dependency-name: org.apache.maven.plugins:maven-surefire-plugin
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
…stead of multi-valued where it is needed (e.g. jansClntAuthz ) #10033 (#10034)

Signed-off-by: YuriyZ <[email protected]>
…1.2 in /jans-casa (#9997)

chore(deps): bump org.codehaus.mojo:truezip-maven-plugin in /jans-casa

Bumps org.codehaus.mojo:truezip-maven-plugin from 1.1 to 1.2.

---
updated-dependencies:
- dependency-name: org.codehaus.mojo:truezip-maven-plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jose Gonzalez <[email protected]>
* refactor(jans-cedarling): replace token structs with generic serializable types

- replace token structs in test utils with generic serializable types for greater test flexibility

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add negative tests for access_token validation

- Implement tests to verify error handling when required claims are missing
  (iss, aud, sub, iat, exp).
- Add test for when the access_token has an invalid signature.

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add negative tests for id_token validation

- Implement tests to verify error handling when required claims are missing
  (iss, aud, sub, iat, exp).
- Add test for when the id_token has an invalid signature.
- Add test for when the id_token has a different iss with
  access_token.
- Add test for when the id_token has a different aud with
  access_token.
- Add test for when the id_token is expired.

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add test for checking access_token's expiration

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add negative tests for userinfo_token validation

- Implement tests to verify error handling when required claims are missing
  (iss, aud, sub, iat, exp).
- Add test for when the userinfo_token has an invalid signature.
- Add test for when the userinfo_token has a different iss with
  the access_token.
- Add test for when the userinfo_token has a different aud with
  the access_token.
- Add test for when the userinfo_token has a different sub with
  the id_token.

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): move files around for better organization

Signed-off-by: rmarinn <[email protected]>

* fix(jans-cedarling): fix userinfo_token validation bug

- fixed a bug where the validation for the `aud` and `iss` of the
  userinfo_token is mixed up

Signed-off-by: rmarinn <[email protected]>

* refactor(jans-cedarling): replace parameters in `decode(...)` with `DecodingArgs`

- This change consolidates the parameters for the `decode` function into a single
  `DecodingArgs` struct, for easier code readability and maintainability.

Signed-off-by: rmarinn <[email protected]>

* refactor(jans-cedarling): remove requirment for `iat` claim in token validation

Signed-off-by: rmarinn <[email protected]>

* fix(jans-cedarling): fix incorrect test fixture

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add detailed assertions for improved test accuracy

Signed-off-by: rmarinn <[email protected]>

* refactor(jans-cedarling): improve Error organization in jwt module

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): update outdated docstrings and rename an Error variant

- renamed decoding_strategy::Error::JwkMissingKid to decoding_strategy::Error::JwtMissingKeyId

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add unit tests for validating `nbf`

- add test expecting to error when using access_token before nbf
- add test expecting to error when using id_token before nbf
- add test expecting to error when using userinfo_token nbf

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): resolve clippy warnings

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): update incorrect docstrings

- references to `JwtService::decode_claims` updated to `JwtService::decode_tokens`

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): add tests relating to KeyService

- add test that should error when a key with a given `kid`
  that should be used for validating a token can't be found.
- add a test that panics when the openid configuration cannot
  be fetched at JwtService's initialization.
  the openid configuration cannot be fetched
- add a test that panics when the JWKS cannot be fetched at
  JwtService's initialization.

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): increase specificity of asserts on errors

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): update token claims in examples/authroize_with_jwt_validation.rs

Signed-off-by: rmarinn <[email protected]>

* refactor(jans-cedarling): move test into a different file

- moved `can_update_local_jwks` from `with_validation.rs` to
  `key_service.rs`

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): update docstrings and remove unnecessary checks

- updated docstrings on some test files to more accurately indicate what they contain.
- remove unnecessary "unexpected" data checks on tests and just have it on one.

Signed-off-by: rmarinn <[email protected]>

* refactor(jans-cedarling): improve code readability in tests

- improve code readability in tests by returning a List<EncodingKey>
  instead of a List<(String, jwt::EncodingKey)> when generating keys

Signed-off-by: rmarinn <[email protected]>

* fix(jans-cedarling): improve token invalidation robustness in tests

- Modified `invalidate_token` to handle cases where the first two characters in the signature
  are identical and swapping them won't invalidate the token. This change introduces a loop to
  assign a distinct character to the first position if characters match, ensuring the token
  is reliably invalidated without unintended duplication.
- Moved  `invalidate_token` to `utils.rs`

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): change error naming convention

- renamed decoding_strategy::Error to decoding_strategy::DecodingError
- renamed key_service::Error to key_service::KeyServiceError

Signed-off-by: rmarinn <[email protected]>

* test(jans-cedarling): remove tests that expects to panic

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): change error naming in JWT module

- rename `jwt::Error` to `jwt::JwtServiceError`
- rename `decoding_strategy::DecodingError` to `decoding_strategy::toJwtDecodingError`

Signed-off-by: rmarinn <[email protected]>

* chore(jans-cedarling): move `test/mod.rs` to `test.rs`

Signed-off-by: rmarinn <[email protected]>

---------

Signed-off-by: rmarinn <[email protected]>
* feat(cloud-native): add support for legacy and simple JSON data

Signed-off-by: iromli <[email protected]>

---------

Signed-off-by: iromli <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
* chore(jans-cedarling): remove  #[allow(unused)] in key_service

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): refactor initialization of KeyService to be more readable

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): add getting trusted issuer when decode JWT tokens

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): remove transaction token

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): fix test case after deleting  `transaction_token`

Signed-off-by: Oleh Bohzok <[email protected]>

* feat(jans-cedarling): add entity Jans::Role to entity store

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): fix unit tests and add some refactor, extract function `build_entity_attributes`

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): fix copy-paste error.

Signed-off-by: Oleh Bohzok <[email protected]>

* feat(jans-cedarling): add to authorize check `execute_authorize` with principal `Jans::Role`

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): fix python unit tests

Signed-off-by: Oleh Bohzok <[email protected]>

* feat(jans-cedarling): add to python bindings `AuthorizeResult` field person and role

Signed-off-by: Oleh Bohzok <[email protected]>

* feat(jans-cedarling): add parsing `Jans::Role` only if field present in JWT token

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): change default search Role to the Userinfo token

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): add #[allow(dead_code)] in test case

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): add parse yaml using config

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): refactor current unit test `success_test_json` to be more readable

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): move `success_test_json` to own file

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): add config yaml file for testing `policy-store_ok_2.yaml`

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): add test case on check authorization request, positive and negative

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): fix python binding result of authorize for role

Signed-off-by: Oleh Bohzok <[email protected]>

* docs(jans-cedarling): add update to documentation related to adding role check on authorization request

Signed-off-by: Oleh Bohzok <[email protected]>

* test(jans-cedarling): fix python tests

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): fix copy-paste comment about YAML usage

also added text
`Mostly used only for testing purposes.`

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): refactor code to be more readable,

 add match statement in function `create_role_entities`

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): remove cloning the entity_uid in function `create_entity`

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): fix the markdown file using linter

Signed-off-by: Oleh Bohzok <[email protected]>

* docs(jans-cedarling): add information about minimum supported `cedar-policy schema`

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): update pyo3 to latest

Signed-off-by: Oleh Bohzok <[email protected]>

* chore(jans-cedarling): remove outdated comment

Signed-off-by: Oleh Bohzok <[email protected]>

---------

Signed-off-by: Oleh Bohzok <[email protected]>
…script enhancement (#10014)

* fix(config-api): asset mgt endpoint fixes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset upload mgt ehancement and fido

Signed-off-by: pujavs <[email protected]>

* fix(config-api): asset upload

Signed-off-by: pujavs <[email protected]>

* fix(config-api): lock review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock code review comments

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock master renamed to lock server

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 delete functionality

Signed-off-by: pujavs <[email protected]>

* fix(config-api): acr validation

Signed-off-by: pujavs <[email protected]>

* feat(config-api): doc(config-api): IDP schema attribute descriptions #9187

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): uploading assets via API generates 2 entries #9178

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt, fido and IDP changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 device endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): resolved sonar review issues

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sonar review comment fix

Signed-off-by: pujavs <[email protected]>

* feat(config-api): swagger spec

Signed-off-by: pujavs <[email protected]>

* feat(config-api): saml config attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* doc(config-api): added SAML attribute description

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* fix(jans-lock): code review comment fix isssue#9305

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock review point

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(lock): code review comment

Signed-off-by: pujavs <[email protected]>

* fix(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): lock endpoint fixes and SAML IDP NPE

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): implement timer for asset mgt to fetch and deploy assets forconfig-api #9403

Signed-off-by: pujavs <[email protected]>

* fix(config-api): scope validation issue #9426

Signed-off-by: pujavs <[email protected]>

* fix(config-api): asset delete error fix

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sysnc with main

Signed-off-by: pujavs <[email protected]>

* fix(config-ap): lock audit endpoint parameter declaration error#9460

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token functionality

Signed-off-by: pujavs <[email protected]>

* fix(Config-api): lock audit endpoint path param rectification

Signed-off-by: pujavs <[email protected]>

* feat(config-api): clint token endpoint - wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): clint token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): client token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session ednpoint wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session ednpoint wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and token endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and fido2 endpoint

Signed-off-by: pujavs <[email protected]>

* test(config-api): marked session failing test case

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt dir mapping changes wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt dir changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt changes for dir

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt endpoint -wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): asset mgt endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): custom asset mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove sessionId

Signed-off-by: pujavs <[email protected]>

* feat(config-api) session endpoint changes to hide id

Signed-off-by: pujavs <[email protected]>

* feat(config-api) session endpoint changes to hide id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint mgt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session enhancement for removing id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint changes to remove session id

Signed-off-by: pujavs <[email protected]>

* feat(config-api): search fieldValuePair enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): search fieldValuePair enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session field filter enhancement - wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session field search enhancement wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint search enhancemnt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint search enhancemnt

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session endpoint search enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and token endpoint enhacement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session and token search enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): session search changes for session attribute

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 search endpoint

Signed-off-by: pujavs <[email protected]>

* feat(config-api): fido2 entry search

Signed-off-by: pujavs <[email protected]>

* feat(config-api): pagination implemented in fido2, session and token endpoints

Signed-off-by: pujavs <[email protected]>

* feat(Config-ap): acr enhacement for agama

Signed-off-by: pujavs <[email protected]>

* feat(Config-ap): made asset error message descriptive

Signed-off-by: pujavs <[email protected]>

* feat(config-api): token date format changes

Signed-off-by: pujavs <[email protected]>

* feat(config-api): date time changes for tkken comparison:

Signed-off-by: pujavs <[email protected]>

* feat(config-api): date time changes for tkken comparison

Signed-off-by: pujavs <[email protected]>

* feat(config-api): sync with main

Signed-off-by: pujavs <[email protected]>

* feat(config-api): date check

Signed-off-by: pujavs <[email protected]>

* feat(config-api): date format enhancement - wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): service status endpoint wip

Signed-off-by: pujavs <[email protected]>

* feat(config-api): new endpoint for jans service status and file type script enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): new endpoint for jans service status and file type script enhancement

Signed-off-by: pujavs <[email protected]>

* feat(config-api): new endpoint for jans service status and file type script enhancement

Signed-off-by: pujavs <[email protected]>

---------

Signed-off-by: pujavs <[email protected]>
Co-authored-by: YuriyZ <[email protected]>
Bumps `bc.version` from 1.78.1 to 1.79.

Updates `org.bouncycastle:bcprov-jdk18on` from 1.78.1 to 1.79
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcpkix-jdk18on` from 1.78.1 to 1.79
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcutil-jdk18on` from 1.78.1 to 1.79
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

Updates `org.bouncycastle:bcmail-jdk18on` from 1.78.1 to 1.79
- [Changelog](https://github.com/bcgit/bc-java/blob/main/docs/releasenotes.html)
- [Commits](https://github.com/bcgit/bc-java/commits)

---
updated-dependencies:
- dependency-name: org.bouncycastle:bcprov-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcpkix-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcutil-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: org.bouncycastle:bcmail-jdk18on
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* fix(jans-core): document store manager should have not null supported list by default

Signed-off-by: Yuriy Movchan <[email protected]>

* feat(jans-orm): search in top level JSON array

Merge branch 'main' of https://github.com/JanssenProject/jans into main

Signed-off-by: Yuriy Movchan <[email protected]>

---------

Signed-off-by: Yuriy Movchan <[email protected]>
Co-authored-by: YuriyZ <[email protected]>
…10041)

* Update bootstrap.min.js

* update boostrap.min.css file in jans-casa

* Update header.zul

* Update header.zul

* Update popper-1.16.min.js

* fix underline and change button propertiest

* fix css in table, tr and td

* update style in admin properties

* fix text color in casa plugins

* update color text in plugins

---------

Co-authored-by: Jose Gonzalez <[email protected]>
* feat(charts): add pod-level annotation and customized command

Signed-off-by: Amro Misbah <[email protected]>

* docs(charts): generate helm-docs

Signed-off-by: Amro Misbah <[email protected]>

* feat(kc-scheduler): add custom command

Signed-off-by: Amro Misbah <[email protected]>

---------

Signed-off-by: Amro Misbah <[email protected]>
Co-authored-by: Mohammad Abudayyeh <[email protected]>
Signed-off-by: Arnab Dutta <[email protected]>
Copy link

dryrunsecurity bot commented Nov 7, 2024

DryRun Security Summary

The provided code changes cover a wide range of GitHub Actions workflows for the Janssen Project, focusing on various aspects of the project's development and deployment processes, with a strong emphasis on security best practices, such as hardened runners, secure secrets management, dependency vulnerability scanning, and code signing.

Expand for full summary

Summary:

The provided code changes cover a wide range of GitHub Actions workflows for the Janssen Project, a set of open-source software components for identity and access management. These workflows focus on various aspects of the project's development and deployment processes, with a strong emphasis on security best practices.

The changes include improvements to the pull request template, Dependabot configuration, CODEOWNERS management, nightly build automation, backport functionality, documentation management, Docker image building, code linting, and more. Throughout these changes, the application security engineer has identified several key security-related aspects, such as the use of hardened runners, secure secrets management, dependency vulnerability scanning, and code signing.

Overall, the changes demonstrate a comprehensive approach to application security, with a focus on maintaining the integrity, confidentiality, and availability of the Janssen Project's codebase and infrastructure. The workflows incorporate various security-conscious practices, which should help to mitigate potential security risks and ensure the ongoing security of the project.

Files Changed:

  • .github/pull_request_template.md: Updates the pull request template to provide more guidance and information for contributors, including a section for confirming no impact on documentation.
  • .github/dependabot.yml: Configures Dependabot to automatically update dependencies across multiple programming languages and components.
  • .github/CODEOWNERS: Modifies the CODEOWNERS file to update the list of owners for various directories and files in the repository.
  • .github/workflows/activate-nightly-build.yml: Implements a workflow for activating a nightly build process, including hardening the runner and managing releases.
  • .github/workflows/backport.yml: Automates the process of backporting merged pull requests to other branches based on specific labels.
  • .github/workflows/build-wars.yml: Handles the building and publishing of Docker images for various Janssen Project components.
  • .github/workflows/build-docs.yml: Manages the generation and deployment of the project's documentation to GitHub Pages.
  • .github/workflows/clean_github_cache.yml: Cleans up the GitHub Actions cache for closed pull requests.
  • .github/workflows/codeql-analysis.yml: Integrates the CodeQL code analysis tool into the project's CI/CD pipeline.
  • .github/workflows/central_code_quality_check.yml: Runs Sonar scans on the project's codebase to maintain code quality and security.
  • .github/workflows/delete_workflow_runs.yml: Automatically deletes old workflow runs from the repository to maintain security.
  • .github/workflows/dependency-review.yml: Scans dependency manifest files for known-vulnerable packages and blocks their introduction.
  • .github/workflows/documenation_check.yml: Ensures that documentation changes are properly identified and addressed in pull requests.
  • .github/workflows/docs.yml: Handles the automatic merging of documentation-only pull requests from organization members.
  • .github/workflows/docker_build_image.yml: Builds and publishes Docker images for the Janssen Project, including signing the images.
  • .github/workflows/flake8-lint.yml: Runs the Flake8 linter on Python code in the demos/jans-tent directory.
  • .github/workflows/jans_pycloud_build_package.yml: Updates the jans-pycloudlib dependency in various Docker images used by the Janssen Project.
  • .github/workflows/label_pr_issues.yml: Automatically labels pull requests and issues in the repository.
  • .github/workflows/microk8s.yml: Sets up a development environment for the Janssen demo using Microk8s.
  • .github/workflows/pr-ref-issue.yml: Enforces the practice of linking each pull request to an open issue in the repository.
  • .github/workflows/scorecard.yml: Runs the OSSF Scorecard tool to analyze the security posture of the Janssen Project repository.
  • .github/workflows/test_cedarling.yml: Runs tests for the "Cedarling" project, including Rust and Python tests.
  • .github/workflows/sync.yml: Synchronizes changes between the JanssenProject/jans and JanssenProject/terraform-provider-jans repositories.
  • .github/workflows/test_docker_linux_installer.yml: Tests the Linux installer for the Janssen Project, including generating RDBMS documentation and running Terraform provider tests.

Code Analysis

We ran 9 analyzers against 30 files and 0 analyzers had findings. 9 analyzers had no findings.

Riskiness

🟢 Risk threshold not exceeded.

View PR in the DryRun Dashboard.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

feat(jans-config-api): adding allowSmtpKeystoreEdit property in admin-ui configuration