Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: deprecate password files in favor of secrets #152

Merged
merged 37 commits into from
Dec 23, 2021
Merged

feat: deprecate password files in favor of secrets #152

merged 37 commits into from
Dec 23, 2021

Conversation

iromli
Copy link
Contributor

@iromli iromli commented Dec 9, 2021

The changeset deprecate password files (sql_password, couchbase_password, couchbase_superuser_password) in favor of value from secrets.

For existing deployments, the password from any of password files mentioned previously is saved into secrets. Subsequent deployment may remove the password files safely.

For fresh deployments, there are additional scopes and attributes that can be used to specify password for SQL and Couchbase databases.

iromli and others added 18 commits December 8, 2021 04:19
@iromli
refactor(jans-pycloudlib): rewrite password file handler
e1179b7
@iromli
chore: change warning message about password file
963f016
@iromli
refactor(jans-pycloudlib): simplify password file check
7ef3db1
@iromli
feat(configurator): ensure persistence password saved on first init
e92c7b1
@iromli
docs(configurator): add missing initialization attributes
481a938
@moabu
ci: update pycloud dev build
a988e90
@moabu
ci: use base ref as base
95a75f6
@moabu
ci: simplify janspycloud image build
bf83ac6
@moabu
Merge branch 'master' into secure-passwd
470d605
@moabu
ci: fix branch name reference
2878750
@moabu
ci: update pycloud workflow
aafd9f4
@moabu
ci: fix syntax
0b53404
@moabu
ci: fix image build
2ec447c
@moabu
ci: pull
a1b854f
@moabu
ci: pull
4ea440a
@moabu
ci: try force
a8de96d
@iromli
Merge a8de96d into bf4cc37
3e226fe
@mo-auto
chore(jans-pycloudlib): updated build
a2d3a16 
Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>
@iromli iromli requested a review from moabu as a code owner December 9, 2021 18:56
@codecov
Copy link

codecov bot commented Dec 9, 2021
edited
Loading

Codecov Report

Merging #152 (f1768d7) into master (2d5d61b) will decrease coverage by 0.16%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #152      +/-   ##
==========================================
- Coverage   68.80%   68.63%   -0.17%     
==========================================
  Files          29       29              
  Lines        1683     1674       -9     
==========================================
- Hits         1158     1149       -9     
  Misses        525      525
Flag Coverage Δ
unittests 68.63% <100.00%> (-0.17%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
jans-pycloudlib/jans/pycloudlib/utils.py 80.26% <ø> (-2.40%) ⬇️
...ycloudlib/jans/pycloudlib/persistence/couchbase.py 84.71% <100.00%> (+0.48%) ⬆️
jans-pycloudlib/jans/pycloudlib/persistence/sql.py 51.13% <100.00%> (+1.13%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update bf4cc37...f1768d7. Read the comment docs.

moabu and others added 4 commits December 10, 2021 07:16
@moabu
ci: fix syntax
a35a27f
@mo-auto
chore(jans-pycloudlib): updated build (#158)
0546c8e 
Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>
@moabu
ci: update build dates in prep for next release
cf7266b
@mo-auto
chore(jans-pycloudlib): updated build (#163)
f1768d7 
Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>
moabu added a commit to GluuFederation/cloud-native-edition that referenced this pull request Dec 23, 2021
@moabu
ci: remove unnecessary mounts
25ef87e 
JanssenProject/jans#152
@moabu moabu added this to the 1.0.0 milestone Dec 23, 2021
@moabu moabu linked an issue Dec 23, 2021 that may be closed by this pull request
Enhance security of persisted passwords #164
Closed
@moabu moabu merged commit f415213 into master Dec 23, 2021
@moabu moabu deleted the cn-secure-passwd branch December 23, 2021 13:18
This was referenced Jan 13, 2022
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
moabu added a commit that referenced this pull request Jan 13, 2022
@iromli @moabu @mo-auto
feat: deprecate password files in favor of secrets (#152)
4a3ea30 
* refactor(jans-pycloudlib): rewrite password file handler

* chore: change warning message about password file

* refactor(jans-pycloudlib): simplify password file check

* feat(configurator): ensure persistence password saved on first init

* docs(configurator): add missing initialization attributes

* ci: update pycloud dev build

* ci: use base ref as base

* ci: simplify janspycloud image build

* ci: fix branch name reference

* ci: update pycloud workflow

* ci: fix syntax

* ci: fix image build

* ci: pull

* ci: pull

* ci: try force

* chore(jans-pycloudlib): updated build

Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>

* chore(jans-pycloudlib): updated build

Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>

* test(jans-pycloudlib): testcases for passwords

* ci: pass token for user to make authenticated call

* ci: remove force pushing

* ci: change workflow name

* ci: passing a token for authentication

* ci: add remote url

* ci: fix syntax

* ci: action push

* ci: adjust workflows for creating dev images

* ci: enable auto merge

* chore(jans-pycloudlib): updated build (#156)

Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>

* ci: don't trigger updates on bot pushes

* ci: fix syntax

* ci: fix syntax

* chore(jans-pycloudlib): updated build (#158)

Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>

* ci: update build dates in prep for next release

* chore(jans-pycloudlib): updated build (#163)

Signed-off-by: mo-auto <54212639+mo-auto@users.noreply.github.com>

Co-authored-by: Mohammad Abudayyeh <47318409+moabu@users.noreply.github.com>
Co-authored-by: mo-auto <54212639+mo-auto@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@moabu moabu Awaiting requested review from moabu

Assignees
No one assigned
Labels
comp-docker-jans-auth-server comp-docker-jans-certmanager comp-docker-jans-client-api comp-docker-jans-config-api comp-docker-jans-configurator comp-docker-jans-fido2 comp-docker-jans-persistence-loader comp-docker-jans-scim
Projects
None yet
Milestone
1.0.0
Development

Successfully merging this pull request may close these issues.

Enhance security of persisted passwords
3 participants
@iromli @moabu @mo-auto