-
Notifications
You must be signed in to change notification settings - Fork 24.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
update c2id/c2id-server-demo docker image to support ARM #91144
Conversation
Pinging @elastic/es-security (Team:Security) |
to test manually run: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Very clever solution. Thanks, Jake!
* main: (1300 commits) update c2id/c2id-server-demo docker image to support ARM (elastic#91144) Allow legacy index settings on legacy indices (elastic#90264) Skip prevoting if single-node discovery (elastic#91255) Chunked encoding for snapshot status API (elastic#90801) Allow different decay values depending on the score function (elastic#91195) Fix handling indexed envelopes crossing the dateline in mvt API (elastic#91105) Ensure cleanups succeed in JoinValidationService (elastic#90601) Add overflow behaviour test for RecyclerBytesStreamOutput (elastic#90638) More actionable error for ancient indices (elastic#91243) Fix APM configuration file delete (elastic#91058) Clean up handshake test class (elastic#90966) Improve H3#hexRing logic and add H3#areNeighborCells method (elastic#91140) Restrict direct use of `ApplicationPrivilege` constructor (elastic#91176) [ML] Allow NLP truncate option to be updated when span is set (elastic#91224) Support multi-intersection for FieldPermissions (elastic#91169) Support intersecting multi-sets of queries with DocumentPermissions (elastic#91151) Ensure TermsEnum action works correctly with API keys (elastic#91170) Fix NPE in auditing authenticationSuccess for non-existing run-as user (elastic#91171) Ensure PKI's delegated_by_realm metadata respect run-as (elastic#91173) [ML] Update API documentation for anomaly score explanation (elastic#91177) ... # Conflicts: # x-pack/plugin/core/src/main/java/org/elasticsearch/xpack/core/XPackClientPlugin.java # x-pack/plugin/rollup/src/main/java/org/elasticsearch/xpack/downsample/RollupShardIndexer.java # x-pack/plugin/rollup/src/main/java/org/elasticsearch/xpack/downsample/TransportRollupIndexerAction.java # x-pack/plugin/rollup/src/test/java/org/elasticsearch/xpack/rollup/v2/RollupActionSingleNodeTests.java
We currently use unicon/shibboleth-idp:3.4.2 to help test our SAML integration. That container is no longer actively supported and does not support ARM architectures. This commit is a partial clone from Unicon/shibboleth-idp-dockerized 3.4.3. Changes from upstream include: Use openjdk:11.0.16-jre as the base image for support for ARM architectures Handle missing keystore download from Jetty Fix URL paths for artifacts to download Changes to this repository include: Copied required Jetty configuration files from upstream project Updates to docker compose Placed the missing keystore Jetty downloads in a separate location (jetty-custom) The final result is a bit messy. Mixing cloned files with custom files and mixing Jetty and IDP concerns. However, it is not much messier than prior and now that we control building the image we can more easily upgrade shibboleth IDP The upgrade to the latest version is fairly involved and as such we will need to deviate more from the clone which should allow some additional clean up. part of: #71378 related: #91144 supersedes: #89674
💚 Backport successful
|
This commit updates the c2id docker image to the latest released version. This commit also introduces a multi-stage build with the openjdk image that supports ARM architectures. So our oidc tests now supports multiple archtectures. related: elastic#89526 part of: elastic#71378
We currently use unicon/shibboleth-idp:3.4.2 to help test our SAML integration. That container is no longer actively supported and does not support ARM architectures. This commit is a partial clone from Unicon/shibboleth-idp-dockerized 3.4.3. Changes from upstream include: Use openjdk:11.0.16-jre as the base image for support for ARM architectures Handle missing keystore download from Jetty Fix URL paths for artifacts to download Changes to this repository include: Copied required Jetty configuration files from upstream project Updates to docker compose Placed the missing keystore Jetty downloads in a separate location (jetty-custom) The final result is a bit messy. Mixing cloned files with custom files and mixing Jetty and IDP concerns. However, it is not much messier than prior and now that we control building the image we can more easily upgrade shibboleth IDP The upgrade to the latest version is fairly involved and as such we will need to deviate more from the clone which should allow some additional clean up. part of: elastic#71378 related: elastic#91144 supersedes: elastic#89674
We currently use unicon/shibboleth-idp:3.4.2 to help test our SAML integration. That container is no longer actively supported and does not support ARM architectures. This commit is a partial clone from Unicon/shibboleth-idp-dockerized 3.4.3. Changes from upstream include: Use openjdk:11.0.16-jre as the base image for support for ARM architectures Handle missing keystore download from Jetty Fix URL paths for artifacts to download Changes to this repository include: Copied required Jetty configuration files from upstream project Updates to docker compose Placed the missing keystore Jetty downloads in a separate location (jetty-custom) The final result is a bit messy. Mixing cloned files with custom files and mixing Jetty and IDP concerns. However, it is not much messier than prior and now that we control building the image we can more easily upgrade shibboleth IDP The upgrade to the latest version is fairly involved and as such we will need to deviate more from the clone which should allow some additional clean up. part of: #71378 related: #91144 supersedes: #89674
This commit updates the c2id docker image to the latest released version.
This commit also introduces a multi-stage build with the openjdk image that
supports ARM architectures. So our oidc tests now supports multiple archtectures.
related: #89526
part of: #71378
Note the shibboleth container still needs to be update and will come in a different PR. (#91216)