Merge branch 'main' into feat/debug-output

defenseunicorns · Dec 5, 2024 · 5fe51bf · 5fe51bf
2 parents ff76f5e + 2cb4181
commit 5fe51bf
Show file tree

Hide file tree

Showing 17 changed files with 28 additions and 22 deletions.
diff --git a/docs/reference/configuration/pepr-policies.md b/docs/reference/configuration/pepr-policies.md
@@ -4,7 +4,7 @@ title: Pepr Policies
 
 ## Common Pepr Policies for UDS Core
 
-### Pepr Policy Exemptions {#pepr-policy-exemptions}
+### Pepr Policy Exemptions
 These policies are based on the [Big Bang](https://p1.dso.mil/services/big-bang) policies created with Kyverno. You can find the source policies [here](https://repo1.dso.mil/big-bang/product/packages/kyverno-policies), Policy Names below also have links to the referenced Big Bang policy.
 
 Exemptions can be specified by a [UDS Exemption CR](../uds-operator#exemption). These take the place of Kyverno Exceptions.

diff --git a/docs/reference/configuration/uds-operator.md b/docs/reference/configuration/uds-operator.md
@@ -254,6 +254,8 @@ The SSO spec supports a subset of the Keycloak attributes for clients, but does
 - oauth2.device.authorization.grant.enabled
 - pkce.code.challenge.method
 - client.session.idle.timeout
+- client.session.max.lifespan
+- access.token.lifespan
 - saml.assertion.signature
 - saml.client.signature
 - saml_assertion_consumer_url_post

diff --git a/src/keycloak/chart/Chart.yaml b/src/keycloak/chart/Chart.yaml
@@ -4,7 +4,7 @@
 apiVersion: v2
 name: keycloak
 # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver
-version: 26.0.6
+version: 26.0.7
 description: Open Source Identity and Access Management For Modern Applications and Services
 keywords:
   - sso

diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -5,12 +5,12 @@ image:
   # The Keycloak image repository
   repository: quay.io/keycloak/keycloak
   # Overrides the Keycloak image tag whose default is the chart appVersion
-  tag: "26.0.6"
+  tag: "26.0.7"
   # The Keycloak image pull policy
   pullPolicy: IfNotPresent
 
 # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver
-configImage: ghcr.io/defenseunicorns/uds/identity-config:0.7.0
+configImage: ghcr.io/defenseunicorns/uds/identity-config:0.8.0
 
 # The public domain name of the Keycloak server
 domain: "###ZARF_VAR_DOMAIN###"

diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml
@@ -13,7 +13,7 @@ components:
       - name: keycloak
         namespace: keycloak
         # renovate: datasource=docker depName=quay.io/keycloak/keycloak versioning=semver
-        version: 26.0.6
+        version: 26.0.7
         localPath: ../chart
     actions:
       onDeploy:

diff --git a/src/keycloak/tasks.yaml b/src/keycloak/tasks.yaml
@@ -2,7 +2,7 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 includes:
-  - config: https://raw.githubusercontent.com/defenseunicorns/uds-identity-config/v0.7.0/tasks.yaml
+  - config: https://raw.githubusercontent.com/defenseunicorns/uds-identity-config/v0.8.0/tasks.yaml
 
 tasks:
   - name: validate

diff --git a/src/keycloak/values/registry1-values.yaml b/src/keycloak/values/registry1-values.yaml
@@ -3,7 +3,7 @@
 
 image:
   repository: registry1.dso.mil/ironbank/opensource/keycloak/keycloak
-  tag: "26.0.6"
+  tag: "26.0.7"
 podSecurityContext:
   fsGroup: 2000
 securityContext:

diff --git a/src/keycloak/values/unicorn-values.yaml b/src/keycloak/values/unicorn-values.yaml
@@ -5,4 +5,4 @@ podSecurityContext:
   fsGroup: 65532
 image:
   repository: cgr.dev/du-uds-defenseunicorns/keycloak
-  tag: "26.0.6"
+  tag: "26.0.7"
diff --git a/src/keycloak/values/upstream-values.yaml b/src/keycloak/values/upstream-values.yaml
@@ -5,4 +5,4 @@ podSecurityContext:
   fsGroup: 1000
 image:
   repository: quay.io/keycloak/keycloak
-  tag: "26.0.6"
+  tag: "26.0.7"
diff --git a/src/keycloak/zarf.yaml b/src/keycloak/zarf.yaml
@@ -23,8 +23,8 @@ components:
         valuesFiles:
           - "values/upstream-values.yaml"
     images:
-      - quay.io/keycloak/keycloak:26.0.6
-      - ghcr.io/defenseunicorns/uds/identity-config:0.7.0
+      - quay.io/keycloak/keycloak:26.0.7
+      - ghcr.io/defenseunicorns/uds/identity-config:0.8.0
 
   - name: keycloak
     required: true
@@ -39,8 +39,8 @@ components:
         valuesFiles:
           - "values/registry1-values.yaml"
     images:
-      - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:26.0.6
-      - ghcr.io/defenseunicorns/uds/identity-config:0.7.0
+      - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:26.0.7
+      - ghcr.io/defenseunicorns/uds/identity-config:0.8.0
 
   - name: keycloak
     required: true
@@ -53,5 +53,5 @@ components:
         valuesFiles:
           - "values/unicorn-values.yaml"
     images:
-      - cgr.dev/du-uds-defenseunicorns/keycloak:26.0.6 # todo: switch to FIPS image
-      - ghcr.io/defenseunicorns/uds/identity-config:0.7.0
+      - cgr.dev/du-uds-defenseunicorns/keycloak:26.0.7 # todo: switch to FIPS image
+      - ghcr.io/defenseunicorns/uds/identity-config:0.8.0
diff --git a/src/pepr/operator/crd/validators/package-validator.spec.ts b/src/pepr/operator/crd/validators/package-validator.spec.ts
@@ -524,6 +524,8 @@ describe("Test Allowed SSO Client Attributes", () => {
             "oauth2.device.authorization.grant.enabled": "true",
             "pkce.code.challenge.method": "S256",
             "client.session.idle.timeout": "3600",
+            "client.session.max.lifespan": "36000",
+            "access.token.lifespan": "60",
             "saml.assertion.signature": "false",
             "saml.client.signature": "false",
             saml_assertion_consumer_url_post: "https://nexus.uds.dev/saml",

diff --git a/src/pepr/operator/crd/validators/package-validator.ts b/src/pepr/operator/crd/validators/package-validator.ts
@@ -119,6 +119,8 @@ export async function validator(req: PeprValidateRequest<UDSPackage>) {
     "oauth2.device.authorization.grant.enabled",
     "pkce.code.challenge.method",
     "client.session.idle.timeout",
+    "client.session.max.lifespan",
+    "access.token.lifespan",
     "saml.assertion.signature",
     "saml.client.signature",
     "saml_assertion_consumer_url_post",

diff --git a/src/vector/common/zarf.yaml b/src/vector/common/zarf.yaml
@@ -17,7 +17,7 @@ components:
         localPath: ../chart
       - name: vector
         url: https://helm.vector.dev
-        version: 0.37.0
+        version: 0.38.0
         namespace: vector
         gitPath: charts/vector
         valuesFiles:

diff --git a/src/vector/values/registry1-values.yaml b/src/vector/values/registry1-values.yaml
@@ -3,4 +3,4 @@
 
 image:
   repository: registry1.dso.mil/ironbank/opensource/timberio/vector
-  tag: 0.42.0
+  tag: 0.43.0
diff --git a/src/vector/values/unicorn-values.yaml b/src/vector/values/unicorn-values.yaml
@@ -3,4 +3,4 @@
 
 image:
   repository: cgr.dev/du-uds-defenseunicorns/vector
-  tag: 0.42.0
+  tag: 0.43.0
diff --git a/src/vector/values/upstream-values.yaml b/src/vector/values/upstream-values.yaml
@@ -3,4 +3,4 @@
 
 image:
   repository: timberio/vector
-  tag: 0.42.0-distroless-static
+  tag: 0.43.0-distroless-static
diff --git a/src/vector/zarf.yaml b/src/vector/zarf.yaml
@@ -20,7 +20,7 @@ components:
         valuesFiles:
           - values/upstream-values.yaml
     images:
-      - timberio/vector:0.42.0-distroless-static
+      - timberio/vector:0.43.0-distroless-static
 
   - name: vector
     required: true
@@ -34,7 +34,7 @@ components:
         valuesFiles:
           - values/registry1-values.yaml
     images:
-      - registry1.dso.mil/ironbank/opensource/timberio/vector:0.42.0
+      - registry1.dso.mil/ironbank/opensource/timberio/vector:0.43.0
 
   - name: vector
     required: true
@@ -48,4 +48,4 @@ components:
         valuesFiles:
           - values/unicorn-values.yaml
     images:
-      - cgr.dev/du-uds-defenseunicorns/vector:0.42.0
+      - cgr.dev/du-uds-defenseunicorns/vector:0.43.0