From 859c75c0a79676f4388328ee54eade093336df51 Mon Sep 17 00:00:00 2001 From: mstasgravitee <152597515+mstasgravitee@users.noreply.github.com> Date: Thu, 14 Dec 2023 12:30:56 +0100 Subject: [PATCH 1/2] AM-688: Do not refer to company.com (#3275) (cherry picked from commit 12c6efa872549ef288a6b5294c270db93f246b85) # Conflicts: # gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml # gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts # gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html # gravitee-am-ui/src/app/domain/components/emails/email/email.component.html # helm/tests/api-configmap_test.yaml --- .../auth/webauthn/WebAuthnFactoryTest.java | 4 +- .../src/main/resources/config/gravitee.yml | 25 +++- .../main/resources/schemas/schema-form.json | 2 +- .../api/preview/PreviewBuilder.java | 2 +- .../api/resources/EntrypointResourceTest.java | 4 +- .../resources/EntrypointsResourceTest.java | 2 +- .../src/main/resources/config/gravitee.yml | 8 +- .../SendEmailPolicyConfiguration.java | 2 +- .../main/resources/schemas/schema-form.json | 2 +- .../service/impl/EntrypointServiceImpl.java | 10 +- .../am/service/EntrypointServiceTest.java | 12 +- .../specs/gateway/flow-execution.jest.spec.ts | 42 +++++++ .../overview/overview.component.html | 14 +++ .../emails/email/email.component.html | 14 +++ helm/README.adoc | 4 +- helm/README.md | 2 +- helm/tests/api-configmap_test.yaml | 114 ++++++++++++++++-- helm/values.yaml | 2 +- 18 files changed, 225 insertions(+), 40 deletions(-) diff --git a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-core/src/test/java/io/gravitee/am/gateway/handler/vertx/auth/webauthn/WebAuthnFactoryTest.java b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-core/src/test/java/io/gravitee/am/gateway/handler/vertx/auth/webauthn/WebAuthnFactoryTest.java index 024fba92584..4999d9fb711 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-core/src/test/java/io/gravitee/am/gateway/handler/vertx/auth/webauthn/WebAuthnFactoryTest.java +++ b/gravitee-am-gateway/gravitee-am-gateway-handler/gravitee-am-gateway-handler-core/src/test/java/io/gravitee/am/gateway/handler/vertx/auth/webauthn/WebAuthnFactoryTest.java @@ -82,14 +82,14 @@ public void testCustom_emptySettings() { public void testCustom_partialSettings() { WebAuthnSettings webAuthnSettings = mock(WebAuthnSettings.class); when(webAuthnSettings.getRelyingPartyName()).thenReturn("Custom RP name"); - when(webAuthnSettings.getOrigin()).thenReturn("https://auth.mycompany.com:8443"); + when(webAuthnSettings.getOrigin()).thenReturn("https://auth.gravitee.io:8443"); when(domain.getWebAuthnSettings()).thenReturn(webAuthnSettings); WebAuthn webAuthn = webAuthnFactory.getObject(); RelyingParty relyingParty = webAuthnFactory.getRelyingParty(); Assert.assertNotNull(webAuthn); Assert.assertNotNull(relyingParty); Assert.assertEquals("Custom RP name", relyingParty.getName()); - Assert.assertEquals("auth.mycompany.com", relyingParty.getId()); + Assert.assertEquals("auth.gravitee.io", relyingParty.getId()); } @Test diff --git a/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml b/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml index e36acecd9c8..8e5a3910890 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml +++ b/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml @@ -47,7 +47,7 @@ # # The base_url contains the common url for each overrode endpoints. # # The list of endpoint that support the mtls_aliases is : token_endpoint, authorization_endpoint, registration_endpoint, userinfo_endpoint, pushed_authorization_request_endpoint, end_session_endpoint, revocation_endpoint, introspection_endpoint # mtls_aliases: # base URL for mtls_endpoint_aliases (default is null and the standard endpoints will be used) -# base_url: https://mycompany.mlts.com +# base_url: https://gravitee.mlts.com # endpoints: # - token_endpoint # - registration_endpoint @@ -77,7 +77,7 @@ # cors: # Allows to configure the header Access-Control-Allow-Origin (default value: *) # '*' is a valid value but is considered as a security risk as it will be opened to cross origin requests from anywhere. -# allow-origin: http://developer.mycompany.com +# allow-origin: http://developer.gravitee.io # Allows to define how long the result of the preflight request should be cached for (default value; 1728000 [20 days]) # max-age: 864000 # Which methods to allow (default value: OPTIONS, GET, POST, PUT, DELETE, PATCH) @@ -100,6 +100,11 @@ # - "style-src 'self' 'unsafe-inline';" # - "frame-ancestors 'none';" # - "frame-src 'self' https://www.google.com;" +<<<<<<< HEAD +======= +# - "report-uri 'self' http://report-csp.gravitee.io;" # if reportOnly is true, use this callback URL to report +# - "report-to 'self' 'security@gravitee.io';" # if reportOnly is true, use this email to report +>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) # # xframe section allows to activate the X-Frame-Options header # # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options # # if not action (DENY or SAMEORIGIN) is specified, the X-Frame-Options header will no be set into the response @@ -321,7 +326,7 @@ gateway: # enabled: false # exclude-hosts: # list of hosts to exclude from proxy (wildcard hosts are supported) # - '*.internal.com' -# - internal.mycompany.com +# - internal.gravitee.io # type: HTTP #HTTP, SOCK4, SOCK5 # http: # host: localhost @@ -349,7 +354,7 @@ gateway: # Organizations and Environments configuration # Associate this gateway to a list of environments and their organizations. Use hrids to define these values. -#organizations: mycompany +#organizations: gravitee #environments: dev,qa # Sharding tags configuration @@ -441,3 +446,15 @@ liquibase: # limit: 5 # timePeriod: 15 # timeUnit: Minutes +<<<<<<< HEAD +======= + +#applications: +# secret: +# # Algorithms used to hash the client secret. +# # Can be one of : +# # "PBKDF2", "BCrypt", "SHA-512", "SHA-256", "None" +# algorithm: None +# properties: +# rounds: 10 +>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) diff --git a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/resources/schemas/schema-form.json b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/resources/schemas/schema-form.json index cb95b6df424..95fc8cdbfd1 100644 --- a/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/resources/schemas/schema-form.json +++ b/gravitee-am-identityprovider/gravitee-am-identityprovider-http/src/main/resources/schemas/schema-form.json @@ -117,7 +117,7 @@ "baseURL" : { "type" : "string", "title": "Base URL", - "default": "https://api.company.com/users?username={#user.username}", + "default": "https://api.gravitee.io/users?username={#user.username}", "description": "Resource URL (support EL)" }, "httpMethod" : { diff --git a/gravitee-am-management-api/gravitee-am-management-api-rest/src/main/java/io/gravitee/am/management/handlers/management/api/preview/PreviewBuilder.java b/gravitee-am-management-api/gravitee-am-management-api-rest/src/main/java/io/gravitee/am/management/handlers/management/api/preview/PreviewBuilder.java index 5e34ff69555..080959da6ab 100644 --- a/gravitee-am-management-api/gravitee-am-management-api-rest/src/main/java/io/gravitee/am/management/handlers/management/api/preview/PreviewBuilder.java +++ b/gravitee-am-management-api/gravitee-am-management-api-rest/src/main/java/io/gravitee/am/management/handlers/management/api/preview/PreviewBuilder.java @@ -296,7 +296,7 @@ private Map generateTemplateVariables(String template) { private UserProperties generateFakeUser() { final UserProperties fakeUser = new UserProperties(); fakeUser.setDomain(this.domain.getId()); - fakeUser.setEmail("john.doe@mycompany.com"); + fakeUser.setEmail("john.doe@gravitee.io"); fakeUser.setFirstName("John"); fakeUser.setLastName("Doe"); fakeUser.setClaims(Map.of()); diff --git a/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointResourceTest.java b/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointResourceTest.java index 3720433889e..f2d3faea213 100644 --- a/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointResourceTest.java +++ b/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointResourceTest.java @@ -92,7 +92,7 @@ public void shouldUpdateEntrypoint() { UpdateEntrypoint updateEntrypoint = new UpdateEntrypoint(); updateEntrypoint.setName("name"); - updateEntrypoint.setUrl("https://auth.company.com"); + updateEntrypoint.setUrl("https://auth.gravitee.io"); updateEntrypoint.setTags(Collections.emptyList()); final Entrypoint mockEntrypoint = new Entrypoint(); @@ -119,7 +119,7 @@ public void shouldNotUpdateEntrypoint_notFound() { UpdateEntrypoint updateEntrypoint = new UpdateEntrypoint(); updateEntrypoint.setName("name"); - updateEntrypoint.setUrl("https://auth.company.com"); + updateEntrypoint.setUrl("https://auth.gravitee.io"); updateEntrypoint.setTags(Collections.emptyList()); doReturn(Single.error(new EntrypointNotFoundException(ENTRYPOINT_ID))).when(entrypointService).update(eq(ENTRYPOINT_ID), eq(ORGANIZATION_ID), any(UpdateEntrypoint.class), any(User.class)); diff --git a/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointsResourceTest.java b/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointsResourceTest.java index fe51a6b9679..e29f06b2c47 100644 --- a/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointsResourceTest.java +++ b/gravitee-am-management-api/gravitee-am-management-api-rest/src/test/java/io/gravitee/am/management/handlers/management/api/resources/EntrypointsResourceTest.java @@ -83,7 +83,7 @@ public void shouldGetEntrypoints_technicalManagementException() { public void shouldCreate() { NewEntrypoint newEntrypoint = new NewEntrypoint(); newEntrypoint.setName("name"); - newEntrypoint.setUrl("https://auth.company.com"); + newEntrypoint.setUrl("https://auth.gravitee.io"); newEntrypoint.setTags(Collections.emptyList()); Entrypoint entrypoint = new Entrypoint(); diff --git a/gravitee-am-management-api/gravitee-am-management-api-standalone/gravitee-am-management-api-standalone-distribution/src/main/resources/config/gravitee.yml b/gravitee-am-management-api/gravitee-am-management-api-standalone/gravitee-am-management-api-standalone-distribution/src/main/resources/config/gravitee.yml index af526bc959f..d4eacb0145b 100644 --- a/gravitee-am-management-api/gravitee-am-management-api-standalone/gravitee-am-management-api-standalone-distribution/src/main/resources/config/gravitee.yml +++ b/gravitee-am-management-api/gravitee-am-management-api-standalone/gravitee-am-management-api-standalone-distribution/src/main/resources/config/gravitee.yml @@ -63,7 +63,7 @@ # cors: # Allows to configure the header Access-Control-Allow-Origin (default value: *) # '*' is a valid value but is considered as a security risk as it will be opened to cross origin requests from anywhere. -# allow-origin: http://developer.mycompany.com +# allow-origin: http://developer.gravitee.io # Allows to define how long the result of the preflight request should be cached for (default value; 1728000 [20 days]) # max-age: 864000 # Which methods to allow (default value: OPTIONS, GET, POST, PUT, DELETE, PATCH) @@ -79,11 +79,11 @@ # login: # Allows to configure the allowed callback urls during login process (default value: *) # '*' is a valid value but is considered as a security risk as it will be opened to open redirection issues. -# allow-redirect-urls: https://am-console.mycompany.com/login/callback +# allow-redirect-urls: https://am-console.gravitee.io/login/callback # logout: # Allows to configure the allowed callback urls during logout process (default value: *) # '*' is a valid value but is considered as a security risk as it will be opened to open redirection issues. -# allow-redirect-urls: https://am-console.mycompany.com/logout/callback +# allow-redirect-urls: https://am-console.gravitee.io/logout/callback # csp: # enabled: true # directives: @@ -356,7 +356,7 @@ gateway: # enabled: false # exclude-hosts: # list of hosts to exclude from proxy (wildcard hosts are supported) # - '*.internal.com' -# - internal.mycompany.com +# - internal.gravitee.io # type: HTTP #HTTP, SOCK4, SOCK5 # http: # host: localhost diff --git a/gravitee-am-policy/gravitee-am-policy-send-email/src/main/java/io/gravitee/am/policy/send/email/configuration/SendEmailPolicyConfiguration.java b/gravitee-am-policy/gravitee-am-policy-send-email/src/main/java/io/gravitee/am/policy/send/email/configuration/SendEmailPolicyConfiguration.java index 93341cea992..0bfff36a6d3 100644 --- a/gravitee-am-policy/gravitee-am-policy-send-email/src/main/java/io/gravitee/am/policy/send/email/configuration/SendEmailPolicyConfiguration.java +++ b/gravitee-am-policy/gravitee-am-policy-send-email/src/main/java/io/gravitee/am/policy/send/email/configuration/SendEmailPolicyConfiguration.java @@ -28,7 +28,7 @@ public class SendEmailPolicyConfiguration implements PolicyConfiguration { */ private String template; /** - * The email's FROM address. Example: no-reply@mycompany.com + * The email's FROM address. Example: no-reply@gravitee.io */ private String from; /** diff --git a/gravitee-am-policy/gravitee-am-policy-send-email/src/main/resources/schemas/schema-form.json b/gravitee-am-policy/gravitee-am-policy-send-email/src/main/resources/schemas/schema-form.json index 56ac9ad7947..25f5f867fef 100644 --- a/gravitee-am-policy/gravitee-am-policy-send-email/src/main/resources/schemas/schema-form.json +++ b/gravitee-am-policy/gravitee-am-policy-send-email/src/main/resources/schemas/schema-form.json @@ -10,7 +10,7 @@ "from" : { "type" : "string", "title": "From", - "description": "The email's FROM address (support freemarker). Example: no-reply@mycompany.com" + "description": "The email's FROM address (support freemarker). Example: no-reply@gravitee.io" }, "fromName" : { "type" : "string", diff --git a/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/EntrypointServiceImpl.java b/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/EntrypointServiceImpl.java index 546f7893f4c..9c0d281e017 100644 --- a/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/EntrypointServiceImpl.java +++ b/gravitee-am-service/src/main/java/io/gravitee/am/service/impl/EntrypointServiceImpl.java @@ -36,6 +36,7 @@ import io.reactivex.rxjava3.core.Single; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Lazy; import org.springframework.stereotype.Component; import org.springframework.util.CollectionUtils; @@ -60,15 +61,18 @@ public class EntrypointServiceImpl implements EntrypointService { private final OrganizationService organizationService; private final AuditService auditService; private final VirtualHostValidator virtualHostValidator; + private final String gatewayUrl; public EntrypointServiceImpl(@Lazy EntrypointRepository entrypointRepository, @Lazy OrganizationService organizationService, AuditService auditService, - VirtualHostValidator virtualHostValidator) { + VirtualHostValidator virtualHostValidator, + @Value("${gateway.url:http://localhost:8092}") String gatewayUrl) { this.entrypointRepository = entrypointRepository; this.organizationService = organizationService; this.auditService = auditService; this.virtualHostValidator = virtualHostValidator; + this.gatewayUrl = gatewayUrl; } @Override @@ -112,7 +116,7 @@ public Flowable createDefaults(Organization organization) { Entrypoint toCreate = new Entrypoint(); toCreate.setName("Default"); toCreate.setDescription("Default entrypoint"); - toCreate.setUrl("https://auth.company.com"); + toCreate.setUrl(gatewayUrl); toCreate.setTags(Collections.emptyList()); toCreate.setOrganizationId(organization.getId()); toCreate.setDefaultEntrypoint(true); @@ -216,4 +220,4 @@ private Completable validate(Entrypoint entrypoint, Entrypoint oldEntrypoint) { return Completable.error(new InvalidEntrypointException("Entrypoint must have a valid url.")); } } -} \ No newline at end of file +} diff --git a/gravitee-am-service/src/test/java/io/gravitee/am/service/EntrypointServiceTest.java b/gravitee-am-service/src/test/java/io/gravitee/am/service/EntrypointServiceTest.java index 0a47a70ac8b..125d2381aa3 100644 --- a/gravitee-am-service/src/test/java/io/gravitee/am/service/EntrypointServiceTest.java +++ b/gravitee-am-service/src/test/java/io/gravitee/am/service/EntrypointServiceTest.java @@ -78,7 +78,7 @@ public class EntrypointServiceTest { @Before public void before() { - cut = new EntrypointServiceImpl(entrypointRepository, organizationService, auditService, virtualHostValidator); + cut = new EntrypointServiceImpl(entrypointRepository, organizationService, auditService, virtualHostValidator, "https://gravitee.io"); } @Test @@ -124,7 +124,7 @@ public void shouldCreateDefaults() { when(organizationService.findById(ORGANIZATION_ID)).thenReturn(Single.just(organization)); when(entrypointRepository.create(any(Entrypoint.class))).thenAnswer(i -> Single.just(i.getArgument(0))); - doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("auth.company.com", null); + doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("gravitee.io", null); TestSubscriber obs = cut.createDefaults(organization).test(); @@ -188,11 +188,11 @@ public void shouldCreate() { newEntrypoint.setName("name"); newEntrypoint.setDescription("description"); newEntrypoint.setTags(Arrays.asList("tag#1", "tags#2")); - newEntrypoint.setUrl("https://auth.company.com"); + newEntrypoint.setUrl("https://auth.gravitee.io"); when(organizationService.findById(ORGANIZATION_ID)).thenReturn(Single.just(organization)); when(entrypointRepository.create(any(Entrypoint.class))).thenAnswer(i -> Single.just(i.getArgument(0))); - doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("auth.company.com", null); + doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("auth.gravitee.io", null); TestObserver obs = cut.create(ORGANIZATION_ID, newEntrypoint, user).test(); obs.awaitDone(10, TimeUnit.SECONDS); @@ -251,12 +251,12 @@ public void shouldUpdate() { updateEntrypoint.setName("name"); updateEntrypoint.setDescription("description"); updateEntrypoint.setTags(Arrays.asList("tag#1", "tags#2")); - updateEntrypoint.setUrl("https://auth.company.com"); + updateEntrypoint.setUrl("https://auth.gravitee.io"); when(organizationService.findById(ORGANIZATION_ID)).thenReturn(Single.just(new Organization())); when(entrypointRepository.findById(ENTRYPOINT_ID, ORGANIZATION_ID)).thenReturn(Maybe.just(existingEntrypoint)); when(entrypointRepository.update(any(Entrypoint.class))).thenAnswer(i -> Single.just(i.getArgument(0))); - doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("auth.company.com", null); + doReturn(true).when(virtualHostValidator).isValidDomainOrSubDomain("auth.gravitee.io", null); TestObserver obs = cut.update(ENTRYPOINT_ID, ORGANIZATION_ID, updateEntrypoint, user).test(); diff --git a/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts b/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts index 41f587b29b9..4e25dbe77ca 100644 --- a/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts +++ b/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts @@ -385,8 +385,50 @@ describe("Flows Execution - authorization_code flow", () => { }); +<<<<<<< HEAD describe("App Flows with New Conditional Flow", () => { const EMAIL_SUBJECT = "Email Send Under Condition" +======= + appFlows.push({ + name: 'Conditionnal Login', + pre: [], + post: [ + { + name: 'HTTP Callout', + policy: 'policy-http-callout', + description: '', + condition: '', + enabled: true, + configuration: JSON.stringify({ + method: 'GET', + fireAndForget: false, + exitOnError: false, + errorCondition: '{#calloutResponse.status >= 400 and #calloutResponse.status <= 599}', + errorStatusCode: 500, + url: `${openIdConfiguration.issuer}/.well-known/openid-configuration`, + variables: [{ value: "{#jsonPath(#calloutResponse.content, '$.jwks_uri')}", name: 'jwks_uri_from_callout' }], + }), + }, + { + name: 'Send email', + policy: 'policy-am-send-email', + description: '', + condition: '', + enabled: true, + configuration: JSON.stringify({ + template: 'TEST JEST', + from: 'no-reply@gravitee.io', + fromName: 'Test', + to: '${user.email}', + subject: EMAIL_SUBJECT, + content: 'jwks_uri', + }), + }, + ], + type: FlowEntityTypeEnum.Login, + condition: "{#request.params['callout'] != null && #request.params['callout'][0].equals('true') }", + }); +>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) it('Define new LOGIN flow with condition - ', async () => { const appFlows = await getApplicationFlows(domain.id, managementApiAccessToken, application.id); diff --git a/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html b/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html index fc60fc0e7bd..00e0011b5f3 100644 --- a/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html +++ b/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html @@ -194,9 +194,17 @@

Call your APIs

Most of your applications require data from APIs. Some of those resources have restricted access, so that only authenticated users with sufficient privileges can access them.

+<<<<<<< HEAD 
curl -X GET \
   https://api.mycompany.com/api/v1/data \
   -H 'Authorization: Bearer access_token'
+======= + 
+curl -X GET \
+  https://api.gravitee.io/api/v1/data \
+  -H 'Authorization: Bearer access_token'
+>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275))

Log the User Out

@@ -262,8 +270,14 @@

Getting an access token

Call your APIs

Use your access_token in your request via the Authorization HTTP header to obtain authorized access to the APIs.

+<<<<<<< HEAD 
curl -X GET \
   https://api.mycompany.com/api/v1/data \
+=======
+            
+curl -X GET \
+  https://api.gravitee.io/api/v1/data \
+>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275))
   -H 'Authorization: Bearer access_token'
diff --git a/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html b/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html index edbfe5b5cf7..63c2b42157e 100644 --- a/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html +++ b/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html @@ -36,8 +36,22 @@

{{emailName}}

From +<<<<<<< HEAD The email's FROM address. Example: no-reply@mycompany.com +======= + + The email's FROM address. Example: no-reply@gravitee.io +>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) From name diff --git a/helm/README.adoc b/helm/README.adoc index 9900657b5ed..ab9f57eb340 100644 --- a/helm/README.adoc +++ b/helm/README.adoc @@ -229,7 +229,7 @@ httpClient: enabled: false exclude-hosts: # list of hosts to exclude from proxy (wildcard hosts are supported) - '*.internal.com' - - internal.mycompany.com + - internal.gravitee.io type: HTTP #HTTP, SOCK4, SOCK5 http: host: localhost @@ -715,7 +715,7 @@ httpClient: === Gravitee.io Alert trigger & settings -When alerts are enabled, you may want to define your own settings the alert triggers and for the risk_assessment settings. +When alerts are enabled, you may want to define your own settings the alert triggers and for the risk_assessment settings. To do so, you wan define triggers and settings under the alerts section of the values.yaml. diff --git a/helm/README.md b/helm/README.md index 63f82910f7f..767b64113a5 100644 --- a/helm/README.md +++ b/helm/README.md @@ -161,7 +161,7 @@ httpClient: enabled: false exclude-hosts: # list of hosts to exclude from proxy (wildcard hosts are supported) - '*.internal.com' - - internal.mycompany.com + - internal.gravitee.io type: HTTP #HTTP, SOCK4, SOCK5 http: host: localhost diff --git a/helm/tests/api-configmap_test.yaml b/helm/tests/api-configmap_test.yaml index 17b05224ee8..c751343a24e 100644 --- a/helm/tests/api-configmap_test.yaml +++ b/helm/tests/api-configmap_test.yaml @@ -255,7 +255,7 @@ tests: pattern: "[ ]{2}clientAuth: true" - matchRegex: path: data.[gravitee.yml] - pattern: "[ ]{3}type: jks" + pattern: "[ ]{3}type: jks" - matchRegex: path: data.[gravitee.yml] pattern: "[ ]{3}path: /keystore/path" @@ -264,7 +264,7 @@ tests: pattern: "[ ]{3}password: \\\"keystorePassword\\\"" - matchRegex: path: data.[gravitee.yml] - pattern: "[ ]{3}type: pem" + pattern: "[ ]{3}type: pem" - matchRegex: path: data.[gravitee.yml] pattern: "[ ]{3}path: /truststore/path" @@ -310,14 +310,14 @@ tests: - it: should set userManagement activity set: - userManagement.activity.enabled: true + userManagement.activity.enabled: true userManagement.activity.anon.algorithm: SHA512 userManagement.activity.anon.salt: someSalt userManagement.activity.retention.time: 12 userManagement.activity.retention.unit: WEEKS userManagement.activity.geolocation.variation.latitude: 0.09 userManagement.activity.geolocation.variation.longitude: 0.07 - + asserts: - hasDocuments: count: 1 @@ -344,7 +344,7 @@ tests: - matchRegex: path: data.[gravitee.yml] pattern: "[ ]{5}longitude: 0.07" - + - it: should set default alert engine values disabled asserts: @@ -402,7 +402,7 @@ tests: - /path/to/keystore1.cert - /path/to/keystore2.cert - /path/to/keystore3.cert - alerts.options.ssl.keystore.keys: + alerts.options.ssl.keystore.keys: - /path/to/keystore1.pem - /path/to/keystore2.pem - /path/to/keystore3.pem @@ -412,19 +412,19 @@ tests: alerts.security.enabled: true alerts.security.username: a_username alerts.security.password: a_password - alerts.endpoints: + alerts.endpoints: - https://www.host1.com - https://www.host2.com alerts.engines.default.security.username: a_default_username alerts.engines.default.security.password: a_default_password - alerts.engines.default.endpoints: + alerts.engines.default.endpoints: - https://www.default.host1.com - https://www.default.host2.com alerts.engines.default.ssl.keystore.certs: - /path/to/default/keystore1.cert - /path/to/default/keystore2.cert - /path/to/default/keystore3.cert - alerts.engines.default.ssl.keystore.keys: + alerts.engines.default.ssl.keystore.keys: - /path/to/default/keystore1.pem - /path/to/default/keystore2.pem - /path/to/default/keystore3.pem @@ -435,7 +435,7 @@ tests: alerts.engines.default.ssl.truststore.path: /path/to/default/keystore.p12 alerts.engines.default.ssl.truststore.password: default_changeme_p12 - + asserts: - hasDocuments: count: 1 @@ -579,3 +579,97 @@ tests: - matchRegex: path: data.[gravitee.yml] pattern: "[ ]{12}- /path/to/default/keystore3.pem" +<<<<<<< HEAD +======= + + + - it: should set allowed from + set: + smtp: + allowedfrom: + - email@from + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchRegex: + path: data.[gravitee.yml] + pattern: " *email:\n + * allowedfrom:\n + * - email@from\n + * enabled: true" + + - it: should set allowed from with custom values + set: + smtp: + allowedfrom: + - '*@gravitee.io' + - specific@email.com + enabled: true + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchRegex: + path: data.[gravitee.yml] + pattern: " *email:\n + * allowedfrom:\n + * - '\\*@gravitee\\.io'\n + * - specific@email\\.com\n + * enabled: true" + + - it: should set kubernetes secret config + set: + secrets.kubernetes.enabled: false + secrets.kubernetes.namespace: install-space + secrets.kubernetes.kubeConfigFile: /config/context + secrets.kubernetes.timeoutMS: 400 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchRegex: + path: data.[gravitee.yml] + pattern: | + secrets: + kubernetes: + enabled: false + kubeConfigFile: /config/context + namespace: install-space + timeoutMS: 400 + + - it: should set default client secret hashing method + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchRegex: + path: data.[gravitee.yml] + pattern: | + applications: + secret: + algorithm: None + + - it: should set custom client secret hashing method + set: + applications.secret.algorithm: BCrypt + applications.secret.properties.rounds: 10 + asserts: + - hasDocuments: + count: 1 + - isKind: + of: ConfigMap + - matchRegex: + path: data.[gravitee.yml] + pattern: | + applications: + secret: + algorithm: BCrypt + properties: + rounds: 10 +>>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) diff --git a/helm/values.yaml b/helm/values.yaml index 4310a1da36b..b460b82a8df 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -45,7 +45,7 @@ chaos: # enabled: false # exclude-hosts: # list of hosts to exclude from proxy (wildcard hosts are supported) # - '*.internal.com' -# - internal.mycompany.com +# - internal.gravitee.io # type: HTTP #HTTP, SOCK4, SOCK5 # http: # host: localhost From e63ceb392859791504912c7086b8e5a9effa217c Mon Sep 17 00:00:00 2001 From: mstasgravitee Date: Thu, 14 Dec 2023 12:46:45 +0100 Subject: [PATCH 2/2] fix conflicts --- .../src/main/resources/config/gravitee.yml | 17 ---- .../specs/gateway/flow-execution.jest.spec.ts | 63 +++---------- .../overview/overview.component.html | 10 -- .../emails/email/email.component.html | 14 --- helm/tests/api-configmap_test.yaml | 94 ------------------- 5 files changed, 11 insertions(+), 187 deletions(-) diff --git a/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml b/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml index 8e5a3910890..a95b8f4501d 100644 --- a/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml +++ b/gravitee-am-gateway/gravitee-am-gateway-standalone/gravitee-am-gateway-standalone-distribution/src/main/resources/config/gravitee.yml @@ -100,11 +100,6 @@ # - "style-src 'self' 'unsafe-inline';" # - "frame-ancestors 'none';" # - "frame-src 'self' https://www.google.com;" -<<<<<<< HEAD -======= -# - "report-uri 'self' http://report-csp.gravitee.io;" # if reportOnly is true, use this callback URL to report -# - "report-to 'self' 'security@gravitee.io';" # if reportOnly is true, use this email to report ->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) # # xframe section allows to activate the X-Frame-Options header # # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options # # if not action (DENY or SAMEORIGIN) is specified, the X-Frame-Options header will no be set into the response @@ -446,15 +441,3 @@ liquibase: # limit: 5 # timePeriod: 15 # timeUnit: Minutes -<<<<<<< HEAD -======= - -#applications: -# secret: -# # Algorithms used to hash the client secret. -# # Can be one of : -# # "PBKDF2", "BCrypt", "SHA-512", "SHA-256", "None" -# algorithm: None -# properties: -# rounds: 10 ->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) diff --git a/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts b/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts index 4e25dbe77ca..a88c7441297 100644 --- a/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts +++ b/gravitee-am-test/specs/gateway/flow-execution.jest.spec.ts @@ -23,9 +23,9 @@ import {createDomain, deleteDomain, getDomainFlows, startDomain, updateDomainFlo import {getAllIdps} from "@management-commands/idp-management-commands"; import {createUser} from "@management-commands/user-management-commands"; import { - createApplication, - getApplicationFlows, - patchApplication, + createApplication, + getApplicationFlows, + patchApplication, updateApplication, updateApplicationFlows } from "@management-commands/application-management-commands"; @@ -62,7 +62,7 @@ beforeAll(async () => { const adminTokenResponse = await requestAdminAccessToken(); managementApiAccessToken = adminTokenResponse.body.access_token; expect(managementApiAccessToken).toBeDefined(); - + const createdDomain = await createDomain(managementApiAccessToken, "jest-flow-exec", "test end-user logout"); expect(createdDomain).toBeDefined(); expect(createdDomain.id).toBeDefined(); @@ -70,7 +70,7 @@ beforeAll(async () => { await startDomain(domain.id, managementApiAccessToken); - // Create the application + // Create the application const idpSet = await getAllIdps(domain.id, managementApiAccessToken); application = await createApplication(domain.id, managementApiAccessToken, { "name": "my-client", @@ -96,13 +96,13 @@ beforeAll(async () => { const result = await getWellKnownOpenIdConfiguration(domain.hrid).expect(200); openIdConfiguration = result.body - expect(openIdConfiguration).toBeDefined(); + expect(openIdConfiguration).toBeDefined(); }); describe("Flows Execution - authorization_code flow", () => { describe("Only Domain Flows", () => { - + it('Define Domain flows', async () => { const flows = await getDomainFlows(domain.id, managementApiAccessToken); // Define Groovy policy set attribute into the context on ALL flow @@ -237,7 +237,7 @@ describe("Flows Execution - authorization_code flow", () => { }); describe("App Flows", () => { - + it('Define ALL flow - ', async () => { const flows = await getApplicationFlows(domain.id, managementApiAccessToken, application.id); // Define Groovy policy set attribute into the context on ALL flow @@ -330,7 +330,7 @@ describe("Flows Execution - authorization_code flow", () => { const tokenResponse = await requestToken(application, openIdConfiguration, postLoginRedirect) const accessToken = assertGeneratedTokenAndGet(tokenResponse.body); - + const JWT = decodeJwt(accessToken); expect(JWT['domain-groovy-from-profile']).toBeDefined(); expect(JWT['domain-groovy-from-profile']).toEqual("domainRootInfoUpdated"); @@ -385,50 +385,9 @@ describe("Flows Execution - authorization_code flow", () => { }); -<<<<<<< HEAD + describe("App Flows with New Conditional Flow", () => { const EMAIL_SUBJECT = "Email Send Under Condition" -======= - appFlows.push({ - name: 'Conditionnal Login', - pre: [], - post: [ - { - name: 'HTTP Callout', - policy: 'policy-http-callout', - description: '', - condition: '', - enabled: true, - configuration: JSON.stringify({ - method: 'GET', - fireAndForget: false, - exitOnError: false, - errorCondition: '{#calloutResponse.status >= 400 and #calloutResponse.status <= 599}', - errorStatusCode: 500, - url: `${openIdConfiguration.issuer}/.well-known/openid-configuration`, - variables: [{ value: "{#jsonPath(#calloutResponse.content, '$.jwks_uri')}", name: 'jwks_uri_from_callout' }], - }), - }, - { - name: 'Send email', - policy: 'policy-am-send-email', - description: '', - condition: '', - enabled: true, - configuration: JSON.stringify({ - template: 'TEST JEST', - from: 'no-reply@gravitee.io', - fromName: 'Test', - to: '${user.email}', - subject: EMAIL_SUBJECT, - content: 'jwks_uri', - }), - }, - ], - type: FlowEntityTypeEnum.Login, - condition: "{#request.params['callout'] != null && #request.params['callout'][0].equals('true') }", - }); ->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275)) it('Define new LOGIN flow with condition - ', async () => { const appFlows = await getApplicationFlows(domain.id, managementApiAccessToken, application.id); @@ -463,7 +422,7 @@ describe("Flows Execution - authorization_code flow", () => { "configuration": JSON.stringify({ template: "TEST JEST", from:"no-reply@mycompany.com", - fromName: "Test", + fromName: "Test", to: "${user.email}", subject:EMAIL_SUBJECT, content:"jwks_uri" diff --git a/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html b/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html index 00e0011b5f3..d2abe3e5738 100644 --- a/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html +++ b/gravitee-am-ui/src/app/domain/applications/application/overview/overview.component.html @@ -194,17 +194,11 @@

Call your APIs

Most of your applications require data from APIs. Some of those resources have restricted access, so that only authenticated users with sufficient privileges can access them.

-<<<<<<< HEAD - 
curl -X GET \
-  https://api.mycompany.com/api/v1/data \
-  -H 'Authorization: Bearer access_token'
-======= 
 curl -X GET \
   https://api.gravitee.io/api/v1/data \
   -H 'Authorization: Bearer access_token'
->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275))

Log the User Out

@@ -270,10 +264,6 @@

Getting an access token

Call your APIs

Use your access_token in your request via the Authorization HTTP header to obtain authorized access to the APIs.

-<<<<<<< HEAD - 
curl -X GET \
-  https://api.mycompany.com/api/v1/data \
-=======
             
 curl -X GET \
   https://api.gravitee.io/api/v1/data \
diff --git a/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html b/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html
index 63c2b42157e..ee2351af099 100644
--- a/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html
+++ b/gravitee-am-ui/src/app/domain/components/emails/email/email.component.html
@@ -36,22 +36,8 @@ 
{{emailName}}

     

       
         From
-<<<<<<< HEAD
         
-        The email's FROM address. Example: no-reply@mycompany.com
-=======
-        
         The email's FROM address. Example: no-reply@gravitee.io
->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275))
       
       
         From name
diff --git a/helm/tests/api-configmap_test.yaml b/helm/tests/api-configmap_test.yaml
index c751343a24e..b8ef4159a38 100644
--- a/helm/tests/api-configmap_test.yaml
+++ b/helm/tests/api-configmap_test.yaml
@@ -579,97 +579,3 @@ tests:
       - matchRegex:
           path: data.[gravitee.yml]
           pattern: "[ ]{12}- /path/to/default/keystore3.pem"
-<<<<<<< HEAD
-=======
-
-
-  - it: should set allowed from
-    set:
-      smtp:
-        allowedfrom:
-          - email@from
-        enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - isKind:
-          of: ConfigMap
-      - matchRegex:
-          path: data.[gravitee.yml]
-          pattern: " *email:\n
-                     *  allowedfrom:\n
-                     *  - email@from\n
-                     *  enabled: true"
-
-  - it: should set allowed from with custom values
-    set:
-      smtp:
-        allowedfrom:
-          - '*@gravitee.io'
-          - specific@email.com
-        enabled: true
-    asserts:
-      - hasDocuments:
-          count: 1
-      - isKind:
-          of: ConfigMap
-      - matchRegex:
-          path: data.[gravitee.yml]
-          pattern: " *email:\n
-                     *  allowedfrom:\n
-                     *  - '\\*@gravitee\\.io'\n
-                     *  - specific@email\\.com\n
-                     *  enabled: true"
-
-  - it: should set kubernetes secret config
-    set:
-      secrets.kubernetes.enabled: false
-      secrets.kubernetes.namespace: install-space
-      secrets.kubernetes.kubeConfigFile: /config/context
-      secrets.kubernetes.timeoutMS: 400
-    asserts:
-      - hasDocuments:
-          count: 1
-      - isKind:
-          of: ConfigMap
-      - matchRegex:
-          path: data.[gravitee.yml]
-          pattern: |
-            secrets:
-              kubernetes:
-                enabled: false
-                kubeConfigFile: /config/context
-                namespace: install-space
-                timeoutMS: 400
-
-  - it: should set default client secret hashing method
-    asserts:
-      - hasDocuments:
-          count: 1
-      - isKind:
-          of: ConfigMap
-      - matchRegex:
-          path: data.[gravitee.yml]
-          pattern: |
-            applications:
-              secret:
-                algorithm: None
-
-  - it: should set custom client secret hashing method
-    set:
-      applications.secret.algorithm: BCrypt
-      applications.secret.properties.rounds: 10
-    asserts:
-      - hasDocuments:
-          count: 1
-      - isKind:
-          of: ConfigMap
-      - matchRegex:
-          path: data.[gravitee.yml]
-          pattern: |
-            applications:
-              secret:
-                algorithm: BCrypt
-                properties:
-                  rounds: 10
->>>>>>> 12c6efa872 (AM-688: Do not refer to company.com (#3275))