From 74a637cab51c147e80e1f76de01591348d406f8f Mon Sep 17 00:00:00 2001 From: Pascal Fischer Date: Wed, 27 Sep 2023 16:06:22 +0200 Subject: [PATCH 1/4] add all available parameters to the management.json template file --- infrastructure_files/management.json.tmpl | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/infrastructure_files/management.json.tmpl b/infrastructure_files/management.json.tmpl index e74b93b32ac..3f46380e2d8 100644 --- a/infrastructure_files/management.json.tmpl +++ b/infrastructure_files/management.json.tmpl @@ -27,6 +27,7 @@ "Password": null }, "Datadir": "", + "DataStoreEncryptionKey": "", "HttpConfig": { "Address": "0.0.0.0:$NETBIRD_MGMT_API_PORT", "AuthIssuer": "$NETBIRD_AUTH_AUTHORITY", @@ -35,6 +36,8 @@ "AuthUserIDClaim": "$NETBIRD_AUTH_USER_ID_CLAIM", "CertFile":"$NETBIRD_MGMT_API_CERT_FILE", "CertKey":"$NETBIRD_MGMT_API_CERT_KEY_FILE", + "IdpSignKeyRefreshEnabled": false, + "LetsEncryptDomain": "", "OIDCConfigEndpoint":"$NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT" }, "IdpManagerConfig": { @@ -46,18 +49,25 @@ "ClientSecret": "$NETBIRD_IDP_MGMT_CLIENT_SECRET", "GrantType": "client_credentials" }, - "ExtraConfig": $NETBIRD_IDP_MGMT_EXTRA_CONFIG + "ExtraConfig": $NETBIRD_IDP_MGMT_EXTRA_CONFIG, + "Auth0ClientCredentials": null, + "AzureClientCredentials": null, + "KeycloakClientCredentials": null, + "ZitadelClientCredentials": null }, "DeviceAuthorizationFlow": { "Provider": "$NETBIRD_AUTH_DEVICE_AUTH_PROVIDER", "ProviderConfig": { "Audience": "$NETBIRD_AUTH_DEVICE_AUTH_AUDIENCE", + "AuthorizationEndpoint": "", "Domain": "$NETBIRD_AUTH0_DOMAIN", "ClientID": "$NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID", + "ClientSecret": "", "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT", "DeviceAuthEndpoint": "$NETBIRD_AUTH_DEVICE_AUTH_ENDPOINT", "Scope": "$NETBIRD_AUTH_DEVICE_AUTH_SCOPE", - "UseIDToken": $NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN + "UseIDToken": $NETBIRD_AUTH_DEVICE_AUTH_USE_ID_TOKEN, + "RedirectURLs": null } }, "PKCEAuthorizationFlow": { @@ -65,11 +75,13 @@ "Audience": "$NETBIRD_AUTH_AUDIENCE", "ClientID": "$NETBIRD_AUTH_CLIENT_ID", "ClientSecret": "$NETBIRD_AUTH_CLIENT_SECRET", + "Domain": "", "AuthorizationEndpoint": "$NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT", "TokenEndpoint": "$NETBIRD_AUTH_TOKEN_ENDPOINT", "Scope": "$NETBIRD_AUTH_SUPPORTED_SCOPES", "RedirectURLs": [$NETBIRD_AUTH_PKCE_REDIRECT_URLS], - "UseIDToken": $NETBIRD_AUTH_PKCE_USE_ID_TOKEN + "UseIDToken": $NETBIRD_AUTH_PKCE_USE_ID_TOKEN, + "RedirectURLs": null } } } From 504d8f302d91ff121056b751350b4921aea12c4d Mon Sep 17 00:00:00 2001 From: Maycon Santos Date: Thu, 19 Oct 2023 19:22:53 +0200 Subject: [PATCH 2/4] adjust test order --- .github/workflows/test-infrastructure-files.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/test-infrastructure-files.yml b/.github/workflows/test-infrastructure-files.yml index ce6f0b75aee..5774446c057 100644 --- a/.github/workflows/test-infrastructure-files.yml +++ b/.github/workflows/test-infrastructure-files.yml @@ -114,9 +114,9 @@ jobs: grep -A 2 PKCEAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE grep -A 3 PKCEAuthorizationFlow management.json | grep -A 2 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID grep -A 4 PKCEAuthorizationFlow management.json | grep -A 3 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET - grep -A 5 PKCEAuthorizationFlow management.json | grep -A 4 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT - grep -A 6 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT - grep -A 7 PKCEAuthorizationFlow management.json | grep -A 6 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES" + grep -A 5 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT + grep -A 6 PKCEAuthorizationFlow management.json | grep -A 7 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT + grep -A 7 PKCEAuthorizationFlow management.json | grep -A 7 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES" - name: Install modules run: go mod tidy From b410f2768259e141fffbd06e463c6b1f60df4f2d Mon Sep 17 00:00:00 2001 From: Maycon Santos Date: Thu, 19 Oct 2023 19:25:39 +0200 Subject: [PATCH 3/4] check management and signal --- .github/workflows/test-infrastructure-files.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/test-infrastructure-files.yml b/.github/workflows/test-infrastructure-files.yml index 5774446c057..5f59345502f 100644 --- a/.github/workflows/test-infrastructure-files.yml +++ b/.github/workflows/test-infrastructure-files.yml @@ -8,6 +8,8 @@ on: paths: - 'infrastructure_files/**' - '.github/workflows/test-infrastructure-files.yml' + - 'management/cmd/**' + - 'signal/cmd/**' concurrency: group: ${{ github.workflow }}-${{ github.ref }}-${{ github.head_ref || github.actor_id }} From 66995d368bc4ca4fa17b3155f40d13c1f8106636 Mon Sep 17 00:00:00 2001 From: Maycon Santos Date: Thu, 19 Oct 2023 19:31:41 +0200 Subject: [PATCH 4/4] print all PKCEAuthorizationFlow --- .github/workflows/test-infrastructure-files.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/test-infrastructure-files.yml b/.github/workflows/test-infrastructure-files.yml index 5f59345502f..29f868a646c 100644 --- a/.github/workflows/test-infrastructure-files.yml +++ b/.github/workflows/test-infrastructure-files.yml @@ -113,12 +113,12 @@ jobs: grep -A 5 IdpManagerConfig management.json | grep -A 3 ClientConfig | grep ClientID | grep $CI_NETBIRD_IDP_MGMT_CLIENT_ID grep -A 6 IdpManagerConfig management.json | grep -A 4 ClientConfig | grep ClientSecret | grep $CI_NETBIRD_IDP_MGMT_CLIENT_SECRET grep -A 7 IdpManagerConfig management.json | grep -A 5 ClientConfig | grep GrantType | grep client_credentials - grep -A 2 PKCEAuthorizationFlow management.json | grep -A 1 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE - grep -A 3 PKCEAuthorizationFlow management.json | grep -A 2 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID - grep -A 4 PKCEAuthorizationFlow management.json | grep -A 3 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET - grep -A 5 PKCEAuthorizationFlow management.json | grep -A 5 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT - grep -A 6 PKCEAuthorizationFlow management.json | grep -A 7 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT - grep -A 7 PKCEAuthorizationFlow management.json | grep -A 7 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES" + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Audience | grep $CI_NETBIRD_AUTH_AUDIENCE + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientID | grep $CI_NETBIRD_AUTH_CLIENT_ID + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep ClientSecret | grep $CI_NETBIRD_AUTH_CLIENT_SECRET + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep AuthorizationEndpoint | grep $CI_NETBIRD_AUTH_PKCE_AUTHORIZATION_ENDPOINT + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep TokenEndpoint | grep $CI_NETBIRD_AUTH_TOKEN_ENDPOINT + grep -A 10 PKCEAuthorizationFlow management.json | grep -A 10 ProviderConfig | grep Scope | grep "$CI_NETBIRD_AUTH_SUPPORTED_SCOPES" - name: Install modules run: go mod tidy