From e55e67dcfc512be8cd7ec4a697a52740fbb52d2c Mon Sep 17 00:00:00 2001 From: Hung Nguyen Date: Wed, 20 Dec 2023 11:37:17 -0500 Subject: [PATCH] updating enterprise oauth keys and config Signed-off-by: Hung Nguyen --- stable/enterprise/Chart.yaml | 2 +- stable/enterprise/README.md | 13 ++++++++++--- stable/enterprise/files/default_config.yaml | 6 +++--- .../tests/__snapshot__/configmap_test.yaml.snap | 6 +++--- stable/enterprise/values.yaml | 12 ++++++------ 5 files changed, 23 insertions(+), 16 deletions(-) diff --git a/stable/enterprise/Chart.yaml b/stable/enterprise/Chart.yaml index 543b6c4a..6dc9c1bc 100644 --- a/stable/enterprise/Chart.yaml +++ b/stable/enterprise/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: enterprise -version: "2.1.2" +version: "2.2.0" appVersion: "5.1.0" kubeVersion: 1.23.x - 1.28.x || 1.23.x-x - 1.28.x-x description: | diff --git a/stable/enterprise/README.md b/stable/enterprise/README.md index 57270882..be0caaf4 100644 --- a/stable/enterprise/README.md +++ b/stable/enterprise/README.md @@ -992,9 +992,9 @@ This rollback procedure is designed to revert your environment to its pre-migrat | `anchoreConfig.user_authentication.oauth.enabled` | Enable OAuth for Anchore user authentication | `true` | | `anchoreConfig.user_authentication.oauth.default_token_expiration_seconds` | The expiration, in seconds, for OAuth tokens | `3600` | | `anchoreConfig.user_authentication.oauth.refresh_token_expiration_seconds` | The expiration, in seconds, for OAuth refresh tokens | `86400` | -| `anchoreConfig.user_authentication.oauth.allow_api_keys_for_saml_users` | Enable API key generation and authentication for SAML users | `false` | -| `anchoreConfig.user_authentication.oauth.max_api_key_age_days` | The maximum age, in days, for API keys | `365` | -| `anchoreConfig.user_authentication.oauth.max_api_keys_per_user` | The maximum number of API keys per user | `100` | +| `anchoreConfig.user_authentication.allow_api_keys_for_saml_users` | Enable API key generation and authentication for SAML users | `false` | +| `anchoreConfig.user_authentication.max_api_key_age_days` | The maximum age, in days, for API keys | `365` | +| `anchoreConfig.user_authentication.max_api_keys_per_user` | The maximum number of API keys per user | `100` | | `anchoreConfig.user_authentication.hashed_passwords` | Enable storing passwords as secure hashes in the database | `true` | | `anchoreConfig.user_authentication.sso_require_existing_users` | set to true in order to disable the SSO JIT provisioning during authentication | `false` | | `anchoreConfig.metrics.enabled` | Enable Prometheus metrics for all Anchore services | `false` | @@ -1350,6 +1350,13 @@ For the latest updates and features in Anchore Enterprise, see the official [Rel - **Minor Chart Version Change (e.g., v0.1.2 -> v0.2.0)**: Indicates a significant change to the deployment that does not require manual intervention. - **Patch Chart Version Change (e.g., v0.1.2 -> v0.1.3)**: Indicates a backwards-compatible bug fix or documentation update. +### V2.2.0 + +- The following keys were changed: + 1. anchoreConfig.user_authentication.oauth.allow_api_keys_for_saml_users -> anchoreConfig.user_authentication.allow_api_keys_for_saml_users + 2. anchoreConfig.user_authentication.oauth.max_api_key_age_days -> anchoreConfig.user_authentication.max_api_key_age_days + 3. anchoreConfig.user_authentication.oauth.max_api_keys_per_user -> anchoreConfig.user_authentication.max_api_keys_per_user + ### V2.1.0 - Deploys Anchore Enterprise v5.1.0. See the [Release Notes](https://docs.anchore.com/current/docs/releasenotes/510/) for more information. diff --git a/stable/enterprise/files/default_config.yaml b/stable/enterprise/files/default_config.yaml index 3058bab5..55268bf8 100644 --- a/stable/enterprise/files/default_config.yaml +++ b/stable/enterprise/files/default_config.yaml @@ -40,9 +40,9 @@ user_authentication: enabled: ${ANCHORE_OAUTH_ENABLED} default_token_expiration_seconds: ${ANCHORE_OAUTH_TOKEN_EXPIRATION} refresh_token_expiration_seconds: ${ANCHORE_OAUTH_REFRESH_TOKEN_EXPIRATION} - allow_api_keys_for_saml_users: {{ .Values.anchoreConfig.user_authentication.oauth.allow_api_keys_for_saml_users }} - max_api_key_age_days: {{ .Values.anchoreConfig.user_authentication.oauth.max_api_key_age_days }} - max_api_keys_per_user: {{ .Values.anchoreConfig.user_authentication.oauth.max_api_keys_per_user }} + allow_api_keys_for_saml_users: {{ .Values.anchoreConfig.user_authentication.allow_api_keys_for_saml_users }} + max_api_key_age_days: {{ .Values.anchoreConfig.user_authentication.max_api_key_age_days }} + max_api_keys_per_user: {{ .Values.anchoreConfig.user_authentication.max_api_keys_per_user }} credentials: database: diff --git a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap index 9128d237..1364e8c8 100644 --- a/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap +++ b/stable/enterprise/tests/__snapshot__/configmap_test.yaml.snap @@ -87,9 +87,9 @@ should render the configmaps: enabled: ${ANCHORE_OAUTH_ENABLED} default_token_expiration_seconds: ${ANCHORE_OAUTH_TOKEN_EXPIRATION} refresh_token_expiration_seconds: ${ANCHORE_OAUTH_REFRESH_TOKEN_EXPIRATION} - allow_api_keys_for_saml_users: false - max_api_key_age_days: 365 - max_api_keys_per_user: 100 + allow_api_keys_for_saml_users: false + max_api_key_age_days: 365 + max_api_keys_per_user: 100 credentials: database: diff --git a/stable/enterprise/values.yaml b/stable/enterprise/values.yaml index 8a75ce32..2c7a94b0 100644 --- a/stable/enterprise/values.yaml +++ b/stable/enterprise/values.yaml @@ -233,10 +233,10 @@ anchoreConfig: ## @param anchoreConfig.user_authentication.oauth.enabled Enable OAuth for Anchore user authentication ## @param anchoreConfig.user_authentication.oauth.default_token_expiration_seconds The expiration, in seconds, for OAuth tokens ## @param anchoreConfig.user_authentication.oauth.refresh_token_expiration_seconds The expiration, in seconds, for OAuth refresh tokens - ## @param anchoreConfig.user_authentication.oauth.allow_api_keys_for_saml_users Enable API key generation and authentication for SAML users + ## @param anchoreConfig.user_authentication.allow_api_keys_for_saml_users Enable API key generation and authentication for SAML users ## NOTE: Enterprise cannot automatically revoke or delete keys for disabled SAML users, the admin must revoke all keys assigned to a SAML user after disabling that user. - ## @param anchoreConfig.user_authentication.oauth.max_api_key_age_days The maximum age, in days, for API keys - ## @param anchoreConfig.user_authentication.oauth.max_api_keys_per_user The maximum number of API keys per user + ## @param anchoreConfig.user_authentication.max_api_key_age_days The maximum age, in days, for API keys + ## @param anchoreConfig.user_authentication.max_api_keys_per_user The maximum number of API keys per user ## ref: https://docs.anchore.com/current/docs/installation/configuration/user_credential_storage/#bearer-tokensoauth2 ## ## @param anchoreConfig.user_authentication.hashed_passwords Enable storing passwords as secure hashes in the database @@ -252,9 +252,9 @@ anchoreConfig: enabled: true default_token_expiration_seconds: 3600 refresh_token_expiration_seconds: 86400 - allow_api_keys_for_saml_users: false - max_api_key_age_days: 365 - max_api_keys_per_user: 100 + allow_api_keys_for_saml_users: false + max_api_key_age_days: 365 + max_api_keys_per_user: 100 hashed_passwords: true sso_require_existing_users: false