Merge pull request 'Sprint-6 : Update for compatibility with new symfony containers' (#51 ) from rm-default-configs into unstable

Reviewed-on: #51 Reviewed-by: vfebvre <vfebvre@cadoles.com>
fix(security): bump alpine version to fix vulnerabilities
2025-05-12 13:26:29 +02:00 · 2025-05-12 13:25:39 +02:00 · 2025-05-12 13:25:39 +02:00 · 2025-05-12 13:25:37 +02:00 · 2025-05-12 13:24:54 +02:00 · 2025-05-12 13:24:54 +02:00
12 changed files with 32 additions and 74 deletions
--- a/components/hydra-cnpg-database/patches/hydra-deployment.yaml
+++ b/components/hydra-cnpg-database/patches/hydra-deployment.yaml
@ -26,4 +26,4 @@
  path: "/spec/template/spec/containers/0/env/-"
  value:
    name: DSN
-    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable&max_conns=$(HYDRA_DATABASE_MAX_CONN)"
+    value: "postgres://$(HYDRA_DATABASE_USER):$(HYDRA_DATABASE_PASSWORD)@$(HYDRA_DATABASE_SERVICE_NAME):5432/hydra?sslmode=disable&max_conns=$(HYDRA_DATABASE_MAX_CONN)&max_idle_conns=$(HYDRA_DATABASE_MAX_IDLE_CONNS)&max_conn_lifetime=$(HYDRA_DATABASE_MAX_CONN_LIFETIME)&max_conn_idle_time=$(HYDRA_DATABASE_MAX_CONN_IDLE_TIME)&connect_timeout=$(HYDRA_DATABASE_CONNECT_TIMEOUT)"
--- a/components/hydra-oidc/resources/hydra-oidc-deployment.yaml
+++ b/components/hydra-oidc/resources/hydra-oidc-deployment.yaml
@ -18,7 +18,7 @@ spec:
    spec:
      containers:
      - name: hydra-oidc-php-fpm
-        image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
+        image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.5.12-develop.1308.4d1b0a4
        imagePullPolicy: IfNotPresent
        args: ["/usr/sbin/php-fpm81", "-F", "-e"]
        readinessProbe:
@ -45,6 +45,9 @@ spec:
        envFrom:
          - configMapRef:
              name: hydra-oidc-env
        volumeMounts:
          - name: oidc-tmp
            mountPath: /tmp
        resources: {}
        securityContext:
          runAsNonRoot: true
@ -52,7 +55,7 @@ spec:
          runAsUser: 1000
      - name: hydra-oidc-caddy
-        image: reg.cadoles.com/cadoles/hydra-oidc-base:2024.4.2-develop.1349.c4711f6
+        image: reg.cadoles.com/cadoles/hydra-oidc-base:2025.5.12-develop.1308.4d1b0a4
        imagePullPolicy: IfNotPresent
        args:
          [
@ -100,3 +103,7 @@ spec:
          runAsGroup: 1000
          runAsUser: 1000
      restartPolicy: Always
      volumes:
        - name: oidc-tmp
          emptyDir:
            medium: Memory
--- a/components/hydra-saml/files/hydra/saml.yaml
+++ b/components/hydra-saml/files/hydra/saml.yaml
@ -20,11 +20,3 @@ hydra:
        eduPersonAffiliation:
          rules:
          - "property_exists(consent.session.id_token, 'eduPersonAffiliation') ? consent.session.id_token.eduPersonAffiliation : null"
  firewall:
    rules:
      email:
        required: false
      uid:
        required: false
      eduPersonAffiliation:
        required: false
--- a/components/hydra-sql/files/sql_login.yaml
+++ b/components/hydra-sql/files/sql_login.yaml
@ -1,7 +0,0 @@
 sql_login:
  login_column_name: mail
  password_column_name: password
  salt_column_name: salt
  table_name: user
  data_to_fetch:
  - mail
--- a/components/hydra-sql/kustomization.yaml
+++ b/components/hydra-sql/kustomization.yaml
@ -24,9 +24,9 @@ configMapGenerator:
  - DB_PASSWORD="makeMeASecret"
  - REDIS_DSN="redis://redis:6379"
  - PEPPER="MakeMeABigSecret"
- name: sql-login-config
+  - ALTCHA_HOST=http://altcha:3333
-  files:
+  - ALTCHA_BASE_URL=/altcha
-  - ./files/sql_login.yaml
+  - ALTCHA_ENABLED=true
 - name: hydra-sql-php-ini
  files:
  - ./files/03_base.ini
--- a/components/hydra-sql/resources/hydra-sql-deployment.yaml
+++ b/components/hydra-sql/resources/hydra-sql-deployment.yaml
@ -21,7 +21,7 @@ spec:
    spec:
      containers:
      - name: hydra-sql-fpm
-        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.3.7-develop.1415.7239d84
+        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.5.12-develop.1303.64d1c1c
        imagePullPolicy: IfNotPresent
        args: ["/usr/sbin/php-fpm81", "-F", "-e"]
        readinessProbe:
@ -60,15 +60,14 @@ spec:
        - name: OPCACHE_REVALIDATE_FREQ
          value: "0"
        volumeMounts:
        - name: sql-login-config
          mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
          subPath: "sql_login.yaml"
        - name: hydra-sql-php-ini
          mountPath: /etc/php81/conf.d/03_base.ini
          subPath: 03_base.ini
        - name: sql-tmp
          mountPath: /tmp
      - name: hydra-sql-caddy
-        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.3.7-develop.1415.7239d84
+        image: reg.cadoles.com/cadoles/hydra-sql-base:2025.5.12-develop.1303.64d1c1c
        imagePullPolicy: IfNotPresent
        args: ["/usr/sbin/caddy", "run", "--adapter", "caddyfile", "--config", "/etc/caddy/Caddyfile"]
        readinessProbe:
@ -107,16 +106,12 @@ spec:
        ports:
        - containerPort: 8080
          name: http
        volumeMounts:
        - name: sql-login-config
          mountPath: "/app/config/sql_login_configuration/sql_login.yaml"
          subPath: "sql_login.yaml"
      volumes:
      - name: sql-login-config
        configMap:
          name: sql-login-config
      - name: hydra-sql-php-ini
        configMap:
          name: hydra-sql-php-ini
      - name: sql-tmp
        emptyDir:
          medium: Memory
      restartPolicy: Always
--- a/components/oidc-test/resources/deployment.yaml
+++ b/components/oidc-test/resources/deployment.yaml
@ -17,7 +17,7 @@ spec:
        app.kubernetes.io/name: oidc-test
    spec:
      containers:
-        - image: reg.cadoles.com/cadoles/oidc-test:2023.12.6-stable.1502.ebfd504
+        - image: reg.cadoles.com/cadoles/oidc-test:2025.3.11-stable.1428.6545cb3
          name: oidc-test
          ports:
            - containerPort: 8080
--- a/examples/authenticated-app/files/hydra-dispatcher-apps.yaml
+++ b/examples/authenticated-app/files/hydra-dispatcher-apps.yaml
@ -25,17 +25,6 @@ hydra:
        email:
          rules:
            - "property_exists(consent.session.id_token, 'email') ? consent.session.id_token.email : null"
  firewall:
    additional_properties: true
    rules:
      siret:
        required: false
      email:
        required: false
      given_name:
        required: false
      family_name:
        required: false
  webhook:
    enabled: false
  webhook_post_login:
--- a/resources/hydra-dispatcher/files/hydra/default.yaml
+++ b/resources/hydra-dispatcher/files/hydra/default.yaml
@ -1,19 +0,0 @@
 parameters:
  env(HYDRA_DISPATCHER_WEBHOOK_ENABLED): false
  env(HYDRA_DISPATCHER_WEBHOOK_API_URL): ""
  env(HYDRA_DISPATCHER_WEBHOOK_API_KEY): ""
  env(HYDRA_DISPATCHER_WEBHOOK_API_METHOD): POST
  env(HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES): true
 hydra:
  apps: []
  webhook:
    enabled: "%env(bool:HYDRA_DISPATCHER_WEBHOOK_ENABLED)%"
    api_url: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_URL)%"
    api_key: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_KEY)%"
    api_method: "%env(string:HYDRA_DISPATCHER_WEBHOOK_API_METHOD)%"
  firewall:
    additional_properties: "%env(bool:HYDRA_DISPATCHER_FIREWALL_ADDITIONAL_PROPERTIES)%"
    rules: {}
  webhook_post_login:
    enabled: false
--- a/resources/hydra-dispatcher/kustomization.yaml
+++ b/resources/hydra-dispatcher/kustomization.yaml
@ -26,9 +26,6 @@ configMapGenerator:
  - DEFAULT_LOCALE=fr
  - APP_LOCALES=fr,en
  - REDIS_DSN="redis://redis:6379"
 - name: hydra-dispatcher-apps
  files:
  - apps.yaml=./files/hydra/default.yaml
 - name: hydra-dispatcher-php-ini
  files:
  - ./files/03_base.ini
--- a/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml
+++ b/resources/hydra-dispatcher/resources/hydra-dispatcher-deployment.yaml
@ -19,7 +19,7 @@ spec:
    spec:
      containers:
        - name: hydra-dispatcher-php-fpm
-          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb
+          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.5.12-develop.1306.a249b62
          args: ["/usr/sbin/php-fpm81", "-F", "-e"]
          readinessProbe:
            exec:
@ -50,18 +50,18 @@ spec:
            - configMapRef:
                name: hydra-dispatcher-env
          volumeMounts:
            - mountPath: /app/config/hydra
              name: hydra-dispatcher-apps
            - name: hydra-dispatcher-php-ini
              mountPath: /etc/php81/conf.d/03_base.ini
              subPath: 03_base.ini
            - name: dispatcher-tmp
              mountPath: /tmp
          resources: {}
          securityContext:
            runAsNonRoot: true
            runAsGroup: 1000
            runAsUser: 1000
        - name: hydra-dispatcher-caddy
-          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2024.9.24-develop.1122.f88a5eb
+          image: reg.cadoles.com/cadoles/hydra-dispatcher-base:2025.5.12-develop.1306.a249b62
          imagePullPolicy: IfNotPresent
          args:
            [
@ -110,9 +110,9 @@ spec:
            runAsUser: 1000
      restartPolicy: Always
      volumes:
        - name: hydra-dispatcher-apps
          configMap:
            name: hydra-dispatcher-apps
        - name: hydra-dispatcher-php-ini
          configMap:
            name: hydra-dispatcher-php-ini
        - name: dispatcher-tmp
          emptyDir:
            medium: Memory
--- a/resources/hydra/kustomization.yaml
+++ b/resources/hydra/kustomization.yaml
@ -31,6 +31,10 @@ configMapGenerator:
      - URLS_LOGOUT=http://hydra-logout-app/logout
      - HYDRA_SERVE_ALL_ARGS=--dev
      - HYDRA_DATABASE_MAX_CONN="10"
      - HYDRA_DATABASE_MAX_IDLE_CONNS="5"
      - HYDRA_DATABASE_MAX_CONN_LIFETIME="0"  # Unlimited. ms, s, m, h
      - HYDRA_DATABASE_MAX_CONN_IDLE_TIME="0"  # Unlimited. ms, s, m, h
      - HYDRA_DATABASE_CONNECT_TIMEOUT="0"  # Unlimited
      - SERVE_ADMIN_REQUEST_LOG_DISABLE_FOR_HEALTH="true"
      - LOG_LEVEL=info
Author	SHA1	Message	Date
vfebvre	a50f2e50c3	Merge pull request 'Sprint-6 : Update for compatibility with new symfony containers' (#51 ) from rm-default-configs into unstable Reviewed-on: #51 Reviewed-by: vfebvre <vfebvre@cadoles.com>	2025-05-12 13:26:29 +02:00
Gauthier DUPONT	7134e53584	fix(security): bump alpine version to fix vulnerabilities	2025-05-12 13:25:39 +02:00
vcarroy	41afa90886	feat : add emptyDir on /tmp for symfony containers based containers	2025-05-12 13:25:39 +02:00
vcarroy	f8b1dae1f2	feat : update image refs	2025-05-12 13:25:37 +02:00
vcarroy	3c9b5ec22a	Remove sql default config	2025-05-12 13:24:54 +02:00
vcarroy	39438b0778	Remove dispatcher default config	2025-05-12 13:24:54 +02:00
Matthieu Lamalle	905a2aaa0d	Merge pull request 'feat(FC2) : update hydra-oidc for fc2 compatibility' (#71 ) from fc2 into unstable Reviewed-on: #71	2025-04-29 11:31:52 +02:00
mlamalle	d2dfc4a5f8	feat(FC2) : update hydra-oidc for fc2 compatibility	2025-04-29 11:31:52 +02:00
vfebvre	e416237c20	Merge pull request 'feat(altcha) #4543 bis : remove feature flag endpoint' (#73 ) from issue-4543-hydra-sql-theme into unstable Reviewed-on: #73	2025-04-15 10:57:05 +02:00
Gauthier DUPONT	086069b605	feat(altcha) #4543 bis : remove feature flag endpoint	2025-04-15 10:20:38 +02:00
vfebvre	353b31e1ac	Merge pull request 'MSE#4543 add altcha to hydra sql' (#72 ) from issue-4543-hydra-sql-theme into unstable Reviewed-on: #72 Reviewed-by: vfebvre <vfebvre@cadoles.com>	2025-04-14 15:33:52 +02:00
Gauthier DUPONT	e13ed81517	feat(altcha) #4543 : add altcha to hydra sql theme	2025-04-10 16:32:02 +02:00
Gauthier Dupont	c1d9ca62d4	Merge pull request 'feat(hydra-dispatcher): update image ref' (#70 ) from f/update_hydra_dispatcher into unstable Reviewed-on: #70	2025-03-18 16:13:32 +01:00
Laurent Gourvénec	09c91e7cae	feat(hydra-dispatcher): update image ref Breaking change: section "firewall" is not allowed anymore	2025-03-18 15:12:14 +01:00
wpetit	3db15dfc8a	Merge pull request 'feat(oidc-test): update image ref' (#68 ) from feat/update_oidc-test_20250311 into unstable Reviewed-on: #68	2025-03-11 15:46:07 +01:00
Laurent Gourvénec	77e167b17c	feat(oidc-test): update image ref	2025-03-11 15:42:32 +01:00
Laurent Gourvenec	d09b644b5f	Merge pull request 'feat(hydra-cnpg): configure DSN with more options' (#66 ) from f/hydra-cnpg_dsn_options into unstable Reviewed-on: #66 Reviewed-by: wpetit <wpetit@cadoles.com> Reviewed-by: pcaseiro <pcaseiro@cadoles.com>	2025-03-11 15:35:46 +01:00
Laurent Gourvénec	5e5670dcdf	feat(hydra-cnpg): configure DSN with more options	2025-03-07 15:31:59 +01:00