From f7282153b5977feb789a98d30075fc09cd36bd72 Mon Sep 17 00:00:00 2001 From: p53 Date: Mon, 10 Jun 2024 23:04:16 +0200 Subject: [PATCH] Update docu and workflow (#472) * Add docu for 2.12.0 release * Update workflow actions --- .github/workflows/build.yml | 8 ++++---- .github/workflows/gh-pages.yml | 2 +- .github/workflows/release.yml | 6 +++--- README.md | 14 +++++++------- docs/content/userguide/_index.md | 7 +++---- e2e/k8s/manifest_test_forwardauth.yml | 2 +- kube/reverse.yml | 2 +- 7 files changed, 20 insertions(+), 21 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5ede891e..cb7cfbab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -14,7 +14,7 @@ jobs: steps: # Setup the workflow to use the specific version of Go - name: Set up Go 1.x - uses: actions/setup-go@v3 + uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} id: go @@ -54,13 +54,13 @@ jobs: matrix: go: ["1.21"] steps: - - uses: actions/setup-go@v3 + - uses: actions/setup-go@v5 with: go-version: ${{ matrix.go }} - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: golangci-lint - uses: golangci/golangci-lint-action@v3 + uses: golangci/golangci-lint-action@v6 with: version: v1.54 args: "--out-${NO_FUTURE}format colored-line-number --timeout=3m" diff --git a/.github/workflows/gh-pages.yml b/.github/workflows/gh-pages.yml index 9ac1090b..a8885be8 100644 --- a/.github/workflows/gh-pages.yml +++ b/.github/workflows/gh-pages.yml @@ -25,7 +25,7 @@ jobs: statuses: write id-token: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true # Fetch Hugo themes (true OR recursive) fetch-depth: 0 # Fetch all history for .GitInfo and .Lastmod diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fc62b772..a059103d 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -17,7 +17,7 @@ jobs: id-token: write contents: write steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Generate SBOM # generation command documentation: https://github.com/microsoft/sbom-tool#sbom-generation run: | @@ -37,12 +37,12 @@ jobs: steps: # Setup the workflow to use the specific version of Go - name: Set up Go - uses: actions/setup-go@v2 + uses: actions/setup-go@v5 with: go-version: "1.21.6" # Checkout the repository - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v4 # Cleans up unreachable Git objects and convert a shallow clone to a regular one if needed - name: Unshallow run: git fetch --prune --unshallow diff --git a/README.md b/README.md index 03019b85..f3969284 100644 --- a/README.md +++ b/README.md @@ -22,13 +22,13 @@ Please remember to provide a good summary, description as well as steps to repro To run Gatekeeper, you can build it using this command: ```bash -docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.11.0 . +docker buildx build --platform linux/amd64,linux/arm64 -t quay.io/gogatekeeper/gatekeeper:2.12.0 . ``` or you can use aleady existing Docker image by running: ```bash -docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.11.0 \ +docker run -it --rm quay.io/gogatekeeper/gatekeeper:2.12.0 \ --listen 127.0.0.1:8080 \ --upstream-url http://127.0.0.1:80 \ --discovery-url https://keycloak.example.com/realms/ \ @@ -44,16 +44,16 @@ Beside links to archives of binaries we provide also checksum file containing ch for archives. You can download file gatekeeper-checksum.txt, it contains sha512 checksums e.g.: ``` -324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0 gatekeeper_2.11.0_windows_amd64.zip -38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6 gatekeeper_2.11.0_linux_amd64.tar.gz -f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0 gatekeeper_2.11.0_macOS_amd64.tar.gz +324b34ece86b6214f835ba9fd79e185864a9005f514458796c22c053de63f428235d2d2a04864065a49c090ad81d2daeb45546544fdd9531a8dea1a43145b8f0 gatekeeper_2.12.0_windows_amd64.zip +38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6 gatekeeper_2.12.0_linux_amd64.tar.gz +f5322e41b3d78017191246bdd54f99e9b3dd8d5ff9d224e7e81b678a952c1d5aae125ea4c251928969b0a0ea0dc59724308c918993c8227f384f61896f58cbd0 gatekeeper_2.12.0_macOS_amd64.tar.gz ``` After you download archive of binary you can calculate it's checksum by using e.g. sha512sum Linux utility: ``` -sha512sum /my/path/gatekeeper_2.11.0_linux_amd64.tar.gz -38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6 gatekeeper_2.11.0_linux_amd64.tar.g +sha512sum /my/path/gatekeeper_2.12.0_linux_amd64.tar.gz +38759e75a94d130758cd26958bd9a66b261be8d58a6c7a0fc04845157649aaf628d22a115c95285b405f8e4d6afa8bd78ca8677d1304faf06db93a0cbbc831a6 gatekeeper_2.12.0_linux_amd64.tar.g ``` As you can see output of command is checksum, you can compare it with the one in gatekeeper-checksum.txt. diff --git a/docs/content/userguide/_index.md b/docs/content/userguide/_index.md index 28ef38aa..b48dac50 100644 --- a/docs/content/userguide/_index.md +++ b/docs/content/userguide/_index.md @@ -220,8 +220,7 @@ You can use gatekeeper to protect APIs, frontend server applications, frontend c Frontend server-side applications can be protected by Authorization Code Flow (also with PKCE), during which several redirection steps take place. For protecting APIs you can use Client Credentials Grant to avoid redirections steps involved in authorization code flow you have to use `--no-redirects=true`. For frontend applications -you can use Authorization Code Flow (also with PKCE) with encrypted refresh token cookies enabled, in this case however you have to handle redirections -at login/logout and you must make cookies available to js (less secure, altough at least they are encrypted). +you can use Authorization Code Flow (also with PKCE) with encrypted refresh token cookies enabled, in this case however you have to handle redirections, e.g. at token expiration. ## Default Deny @@ -471,7 +470,7 @@ in Keycloak, providing granular role controls over issue tokens. ``` yaml - name: gatekeeper - image: quay.io/gogatekeeper/gatekeeper:2.11.0 + image: quay.io/gogatekeeper/gatekeeper:2.12.0 args: - --enable-forwarding=true - --forwarding-username=projecta @@ -498,7 +497,7 @@ Example setup client credentials grant: ``` yaml - name: gatekeeper - image: quay.io/gogatekeeper/gatekeeper:2.11.0 + image: quay.io/gogatekeeper/gatekeeper:2.12.0 args: - --enable-forwarding=true - --forwarding-domains=projecta.svc.cluster.local diff --git a/e2e/k8s/manifest_test_forwardauth.yml b/e2e/k8s/manifest_test_forwardauth.yml index 20a7b846..4d1f4b8b 100644 --- a/e2e/k8s/manifest_test_forwardauth.yml +++ b/e2e/k8s/manifest_test_forwardauth.yml @@ -2626,7 +2626,7 @@ spec: - -c - "while true;do sleep 10;done" - name: proxy - image: quay.io/gogatekeeper/gatekeeper:2.11.0 + image: quay.io/gogatekeeper/gatekeeper:2.12.0 imagePullPolicy: Never args: - --client-id=test-client diff --git a/kube/reverse.yml b/kube/reverse.yml index c574344e..853e953a 100644 --- a/kube/reverse.yml +++ b/kube/reverse.yml @@ -21,7 +21,7 @@ spec: secretName: tls containers: - name: proxy - image: quay.io/gogatekeeper/gatekeeper:2.11.0 + image: quay.io/gogatekeeper/gatekeeper:2.12.0 imagePullPolicy: Always args: - --client-id=broker